Only the first few packets for a connected destination reach the Layer 3
engine so that the Layer 3 engine can use Address Resolution Protocol (ARP) to
locate the host. Throttling adjacency is installed so that subsequent packets
to that host are dropped in hardware until an ARP response is received. The
throttling adjacency is removed when an ARP reply is received (and a complete
rewrite adjacency is installed for the host). The switch removes throttling
adjacency if no ARP reply is seen within 2 seconds to allow more packets
through to reinitiate ARP. This relieves the Layer 3 engine from excessive ARP
processing or from ARP-based denial of service attacks.
The figure
provides an
example of ARP throttling, which consists of these steps:
Step 1 Host A sends packet to host B.
Step 2 The switch forwards the packet to the Layer 3 engine
based on the "glean" entry in the FIB.
Step 3 The Layer 3 engine sends an ARP request for host B
and installs the drop adjacency for host B.
Step
4 Host B responds to the ARP request.
The Layer 3 engine
installs adjacency for host B and removes the drop adjacency. The adjacency
table is populated as adjacencies are discovered. Each time an adjacency entry
is created (such as through the ARP protocol), a link-layer header for that
adjacent node is precomputed and stored in the adjacency table. After a route
is determined, it points to a next hop and corresponding adjacency entry. The
route is subsequently used for encapsulation during CEF switching of
packets.
A route might have several paths to a destination prefix, such
as when a router is configured for simultaneous load balancing and redundancy.
For each resolved path, a pointer is added for the adjacency corresponding to
the next-hop interface for that path. This mechanism is used for load balancing
across several paths.
In addition to adjacencies associated with next-hop
interfaces (host-route adjacencies), other types of adjacencies are used to
expedite switching when certain exception conditions exist. When the prefix is
defined, prefixes requiring exception processing are cached with one of the
following special adjacencies:
-
Null adjacency – Packets destined for a "Null0" interface
are dropped. This can be used as an effective form of access filtering.
-
Glean adjacency – When a router is connected directly to several
hosts, the FIB table on the router maintains a prefix for the subnet rather
than for the individual host prefixes. The subnet prefix points to a glean
adjacency. When packets need to be forwarded to a specific host, the adjacency
database is gleaned for the specific prefix.
-
Punt adjacency – Features that require special handling, or features
that are not yet supported in conjunction with CEF switching paths, are
forwarded to the next switching layer for handling; for example, the packet may
require CPU processing. Features that are not supported are forwarded to the
next higher switching level.
-
Discard adjacency – Packets are discarded.
-
Drop adjacency – Packets are dropped, but the prefix is
checked.
When a link-layer header is appended to packets, FIB requires the
appended header to point to an adjacency corresponding to the next hop. If an
adjacency was created by FIB and not discovered through a mechanism such as
ARP, the Layer 2 addressing information is not known and the adjacency is
considered incomplete. After the Layer 2 information is known, the packet is
forwarded to the route processor, and the adjacency is determined through
ARP.