Process Switching vs. Fast/CEF Switching?

Discussion in 'Cisco' started by asdf, May 27, 2007.

  1. asdf

    asdf Guest

    I'm looking at this pdf

    I'm looking to buy a couple of used routers on eBay but I don't want to
    buy more than I need, or mislead myself into thinking one will be
    "faster" than another for my specific needs.

    I will be using a router to NAT outbound LAN web traffic using ext
    access lists. This router will also destination NAT inbound traffic to
    various web services based on ext access lists. If a packet doesn't get
    NATed by the router, it won't have anywhere to arrive on my network.

    Is what I am describing "Process Switching", or "Fast/CEF Switching"?
    If it is Process Switching, the pdf would indicate it doesn't really
    matter whether I get a 1720 or a 2621XM (other than that I have to deal
    with counterfeit WIC-1ENET modules on eBay to give the 1700 two NAT sides).

    This is all for a 3.0/512 ADSL internet connection, so the upstream is
    trivial but the downstream can get up to around 2.8mbps in the real world.
    asdf, May 27, 2007
    1. Advertisements

  2. asdf

    Eric Guest

    NAT is handled by CEF on those models. Access lists too. These is some process
    overhead to set up NAT and a flow, but only on the initial packets.
    Eric, May 28, 2007
    1. Advertisements

  3. asdf

    Thrill5 Guest

    I could be wrong but I don't believe that NAT is done in hardware on the
    2600 or 1700 platform. What documentation did you find that said that?

    If I had a choice between a 2621XM and a 1720, I would pick the 2621XM.
    More slots and built in Ethernet ports. The WIC-1ENET can't even come
    close to doing 10 Mbit even at half duplex. I haven't seen any numbers but
    I would suspect that the throughput is only around 1 or 2MB/s. The 2621XM
    has two built-in 10/100 Ethernet ports.

    Thrill5, May 29, 2007
  4. Hi,

    I don't think too that either 1700 and 2600[XM] series have an ASIC for
    hardware assisted NAT.

    cisco 1720 has a declared pps rate of 8500 while a 2621XM is at 30000

    With a pretty simplistic approach, not counting overhead from router
    processes ( NAT, firewall, auditing, etc. ) and encapsulation; using 1500 as
    a typical packet length on a a 1720 you could have about 6Mbps (Full Duplex)
    while on a 2621XM 22Mbps (Full Duplex)

    For an ADSL both are enough. ( if your typical packet size if very
    different, also the estimate is very different (e.g. @576 you have a 2,4Mbps
    for 1720 and 8,6Mbps for 2621XM )

    Gabriele Beltrame, May 29, 2007
  5. asdf

    Eric Guest

    It's not an "asic" as referred to in the other thread, but there are separate cpus
    for the I/O interfaces vs the "control plane", or main processor. The quoted PPS
    rates for both units are based on the packets being switched at the forwarding level
    using the dedicated I/O processors. If there is a need to bump all the packets up to
    the control plane for processing, the effective PPS is reduced by a factor of 10 or

    What I was saying is that the forwarding engines (CEF) are NAT-aware and do apply the
    actual NAT translations without resorting to the main processor. Except for the
    first packets of a flow which are established at the control plane level.

    You can see the effect of this with a SH INT STAT and get something like what is
    shown below. This interface is a NAT-enable external interface on a 3640. You can
    see that there are many, many more packets processed at the "route cache" level (CEF)
    vs the "processor", even though virtually all of the traffic through that interface
    is NATed.

    Switching path Pkts In Chars In Pkts Out Chars Out
    Processor 2364063 2242319325 1223883 77738393
    Route cache 19579136 546755255 13700636 1885228605
    Total 21943199 2789074580 14924519 1962966998

    Compared to a 1720 which in this configuration has only one interface active, and
    nearly all the traffic is directed to a loopback, which must be handled by the main

    Switching path Pkts In Chars In Pkts Out Chars Out
    Processor 170903742 2582129150 83484624 3366610322
    Route cache 61567 5099859 0 0
    Total 170965309 2587229009 83484624 3366610322
    Eric, May 29, 2007
  6. No, the 2600 and 1700 platforms are based on a MPC860 processor, which
    is a single PowerPC core with some embedded controllers (which are not
    Christophe Fillot, May 29, 2007
  7. asdf

    Eric Guest

    Controller, CPU, the point is that on an 2600 (and I think a 1700) there exists a
    path such that packets can flow in one interface (or sub-interface) and out another
    without interrupting the main processor. And still get NAT and access-list
    processing accomplished. Even if the forwarding was implemented on the same set of
    hardware, the path length is much shorter and maintains the max PPS rate even with
    NAT enabled, which was the original question I was trying to answer. NAT on 2600 and
    1700s does not require the "processor" path on a per-packet basis. The 2621XM will
    be much faster than a 1720; you won't lose the PPS rating just because you enabled

    Here is a 2620 with VLANs on FA0/0:

    2620>sh int stat
    Switching path Pkts In Chars In Pkts Out Chars Out
    Processor 286247923 3043810484 9691225 894928878
    Route cache 4890497 3019991515 5188979 3081869475
    Total 291138420 6063801999 14880204 3976798353

    2620>sh ip cef summ
    IP CEF with switching (Table Version 525), flags=0x0
    72 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 2
    10 instant recursive resolutions, 0 used background process
    72 leaves, 42 nodes, 55576 bytes, 512 inserts, 440 invalidations
    17 load sharing elements, 6392 bytes, 17 references
    universal per-destination load sharing algorithm, id 495B891C
    3(0) CEF resets, 31 revisions of existing leaves
    Resolution Timer: Exponential (currently 1s, peak 1s)
    23 in-place/0 aborted modifications
    refcounts: 11252 leaf, 11008 node

    Table epoch: 0 (72 entries at this epoch)

    Adjacency Table has 6 adjacencies

    - Eric
    Eric, May 29, 2007
  8. Clearly, no. This is a pure software platform. The MPC860 has no
    advanced hardware feature like that.
    You make a confusion between process switching vs Fast/CEF switching vs
    hardware forwarding.

    In process switching, the packets are received and then queued to a
    process called "IP Input" to be forwarded later. In Fast/CEF switching
    on a software platform, the packets are switched during a network
    interrupt but the work is still done by the main CPU.
    Christophe Fillot, May 29, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.