show ip cef

By stretch | Friday, May 27, 2011 at 2:45 p.m. UTC

A recent thread on networking-forum.com pointed out the usefulness of the command show ip cef on IOS. This command functions somewhat like show ip route, but shows information from the forwarding plane itself (the FIB instead of the RIB). As such, its output is rather spartan and to the point.

Here are outputs of the two commands from the same router:

Router# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C       10.0.9.0/30 is directly connected, FastEthernet0/1
C       10.0.9.4/30 is directly connected, FastEthernet1/0
O       10.0.0.2/32 [110/11] via 10.0.9.2, 00:01:30, FastEthernet0/1
O       10.0.0.3/32 [110/2] via 10.0.9.6, 00:01:20, FastEthernet1/0
O       10.0.9.8/30 [110/11] via 10.0.9.2, 00:01:20, FastEthernet0/1
C       10.0.0.1/32 is directly connected, Loopback0
O       10.0.0.4/32 [110/12] via 10.0.9.2, 00:01:20, FastEthernet0/1
C       10.0.9.12/30 is directly connected, FastEthernet0/0
O       10.0.0.5/32 [110/11] via 10.0.9.13, 00:01:20, FastEthernet0/0
O       10.0.9.16/30 [110/20] via 10.0.9.13, 00:01:20, FastEthernet0/0
                     [110/20] via 10.0.9.2, 00:01:20, FastEthernet0/1
Router# show ip cef
Prefix              Next Hop             Interface
0.0.0.0/0           drop                 Null0 (default route handler entry)
0.0.0.0/32          receive
10.0.0.1/32         receive
10.0.0.2/32         10.0.9.2             FastEthernet0/1
10.0.0.3/32         10.0.9.6             FastEthernet1/0
10.0.0.4/32         10.0.9.2             FastEthernet0/1
10.0.0.5/32         10.0.9.13            FastEthernet0/0
10.0.9.0/30         attached             FastEthernet0/1
10.0.9.0/32         receive
10.0.9.1/32         receive
10.0.9.2/32         10.0.9.2             FastEthernet0/1
10.0.9.3/32         receive
10.0.9.4/30         attached             FastEthernet1/0
10.0.9.4/32         receive
10.0.9.5/32         receive
10.0.9.6/32         10.0.9.6             FastEthernet1/0
10.0.9.7/32         receive
10.0.9.8/30         10.0.9.2             FastEthernet0/1
10.0.9.12/30        attached             FastEthernet0/0
10.0.9.12/32        receive
10.0.9.13/32        10.0.9.13            FastEthernet0/0
10.0.9.14/32        receive
10.0.9.15/32        receive
10.0.9.16/30        10.0.9.13            FastEthernet0/0
                    10.0.9.2             FastEthernet0/1
224.0.0.0/4         drop
224.0.0.0/24        receive
255.255.255.255/32  receive

Notice that the CEF output includes a few entries which don't appear in show ip route, such as the default route to null0. I talked briefly about these in an old post.

The CEF form of the command can be especially convenient within MPLS networks, as it includes label information:

Router# show ip route 10.0.9.8
Routing entry for 10.0.9.8/30
  Known via "ospf 1", distance 110, metric 11, type intra area
  Last update from 10.0.9.2 on FastEthernet0/1, 00:09:33 ago
  Routing Descriptor Blocks:
  * 10.0.9.2, from 10.0.0.4, 00:09:33 ago, via FastEthernet0/1
      Route metric is 11, traffic share count is 1

Router# show ip cef 10.0.9.8
10.0.9.8/30, version 20, epoch 0, cached adjacency 10.0.9.2
0 packets, 0 bytes
  tag information set
    local tag: 17
  via 10.0.9.2, FastEthernet0/1, 0 dependencies
    next hop 10.0.9.2, FastEthernet0/1
    valid cached adjacency
    tag rewrite with Fa0/1, 10.0.9.2, tags imposed: {}

We can filter the routes we want to see by specifying a network and mask and then appending the longer-prefixes keyword. For example, if we only wanted to see routes within 10.0.0.0/24:

Router# show ip cef 10.0.0.0 255.255.255.0
%Prefix not found
Router# show ip cef 10.0.0.0 255.255.255.0 longer-prefixes
Prefix              Next Hop             Interface
10.0.0.1/32         receive
10.0.0.2/32         10.0.9.2             FastEthernet0/1
10.0.0.3/32         10.0.9.6             FastEthernet1/0
10.0.0.4/32         10.0.9.2             FastEthernet0/1
10.0.0.5/32         10.0.9.13            FastEthernet0/0

Suppose you want to see all routes which point out a given interface. Instead of trying to glean this information from show ip route, you can specify an interface with show ip cef:

Router# show ip cef f0/0
Prefix              Next Hop             Interface
10.0.0.5/32         10.0.9.13            FastEthernet0/0
10.0.9.12/30        attached             FastEthernet0/0
10.0.9.13/32        10.0.9.13            FastEthernet0/0
10.0.9.16/30        10.0.9.13            FastEthernet0/0
                    10.0.9.2             FastEthernet0/1

We can also view routes of a specific CEF adjacency type:

Router# show ip cef adjacency drop
Prefix              Next Hop             Interface
224.0.0.0/4         drop
Router# show ip cef adjacency glean
Prefix              Next Hop             Interface
10.0.9.0/30         attached             FastEthernet0/1
10.0.9.4/30         attached             FastEthernet1/0
10.0.9.12/30        attached             FastEthernet0/0

Finally, show ip cef can also be used to predict the route of an explicit source and destination address pair. This can be handy when equal-cost load balancing or source-based policy routing is in place.

Router# show ip cef exact-route 10.0.9.5 192.168.0.1
10.0.9.5        -> 192.168.0.1    : FastEthernet0/1 (next hop 10.0.9.18)
Router# show ip cef exact-route 10.0.9.6 192.168.0.1
10.0.9.6        -> 192.168.0.1    : FastEthernet0/0 (next hop 10.0.9.14)

What other cool CEF tricks are there?

About the Author

Jeremy Stretch is a network engineer living in the Raleigh-Durham, North Carolina area. He is known for his blog and cheat sheets here at Packet Life. You can reach him by email or follow him on Twitter.

Posted in Tips and Tricks

Comments


OmiPR
May 27, 2011 at 2:55 p.m. UTC

These cef commands come in handy. Good article!


tonhe
May 27, 2011 at 3:49 p.m. UTC

I know this isn't a very valuable or insightful comment, but I just wanted to say... Great post stretch!! I've also recently enjoyed your posts on scapy!


Ned (guest)
May 27, 2011 at 5:55 p.m. UTC

Thx for very useful post. I have some questions regarding CEF. Is CEF FIB a exact mirror of the Routing Table or the RIB. If so than how come there are entries that are in the CEF Table that are not present in the RIB as mentioned in this post and the related post for CEF Defaults. Also is it possible that some entries might exist in the CEF FIB but may not be in the RIB (Routing table) or that is just not possible. Can the "show ip cef summary" command accurately confirm the number of routes on the device because I see difference between "show ip route summary" and "show ip cef summary". There are a lot more entries sometimes in route summary than in cef summary? Difference is sometimes 30 odd prefixes more in RIB than in CEF. Why is that? Thx for your help.


Nicolas (guest)
May 27, 2011 at 7:09 p.m. UTC

sh ip cef <ip> internal, for load balancing details.


Rob (guest)
May 27, 2011 at 7:41 p.m. UTC

Stretch,

Thanks a lot. Can't get enough.


JFT
May 27, 2011 at 8:26 p.m. UTC

Great post. I found show ip cef exact route to be very useful to determine which of two equal-cost WAN links was being used for a particular session.

I think Ivan Pepelnjak described the CEF table best as sort of a (paraphrasing) "fully computed routing and forwarding table." The FIB builds information from the routing table, which only has things like next-hop IP addresses and prefixes - not absolutely everything that is needed to forward a frame. The FIB includes outgoing interface, and true layer 3 next hop. For example you may have recursive routes (routes where a next-hop is not directly connected). The FIB will have the true directly connected next-hop for a destination.


luismg
May 30, 2011 at 6:34 a.m. UTC

The "exact-route" is fundamental if you have load balancing and somehow sometimes packets are having strange behavior, you can check the real next hop.

nice post!


Levi (guest)
June 1, 2011 at 2:20 p.m. UTC

Great post! Cleared up some things for me. Thanks!


Ned (guest)
June 1, 2011 at 3:07 p.m. UTC

Why is it that the total number of route entries in the "show ip cef summary" and "show ip route summary" not match? Tx


DG (guest)
November 14, 2014 at 10:12 p.m. UTC

CEF table includes network address entry as well as broadcast address entry that the RIB does not show. Hence, they are different. Also, CEF has entries that it learned from ARP table. So really, it is a combination of the RIB and ARP tables.

Comments have closed for this article due to its age.