CEF punted packets

The packets that cannot be CEF-switched in a box with CEF switching enabled are punted to the next switching level (fast switching or process switching). The incoming packets can be punted for a number of reasons, for example:
  • If the destination is reachable over an interface that cannot use CEF-switching due to a feature not supported by CEF (for example, X.25 link), the packet has to be fast- or process-switched.

These destinations are easily discovered by inspecting the punt adjacencies).

  • All packets destined for the router itself are process switched (thus punted).
  • If the router needs to reply back to the source with an ICMP packet (redirect, unreachable ...), the reply can be generated only in the process-switching path.
  • All packets with the IP options are punted to process switching.
  • Fragments that have to be processed by the router are also process-switched.
You can inspect the amount of punted packets with the show cef not-cef-switched command.

This article is part of You've asked for it series.

Recent posts in the same categories

3 comments:

  1. Ellion Ellion 13 November 2010 12:22
    Hi there.
    I have topology:
    R-Sw-SwUser
    R-7609
    Sw-3560
    SwUser-D-Link DES3526
    On Sw i have user's vlans with dhcp pools. Users using pptp to go in internet.
    And i have many-many punted packets (about 1-10 kpps in fast-switched cpu-queue), that destinated to some users.
    I make SPAN-session, and don't see any reason for "punting" them - it is regular torrent traffic (lot of udp packets and tcp-sessions).
    And here is something strange - count of sw-forwarded packets is not equal with table "show cef not-cef-switched".
    Can you help me understand the reason of that situation.
  2. Ivan Pepelnjak 13 November 2010 12:51
    No idea, I'm not a 7600 guru. Defragmentation?
  3. Ellion Ellion 13 November 2010 13:33
    No, hi cpu load is on 3560, not on 7600.
    And there is too small % of fragments.
Add comment
Home
Sidebar