Process Switching vs. Fast/CEF Switching?

I'm looking at this pdf

formatting link
I'm looking to buy a couple of used routers on eBay but I don't want to buy more than I need, or mislead myself into thinking one will be "faster" than another for my specific needs.

I will be using a router to NAT outbound LAN web traffic using ext access lists. This router will also destination NAT inbound traffic to various web services based on ext access lists. If a packet doesn't get NATed by the router, it won't have anywhere to arrive on my network.

Is what I am describing "Process Switching", or "Fast/CEF Switching"? If it is Process Switching, the pdf would indicate it doesn't really matter whether I get a 1720 or a 2621XM (other than that I have to deal with counterfeit WIC-1ENET modules on eBay to give the 1700 two NAT sides).

This is all for a 3.0/512 ADSL internet connection, so the upstream is trivial but the downstream can get up to around 2.8mbps in the real world.

Reply to
asdf
Loading thread data ...

On Sun, 27 May 2007 19:53:10 GMT, asdf wrote for the entire planet to see:

NAT is handled by CEF on those models. Access lists too. These is some process overhead to set up NAT and a flow, but only on the initial packets.

Reply to
Eric

I could be wrong but I don't believe that NAT is done in hardware on the

2600 or 1700 platform. What documentation did you find that said that?

If I had a choice between a 2621XM and a 1720, I would pick the 2621XM. More slots and built in Ethernet ports. The WIC-1ENET can't even come close to doing 10 Mbit even at half duplex. I haven't seen any numbers but I would suspect that the throughput is only around 1 or 2MB/s. The 2621XM has two built-in 10/100 Ethernet ports.

Reply to
Thrill5

"Thrill5" ha scritto nel messaggio news:fqydnQ-PpZvJA8bbnZ2dnUVZ snipped-for-privacy@comcast.com...

Hi,

I don't think too that either 1700 and 2600[XM] series have an ASIC for hardware assisted NAT.

cisco 1720 has a declared pps rate of 8500 while a 2621XM is at 30000

With a pretty simplistic approach, not counting overhead from router processes ( NAT, firewall, auditing, etc. ) and encapsulation; using 1500 as a typical packet length on a a 1720 you could have about 6Mbps (Full Duplex) while on a 2621XM 22Mbps (Full Duplex)

For an ADSL both are enough. ( if your typical packet size if very different, also the estimate is very different (e.g. @576 you have a 2,4Mbps for 1720 and 8,6Mbps for 2621XM )

Regards, Gabriele

Reply to
Gabriele Beltrame

On Mon, 28 May 2007 23:30:27 -0400, "Thrill5" wrote for the entire planet to see:

It's not an "asic" as referred to in the other thread, but there are separate cpus for the I/O interfaces vs the "control plane", or main processor. The quoted PPS rates for both units are based on the packets being switched at the forwarding level using the dedicated I/O processors. If there is a need to bump all the packets up to the control plane for processing, the effective PPS is reduced by a factor of 10 or so.

What I was saying is that the forwarding engines (CEF) are NAT-aware and do apply the actual NAT translations without resorting to the main processor. Except for the first packets of a flow which are established at the control plane level.

You can see the effect of this with a SH INT STAT and get something like what is shown below. This interface is a NAT-enable external interface on a 3640. You can see that there are many, many more packets processed at the "route cache" level (CEF) vs the "processor", even though virtually all of the traffic through that interface is NATed.

FastEthernet1/0 Switching path Pkts In Chars In Pkts Out Chars Out Processor 2364063 2242319325 1223883 77738393 Route cache 19579136 546755255 13700636 1885228605 Total 21943199 2789074580 14924519 1962966998

Compared to a 1720 which in this configuration has only one interface active, and nearly all the traffic is directed to a loopback, which must be handled by the main processor:

FastEthernet0 Switching path Pkts In Chars In Pkts Out Chars Out Processor 170903742 2582129150 83484624 3366610322 Route cache 61567 5099859 0 0 Total 170965309 2587229009 83484624 3366610322

Reply to
Eric

the

No, the 2600 and 1700 platforms are based on a MPC860 processor, which is a single PowerPC core with some embedded controllers (which are not CPUs).

Reply to
Christophe Fillot

On Tue, 29 May 2007 16:46:04 +0200, Christophe Fillot wrote for the entire planet to see:

for the

Controller, CPU, the point is that on an 2600 (and I think a 1700) there exists a path such that packets can flow in one interface (or sub-interface) and out another without interrupting the main processor. And still get NAT and access-list processing accomplished. Even if the forwarding was implemented on the same set of hardware, the path length is much shorter and maintains the max PPS rate even with NAT enabled, which was the original question I was trying to answer. NAT on

2600 and 1700s does not require the "processor" path on a per-packet basis. The 2621XM will be much faster than a 1720; you won't lose the PPS rating just because you enabled NAT.

Here is a 2620 with VLANs on FA0/0:

2620>sh int stat FastEthernet0/0 Switching path Pkts In Chars In Pkts Out Chars Out Processor 286247923 3043810484 9691225 894928878 Route cache 4890497 3019991515 5188979 3081869475 Total 291138420 6063801999 14880204 3976798353 2620>sh ip cef summ IP CEF with switching (Table Version 525), flags=0x0 72 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 2 10 instant recursive resolutions, 0 used background process 72 leaves, 42 nodes, 55576 bytes, 512 inserts, 440 invalidations 17 load sharing elements, 6392 bytes, 17 references universal per-destination load sharing algorithm, id 495B891C 3(0) CEF resets, 31 revisions of existing leaves Resolution Timer: Exponential (currently 1s, peak 1s) 23 in-place/0 aborted modifications refcounts: 11252 leaf, 11008 node

Table epoch: 0 (72 entries at this epoch)

Adjacency Table has 6 adjacencies

- Eric

Reply to
Eric

Clearly, no. This is a pure software platform. The MPC860 has no advanced hardware feature like that.

You make a confusion between process switching vs Fast/CEF switching vs hardware forwarding.

In process switching, the packets are received and then queued to a process called "IP Input" to be forwarded later. In Fast/CEF switching on a software platform, the packets are switched during a network interrupt but the work is still done by the main CPU.

Reply to
Christophe Fillot

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.