Analyzing the Forwarding Path

Analyzing the Forwarding Path

Cisco IOS switching defines the packet flow through the router. More specifically, it determines how quickly the packet can be forwarded through the router, and also in which physical buffers the packets are stored.

During the history of Cisco IOS, multiple switching methods have been developed. Some methods are supported only on particular platforms. CEF is the latest switching method. When CEF is enabled globally (default behavior), the ip route-cache cef interface specific command is also enabled. This command ensures CEF switching is done for packets that enter this interface. Occasionally, if needed to disable CEF on one interface alone, the no ip route-cache cef command is added. This disables CEF switching for that interface alone. Cisco IOS does not add the no ip route-cache command to the running-config on its own when it is forced to disable CEF. It was introduced on many platforms in Cisco IOS 12.0 mainline, particularly low- and mid-range platforms such as the Cisco 1600, 2500, and 3600 Series.

When a router receives a packet on a routed interface, it first removes the Layer 2 (L2) frame information. It then stores the Layer 3 (L3) packet in Input/Output (I/O) memory. What happens next depends on the switching path that the packet follows.

Verification Procedure

These steps can be used to confirm that packets follow the CEF switching path:

  1. Confirm that CEF is enabled globally and on a particular interface.

    router#show ip cef
    %CEF not running
    1. Use the ip cef command in global configuration mode to enable (central) CEF.

      Note: On the Cisco 7200 Series, CEF is the default Cisco IOS switching method in an upcoming release of Cisco IOS.

    2. Use the show ip cef prefix command and confirm that prefixes are listed.

      router#show ip cef
      Prefix              Next Hop            Interface          receive      attached            Serial2/0/0:1      receive
  2. Confirm that CEF is enabled on a particular interface.

    1. Use the show cef interface x/x command to look for "IP CEF switching enabled," or "IP distributed CEF (dCEF) switching enabled."

      router#show cef interface fastEthernet 0/0/0 
      FastEthernet0/0/0 is up (if_number 2) 
        Internet address is 
        ICMP redirects are always sent 
        Per packet loadbalancing is disabled 
        Inbound  access list is not set 
        Hardware idb is FastEthernet0/0/0 
        Fast switching type 1, interface type 18 
        IP Distributed CEF switching enabled 
        Fast flags 0x0. ifindex 1(1) 
        Slot 0 Slot unit 0 VC -1 
        Hardware transmit queue ptr 0x48001A00 (0x48001A00) 
        Transmit limit accumulator 0x48001A02 (0x48001A02) 
        IP MTU 1500
    2. Use the show ip interface command to display the enabled Cisco IOS switching methods.

      router#show ip interface fastethernet 1/0/0.1 
       FastEthernet1/0/0.1 is up, line protocol is up 
         IP fast switching is enabled 
         IP fast switching on the same interface is enabled 
         IP Flow switching is disabled 
         IP CEF switching is enabled 
         IP Distributed switching is enabled 
         IP Fast switching turbo vector 
         IP Normal CEF switching turbo vector 
         IP multicast fast switching is enabled 
         IP multicast distributed fast switching is disabled 
         IP route-cache flags are Fast, Distributed, No CEF

      In this output, the "No CEF" flag indicates that CEF has been disabled because of the no ip route-cache cef command on a particular interface. The "CEF" flag indicates that CEF runs. 

  3. Confirm that a majority of the packets that flow through the router are CEF-switched.

    1. Use the show interface x/x stat command and determine the number of packets and bytes that the router forwarded through "Processor" instead of "Route cache." Note that "Route cache" includes both fast-switched and CEF-switched packets.

      router#show interface stats     
      Switching path Pkts In  Chars In Pkts Out Chars Out 
      Processor 95084 26211621 33493 3386174 
      Route cache 24581 1132797 24542 13297583 
      Distributed cache 0 0 0 0 
      Total  119665 27344418 58035 16683757
    2. Use the show ip cache command to determine if there is an IP cache entry, which indicates that the packet follows the fast-switching path. Fast switching builds on an on-demand route cache to expedite packet forwarding through a router. The driver code that runs on the interface hardware transfers control temporarily to the fast-switching code, which searches the route cache for a frame and other information constructed from a previously transmitted packet. If the route cache contains an entry, the fast-switching code attempts to send the packet directly to the destination interface.

      router#show ip cache
      IP routing cache 0 entries, 0 bytes 
         0 adds, 0 invalidates, 0 refcounts
      Minimum invalidation interval 2 seconds, maximum interval 5 seconds, 
         quiet interval 3 seconds, threshold 0 requests 
      Invalidation rate 0 in last second, 0 in last 3 seconds 
      Prefix/Length       Age       Interface       Next Hop

      These steps outline a more specific procedure for verifying that packets are being forwarded using CEF.

    3. Enable CEF with the ip cef command.

    4. Issue the clear ip cache command to clear the fast-switched cache entries.

    5. Start your traffic stream.

    6. Issue the show ip cache command. Confirm that no entries are displayed in the fast-switched cache since the packets are CEF-switched.

    7. Issue the show interface stats command and confirm incremental hits for route cache inbound.

      Note: The route cache counter includes both fast-switched and CEF-switched packets.

    8. Disable CEF with the no ip route-cache cef command on the inbound interface.

    9. Issue the show interface stats command and confirm incremental hits for route cache.

    10. Issue the show ip cache command and confirm that you see entries since Cisco IOS has fallen back to fast switching.

    11. Issue the no ip route-cache command on the outbound interface to disable fast switching. Packets on the matching inbound interface are process switched.

      Note: It is not recommended to configure process switching in a heavy traffic network.

  4. If you have confirmed that CEF is enabled on a router interface and determined that most packets are not CEF-switched, capture these commands when you report a problem to the Cisco Technical Assistance Center (TAC).

    The input interface determines the Cisco IOS switching path that a packet takes. Consider these rules of thumb when you enable or disable switching methods on a particular interface.

    Incoming Interface

    Outgoing Interface

    Switching Method








    Fast Switching (IP route cache)

    Fast Switching


    Fast Switching



    In other words, you need CEF to be enabled on the incoming interface for packets to be CEF switched. Since CEF makes the forwarding decision on input, use the no ip route-cache cef command on the ingress interface to disable CEF. In contrast, since Cisco IOS builds a fast-switching cache entry after switching a packet, a packet that comes in on a process-switched interface and goes out through a fast-switched interface is fast switched, use the no ip route-cache command on the egress interface to disable fast switching. These traffic types are not CEF switched:

    • show cef interface x/x—Displays CEF related interface information.

    • show ip cef prefix —Displays prefix entry in Forwarding Information Base (FIB).

    • show adjacency interface detail—Displays recursive and direct prefixes resolved through adjacency.

    • show cef not-cef-switched—Displays which packets are not CEF-switched.

    • debug ip cef drop—Displays debug information for CEF-dropped packets.

    • Packets for which there is no entry in the switching cache

    • Packets destined for the router

    • Broadcast traffic

    • IP packets with options

    • Packets that require protocol translation

    • Encrypted traffic


 For Support