show ip cef
By stretch | Friday, May 27, 2011 at 2:45 p.m. UTC
A recent thread on networking-forum.com pointed out the usefulness of the command show ip cef
on IOS. This command functions somewhat like show ip route
, but shows information from the forwarding plane itself (the FIB instead of the RIB). As such, its output is rather spartan and to the point.
Here are outputs of the two commands from the same router:
Router# show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks C 10.0.9.0/30 is directly connected, FastEthernet0/1 C 10.0.9.4/30 is directly connected, FastEthernet1/0 O 10.0.0.2/32 [110/11] via 10.0.9.2, 00:01:30, FastEthernet0/1 O 10.0.0.3/32 [110/2] via 10.0.9.6, 00:01:20, FastEthernet1/0 O 10.0.9.8/30 [110/11] via 10.0.9.2, 00:01:20, FastEthernet0/1 C 10.0.0.1/32 is directly connected, Loopback0 O 10.0.0.4/32 [110/12] via 10.0.9.2, 00:01:20, FastEthernet0/1 C 10.0.9.12/30 is directly connected, FastEthernet0/0 O 10.0.0.5/32 [110/11] via 10.0.9.13, 00:01:20, FastEthernet0/0 O 10.0.9.16/30 [110/20] via 10.0.9.13, 00:01:20, FastEthernet0/0 [110/20] via 10.0.9.2, 00:01:20, FastEthernet0/1 Router# show ip cef Prefix Next Hop Interface 0.0.0.0/0 drop Null0 (default route handler entry) 0.0.0.0/32 receive 10.0.0.1/32 receive 10.0.0.2/32 10.0.9.2 FastEthernet0/1 10.0.0.3/32 10.0.9.6 FastEthernet1/0 10.0.0.4/32 10.0.9.2 FastEthernet0/1 10.0.0.5/32 10.0.9.13 FastEthernet0/0 10.0.9.0/30 attached FastEthernet0/1 10.0.9.0/32 receive 10.0.9.1/32 receive 10.0.9.2/32 10.0.9.2 FastEthernet0/1 10.0.9.3/32 receive 10.0.9.4/30 attached FastEthernet1/0 10.0.9.4/32 receive 10.0.9.5/32 receive 10.0.9.6/32 10.0.9.6 FastEthernet1/0 10.0.9.7/32 receive 10.0.9.8/30 10.0.9.2 FastEthernet0/1 10.0.9.12/30 attached FastEthernet0/0 10.0.9.12/32 receive 10.0.9.13/32 10.0.9.13 FastEthernet0/0 10.0.9.14/32 receive 10.0.9.15/32 receive 10.0.9.16/30 10.0.9.13 FastEthernet0/0 10.0.9.2 FastEthernet0/1 224.0.0.0/4 drop 224.0.0.0/24 receive 255.255.255.255/32 receive
Notice that the CEF output includes a few entries which don't appear in show ip route
, such as the default route to null0. I talked briefly about these in an old post.
The CEF form of the command can be especially convenient within MPLS networks, as it includes label information:
Router# show ip route 10.0.9.8 Routing entry for 10.0.9.8/30 Known via "ospf 1", distance 110, metric 11, type intra area Last update from 10.0.9.2 on FastEthernet0/1, 00:09:33 ago Routing Descriptor Blocks: * 10.0.9.2, from 10.0.0.4, 00:09:33 ago, via FastEthernet0/1 Route metric is 11, traffic share count is 1 Router# show ip cef 10.0.9.8 10.0.9.8/30, version 20, epoch 0, cached adjacency 10.0.9.2 0 packets, 0 bytes tag information set local tag: 17 via 10.0.9.2, FastEthernet0/1, 0 dependencies next hop 10.0.9.2, FastEthernet0/1 valid cached adjacency tag rewrite with Fa0/1, 10.0.9.2, tags imposed: {}
We can filter the routes we want to see by specifying a network and mask and then appending the longer-prefixes
keyword. For example, if we only wanted to see routes within 10.0.0.0/24:
Router# show ip cef 10.0.0.0 255.255.255.0 %Prefix not found Router# show ip cef 10.0.0.0 255.255.255.0 longer-prefixes Prefix Next Hop Interface 10.0.0.1/32 receive 10.0.0.2/32 10.0.9.2 FastEthernet0/1 10.0.0.3/32 10.0.9.6 FastEthernet1/0 10.0.0.4/32 10.0.9.2 FastEthernet0/1 10.0.0.5/32 10.0.9.13 FastEthernet0/0
Suppose you want to see all routes which point out a given interface. Instead of trying to glean this information from show ip route
, you can specify an interface with show ip cef
:
Router# show ip cef f0/0 Prefix Next Hop Interface 10.0.0.5/32 10.0.9.13 FastEthernet0/0 10.0.9.12/30 attached FastEthernet0/0 10.0.9.13/32 10.0.9.13 FastEthernet0/0 10.0.9.16/30 10.0.9.13 FastEthernet0/0 10.0.9.2 FastEthernet0/1
We can also view routes of a specific CEF adjacency type:
Router# show ip cef adjacency drop Prefix Next Hop Interface 224.0.0.0/4 drop Router# show ip cef adjacency glean Prefix Next Hop Interface 10.0.9.0/30 attached FastEthernet0/1 10.0.9.4/30 attached FastEthernet1/0 10.0.9.12/30 attached FastEthernet0/0
Finally, show ip cef
can also be used to predict the route of an explicit source and destination address pair. This can be handy when equal-cost load balancing or source-based policy routing is in place.
Router# show ip cef exact-route 10.0.9.5 192.168.0.1 10.0.9.5 -> 192.168.0.1 : FastEthernet0/1 (next hop 10.0.9.18) Router# show ip cef exact-route 10.0.9.6 192.168.0.1 10.0.9.6 -> 192.168.0.1 : FastEthernet0/0 (next hop 10.0.9.14)
What other cool CEF tricks are there?
Posted in Tips and Tricks
Comments
May 27, 2011 at 2:55 p.m. UTC
These cef commands come in handy. Good article!
May 27, 2011 at 3:49 p.m. UTC
I know this isn't a very valuable or insightful comment, but I just wanted to say... Great post stretch!! I've also recently enjoyed your posts on scapy!
May 27, 2011 at 5:55 p.m. UTC
Thx for very useful post. I have some questions regarding CEF. Is CEF FIB a exact mirror of the Routing Table or the RIB. If so than how come there are entries that are in the CEF Table that are not present in the RIB as mentioned in this post and the related post for CEF Defaults. Also is it possible that some entries might exist in the CEF FIB but may not be in the RIB (Routing table) or that is just not possible. Can the "show ip cef summary" command accurately confirm the number of routes on the device because I see difference between "show ip route summary" and "show ip cef summary". There are a lot more entries sometimes in route summary than in cef summary? Difference is sometimes 30 odd prefixes more in RIB than in CEF. Why is that? Thx for your help.
May 27, 2011 at 7:09 p.m. UTC
sh ip cef <ip> internal, for load balancing details.
May 27, 2011 at 7:41 p.m. UTC
Stretch,
Thanks a lot. Can't get enough.
May 27, 2011 at 8:26 p.m. UTC
Great post. I found show ip cef exact route to be very useful to determine which of two equal-cost WAN links was being used for a particular session.
I think Ivan Pepelnjak described the CEF table best as sort of a (paraphrasing) "fully computed routing and forwarding table." The FIB builds information from the routing table, which only has things like next-hop IP addresses and prefixes - not absolutely everything that is needed to forward a frame. The FIB includes outgoing interface, and true layer 3 next hop. For example you may have recursive routes (routes where a next-hop is not directly connected). The FIB will have the true directly connected next-hop for a destination.
May 30, 2011 at 6:34 a.m. UTC
The "exact-route" is fundamental if you have load balancing and somehow sometimes packets are having strange behavior, you can check the real next hop.
nice post!
June 1, 2011 at 2:20 p.m. UTC
Great post! Cleared up some things for me. Thanks!
June 1, 2011 at 3:07 p.m. UTC
Why is it that the total number of route entries in the "show ip cef summary" and "show ip route summary" not match? Tx
November 14, 2014 at 10:12 p.m. UTC
CEF table includes network address entry as well as broadcast address entry that the RIB does not show. Hence, they are different. Also, CEF has entries that it learned from ARP table. So really, it is a combination of the RIB and ARP tables.