Deploying Cisco Express Forwarding – CEF-Based Multilayer Switching
CEF-based tables and MLS lookups

CEF Based Tables
CEF-based tables are initially populated and used as follows:

  • The FIB is derived from the IP routing table and is arranged for maximum lookup throughput.
  • The adjacency table is derived from the Address Resolution Protocol table, and it contains Layer 2 rewrite (MAC) information for the next hop.
  • CEF IP destination prefixes are stored in the TCAM table from the most specific to the least specific entry.
  • When the CEF TCAM table is full, a wildcard entry redirects to the Layer 3 engine.
  • When the adjacency table is full, a CEF TCAM table entry points to the Layer 3 engine to redirect the adjacency.
  • The FIB lookup is based on the Layer 3 destination address prefix (longest match).

FIB Table Updates
The FIB table is updated when the following occurs:

  • An ARP entry for the destination next hop changes, ages out, or is removed.
  • The routing table entry for a prefix changes.
  • The routing table entry for the next hop changes.

These are the basic steps that occur to initially populate the adjacency table:

Step 1 The Layer 3 engine queries the switch for a physical MAC address.
Step 2 The switch selects a MAC address from the chassis MAC range and assigns it to the Layer 3 engine. This MAC address is assigned by the Layer 3 engine as a burned-in address for all VLANs and is used by the switch to initiate Layer 3 packet lookups.
Step 3 The switch installs wildcard CEF entries, which point to drop adjacencies (for handling CEF table lookup misses).
Step 4 The Layer 3 engine informs the switch of its interfaces participating in MLS (MAC address and associated VLAN). The switch creates the (MAC, VLAN) Layer 2 CAM entry for the Layer 3 engine.
Step 5 The Layer 3 engine informs the switch about features for interfaces participating in MLS.
Step 6 The Layer 3 engine informs the switch about all CEF entries related to its interfaces and connected networks. The switch populates the CEF entries and points them to Layer 3 engine redirect adjacencies.

Ternary Content Addressable Memory Table - TCAM
The Ternary Content Addressable Memory (TCAM) is a specialized piece of memory designed for rapid, hardware based table lookups of Layer 3 and 4 information. In the TCAM a single lookup provides all Layer 2 and Layer 3 forwarding information for frames including CAM and ACL information.

Figure displays the ACL information stored in the TCAM table that would result in a packet being permitted or denied. The following platforms use TCAMs for Layer 3 switching:Catalyst 6500, 4500, 4000 and 3550

TCAM matching is based on three values: 0, 1, or x (where x is either number), hence the term ternary. The memory structure is broken into a series of patterns and masks. Masks are shared among a specific number of patterns and are used to wildcard some content fields.

These two access control entries (ACEs) are referenced in the figure as it shows how their values would be stored in the TCAM:

access-list 101 permit ip host 10.1.1.1 any
access-list 101 deny ip 10.1.1.0 0.0.0.255 any

The TCAM table entries in the figure consist of types of regions:

  • Longest-match region – Each longest-match region consists of groups of Layer 3 address entries ("buckets") organized in decreasing order by mask length. All entries within a bucket share the same mask value and key size. The buckets can change their size dynamically by borrowing address entries from neighboring buckets. Although the size of the whole protocol region is fixed, you can reconfigure it. The reconfigured size of the protocol region is effective only after the next system reboot.
  • First-match region – The first-match region consists of ACL entries. Lookup stops after first match of the entry.