Process Switching vs CEF

Submitted by rayc on Mon, 10/25/2021 - 09:11

When a network device forwards data there are only 2 options other than if the data is destined locally:

  • Forwarding data on the same subnet
  • Forwarding data on a different subnet.

 

When it comes to forwarding data on the same subnet, the PC or switch will look at the destination IP address and determine that the host is on the same subnet. If the destination devices MAC address is known, then the Ethernet headers are added, and the packet is sent. Otherwise the device sends and ARP request to obtain the destination MAC.

When it comes to sending data to a host on a different subnet, the packet needs to be sent to a router and the router then makes the necessary forwarding decisions. The PC looks at the destination IP of the packet and notes that the destination is not on the same subnet. The PC then looks for its default gateway address and addresses the layer 2 header to the gateway MAC address. The router receives this frame, removes the layer 2 header and checks the layer 3 destination IP. the router will then make a routing decision based on its Routing Information Base or RIB. One thing to note is that modern routers no longer remove the layer 2 header but re-write it instead.

Process Switching

When the first routers were developed, they used the general-purpose CPU to process each packet and make forwarding decisions. This is called process switching. The IOS process that runs in the background for processing switching incoming IP packets is called ip_iput. As you can imaging this form of switching is quite slow and resource intensive and a faster mechanism is more desirable. Even though modern routers are capable of utilising ASICs, NPUs and CEF to switch packets at a much higher speed, some packets still need to be process switched:

  • Packets that are sourced or destined to the router
  • Packets that are too complex for the hardware to handle such as IP packets with IP options set.
  • Packets that require extra information such as ARP requests.

 

Cisco routers also support a switching method called Fast Switching. Fast switching works by building a cache for packet routing destinations so that only the first packet in a data flow needs to be process switched (punted to the CPU), then the rest of the data flow is fast switched using this cache. You can disable fast switching on a router interface by using the interface subcommand no ip route-cache. Fast switching is enabled on Cisco routers by default.

Cisco Express Forwarding (CEF)

Cisco Express Forwarding or CEF is a Cisco Proprietary switching mechanism and is the default for all modern Cisco platforms that use either software-based switching and hardware-based switching (Routers that utilise ASICs or NPUs for high packet throughput). CEF maintains two databases, the Forwarding Information Base (FIB), and the Adjacency Table. The FIB is used to store the layer 3 forwarding information, and the Adjacency table is used to store the Layer 2 information for the next hops listed in the FIB. These two tables are built from the routers RIB and ARP tables. CEF can be disabled on either an interface by interface basis or globally. To disable CEF on an interface, use the interface subcommand no ip route-cache cef or globally using the global configuration command no ip cef. Depending on the platform these commands can changed, for example of a Cisco 4331 the command is no ip cef optimize neighbor resolution.