iTranslated by AI
CCNP ENCOR Exam Prep Part 3: Understanding Packet Forwarding with CEF, FIB, and Adjacency Table
Checking CEF in EVE-NG: Relationship between RIB, FIB, and Adjacency Table
Introduction
In this session, I verified CEF using EVE-NG as the second part of Packet Forwarding for CCNP ENCOR.
While L2 and L3 forwarding are easy to visualize as communication between terminals, CEF can feel a bit abstract.
However, by breaking down the roles of the RIB, FIB, and Adjacency Table, it becomes easier to organize how routers achieve high-speed forwarding.
In this article, focusing on show commands, I checked the relationship between the RIB and FIB, the L2 information held by the Adjacency Table, and what changes before and after ARP resolution.
Objectives of this Verification
- Confirm that the FIB is built based on RIB routing information.
- Confirm that the Adjacency Table holds the L2 information of the next-hop.
- Confirm that the state of the Adjacency Table changes before and after ARP resolution.
Verification Environment
- EVE-NG
- IOSv
- VPCS
Verification Topology
IP Address Design
| Node | Interface | IP Address | Note |
|---|---|---|---|
| PC1 | e0 | 192.168.10.10/24 | GW 192.168.10.1 |
| R1 | Gi0/0 | 192.168.10.1/24 | PC1 side |
| R1 | Gi0/1 | 10.12.12.1/30 | R2 side |
| R2 | Gi0/0 | 10.12.12.2/30 | R1 side |
| R2 | Lo0 | 2.2.2.2/32 | Destination for reachability check |
Configuration
In this setup, I configured a static route from R1 to R2's loopback, and a return route from R2 to the PC1 network to verify connectivity.
Input on R1:
enable
configure terminal
hostname R1
interface gi0/0
ip address 192.168.10.1 255.255.255.0
no shutdown
interface gi0/1
ip address 10.12.12.1 255.255.255.252
no shutdown
ip route 2.2.2.2 255.255.255.255 10.12.12.2
end
write memory
Input on R2:
enable
configure terminal
hostname R2
interface gi0/0
ip address 10.12.12.2 255.255.255.252
no shutdown
interface loopback0
ip address 2.2.2.2 255.255.255.255
ip route 192.168.10.0 255.255.255.0 10.12.12.1
end
write memory
In this lab, I prioritized tracing the differences seen in show commands over a complex topology.
The mapping of tables and commands I am looking at can be organized as follows:
- What you see with
show ip routeis the RIB. - What you see with
show ip cefandshow ip cef 2.2.2.2 detailis the FIB. - What you see with
show adjacencyandshow adjacency detailis the Adjacency Table. -
show arpis the table used to check the L2 resolution information used by the Adjacency Table.
Verification 1: Checking RIB and FIB
First, I will check the standard routing table and the CEF table.
Input on R1:
show ip route
show ip cef
show ip cef 2.2.2.2 detail
Execution results on R1:
R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
S 2.2.2.2 [1/0] via 10.12.12.2
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.12.12.0/30 is directly connected, GigabitEthernet0/1
L 10.12.12.1/32 is directly connected, GigabitEthernet0/1
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, GigabitEthernet0/0
L 192.168.10.1/32 is directly connected, GigabitEthernet0/0
R1#show ip cef
Prefix Next Hop Interface
0.0.0.0/0 no route
0.0.0.0/8 drop
0.0.0.0/32 receive
2.2.2.2/32 10.12.12.2 GigabitEthernet0/1
10.12.12.0/30 attached GigabitEthernet0/1
10.12.12.0/32 receive GigabitEthernet0/1
10.12.12.1/32 receive GigabitEthernet0/1
10.12.12.2/32 attached GigabitEthernet0/1
10.12.12.3/32 receive GigabitEthernet0/1
127.0.0.0/8 drop
192.168.10.0/24 attached GigabitEthernet0/0
192.168.10.0/32 receive GigabitEthernet0/0
192.168.10.1/32 receive GigabitEthernet0/0
192.168.10.10/32 attached GigabitEthernet0/0
192.168.10.255/32 receive GigabitEthernet0/0
224.0.0.0/4 drop
224.0.0.0/24 receive
240.0.0.0/4 drop
255.255.255.255/32 receive
R1#show ip cef 2.2.2.2 detail
2.2.2.2/32, epoch 0
recursive via 10.12.12.2
attached to GigabitEthernet0/1
Here, I am comparing the RIB seen in show ip route with the FIB seen in show ip cef.
The goal is to see that the route to 2.2.2.2/32 in the RIB is referenced as forwarding information in the FIB as well.
By checking show ip cef 2.2.2.2 detail, we can see not only that the route exists, but also to which next-hop and output interface the traffic to 2.2.2.2 is resolved, making the difference between RIB and FIB clearer.
Verification 2: Checking the Adjacency Table
Next, I will check the Adjacency Table seen via show adjacency.
Input on R1:
show adjacency
show adjacency detail
Execution results on R1:
R1#show adjacency
Protocol Interface Address
IP GigabitEthernet0/0 192.168.10.10(7)
IP GigabitEthernet0/1 10.12.12.2(10)
R1#
R1#show adjacency detail
Protocol Interface Address
IP GigabitEthernet0/0 192.168.10.10(7)
9 packets, 882 bytes
epoch 0
sourced in sev-epoch 1
Encap length 14
0050796668015000000200000800
ARP
IP GigabitEthernet0/1 10.12.12.2(10)
0 packets, 0 bytes
epoch 0
sourced in sev-epoch 2
Encap length 14
5000000300005000000200010800
ARP
Here, I confirm that the L2 information required to send frames to the next-hop resides in the Adjacency Table.
In other words, the FIB holds information on where to send the traffic, while the Adjacency Table supplements this with information on how to send it.
Verification 3: Changes after Traffic Flow
I will ping from PC1 to R2's loopback, then re-check CEF and ARP.
I will proceed assuming connectivity is successful, with the return route to 192.168.10.0/24 configured on R2.
Execution on PC1:
PC1> ping 2.2.2.2
Input on R1:
show arp
show ip cef 2.2.2.2 detail
show adjacency detail
Execution results for PC1 and R1:
VPCS> ping 2.2.2.2
84 bytes from 2.2.2.2 icmp_seq=1 ttl=254 time=3.671 ms
84 bytes from 2.2.2.2 icmp_seq=2 ttl=254 time=3.329 ms
84 bytes from 2.2.2.2 icmp_seq=3 ttl=254 time=3.352 ms
84 bytes from 2.2.2.2 icmp_seq=4 ttl=254 time=3.392 ms
84 bytes from 2.2.2.2 icmp_seq=5 ttl=254 time=3.267 ms
R1#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.12.12.1 - 5000.0002.0001 ARPA GigabitEthernet0/1
Internet 10.12.12.2 2 5000.0003.0000 ARPA GigabitEthernet0/1
Internet 192.168.10.1 - 5000.0002.0000 ARPA GigabitEthernet0/0
Internet 192.168.10.10 1 0050.7966.6801 ARPA GigabitEthernet0/0
R1#show ip cef 2.2.2.2 detail
2.2.2.2/32, epoch 0
recursive via 10.12.12.2
attached to GigabitEthernet0/1
R1#show adjacency detail
Protocol Interface Address
IP GigabitEthernet0/0 192.168.10.10(7)
24 packets, 2352 bytes
epoch 0
sourced in sev-epoch 1
Encap length 14
0050796668015000000200000800
ARP
IP GigabitEthernet0/1 10.12.12.2(10)
15 packets, 1470 bytes
epoch 0
sourced in sev-epoch 2
Encap length 14
5000000300005000000200010800
ARP
Here, after actually passing traffic, I look at how the IP-MAC correspondence table seen in show arp and the L2 rewrite information seen in show adjacency detail are linked.
If the next-hop 10.12.12.2 appears in show arp and Encap information appears in show adjacency detail, I can explain that the L2 information obtained via ARP has been imported into the adjacency.
'Encap' refers to encapsulation, pointing to the L2 header information used when actually sending a frame. In other words, you can consider that the information on 'how to wrap and send'—including destination and source MAC addresses—is held within the adjacency.
Verification 4: Changes when an Interface is Shut Down
In this step, I will temporarily shut down the interface on the R2 side to see how the display changes when L2 information for the next-hop becomes unavailable.
In normal operation, R1 might re-learn the next-hop immediately even after clear arp-cache, so this method makes it easier to observe the delta.
First, shut down the interface on the R2 side.
Input on R2:
interface gi0/0
shutdown
Then, check on R1.
Input on R1:
clear arp-cache
show arp
show adjacency detail
Next, restore the R2 side interface and pass traffic again.
Input on R2:
interface gi0/0
no shutdown
Execution on PC1:
PC1> ping 2.2.2.2
Execution results on R1 and PC1:
R1#clear arp-cache
R1#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.12.12.1 - 5000.0002.0001 ARPA GigabitEthernet0/1
Internet 192.168.10.1 - 5000.0002.0000 ARPA GigabitEthernet0/0
Internet 192.168.10.10 0 0050.7966.6801 ARPA GigabitEthernet0/0
R1#
R1#show adjacency detail
Protocol Interface Address
IP GigabitEthernet0/0 192.168.10.10(7)
24 packets, 2352 bytes
epoch 0
sourced in sev-epoch 1
Encap length 14
0050796668015000000200000800
ARP
IP GigabitEthernet0/1 10.12.12.2(7) (incomplete)
15 packets, 1470 bytes
epoch 0
sourced in sev-epoch 2
punt (rate-limited) packets
no src set
PC1> ping 2.2.2.2
84 bytes from 2.2.2.2 icmp_seq=1 ttl=254 time=3.104 ms
84 bytes from 2.2.2.2 icmp_seq=2 ttl=254 time=3.210 ms
84 bytes from 2.2.2.2 icmp_seq=3 ttl=254 time=3.163 ms
84 bytes from 2.2.2.2 icmp_seq=4 ttl=254 time=3.247 ms
84 bytes from 2.2.2.2 icmp_seq=5 ttl=254 time=3.087 ms
R1#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.12.12.1 - 5000.0002.0001 ARPA GigabitEthernet0/1
Internet 10.12.12.2 0 5000.0003.0000 ARPA GigabitEthernet0/1
Internet 192.168.10.1 - 5000.0002.0000 ARPA GigabitEthernet0/0
Internet 192.168.10.10 0 0050.7966.6801 ARPA GigabitEthernet0/0
R1#
R1#show adjacency detail
Protocol Interface Address
IP GigabitEthernet0/0 192.168.10.10(7)
29 packets, 2842 bytes
epoch 0
sourced in sev-epoch 1
Encap length 14
0050796668015000000200000800
ARP
IP GigabitEthernet0/1 10.12.12.2(10)
20 packets, 1960 bytes
epoch 0
sourced in sev-epoch 2
Encap length 14
5000000300005000000200010800
ARP
Through this check, it becomes clear that CEF is not complete with the RIB alone, and that Adjacency Table information is necessary to actually construct frames.
Also, by comparing the state where the next-hop is unreachable with the restored state, it becomes easier to track the relationship between ARP and the Adjacency Table.
What I Learned
- The RIB is the source of routing information and serves as the basis for determining where to send traffic.
- The FIB is a high-speed forwarding table created based on the RIB, allowing instant lookups of where to send traffic.
- The Adjacency Table holds the L2 rewrite information required to actually send frames to the next-hop, supplementing the how to send part.
- Once ARP resolution is complete, specific L2 rewrite information is entered into the adjacency, making it ready for actual forwarding.
- When the next-hop becomes unreachable, the appearance of the Adjacency Table changes, showing that CEF forwarding depends on both reachability and L2 resolution.
- CEF achieves high-speed forwarding by separating roles into
RIB -> FIB -> Adjacency, eliminating the need for granular CPU decisions for every packet.
Summary
In this verification, I confirmed the following:
- The RIB is the table that serves as the source of routing information.
- The FIB is the high-speed table used for forwarding decisions.
- The Adjacency Table holds L2 information for sending to the next-hop.
- CEF achieves high-speed forwarding through the collaboration of
RIB -> FIB -> Adjacency. - ARP and the Adjacency Table are linked, and actual forwarding is only established once L2 information is complete.
- If a state is created where the next-hop is unreachable, the view of the Adjacency Table also changes.
I came to understand that CEF is a mechanism that organizes the information required for forwarding in advance and uses it at high speed, rather than having the CPU check the routing table and ARP table every time.
In particular, by examining the RIB -> FIB -> Adjacency relationship separately, I clearly understood that routers manage where to send and how to send independently.
I feel this was a very important lab to conclude the Packet Forwarding chapter.
Related Files
The configuration files for this lab are available on GitHub.
Discussion