CEF accounting

The "How could we figure out if any traffic uses the default route" challenge was obviously too easy; a number of readers quickly realized that the CEF accounting can do what we need (and I have to admit I've completely missed it).

However, when I started to explore the various CEF accounting features, it turned out the whole thing is not as simple as it looks. To start with, the ip cef accounting global configuration command configures three completely unrelated accounting features: per-prefix accounting (that we need), traffic matrix accounting (configured with the non-recursive keyword) and prefix-length accounting.

The per-prefix accounting is the easiest one to understand: every time a packet is forwarded through a CEF lookup, the counters attached to the CEF prefix entry are increased. To clear the CEF counters, you can use the clear ip cef address prefix-statistics command. The per-prefix counters are also lost when the IP prefix is removed from the CEF table (for example, because it temporarily disappears from the IP routing table during network convergence process). The CEF per-prefix accounting is thus less reliable than other accounting mechanisms (for example, IP accounting).

Note: The CEF per-prefix counters are always present; if the CEF per-prefix accounting is not configured, they simply remain zero.

Last but not least, you don't need the detail keyword if you want to display the CEF accounting data for a particular prefix. The show ip cef address mask command is enough. And, finally, if you're running IOS release 12.2SB or 12.2XN, you can inspect the CEF counters with SNMP.

2 comments:

  1. I tried to turn on the IP CEF Accounting on Cisco 3550 which is used as a router for a network with about 50 computers. Unfortunately enabling the cef accounting led to high utilization of 3550, the IP Input process usually used about 33% of CPU and what was even worst, was that some packets were duplicated on the 3550 while forwarded :-/
    At the end, I just turned it off.
    The CEF Accounting can be very useful in some situations, but I definitely not recommend to enable it by default - at least if you really not going to use that statistics at all.

    swr#sh ver | i Version
    Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version 12.2(35)SE, RELEASE SOFTWARE (fc2)
  2. Based on the symptoms you're describing, the moment you enable CEF accounting on a Cat3550, it stops ASIC-based L3 forwarding and falls back to process switching (high CPU load in IP input process).
Add comment
Sidebar