Process Switching vs. Fast/CEF Switching?

Discussion in 'Cisco' started by asdf, May 27, 2007.

  1. asdf

    asdf Guest

    I'm looking at this pdf

    http://www.cisco.com/warp/public/765/tools/quickreference/routerperformance.pdf

    I'm looking to buy a couple of used routers on eBay but I don't want to
    buy more than I need, or mislead myself into thinking one will be
    "faster" than another for my specific needs.

    I will be using a router to NAT outbound LAN web traffic using ext
    access lists. This router will also destination NAT inbound traffic to
    various web services based on ext access lists. If a packet doesn't get
    NATed by the router, it won't have anywhere to arrive on my network.

    Is what I am describing "Process Switching", or "Fast/CEF Switching"?
    If it is Process Switching, the pdf would indicate it doesn't really
    matter whether I get a 1720 or a 2621XM (other than that I have to deal
    with counterfeit WIC-1ENET modules on eBay to give the 1700 two NAT sides).

    This is all for a 3.0/512 ADSL internet connection, so the upstream is
    trivial but the downstream can get up to around 2.8mbps in the real world.
     
    asdf, May 27, 2007
    #1
    1. Advertising

  2. asdf

    Eric Guest

    On Sun, 27 May 2007 19:53:10 GMT, asdf <> wrote for the entire planet to
    see:
    <snip>
    >I will be using a router to NAT outbound LAN web traffic using ext
    >access lists. This router will also destination NAT inbound traffic to
    >various web services based on ext access lists. If a packet doesn't get
    >NATed by the router, it won't have anywhere to arrive on my network.
    >
    >Is what I am describing "Process Switching", or "Fast/CEF Switching"?
    >If it is Process Switching, the pdf would indicate it doesn't really
    >matter whether I get a 1720 or a 2621XM (other than that I have to deal
    >with counterfeit WIC-1ENET modules on eBay to give the 1700 two NAT sides).


    NAT is handled by CEF on those models. Access lists too. These is some process
    overhead to set up NAT and a flow, but only on the initial packets.
     
    Eric, May 28, 2007
    #2
    1. Advertising

  3. asdf

    Thrill5 Guest

    I could be wrong but I don't believe that NAT is done in hardware on the
    2600 or 1700 platform. What documentation did you find that said that?

    If I had a choice between a 2621XM and a 1720, I would pick the 2621XM.
    More slots and built in Ethernet ports. The WIC-1ENET can't even come
    close to doing 10 Mbit even at half duplex. I haven't seen any numbers but
    I would suspect that the throughput is only around 1 or 2MB/s. The 2621XM
    has two built-in 10/100 Ethernet ports.

    Scott
    "Eric" <> wrote in message
    news:...
    > On Sun, 27 May 2007 19:53:10 GMT, asdf <> wrote for the
    > entire planet to
    > see:
    > <snip>
    >>I will be using a router to NAT outbound LAN web traffic using ext
    >>access lists. This router will also destination NAT inbound traffic to
    >>various web services based on ext access lists. If a packet doesn't get
    >>NATed by the router, it won't have anywhere to arrive on my network.
    >>
    >>Is what I am describing "Process Switching", or "Fast/CEF Switching"?
    >>If it is Process Switching, the pdf would indicate it doesn't really
    >>matter whether I get a 1720 or a 2621XM (other than that I have to deal
    >>with counterfeit WIC-1ENET modules on eBay to give the 1700 two NAT
    >>sides).

    >
    > NAT is handled by CEF on those models. Access lists too. These is some
    > process
    > overhead to set up NAT and a flow, but only on the initial packets.
    >
    >
     
    Thrill5, May 29, 2007
    #3
  4. "Thrill5" <> ha scritto nel messaggio
    news:...
    >I could be wrong but I don't believe that NAT is done in hardware on the
    >2600 or 1700 platform. What documentation did you find that said that?
    >
    > If I had a choice between a 2621XM and a 1720, I would pick the 2621XM.
    > More slots and built in Ethernet ports. The WIC-1ENET can't even come
    > close to doing 10 Mbit even at half duplex. I haven't seen any numbers
    > but I would suspect that the throughput is only around 1 or 2MB/s. The
    > 2621XM has two built-in 10/100 Ethernet ports.
    >
    > Scott
    > "Eric" <> wrote in message
    > news:...
    >> On Sun, 27 May 2007 19:53:10 GMT, asdf <> wrote for the
    >> entire planet to
    >> see:
    >> <snip>
    >>>I will be using a router to NAT outbound LAN web traffic using ext
    >>>access lists. This router will also destination NAT inbound traffic to
    >>>various web services based on ext access lists. If a packet doesn't get
    >>>NATed by the router, it won't have anywhere to arrive on my network.
    >>>
    >>>Is what I am describing "Process Switching", or "Fast/CEF Switching"?
    >>>If it is Process Switching, the pdf would indicate it doesn't really
    >>>matter whether I get a 1720 or a 2621XM (other than that I have to deal
    >>>with counterfeit WIC-1ENET modules on eBay to give the 1700 two NAT
    >>>sides).

    >>
    >> NAT is handled by CEF on those models. Access lists too. These is some
    >> process
    >> overhead to set up NAT and a flow, but only on the initial packets.
    >>
    >>

    >
    >


    Hi,

    I don't think too that either 1700 and 2600[XM] series have an ASIC for
    hardware assisted NAT.

    cisco 1720 has a declared pps rate of 8500 while a 2621XM is at 30000

    With a pretty simplistic approach, not counting overhead from router
    processes ( NAT, firewall, auditing, etc. ) and encapsulation; using 1500 as
    a typical packet length on a a 1720 you could have about 6Mbps (Full Duplex)
    while on a 2621XM 22Mbps (Full Duplex)

    For an ADSL both are enough. ( if your typical packet size if very
    different, also the estimate is very different (e.g. @576 you have a 2,4Mbps
    for 1720 and 8,6Mbps for 2621XM )


    Regards,
    Gabriele
     
    Gabriele Beltrame, May 29, 2007
    #4
  5. asdf

    Eric Guest

    On Mon, 28 May 2007 23:30:27 -0400, "Thrill5" <> wrote for the
    entire planet to see:

    >I could be wrong but I don't believe that NAT is done in hardware on the
    >2600 or 1700 platform. What documentation did you find that said that?


    It's not an "asic" as referred to in the other thread, but there are separate cpus
    for the I/O interfaces vs the "control plane", or main processor. The quoted PPS
    rates for both units are based on the packets being switched at the forwarding level
    using the dedicated I/O processors. If there is a need to bump all the packets up to
    the control plane for processing, the effective PPS is reduced by a factor of 10 or
    so.

    What I was saying is that the forwarding engines (CEF) are NAT-aware and do apply the
    actual NAT translations without resorting to the main processor. Except for the
    first packets of a flow which are established at the control plane level.

    You can see the effect of this with a SH INT STAT and get something like what is
    shown below. This interface is a NAT-enable external interface on a 3640. You can
    see that there are many, many more packets processed at the "route cache" level (CEF)
    vs the "processor", even though virtually all of the traffic through that interface
    is NATed.

    FastEthernet1/0
    Switching path Pkts In Chars In Pkts Out Chars Out
    Processor 2364063 2242319325 1223883 77738393
    Route cache 19579136 546755255 13700636 1885228605
    Total 21943199 2789074580 14924519 1962966998

    Compared to a 1720 which in this configuration has only one interface active, and
    nearly all the traffic is directed to a loopback, which must be handled by the main
    processor:

    FastEthernet0
    Switching path Pkts In Chars In Pkts Out Chars Out
    Processor 170903742 2582129150 83484624 3366610322
    Route cache 61567 5099859 0 0
    Total 170965309 2587229009 83484624 3366610322
     
    Eric, May 29, 2007
    #5
  6. Eric wrote:
    > On Mon, 28 May 2007 23:30:27 -0400, "Thrill5" <> wrote for the
    > entire planet to see:
    >
    >
    >>I could be wrong but I don't believe that NAT is done in hardware on the
    >>2600 or 1700 platform. What documentation did you find that said that?

    >
    >
    > It's not an "asic" as referred to in the other thread, but there are separate cpus
    > for the I/O interfaces vs the "control plane", or main processor.


    No, the 2600 and 1700 platforms are based on a MPC860 processor, which
    is a single PowerPC core with some embedded controllers (which are not
    CPUs).
     
    Christophe Fillot, May 29, 2007
    #6
  7. asdf

    Eric Guest

    On Tue, 29 May 2007 16:46:04 +0200, Christophe Fillot <> wrote for the
    entire planet to see:

    >Eric wrote:
    >> On Mon, 28 May 2007 23:30:27 -0400, "Thrill5" <> wrote for the
    >> entire planet to see:
    >>
    >>
    >>>I could be wrong but I don't believe that NAT is done in hardware on the
    >>>2600 or 1700 platform. What documentation did you find that said that?

    >>
    >>
    >> It's not an "asic" as referred to in the other thread, but there are separate cpus
    >> for the I/O interfaces vs the "control plane", or main processor.

    >
    >No, the 2600 and 1700 platforms are based on a MPC860 processor, which
    >is a single PowerPC core with some embedded controllers (which are not
    >CPUs).


    Controller, CPU, the point is that on an 2600 (and I think a 1700) there exists a
    path such that packets can flow in one interface (or sub-interface) and out another
    without interrupting the main processor. And still get NAT and access-list
    processing accomplished. Even if the forwarding was implemented on the same set of
    hardware, the path length is much shorter and maintains the max PPS rate even with
    NAT enabled, which was the original question I was trying to answer. NAT on 2600 and
    1700s does not require the "processor" path on a per-packet basis. The 2621XM will
    be much faster than a 1720; you won't lose the PPS rating just because you enabled
    NAT.

    Here is a 2620 with VLANs on FA0/0:

    2620>sh int stat
    FastEthernet0/0
    Switching path Pkts In Chars In Pkts Out Chars Out
    Processor 286247923 3043810484 9691225 894928878
    Route cache 4890497 3019991515 5188979 3081869475
    Total 291138420 6063801999 14880204 3976798353

    2620>sh ip cef summ
    IP CEF with switching (Table Version 525), flags=0x0
    72 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 2
    10 instant recursive resolutions, 0 used background process
    72 leaves, 42 nodes, 55576 bytes, 512 inserts, 440 invalidations
    17 load sharing elements, 6392 bytes, 17 references
    universal per-destination load sharing algorithm, id 495B891C
    3(0) CEF resets, 31 revisions of existing leaves
    Resolution Timer: Exponential (currently 1s, peak 1s)
    23 in-place/0 aborted modifications
    refcounts: 11252 leaf, 11008 node

    Table epoch: 0 (72 entries at this epoch)

    Adjacency Table has 6 adjacencies


    - Eric
     
    Eric, May 29, 2007
    #7
  8. Eric wrote:

    > Controller, CPU, the point is that on an 2600 (and I think a 1700) there exists a
    > path such that packets can flow in one interface (or sub-interface) and out another
    > without interrupting the main processor. And still get NAT and access-list
    > processing accomplished.


    Clearly, no. This is a pure software platform. The MPC860 has no
    advanced hardware feature like that.

    > Even if the forwarding was implemented on the same set of
    > hardware, the path length is much shorter and maintains the max PPS rate even with
    > NAT enabled, which was the original question I was trying to answer. NAT on 2600 and
    > 1700s does not require the "processor" path on a per-packet basis. The 2621XM will
    > be much faster than a 1720; you won't lose the PPS rating just because you enabled
    > NAT.
    >
    > Here is a 2620 with VLANs on FA0/0:
    >
    > 2620>sh int stat
    > FastEthernet0/0
    > Switching path Pkts In Chars In Pkts Out Chars Out
    > Processor 286247923 3043810484 9691225 894928878
    > Route cache 4890497 3019991515 5188979 3081869475
    > Total 291138420 6063801999 14880204 3976798353


    You make a confusion between process switching vs Fast/CEF switching vs
    hardware forwarding.

    In process switching, the packets are received and then queued to a
    process called "IP Input" to be forwarded later. In Fast/CEF switching
    on a software platform, the packets are switched during a network
    interrupt but the work is still done by the main CPU.

    > 2620>sh ip cef summ
    > IP CEF with switching (Table Version 525), flags=0x0
    > 72 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 2
    > 10 instant recursive resolutions, 0 used background process
    > 72 leaves, 42 nodes, 55576 bytes, 512 inserts, 440 invalidations
    > 17 load sharing elements, 6392 bytes, 17 references
    > universal per-destination load sharing algorithm, id 495B891C
    > 3(0) CEF resets, 31 revisions of existing leaves
    > Resolution Timer: Exponential (currently 1s, peak 1s)
    > 23 in-place/0 aborted modifications
    > refcounts: 11252 leaf, 11008 node
    >
    > Table epoch: 0 (72 entries at this epoch)
    >
    > Adjacency Table has 6 adjacencies
    >
    >
    > - Eric
    >
     
    Christophe Fillot, May 29, 2007
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jeff Specoli
    Replies:
    2
    Views:
    1,309
    Jesper Skriver
    Dec 16, 2003
  2. ETLALAR
    Replies:
    2
    Views:
    885
    Jesper Skriver
    Jan 19, 2004
  3. Gary
    Replies:
    5
    Views:
    942
    Terry Baranski
    Mar 4, 2004
  4. Bancal
    Replies:
    3
    Views:
    7,299
    Everton
    Oct 18, 2005
  5. comp.dcom.sys.cisco

    HARDWARE cef or SOFTWARE cef ?

    comp.dcom.sys.cisco, Mar 22, 2006, in forum: Cisco
    Replies:
    2
    Views:
    3,353
    comp.dcom.sys.cisco
    Mar 23, 2006
Loading...

Share This Page