What is CEF (Cisco Express Forwarding)?


Cisco Express Forwarding (CEF) is a packet-switching technique used within Cisco routers. The main purpose of CEF is to optimize the forwarding of packets and increase the packet switching speed.


Prior to CEF there were 2 methods for packet-switching – Process- Switching and Fast-Switching.


The first method, process-switching is the oldest and slowest. In short the CPU is involved in every forwarding decision.


With fast-switching, the CPU is still used to determine the destination, but only for the initial packet. This information is stored with a fast-switching cache. Subsequent packets are then switched using the cache rather then CPU.
However, the problem with fast-switching is that the cache is built on-demand and the first packet is always process switched. This means, in the event of the router receiving a high volume of traffic to destinations not yet in cache, the CPU will still be consumed and switching performance affected.

To overcome the problems with process-switching and fast-switching CEF was created.


CEF is built around 2 main components – the Forwarding Information Base (FIB) and the Adjacency Table.


The FIB is an optimized version of the routing table (RIB).
The FIB contains destination reachability information as well as next hop information. This information is then used by the router to make forwarding decisions. The FIB is organized as a multiway trie (Figure1) which allows for very efficient and easy lookups[1].

FIB Tree

Figure1 – source http://www.ciscopress.com/articles/article.asp?p=2244117&seqNum=2

Adjacency Table

The adjacency table maintains layer 2 or switching information linked to a particular FIB entry, avoiding the need for an ARP request for each table lookup[2].


CEF provides 2 methods for loadbalancing traffic over multiple links. They are,

  • Per packet – As the name suggests, additionally weights can also be assigned to an interfaces. This allows you to send more packets over one link then another. Useful for unequal links.
  • Per destination – Also known as per session. Packets are loadbalanced based on the source and destination addresses.


Polarization is a term given when traffic is sent over a single link, even though multiple links are available. An example would be traffic from multiple sources being proxied and using per destination loadbalancing.

To avoid this you can include additional attributes to your CEF hashing options. Here are the command options,

mls ip cef load-sharing full Layer 4 only (src/dest ports)
mls ip cef load-sharing simple Layer 3 only (src/dst ip)
mls ip cef load-sharing full simple Layer 3 and 4


Here are some useful commands for verifying CEF,

show ip cefShow CEF table
show ip cef [address] [detail]Show CEF entry within table for a given address
show ip cef exact-route [source] [destination]Show CEF entry within table for source and destination address
show cef interfaceShow CEF options enabled on each interface

Additional Links



[1] https://www.petri.com/cisco-express-forwarding-cef-overview
[2] https://en.wikipedia.org/wiki/Cisco_Express_Forwarding

Rick Donato

Want to become a networking expert?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial