[c-nsp] Switching paths

Reuben Farrelly reuben-cisco-nsp at reub.net
Mon Feb 20 04:30:58 EST 2006

I'm interested in an aspect of the switching technologies used in routers, 
specifically which features are and aren't well supported in each switching 
path.  In the case I am thinking of right now I'm thinking of an 1841 and 2851 
which I recently configured for an end customer.

http://www.cisco.com/warp/public/765/tools/quickreference/ gives performance 
figures for CEF and process switched tests and states that "If a feature is 
supported in the CEF path..."   But it doesn't say how we would find out if a 
feature is actually supported in CEF or not ;-)

I'm interested in these features specifically and what effect they might have on 
the switching performance of a router:

* Crypto maps
* CBAC content inspection
* ACL's
* ACL's with 'log' as one of the keywords, does this have an impact if the match 
is achieved before the log statement?
* NAT - which I think may have been fully supported in the CEF path for a fair while
* GRE tunnels with crypto maps applied

Thinking specifically of 12.4/12.4T here as those are the only ones that run on 
the new ISR's.

Is there a relatively easy way to find out from a device, what is forcing 
traffic to be punted to a non-CEF path if CEF is configured?  Or a web page on 
CCO which says which features are fully CEF supported?  (I couldn't find one)

Yes I've read 
but that doesn't really explain how to find out which feature is forcing traffic 
to be punted to a non-CEF path, nor what sort of percentage of CEF/non-CEF 
traffic is 'acceptable' if all the features are supported in the CEF path (I've 
seen ~30% traffic process switched and I'm thinking that's a bit high).


More information about the cisco-nsp mailing list