[c-nsp] Switching paths

Rodney Dunn rodunn at cisco.com
Mon Feb 20 09:32:04 EST 2006


On Mon, Feb 20, 2006 at 10:30:58PM +1300, Reuben Farrelly wrote:
> I'm interested in an aspect of the switching technologies used in routers, 
> specifically which features are and aren't well supported in each switching 
> path.  In the case I am thinking of right now I'm thinking of an 1841 and 2851 
> which I recently configured for an end customer.
> 
> http://www.cisco.com/warp/public/765/tools/quickreference/ gives performance 
> figures for CEF and process switched tests and states that "If a feature is 
> supported in the CEF path..."   But it doesn't say how we would find out if a 
> feature is actually supported in CEF or not ;-)

Well not really. The switching paths have and will contiue to evolve.

At around the last release of 12.4T fastswitching will be entirely removed
and you will have CEF and process level switching and that's it.
Also there will be some improvements to help tell why some packets are
punted out of the CEF path.


> I'm interested in these features specifically and what effect they might have on 
> the switching performance of a router:
> 
> * Crypto maps

CEF.

> * CBAC content inspection

Probably some of both.


> * IPS/IDS

CEF.

> * ACL's
> * ACL's with 'log' as one of the keywords, does this have an impact if the match 
> is achieved before the log statement?

Correct. Do NOT use the log keyword. Use netflow to match on dstif Null0 if
you need accounting.

> * WCCP

I think that's CEF.

> * NAT - which I think may have been fully supported in the CEF path for a fair while

12.4 and later has most of the traffic in the CEF path unless the packets
need ALG translations inside the packet.

> * GRE tunnels with crypto maps applied

CEF.

> 
> Thinking specifically of 12.4/12.4T here as those are the only ones that run on 
> the new ISR's.
> 
> Is there a relatively easy way to find out from a device, what is forcing 
> traffic to be punted to a non-CEF path if CEF is configured?  Or a web page on 
> CCO which says which features are fully CEF supported?  (I couldn't find one)
> 
> Yes I've read 
> http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1828/products_tech_note09186a00801e1e46.shtml 
> but that doesn't really explain how to find out which feature is forcing traffic 
> to be punted to a non-CEF path, nor what sort of percentage of CEF/non-CEF 
> traffic is 'acceptable' if all the features are supported in the CEF path (I've 
> seen ~30% traffic process switched and I'm thinking that's a bit high).
> 
> Thanks,
> Reuben
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list