I hope as a Network Engineer, you must have used Ping functionality (ping <ip address>) in routers to check the connectivity to destinations and you must have been relieved after seeing the 5 ‘!’ signs as an output. 🙂

Apart from this, you might have used Extended ping as well which is like normal ping but with some more options like specifying MTU, Don’t Fragment Bit, ToS etc etc.

Do you think there is any difference how Cisco routers process the Ping and Extended Ping??

*****************

Normal Ping

*****************

#ping 10.213.124.65

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.213.124.65, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

 

*****************

Extended Ping

*****************

#ping

Protocol [ipv4]:

Target IP address: 10.213.124.65 ?

Repeat count [5]: 10

Datagram size [100]:

Timeout in seconds [2]:

Extended commands? [no]: yes

Source address or interface:

Type of service [0]:

Set DF bit in IP header? [no]:

Ping is most used functionality on any system or router and Network Engineer’s most powerful tool to test the connectivity of circuit. Ping uses ICMP (Internet Control Message Protocol) encapsulated in Internet protocol.

You know that whenever a packet comes to router, it checks for the destination IP address in its routing table and sends the packet accordingly to next-hop. However there is more to this internally.

Whenever a packet comes to router, router CPU gets interrupted and it has to allocate certain CPU cycles to process that particular packet. More packets will interrupt more CPU time. Every-time a packet comes, router will check its routing table to find the next-hop and then based on that next-hop, find the MAC address of destination to build the Layer 2 Frame to send the frame onto the Wire. This is very CPU intensive process and this process is called Process Switching on router.

Now, to avoid the above issue, one way is to send fewer packets through the router which I don’t think is sensible solution ;)… The other way is what is called CEF Switching. CEF (Cisco Express Forwarding) is the default mode used these days on high end routers and for other routers, it is highly recommended to enable it if available. CEF switching is based on specific hardware switching on Router’s ASIC (Application-specific integrated circuit). In CEF switching, as soon as routing table is built, Router calculates the next-hop and Mac address of each destination in routing table and add all this info into CEF Table. Now once packet comes, Router has to just consult the CEF Table for all the info it needs to build the Layer 2 frame and switch it. There is no need to interrupt the CPU and CPU power can be used to build the other enhanced features in router.

There is another variant of CEF which is called “Distributed CEF” which is just like CEF only however in this case, whole CEF table is copied to individual Line cards on router and accordingly faster switching is achieved. Incoming packet don’t have to query the main processor or routing table in order to get the next-hop information. Instead, switching will be performed on the line card itself. Distributed CEF is available on platforms like CRS-1, CRS-3, ASR, GSR etc.

Now you must be thinking that I started with Ping and now I am on CEF, what is the relation between both of them. OK I am coming to that point now.

Suppose we have 4 Routers in sequence,

R1 — R2 — R3 — R4

If you do Normal ping from R1 to R4, on R2 it will be CEF switched because it’s a transient traffic for R2 and packet’s ultimate destination is not destined for R2. Same for R3 as well. However on R4 as it is destination for the packet it will be Process switched on it and specifically CPU or Route processor card needs to look into the packet.

For same situation, if you do Extended Ping with any options from R1 to R4, on each hop it will be Process switched and there will be no CEF switching involved in it. This powerful tool in Ping can be used to isolate lots of issues related to internal hardware or CEF related bugs.

The above process is for Cisco routers as CEF is Cisco proprietary. However other Vendors like Juniper also implement this feature using Switching in ASIC (hardware) rather than Software (Process Based).

So that was for Ping and Extended Ping.. I hope you will like this Blog on how Cisco routers process both types of Pings and do let me know if you have any queries related to this.

Regards

Mohit Mittal