Page 206

Understanding the Output from Diagnostic Commands

169

The Netflow switching process is very efficient: an incoming packet is

processed by the fast or optimum switching process, and then all path and
packet information is copied to the Netflow cache. The remaining packets
that belong to the flow are compared to the Netflow cache and forwarded
accordingly.

The first packet that is copied to the Netflow cache contains all security and

routing information, and if an access-list is applied to an interface, the first
packet is matched against it. If it matches the access-list criteria, the cache
is flagged so that the remaining packets in the flow can be switched without
being compared to the list (this is very effective when a large amount of access-
list processing is required).

Do you remember reading that distributed switching on VIP cards is really

efficient because it lessens the load to the RSP? Well, Netflow switching can
also be configured on VIP interfaces.

Netflow gives you amenities, such as the security flag in the cache that

allows subsequent packets of an established flow to avoid access-list process-
ing. It's comparable to optimum and distributed switching, and it is actually
superior to them if access-lists (especially long ones) are placed in the switch-
ing path. The detailed information Netflow gathers and exports does load
down the system, however, so plan carefully before implementing Netflow
switching on a router.

Cisco Express Forwarding

Cisco Express Forwarding (CEF)

is a switching function, designed for high-

end backbone routers. It functions on Layer 3 of the OSI model, and its big-
gest asset is the capability to remain stable in a large network. However, it's
also more efficient than both the fast and optimum default switching paths.

CEF is wonderfully stable in large environments because it doesn't rely on

cached information. Instead of using a CEF cache, it refers to two alternate
resources. The Forwarding Information Base (FIB) consists of information
duplicated from the IP route table. Every time the routing information
changes, the changes are propagated to the FIB. Thus, instead of comparing
old cache information, a packet looks to the FIB for its forwarding informa-
tion. CEF stores the Layer 2 MAC addresses of connected routers (or next-
hop) in the adjacency table.

Even though CEF features advanced capabilities, you should consider sev-

eral restrictions before implementing CEF on a router. According to the
document "Cisco Express Forwarding," available from the Cisco Web page
Cisco Connection Online (CCO) at www.cisco.com, system requirements
are quite high. The processor should have at least 128MB of RAM, and the
line cards should have 32MB each. dCEF, distributed CEF, takes the place of

www.sybex.com