Routing basics/CEF

Engineering

dmitry-figol
  • Routing basics/CEF May 4, 2016 Dmitry Figol CCIE R&S #53592 [email protected]
  • Intro to routing and switching Routing • Finding the optimal way towards destination Switching • Moving packet between interfaces 2
  • Packet forwarding When the packet comes in, the router does the following: 0. Checks and removes L2 header, gets destination IP 1. Routing process 2. Switching process 3. L2 encapsulation 3
  • Routing process • Find the longest match based on destination IP in routing table (RIB) • The goal is to find outgoing interface and Next Hop IP address (if applicable) 4
  • Routing table - example 5
  • Routing table (cont.) • Recursive Lookup • Contains useless information for forwarding: • For example, Administrative Distance and Metric • Single lookup has linear complexity O(n) • Stored in RAM • Verification: show ip route [ip-address [mask]] 6
  • Routing table (cont.) Metric (maximum is 232-1 = 4294967295): • Used to choose the best route within a single routing protocol (*not always true) Administrative distance (0..255): • Used to choose the best route between routing protocols 7
  • Routing table (cont.) - AD 8 Route Source Value Connected 0 Static 1 EIGRP summary 5 eBGP 20 EIGRP internal 90 IGRP 100 OSPF 110 IS-IS 115 Route Source Value RIP 120 EGP 140 ODR 160 EIGRP external 170 iBGP 200 NHRP 250 DHCP learned 254 Unknown* (Not installed) 255
  • Routing protocols • Static • Dynamic: • IGP: • Distance-vector (RIP, EIGRP) • Link-state (OSPF, IS-IS) • EGP: • Path-vector (BGP) 9
  • Switching process • Process-switching • Fast-switching • Cisco Express Forwarding (CEF) 10
  • L2 Encapsulation Knowing outgoing interface and Next Hop address is not always enough for “packet rewrite” • Point-to-point links (PPP, HDLC) – no additional information required • Point-to-multipoint links (Ethernet, Frame-relay, ATM) – L2 Destination Address is required (from ARP cache, Frame- Relay/ATM mappings) 11
  • Traffic types Data plane – traffic through the device Control plane – traffic to the device: • Routing protocols hello/updates • BPDU • FHRP and others Management plane – part of control plane: • SSH/Telnet • SNMP 12
  • Processors: CPU and ASIC • Central processing unit (CPU) is the brains of the network device • Handles control plane • Can do anything • Can’t do packet forwarding with high throughput* *Note: DPDK project enables x86 multi-core processors to forward 200+ Gbps 13 http://dpdk.org/
  • Processors: CPU and ASIC • Application specific integrated circuit (ASIC) is circuit with transistors • Very fast, but dumb • Designed specifically to move packets • Expensive • Not possible to program new features • Responsible for data plane 14
  • Memory: RAM, CAM and TCAM Random Access Memory (RAM) is the most common type of memory • Value is accessed by pointer (memory address) • Cheap 15
  • Memory: RAM, CAM and TCAM Content-addressable memory (CAM) • Value is accessed by a key, not a pointer • Very fast • Expensive • High power consumption • O(1) constant time lookup • Used in switches for MAC address table 16
  • Memory: RAM, CAM and TCAM Ternary Content-addressable memory (TCAM) • Value is accessed by a key, which consists of not only “0” and “1”, but also “don’t care” bits. • Very expensive • High power consumption • O(1) constant time lookup! • Used for next-hop lookup (CEF table), ACL (security and QoS) 17
  • Process-switching • Recursive lookup is performed by CPU in RIB • There is special process responsible for process-switching “IP Input” • The following traffic is process-switched: • Control plane • Locally generated (not all) • No L2 adjacency information • ACL logging 18
  • Fast-switching • First packet for source-destination IP pair is process-switched • IP pair and corresponding encapsulation information is added to the cache • Following packets are forwarding based on the entry in cache • Deprecated 19
  • Cisco Express Forwarding (CEF) The idea is to precompute and optimize information in RIB: • Resolve recursive lookup and get rid of useless information • Add pointer to pre-built L2 header in Adjacency table The new table is called Forwarding Information Base (FIB) or CEF table: • Contains prefix, NH, outgoing interface, pointer to L2 header • Stored in DRAM [O(1) using 256-way mtrie data structure] and TCAM [if exists, also O(1), but much faster] The lookup is done during the interrupt (process scheduling is not required) 20
  • CEF (cont.) Verification: show ip cef [ip-address [mask]] [detail] [internal] Shows NH, outgoing interface, MPLS labels (if applicable) Internal keyword shows pointer to Adjacency entry and hash buckets Disable CEF: (config)# no ip cef 21
  • CEF – Adjacency table • CEF process takes information from all L3-to-L2 mappings and builds L2 header • Adjacency table contains NH, interface, associated L2 Header • Stored in RAM • Pitfall: CEF process does not allow adjacency to age out (clear arp won’t delete ARP entry if it can be revalidated) • Verification: show adjacency [detail] 22
  • CEF – Adjacency types • Cache • Glean • Receive • Punt • Null • Discard • Drop 23
  • CEF on hardware-based platforms • CEF basically allows to forward traffic without CPU • Depending on platform there can be zero, one or more ASICs. • The same applies for TCAM • All L3 switches have TCAM, only some routers have it • That’s why generally speaking L3 switches forward traffic faster than routers • TCAM stores not only FIB, but ACL and QoS rules, the allocation is predefined though • On some platforms you can change allocation profile 24
  • CEF on hardware-based platforms (cont.) 25 RIB ARP Cache Other L2 information FIB (CEF Table) Adjacency table TCAM RAM ASIC
  • CEF – Load balancing • Routing protocols can install several routes for the same prefix • How will CEF decide where to send packet? • CEF is doing load-balancing per-flow • By default, it takes source-destination IP pair, feeds it to the hashing algorithm, returns the number of the bucket • Buckets are allocated automatically per NH, depending on the traffic share count in RIB 26
  • CEF – Load balancing (cont.) Verification: show ip cef [ip [mask]] internal – shows NH-to-bucket distribution show ip cef exact-route src-ip dst-ip – shows NH and interface for source/destination IP pair Change load balancing method (not recommended): (config-if)# ip load-sharing per-packet 27
  • CEF polarization • Hash algorithm is deterministic, meaning that for the same source/destination IP pair the bucket (outgoing link) is the same. • Result is that some links can be underutilized (especially if we have chain of routers with ECMP). • One possible solution is to include L4 ports in hashing (if supported): (config)# ip cef load-sharing algorithm include-ports [source [destination]] 28
  • Static Routing • The way to install an entry in RIB manually • Usually overrides entries installed via dynamic routing protocols • Advantage: gives full control over path selection in your network • Main disadvantage: huge administrative burden • Syntax: (config)# ip route prefix mask [NH-IP | interface [NH-IP]] [distance] [track track] • Verification: # show ip route [static] 29
  • Static Routing (cont.) There are three different ways to configure where the traffic should go for specific prefix: • By specifying next-hop IP address • By specifying outgoing interface • By specifying both 30
  • Static Routing to next-hop • Recursive lookup is required to find outgoing interface • On multipoint interfaces resolution of next-hop IP address is required (ARP cache, Frame Relay/ATM mapping) • Static route is installed into RIB only if recursive lookup is successful (outgoing interface was found) • It will stay in RIB even if next-hop is covered only by valid default route 31
  • Static Routing to outgoing interface • Recursive lookup is not required because we know outgoing interface • On point-to-point interface we can send the packet right away • On multipoint interface first we need to find L2 address for destination IP • For every new destination IP address in the packet we will install entry in ARP cache • It can still work if Proxy Arp is enabled (which is enabled by default in IOS) • Static route is installed into RIB only if line protocol (for outgoing interface) is up • Use only for point-to-point interfaces! 32
  • Static Routing to outgoing interface and NH • Recursive lookup is not required because we know outgoing interface • On point-to-point interface we can send the packet right away • On multipoint interface first we need to find L2 address for next- hop IP address • Static route is installed into RIB only if line protocol of outgoing interface is up 33
  • Floating static routes • Floating static route is a route that has AD higher than default and is not installed into RIB under normal operation, because there is another preferred path • Once primary path fails floating static route can be installed • For example: • Primary static default route with AD 1 and tracking (based on IP SLA) or BFD • Secondary static default route with AD 2 or higher • Once tracking object/BFD goes down, primary route is deleted from RIB and secondary route is installed 34
  • Recursive lookup for static routes - exercise • R1 has one interface up/up with IP in subnet 188.1.12.0/24. You configure the following: Question: Which static routes will be installed in RIB? 35
  • Recursive lookup for static routes - rule Answer: Rule: If the best route for the next hop also covers the entire address space of the static route under the question, it will NOT be installed. 36
  • Additional Resources • Inside Cisco IOS Software Architecture (Russ White) book • IP Routing FAQ • Switching Paths • Load Balancing with CEF • Troubleshooting load balancing with CEF • CAM vs TCAM • CEF polarization 37 http://www.amazon.com/Inside-Software-Architecture-Professional-Development/dp/1587058162 http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/28745-44.html http://www.cisco.com/c/en/us/support/docs/ip/express-forwarding-cef/13706-20.html http://www.cisco.com/en/US/products/hw/modules/ps2033/prod_technical_reference09186a00800afeb7.html http://www.cisco.com/c/en/us/support/docs/ip/express-forwarding-cef/18285-loadbal-cef.html https://supportforums.cisco.com/document/60831/cam-content-addressable-memory-vs-tcam-ternary-content-addressable-memory http://www.cisco.com/c/en/us/support/docs/ip/express-forwarding-cef/116376-technote-cef-00.html
  • Questions? 38
Please download to view
38
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Description
Text
  • Routing basics/CEF May 4, 2016 Dmitry Figol CCIE R&S #53592 [email protected]
  • Intro to routing and switching Routing • Finding the optimal way towards destination Switching • Moving packet between interfaces 2
  • Packet forwarding When the packet comes in, the router does the following: 0. Checks and removes L2 header, gets destination IP 1. Routing process 2. Switching process 3. L2 encapsulation 3
  • Routing process • Find the longest match based on destination IP in routing table (RIB) • The goal is to find outgoing interface and Next Hop IP address (if applicable) 4
  • Routing table - example 5
  • Routing table (cont.) • Recursive Lookup • Contains useless information for forwarding: • For example, Administrative Distance and Metric • Single lookup has linear complexity O(n) • Stored in RAM • Verification: show ip route [ip-address [mask]] 6
  • Routing table (cont.) Metric (maximum is 232-1 = 4294967295): • Used to choose the best route within a single routing protocol (*not always true) Administrative distance (0..255): • Used to choose the best route between routing protocols 7
  • Routing table (cont.) - AD 8 Route Source Value Connected 0 Static 1 EIGRP summary 5 eBGP 20 EIGRP internal 90 IGRP 100 OSPF 110 IS-IS 115 Route Source Value RIP 120 EGP 140 ODR 160 EIGRP external 170 iBGP 200 NHRP 250 DHCP learned 254 Unknown* (Not installed) 255
  • Routing protocols • Static • Dynamic: • IGP: • Distance-vector (RIP, EIGRP) • Link-state (OSPF, IS-IS) • EGP: • Path-vector (BGP) 9
  • Switching process • Process-switching • Fast-switching • Cisco Express Forwarding (CEF) 10
  • L2 Encapsulation Knowing outgoing interface and Next Hop address is not always enough for “packet rewrite” • Point-to-point links (PPP, HDLC) – no additional information required • Point-to-multipoint links (Ethernet, Frame-relay, ATM) – L2 Destination Address is required (from ARP cache, Frame- Relay/ATM mappings) 11
  • Traffic types Data plane – traffic through the device Control plane – traffic to the device: • Routing protocols hello/updates • BPDU • FHRP and others Management plane – part of control plane: • SSH/Telnet • SNMP 12
  • Processors: CPU and ASIC • Central processing unit (CPU) is the brains of the network device • Handles control plane • Can do anything • Can’t do packet forwarding with high throughput* *Note: DPDK project enables x86 multi-core processors to forward 200+ Gbps 13 http://dpdk.org/
  • Processors: CPU and ASIC • Application specific integrated circuit (ASIC) is circuit with transistors • Very fast, but dumb • Designed specifically to move packets • Expensive • Not possible to program new features • Responsible for data plane 14
  • Memory: RAM, CAM and TCAM Random Access Memory (RAM) is the most common type of memory • Value is accessed by pointer (memory address) • Cheap 15
  • Memory: RAM, CAM and TCAM Content-addressable memory (CAM) • Value is accessed by a key, not a pointer • Very fast • Expensive • High power consumption • O(1) constant time lookup • Used in switches for MAC address table 16
  • Memory: RAM, CAM and TCAM Ternary Content-addressable memory (TCAM) • Value is accessed by a key, which consists of not only “0” and “1”, but also “don’t care” bits. • Very expensive • High power consumption • O(1) constant time lookup! • Used for next-hop lookup (CEF table), ACL (security and QoS) 17
  • Process-switching • Recursive lookup is performed by CPU in RIB • There is special process responsible for process-switching “IP Input” • The following traffic is process-switched: • Control plane • Locally generated (not all) • No L2 adjacency information • ACL logging 18
  • Fast-switching • First packet for source-destination IP pair is process-switched • IP pair and corresponding encapsulation information is added to the cache • Following packets are forwarding based on the entry in cache • Deprecated 19
  • Cisco Express Forwarding (CEF) The idea is to precompute and optimize information in RIB: • Resolve recursive lookup and get rid of useless information • Add pointer to pre-built L2 header in Adjacency table The new table is called Forwarding Information Base (FIB) or CEF table: • Contains prefix, NH, outgoing interface, pointer to L2 header • Stored in DRAM [O(1) using 256-way mtrie data structure] and TCAM [if exists, also O(1), but much faster] The lookup is done during the interrupt (process scheduling is not required) 20
  • CEF (cont.) Verification: show ip cef [ip-address [mask]] [detail] [internal] Shows NH, outgoing interface, MPLS labels (if applicable) Internal keyword shows pointer to Adjacency entry and hash buckets Disable CEF: (config)# no ip cef 21
  • CEF – Adjacency table • CEF process takes information from all L3-to-L2 mappings and builds L2 header • Adjacency table contains NH, interface, associated L2 Header • Stored in RAM • Pitfall: CEF process does not allow adjacency to age out (clear arp won’t delete ARP entry if it can be revalidated) • Verification: show adjacency [detail] 22
  • CEF – Adjacency types • Cache • Glean • Receive • Punt • Null • Discard • Drop 23
  • CEF on hardware-based platforms • CEF basically allows to forward traffic without CPU • Depending on platform there can be zero, one or more ASICs. • The same applies for TCAM • All L3 switches have TCAM, only some routers have it • That’s why generally speaking L3 switches forward traffic faster than routers • TCAM stores not only FIB, but ACL and QoS rules, the allocation is predefined though • On some platforms you can change allocation profile 24
  • CEF on hardware-based platforms (cont.) 25 RIB ARP Cache Other L2 information FIB (CEF Table) Adjacency table TCAM RAM ASIC
  • CEF – Load balancing • Routing protocols can install several routes for the same prefix • How will CEF decide where to send packet? • CEF is doing load-balancing per-flow • By default, it takes source-destination IP pair, feeds it to the hashing algorithm, returns the number of the bucket • Buckets are allocated automatically per NH, depending on the traffic share count in RIB 26
  • CEF – Load balancing (cont.) Verification: show ip cef [ip [mask]] internal – shows NH-to-bucket distribution show ip cef exact-route src-ip dst-ip – shows NH and interface for source/destination IP pair Change load balancing method (not recommended): (config-if)# ip load-sharing per-packet 27
  • CEF polarization • Hash algorithm is deterministic, meaning that for the same source/destination IP pair the bucket (outgoing link) is the same. • Result is that some links can be underutilized (especially if we have chain of routers with ECMP). • One possible solution is to include L4 ports in hashing (if supported): (config)# ip cef load-sharing algorithm include-ports [source [destination]] 28
  • Static Routing • The way to install an entry in RIB manually • Usually overrides entries installed via dynamic routing protocols • Advantage: gives full control over path selection in your network • Main disadvantage: huge administrative burden • Syntax: (config)# ip route prefix mask [NH-IP | interface [NH-IP]] [distance] [track track] • Verification: # show ip route [static] 29
  • Static Routing (cont.) There are three different ways to configure where the traffic should go for specific prefix: • By specifying next-hop IP address • By specifying outgoing interface • By specifying both 30
  • Static Routing to next-hop • Recursive lookup is required to find outgoing interface • On multipoint interfaces resolution of next-hop IP address is required (ARP cache, Frame Relay/ATM mapping) • Static route is installed into RIB only if recursive lookup is successful (outgoing interface was found) • It will stay in RIB even if next-hop is covered only by valid default route 31
  • Static Routing to outgoing interface • Recursive lookup is not required because we know outgoing interface • On point-to-point interface we can send the packet right away • On multipoint interface first we need to find L2 address for destination IP • For every new destination IP address in the packet we will install entry in ARP cache • It can still work if Proxy Arp is enabled (which is enabled by default in IOS) • Static route is installed into RIB only if line protocol (for outgoing interface) is up • Use only for point-to-point interfaces! 32
  • Static Routing to outgoing interface and NH • Recursive lookup is not required because we know outgoing interface • On point-to-point interface we can send the packet right away • On multipoint interface first we need to find L2 address for next- hop IP address • Static route is installed into RIB only if line protocol of outgoing interface is up 33
  • Floating static routes • Floating static route is a route that has AD higher than default and is not installed into RIB under normal operation, because there is another preferred path • Once primary path fails floating static route can be installed • For example: • Primary static default route with AD 1 and tracking (based on IP SLA) or BFD • Secondary static default route with AD 2 or higher • Once tracking object/BFD goes down, primary route is deleted from RIB and secondary route is installed 34
  • Recursive lookup for static routes - exercise • R1 has one interface up/up with IP in subnet 188.1.12.0/24. You configure the following: Question: Which static routes will be installed in RIB? 35
  • Recursive lookup for static routes - rule Answer: Rule: If the best route for the next hop also covers the entire address space of the static route under the question, it will NOT be installed. 36
  • Additional Resources • Inside Cisco IOS Software Architecture (Russ White) book • IP Routing FAQ • Switching Paths • Load Balancing with CEF • Troubleshooting load balancing with CEF • CAM vs TCAM • CEF polarization 37 http://www.amazon.com/Inside-Software-Architecture-Professional-Development/dp/1587058162 http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/28745-44.html http://www.cisco.com/c/en/us/support/docs/ip/express-forwarding-cef/13706-20.html http://www.cisco.com/en/US/products/hw/modules/ps2033/prod_technical_reference09186a00800afeb7.html http://www.cisco.com/c/en/us/support/docs/ip/express-forwarding-cef/18285-loadbal-cef.html https://supportforums.cisco.com/document/60831/cam-content-addressable-memory-vs-tcam-ternary-content-addressable-memory http://www.cisco.com/c/en/us/support/docs/ip/express-forwarding-cef/116376-technote-cef-00.html
  • Questions? 38
Comments
Top