Hi,

I noticed an 3945-SEC having quite high CPU load without doing much, because there are more packets Process-Switched than CEF switched.

To investigate, I issued the following command:

Router#sh ip cef switching statistics feature

IPv4 CEF input features:

       Feature                Drop    Consume       Punt  Punt2Host Gave route

       Access List        24911921          0          0   14678240          0

       Policy Routing            0          0          0          0   20433673

Total                     24911921          0          0   14678240   20433673

IPv4 CEF output features:

       Feature                Drop    Consume       Punt  Punt2Host    New i/f

       CCE Output Class          0          0  715266717          0          0

Total                            0          0  715266717          0          0

IPv4 CEF post-encap features:

       Feature                Drop    Consume       Punt  Punt2Host    New i/f

       IPSEC Post-encap          1  655816389          0          0          0

Total                            1  655816389          0          0          0

IPv4 CEF for us features:

       Feature                Drop    Consume       Punt  Punt2Host    New i/f

Total                            0          0          0          0          0

IPv4 CEF punt features:

       Feature                Drop    Consume       Punt  Punt2Host    New i/f

Total                            0          0          0          0          0

IPv4 CEF local features:

       Feature                Drop    Consume       Punt  Punt2Host Gave route

Total                            0          0          0          0          0

The punted (= non cef-switched, "punted" to another switching mechanism) packets for the feature "CCE Output Class" are increasing by ~1000 per second.

This made me wonder, what exactly the feature "CCE Output Class" is. As I see in the following output, this feature actually is enabled on my Tunnel Interface:

Router#sh ip int tu0

Tunnel0 is up, line protocol is up

  Internet address is x.x.x.x/xx

  Broadcast address is x.x.x.x

  Address determined by non-volatile memory

  MTU is 1400 bytes

  Helper address is not set

  Directed broadcast forwarding is disabled

  Multicast reserved groups joined: 224.0.0.10

  Outgoing access list is not set

  Inbound  access list is not set

  Proxy ARP is disabled

  Local Proxy ARP is disabled

  Security level is default

  Split horizon is enabled

  ICMP redirects are never sent

  ICMP unreachables are always sent

  ICMP mask replies are never sent

  IP fast switching is enabled

  IP fast switching on the same interface is disabled

  IP Flow switching is disabled

  IP CEF switching is enabled

  IP CEF switching turbo vector

  IP Null turbo vector

  Tunnel VPN Routing/Forwarding "xxx"

  IP multicast fast switching is enabled

  IP multicast distributed fast switching is disabled

  IP route-cache flags are Fast, CEF

  Router Discovery is disabled

  IP output packet accounting is disabled

  IP access violation accounting is disabled

  TCP/IP header compression is disabled

  RTP/IP header compression is disabled

  Policy routing is disabled

  Network address translation is disabled

  BGP Policy Mapping is disabled

  Input features: Process Packet Capture, MCI Check, TCP Adjust MSS

  Output features: CCE Output Classification, NHRP Redirect, CCE Post NAT Classification, TCP Adjust MSS, QoS Preclassification

  Post encapsulation features: IPSEC Post-encap output classification

  WCCP Redirect outbound is disabled

  WCCP Redirect inbound is disabled

  WCCP Redirect exclude is disabled

Can anybody tell me, what "CCE Output Classification" is, and why this is extensivly used by my router?