Process switching, fast switching, CEF

      No Comments on Process switching, fast switching, CEF

While I’m not sure if this is technically on the exam blueprint, it’s worth a post to discuss the differences between these 3 routing technologies.  Let’s talk a little bit about each of these…

Process Switching
With process switching the IP forwarding looks something like this…

1. The router receives a frame and immediately checks the FCS.  If it encounters a bad FCS, the frame is discarded and the process ends.

2.  If the FCS is good, the router extracts the packet from the frame and discards the frame header and trailer

3.  The router examines the packet destination and checks the forwarding table for the most specific prefix that matches the destination of the IP packet.  The FIB will tell the router what the next hop router and interface is.  It can use this information to determine the layer2 information required to generate a new frame.  At this step, any other processor required functions are also executed (NAT, QOS, etc). 

4.  The router updates the TTL on the layer 3 packet and regenerates the IP checksum of the packets. 

5.  The router uses the information it gathered in step 3 to build a new layer 2 header and trailer to encapsulated the packet.  The packet is then sent long it’s way out the appropriate interface.

So that’s basically what happens each and every time a packet comes enters the router.  As you might expect, sending every packet to the processor for it to make a decision on where to forward it can be rather tedious.  Not only can it take longer, but you are putting a greater strain on the router CPU and memory. 

Fast Switching
Fast switching is similar to process switching, but it includes some enhancements.  For instance, the fast switching process still uses process switching, but only for the first packet in a given flow.  So when the first packet comes into a router it’s process switched.  While the router has the packet on the CPU in step 3, it takes an additional step of generating a cache entry for the flow.  This cache entry is entered into what’s called the ‘fast-switching cache’.  All subsequent packets can be forwarded by using he cache entry rather than doing a full process lookup.  The cache entry contains everything the router needs to forward the packet including the destination IP address, the next hop information, and the layer 2 header info required to forward the frame. 

While this seems like a substantial improvement, it still has some pitfalls.  For instance, you still have to process switch the first packet that comes into the router.  Additionally, the cache entries are stored per destination IP, not destination prefix.  This means that the cache could get overly large if entries weren’t timed out in an expedited manner. 

CEF (Cisco Express Forwarding)
CEF takes the approach of building the forwarding path before it even sees the first packet.  To do this, it has to create some tables to store the information in.  The first table is the adjacency table which is responsible for know the layer 2 information required to rewrite the layer 2 headers on egress.  The router pulls information from many other tables (ARP, Frame Relay tables, etc) to build the adjacency table.  A adjacency table entry would include (for Ethernet) the source and destination MAC address used in the layer 2 header.  The second table used by CEF is the FIB (or Forwarding Information Base).  The FIB takes information from the routing table and build entries for that include the destination prefix, the next hop (recursive), and the egress interface. 

The process for CEF switching a packet looks a little bit different than the process switching method…

1. The router receives a frame and immediately checks the FCS. If it encounters a bad FCS, the frame is discarded and the process ends.

2. The router looks up the destination IP in the FIB to make a forwarding decision.  The result of the FIB lookup yields a pointer to an entry in the adjacency table. 

3.  The router retrieves the information in the adjacency table which tells the router where ,and how, to send the packet. 

4.  The router uses the info it got from the adjacency table and sends the packet on it’s way. 

There was a time when many features were not CEF enabled.  For instance, things like policy based routing had to be handled by the processes for quite some time.  Now, most IOS features are CEF enabled but there are a few cases where the router will still need to ‘punt’ the packet to the process for handling.  When this occurs, the router needs to process switch the packet.  The type of packets that will be punted varies by hardware platform so we can’t really come up with a distinct list.  If you are interested in seeing what isn’t being handled by CEF, you can take a look at the output of the ‘show cef not-cef-switched’ command…


This gives you an idea of why the packets aren’t being handled by CEF.  A breakdown of explanations for the reasons is shown here (shamelessly copied from Cisco…)


It would be interesting at some point to try and duplicate each one of these, but I don’t have the time at the moment. 

Leave a Reply

Your email address will not be published. Required fields are marked *