The premiere source of truth powering network automation. Open and extensible, trusted by thousands.
NetBox is now available as a managed cloud solution! Stop worrying about your tooling and get back to building networks.
show ip cef
By stretch | Friday, May 27, 2011 at 2:45 p.m. UTC
A recent thread on networking-forum.com pointed out the usefulness of the command show ip cef on IOS. This command functions somewhat like show ip route, but shows information from the forwarding plane itself (the FIB instead of the RIB). As such, its output is rather spartan and to the point.
Here are outputs of the two commands from the same router:
Router# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C 10.0.9.0/30 is directly connected, FastEthernet0/1
C 10.0.9.4/30 is directly connected, FastEthernet1/0
O 10.0.0.2/32 [110/11] via 10.0.9.2, 00:01:30, FastEthernet0/1
O 10.0.0.3/32 [110/2] via 10.0.9.6, 00:01:20, FastEthernet1/0
O 10.0.9.8/30 [110/11] via 10.0.9.2, 00:01:20, FastEthernet0/1
C 10.0.0.1/32 is directly connected, Loopback0
O 10.0.0.4/32 [110/12] via 10.0.9.2, 00:01:20, FastEthernet0/1
C 10.0.9.12/30 is directly connected, FastEthernet0/0
O 10.0.0.5/32 [110/11] via 10.0.9.13, 00:01:20, FastEthernet0/0
O 10.0.9.16/30 [110/20] via 10.0.9.13, 00:01:20, FastEthernet0/0
[110/20] via 10.0.9.2, 00:01:20, FastEthernet0/1
Router# show ip cef
Prefix Next Hop Interface
0.0.0.0/0 drop Null0 (default route handler entry)
0.0.0.0/32 receive
10.0.0.1/32 receive
10.0.0.2/32 10.0.9.2 FastEthernet0/1
10.0.0.3/32 10.0.9.6 FastEthernet1/0
10.0.0.4/32 10.0.9.2 FastEthernet0/1
10.0.0.5/32 10.0.9.13 FastEthernet0/0
10.0.9.0/30 attached FastEthernet0/1
10.0.9.0/32 receive
10.0.9.1/32 receive
10.0.9.2/32 10.0.9.2 FastEthernet0/1
10.0.9.3/32 receive
10.0.9.4/30 attached FastEthernet1/0
10.0.9.4/32 receive
10.0.9.5/32 receive
10.0.9.6/32 10.0.9.6 FastEthernet1/0
10.0.9.7/32 receive
10.0.9.8/30 10.0.9.2 FastEthernet0/1
10.0.9.12/30 attached FastEthernet0/0
10.0.9.12/32 receive
10.0.9.13/32 10.0.9.13 FastEthernet0/0
10.0.9.14/32 receive
10.0.9.15/32 receive
10.0.9.16/30 10.0.9.13 FastEthernet0/0
10.0.9.2 FastEthernet0/1
224.0.0.0/4 drop
224.0.0.0/24 receive
255.255.255.255/32 receive
Notice that the CEF output includes a few entries which don't appear in show ip route, such as the default route to null0. I talked briefly about these in an old post.
The CEF form of the command can be especially convenient within MPLS networks, as it includes label information:
Router# show ip route 10.0.9.8
Routing entry for 10.0.9.8/30
Known via "ospf 1", distance 110, metric 11, type intra area
Last update from 10.0.9.2 on FastEthernet0/1, 00:09:33 ago
Routing Descriptor Blocks:
* 10.0.9.2, from 10.0.0.4, 00:09:33 ago, via FastEthernet0/1
Route metric is 11, traffic share count is 1
Router# show ip cef 10.0.9.8
10.0.9.8/30, version 20, epoch 0, cached adjacency 10.0.9.2
0 packets, 0 bytes
tag information set
local tag: 17
via 10.0.9.2, FastEthernet0/1, 0 dependencies
next hop 10.0.9.2, FastEthernet0/1
valid cached adjacency
tag rewrite with Fa0/1, 10.0.9.2, tags imposed: {}
We can filter the routes we want to see by specifying a network and mask and then appending the longer-prefixes keyword. For example, if we only wanted to see routes within 10.0.0.0/24:
Router# show ip cef 10.0.0.0 255.255.255.0 %Prefix not found Router# show ip cef 10.0.0.0 255.255.255.0 longer-prefixes Prefix Next Hop Interface 10.0.0.1/32 receive 10.0.0.2/32 10.0.9.2 FastEthernet0/1 10.0.0.3/32 10.0.9.6 FastEthernet1/0 10.0.0.4/32 10.0.9.2 FastEthernet0/1 10.0.0.5/32 10.0.9.13 FastEthernet0/0
Suppose you want to see all routes which point out a given interface. Instead of trying to glean this information from show ip route, you can specify an interface with show ip cef:
Router# show ip cef f0/0
Prefix Next Hop Interface
10.0.0.5/32 10.0.9.13 FastEthernet0/0
10.0.9.12/30 attached FastEthernet0/0
10.0.9.13/32 10.0.9.13 FastEthernet0/0
10.0.9.16/30 10.0.9.13 FastEthernet0/0
10.0.9.2 FastEthernet0/1
We can also view routes of a specific CEF adjacency type:
Router# show ip cef adjacency drop Prefix Next Hop Interface 224.0.0.0/4 drop Router# show ip cef adjacency glean Prefix Next Hop Interface 10.0.9.0/30 attached FastEthernet0/1 10.0.9.4/30 attached FastEthernet1/0 10.0.9.12/30 attached FastEthernet0/0
Finally, show ip cef can also be used to predict the route of an explicit source and destination address pair. This can be handy when equal-cost load balancing or source-based policy routing is in place.
Router# show ip cef exact-route 10.0.9.5 192.168.0.1 10.0.9.5 -> 192.168.0.1 : FastEthernet0/1 (next hop 10.0.9.18) Router# show ip cef exact-route 10.0.9.6 192.168.0.1 10.0.9.6 -> 192.168.0.1 : FastEthernet0/0 (next hop 10.0.9.14)
What other cool CEF tricks are there?
Posted in Tips and Tricks
Comments
May 27, 2011 at 2:55 p.m. UTC
These cef commands come in handy. Good article!
May 27, 2011 at 3:49 p.m. UTC
I know this isn't a very valuable or insightful comment, but I just wanted to say... Great post stretch!! I've also recently enjoyed your posts on scapy!
May 27, 2011 at 5:55 p.m. UTC
Thx for very useful post. I have some questions regarding CEF. Is CEF FIB a exact mirror of the Routing Table or the RIB. If so than how come there are entries that are in the CEF Table that are not present in the RIB as mentioned in this post and the related post for CEF Defaults. Also is it possible that some entries might exist in the CEF FIB but may not be in the RIB (Routing table) or that is just not possible. Can the "show ip cef summary" command accurately confirm the number of routes on the device because I see difference between "show ip route summary" and "show ip cef summary". There are a lot more entries sometimes in route summary than in cef summary? Difference is sometimes 30 odd prefixes more in RIB than in CEF. Why is that? Thx for your help.
May 27, 2011 at 7:09 p.m. UTC
sh ip cef <ip> internal, for load balancing details.
May 27, 2011 at 7:41 p.m. UTC
Stretch,
Thanks a lot. Can't get enough.
May 27, 2011 at 8:26 p.m. UTC
Great post. I found show ip cef exact route to be very useful to determine which of two equal-cost WAN links was being used for a particular session.
I think Ivan Pepelnjak described the CEF table best as sort of a (paraphrasing) "fully computed routing and forwarding table." The FIB builds information from the routing table, which only has things like next-hop IP addresses and prefixes - not absolutely everything that is needed to forward a frame. The FIB includes outgoing interface, and true layer 3 next hop. For example you may have recursive routes (routes where a next-hop is not directly connected). The FIB will have the true directly connected next-hop for a destination.
May 30, 2011 at 6:34 a.m. UTC
The "exact-route" is fundamental if you have load balancing and somehow sometimes packets are having strange behavior, you can check the real next hop.
nice post!
June 1, 2011 at 2:20 p.m. UTC
Great post! Cleared up some things for me. Thanks!
June 1, 2011 at 3:07 p.m. UTC
Why is it that the total number of route entries in the "show ip cef summary" and "show ip route summary" not match? Tx
November 14, 2014 at 10:12 p.m. UTC
CEF table includes network address entry as well as broadcast address entry that the RIB does not show. Hence, they are different. Also, CEF has entries that it learned from ARP table. So really, it is a combination of the RIB and ARP tables.