Certifications & Learning

Cisco Express Forwarding Concepts

Standard

Cisco Express Forwarding (CEF) is a Cisco proprietary technology that allows their platform to move the forwarding decision from CPU down to hardware Application-Specific Integrated Circuits (ASICs).  The process of programming these ASICs requires two tables of information: the Forwarding Information Base and the Adjacency table.

The RIB starts construction in the control plane with the IOS software collecting all of the routes from the locally configured static, connected, and dynamic routing protocol (EIGRP, OSPF, BGP, ISIS, RIP) routes.  All of this information is collected and stored within the Routing Information Base (RIB) for each routing process on the device.  An example of a RIB would be the OSPF database.  The control plane does not eliminate routes at this point.  The RIB will contain all of the routes that it learns, regardless of whether they are the best route to the destination or not.

An LFIB is the forwarding information base for MPLS labels.  This is not utilized often in environments, but it is still an information source utilized by CEF to create its final table for making its decisions.

The router now goes through the selection process from each of the associated route types and their administrative distances to select which of all of the routes should go into the Forwarding Information Base (FIB).  Each time the RIBs are updated and a change needs to occur to the FIB, this update will occur.

At the same time each of the routing processes are compiling their information and are performing calculation on which routes are the best out of their RIB, the device is also building an adjacency table with layer 2 address to interface mapping.  ARP would be the most common example of this, with a MAC address being correlated with a specific physical interface.

With the two tables formed with information, CEF will now go through each forwarding entry and tie it to an adjacency entry.  This is then installed in the actual CEF table which is either placed in the lower level code for virtualized routers, or places it within actual ASICs in certain hardware platforms.

Some platforms are capable of performing Distributed CEF.  This would be useful in the case of the Catalyst 6500 series multicard chassis design.  Instead of sending the packets to the CEF ASICs in a centralized location on the supervisor cards, it can make these decisions locally on each line card, thus providing a linear scaling capability for each line card installed in the chassis.

CEF supports more than just Ethernet.  It can support High-Level Data Link Control, Tunnels, and PPP just to name a few that are more common.

In the event that Equal Cost Multi Pathing (ECMP) is enabled and multiple routes to the same prefix are available, CEF has a few options for load balancing.  CEF provides two options for load balancing: per-destination and per-packet.  Each has its own specific strength and weakness which I’ll discuss here.

Per-destination load balancing is the default behavior for CEF.  I know that it states as “per-destination,” but what it is really looking at is the source and destination pairing.  The reason why this is the default behavior is to allow for all of the packets to arrive in sequence, as some applications have a hard time recovering from out of order packets.  This is typically the most common configuration scenario.  There are a few reasons you would want to change this.  One scenario is where you have a high bandwidth application between two hosts.  These hosts will tend to cause a situation we call CEF polarization.  You will see symptoms of this when you look at the route options and seeing one path being more highly utilized than the other options.  The reason why you see this is due to the fact that the CEF load balancing algorithm only looks at the source and destination IPs, which if that does not change much for your traffic flow, you will have unequal utilization of paths.

A way to correct this is to include layer 4 information in the routing decision.  This might allow the polarization to be less noticeable if the traffic has multiple sessions to between the same two hosts which would utilize different source ports at the least, and sometimes it might even have different destination ports depending on the application.

If this does not alleviate your issue, the other option is to implement per-packet load balancing.  And this is just as it sounds.  Each packet will require CEF to select a different route by the use of a round-robin selection method.  This ensures that you have a more equalized utilization of the routing paths, but it still will not be perfectly equal due to the variability in packet sizes.  But as I stated earlier, this creates a scenario of packets arriving at the destination out of order and if the application does not like it, this can cause you problems.

References

IOS vs IOS XE

Standard

Legacy Cisco IOS

Cisco IOS (Internetwork Operating System) was Unix-based and originally designed in 1984 to implement routing functionality on Cisco hardware.  It was based upon a monolithic architecture which meant that any processes ran by the OS were stacked and interrelated.  This had two main issues with it:

  1. Memory was shared across all processes.  This meant that any process could modify or even  corrupt the memory of another process, causing more than just an issue with the process which initiated the issue.
  2. Run-to-completion scheduler.  All calls must go through the kernel, which will not interrupt any existing processes that have the CPU.  These processes must report back to the kernel when they are done before another process is allocated to the CPU.

Forwarding (Data) and Control plane functionality were thus combined into a single failure domain.  If an SNMP bug caused a buffer-overwrite condition which happened to overwrite the EIGRP process memory allocation, you are now affecting not only affecting the control plane, but also your forwarding plane, thus crashing the router and causing an outage.  In this same use case, if the SNMP process is being walked by a monitoring server while the EIGRP process needs to update the RIB, this process could be slowed down dramatically until the process finishes.

The original OS design worked without too many issues, as there weren’t many platforms that Cisco supported.  Each IOS version had to be written specifically for each platform to support the drivers and features necessary for the platform to function.  As Cisco acquired more companies, and customers requested additional features and functionality, maintaining the plethora of IOS trains became unmanageable.

Flexibility to deploy a new feature to market also became a problem.  Any new feature required a revision of the entire IOS binary rather than just making it an install-able package that utilized the underlying kernel for functionality.

 

IOS XE Features and Improvements

Cisco’s IOS XE resolves these issues from its predecessor through multiple changes.  The first main hurdle was to create a base OS image which would not only provide the capability of splitting up the forwarding and control plane, but it would also provide a standards based approach for installing any increased functionality in a timely fashion in the future.  Linux was determined to be the underlying platform of choice to create this capability.  Linux is now the underlying common infrastructure which makes the previous IOS features just software addons to the underlying OS.  Drivers could now be written with knowledgeable programmers from the Linux community which decreased hardware release schedules.  IOS was split up into the following packages:

  1. RPBase – Provides the operating system software for the route processor
  2. RPControl – Provides the control-plane processes that interface between Cisco IOS Software and the rest of the platform
  3. RPIOS – Provides the Cisco IOS Software kernel, which is where Cisco IOS Software features are stored and run; each consolidated image variant has a different RPIOS sub-package. This has recently come back to a single image standard, with licensing controlling the features available and not the IOS image in this package.
  4. RPAccess – Provides components to manage enhanced router access functionality (SSH, SNMP, HTTP as examples)
  5. SIPBase – Share interface processor (SIP) carrier card operating system and control processes
  6. SIPSPA – Provides the shared port adapter (SPA) driver and associated field-programmable device (FPD) images
  7. ESPBase – Provides the ESP operating system and control processes for the ESP software

Each of these can be restarted and upgraded as needed without causing the data plane to restart.  IOS XE contains two functions which finalize the separation of the control and data plane.  The Forwarding and Feature Manager (FFM) provides an API to the control plane processes and translates those instructions into meaningful changes in the control plane.  The FFM then utilizes the Forwarding Engine Driver (FED) to update the data plane to reflect the desired changes from the original API call to the FFM.

Application and process state have also been moved from memory to a database structure.  This allows for the process data to be synchronized more easily across processes since memory does not have to be shared nor do inter-process calls need to be executed.  Each process requiring the information can call to the centralized database and see the information stored within.  If a process must restart, it can be done so without losing the state of the crashed process.  The information can be reintroduced after the restart, thus increasing the high availability of the system.

Cisco Live 2018 – IOS XE Architecture for Programmability – BRKSDN-2666 – Jeff McLaughlin

IOS XE also provides the capability of running hosted applications in either an LXC or VM configuration.   Since IOS XE is just a Linux machine with software packages running on top of it, any Linux supported application can be implemented with little development effort.

Programmability is also improved upon with this structure.  With each feature set being implemented as its own process, and a database storing its state in a standardized format, API calls can be created for readily update configurations and report on the status of a process through standards based data exporting functionalities.

CCNP Passed

Standard

I finalized my CCNP studies a few weeks ago by finishing the ROUTE exam. It was a lot of long nights studying in the lab, going through scenarios to get the command structure in my head and observe the behavior of routing protocols, but it was well worth it! I’m currently set to take my ARCH exam for the CCDP at the end of March. This has been a great experience so far learning how networks function and how to build out a resilient, efficient network from the bottom up. If you haven’t started, you should definitely start now!

Cisco Certified Network Professional – CCNP

Standard

For the past year (sadly), I’ve been working on getting my CCNP. I started this road when I arrived at my first networking role. I was a Network Operations Center (NOC) analyst for a US based company at the time. I had no idea what Cisco was or even what subnetting was for, but I did have a desire to learn. I started by going to a Cisco Learning Center at Collin County Community College here in the Dallas-Ft. Worth Metroplex. I learned so much about networking and as I went along, the more I loved IT in general. I finally achieved my CCNA in July of 2007, a year and a half after I started my role, and a full year after I started my CCNA training.

Now I have passed both my SWITCH and TSHOOT exams, with just the ROUTE exam left to go. I’m studying heavily on EIGRP, OSPF, BGP, IPv6, Redistribution and Path Selection in preparation for this exam which I have in December. I kept slacking on my ROUTE exam preparation because I had quite a few things going on in my life ranging from new responsibilities I was having to take on at church to my new role as a network engineer. With my studies I have gained a few insights about why I feel the entire Cisco certification program is such a strong certification to hold for anyone in the IT industry.

Cisco knows networking thoroughly. They don’t just sell a product, they love their product. They love their profession and what it stands for. Tomorrow starts here is not just their company slogan, it is what drives them to innovation. Cisco has provided so much innovation in the field of networking that they have truly revolutionized what networking is from the days of thicknet to today which is the age of wireless and the Internet of Everything.

Since Cisco loves what networking is all about, they throughly understand it. That is great for people like us who are trying to learn networking and expand our horizons. They teach you the principles of networking before they teach you the product and how to configure it. I’ve been through many other certification exams for other products and they entirely focus on their product and nothing more. Ranging from Check Point to Juniper, they don’t truly teach you the principles behind networking or security to help you understand why their product is necessary.

CCNA and CCNP are always in the top IT certifications both from a market need perspective, to a paying perspective. That is yet another reason why you should at least get a CCNA, no matter what you do in IT.

I’ve attached some references for you to look at, which may also lead you to think about what other certifications you might want to get. I know I have my list which I want to get here in the next year.

15 Top-Paying Certification for 2014
What Is the Value of a Cisco Certified Employee