Need for CEF in NetFlow data export


We came across a recent issue where a user setup a router for NetFlow export but was unable to see the OUT traffic for the interfaces in NetFlow Analyzer. Every NetFlow configuration aspect was checked and nothing incorrect was found. That is when we noticed the ‘no ip cef’ command on the router. CEF was enabled at the global level and within seconds, NetFlow Analyzer started showing OUT traffic for the interfaces. This is why this topic is about Cisco Express Forwarding !

What is switching?

A Router must make decisions about where to forward the packets passing through. This decision-making process is called “switching”. Switching is what a router does when it makes the following decisions:

1. Whether to forward or not forward the packets after checking that the destination for the packet is reachable.

2. If the destination is reachable, what is the next hop of the router and which interface will the router use to get to that destination.

What is CEF?

CEF is one of the available switching options for Cisco routers. Based on the routing table, CEF creates it own table, called the Forwarding Information Base (FIB). The FIB is organized differently than the routing table and CEF uses the FIB to decide which interface to send traffic from. CEF offers the following benefits:

1. Better performance than fast-switching (the default) and takes less CPU to perform the same task.

2. When enabled, allows for advanced features like NBAR

3. Overall, CEF can switch traffic faster than route-caching using fast-switching

How to enable CEF?

CEF is disabled by default on all routers except the 7xxx series routers. Enabling and Disabling CEF is easy. To enable CEF, go into global configuration mode and enter the CEF command.

Router# config t

Router(config)# ip cef

Router(config)#

To disable CEF, simply use the ‘no’ form of the command, ie. ‘no ip cef‘.

Why CEF Needed when enabling NetFlow ?

CEF is a pre-requiste to enable NetFlow on the router interfaces. CEF decides through which interface traffic is exiting the router. Any NetFlow analyzer product will calculate the OUT traffic for an interface based on the Destination Interface value present in the NetFlow packets exported from the router. If the CEF is disabled on the router, the NetFlow packets exported from the router will have “Destination interface” as “null” and this leads NetFlow Analyzer to show no OUT traffic for the interfaces. Without enabling the CEF on the router, the NetFlow packets did not mark the destination interfaces and so NetFlow Analyzer was not able to show the OUT traffic for the interfaces.

CEF can also be disabled on the interface level. So, even if CEF is enabled on the global level, OUT traffic for that particular interface will not be shown in the NetFlow Analyzer. In case CEF was disabled at an interface level, then you can re enable it using the command ‘ip cef’ from the interface configuration mode.

Demo | Download 30-day Trial Twitter  | Customers

Regards,
Praveen Kumar

Leave a Reply

Your email address will not be published. Required fields are marked *

*

HTML tags are not allowed.