CEF punted packets
The packets that cannot be CEF-switched in a box with CEF switching enabled are punted to the next switching level (fast switching or process switching). The incoming packets can be punted for a number of reasons, for example:
- If the destination is reachable over an interface that cannot use CEF-switching due to a feature not supported by CEF (for example, X.25 link), the packet has to be fast- or process-switched.
These destinations are easily discovered by inspecting the punt adjacencies).
- All packets destined for the router itself are process switched (thus punted).
- If the router needs to reply back to the source with an ICMP packet (redirect, unreachable ...), the reply can be generated only in the process-switching path.
- All packets with the IP options are punted to process switching.
- Fragments that have to be processed by the router are also process-switched.
This article is part of You've asked for it series.
I have topology:
On Sw i have user's vlans with dhcp pools. Users using pptp to go in internet.
And i have many-many punted packets (about 1-10 kpps in fast-switched cpu-queue), that destinated to some users.
I make SPAN-session, and don't see any reason for "punting" them - it is regular torrent traffic (lot of udp packets and tcp-sessions).
And here is something strange - count of sw-forwarded packets is not equal with table "show cef not-cef-switched".
Can you help me understand the reason of that situation.
And there is too small % of fragments.