Cisco Express Forwarding (CEF): An Overview

Cisco logo

Cisco Express Forwarding (CEF) is a packet-switching technique that is the default for many of Cisco’s router lines over the last ten years. It provides the ability to switch packets through a device in a very quick efficient way while also keeping the load on the router’s processor low. This way the route process can be tasked with dealing with other duties that require larger amounts of processor time (Quality of Service, Encryption, etc.). This article takes a brief look at the different structures that are used by CEF and how they are built and interrelate.

Cisco Express Forwarding Concepts

Cisco Express Forwarding is made up of two different main components: the Forwarding Information Base (FIB) and the Adjacency Table. These are automatically updated at the same time as the routing table. Let’s look into these a little further.

Forwarding Information Base (FIB)

The FIB contains destination reachability information as well as next hop information. This information is then used by the router to make forwarding decisions. The FIB is organized as a multiway trie which allows for very efficient and easy lookups. There is a one-to-one relationship between the routes that exist within the routing table and the FIB.

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

Adjacency Table

The FIB is combined along with an adjacency table. For a node to be considered adjacent it must be reachable within a single hop of the data link layer (e.g. ethernet hop). The adjacency table is tasked with maintaining the layer 2 next-hop information for the FIB.

The adjacency table contains a number of different types of adjacency:

  • Host route adjacency: A host route adjacency entry is used to specify that a specific host is within one layer two hop.
  • Null adjacency: This is used for packets which are destined for the Null0 interface.
  • Glean adjacency: A glean adjacency is used when a device is connected to multiple hosts off the same interface. In this case, the entry contains a prefix for the subnet not just for a specific host entry.
  • Punt adjacency: This is used for those packets that utilize features not currently supported by CEF and which must be forwarding to the next switching level (often to be process switched).
  • Discard adjacency: A discard adjacency entry is used for those packets that are to be automatically dropped.
  • Drop adjacency: A drop adjacency entry is used for those packets which dropped but only after the prefix is checked.

Central vs. Distributed CEF

On many of the lower- and mid-level routers the CEF implementation is referred to as Central CEF; this is because the CEF tables exist on the main route processor and packet forwarding and/or switching is completed by the main processor.

With Distributed CEF (dCEF), a copy of the CEF tables and packet forwarding/switching duties are pushed out to be performed on the line cards. dCEF provides additional packet switching performance as much of the traffic path is shortened to avoid the main route processor all together.

While CEF is specifically proprietary to Cisco, versions of it have been implemented on many other vendors’ equipment, proving that the concept is sound and well respected and is used across the industry. Knowledge of the CEF behavior is quite helpful when troubleshooting some network routing problems as well as when designing unified networks that utilize multiple network features. Hopefully the content in this article help in the readers understanding of how CEF works and why it has become the standard on most of Cisco’s routers (and other devices).

Related Topics:

Don't leave your business open to attack! Come learn how to protect your AD in this FREE masterclass!REGISTER NOW - Thursday, December 2, 2021 @ 1 pm ET

Active Directory (AD) is leveraged by over 90% of enterprises worldwide as the authentication and authorization hub of their IT infrastructure—but its inherent complexity leaves it prone to misconfigurations that can allow attackers to slip into your network and wreak havoc. 

Join this session with Microsoft MVP and MCT Sander Berkouwer, who will explore:

  • Whether you should upgrade your domain controllers to Windows Server
    2019 and beyond
  • Achieving mission impossible: updating DCs within 48 hours
  • How to disable legacy protocols and outdated compatibility options in
    Active Directory

Sponsored by: