Forwarding Information Base
Encyclopedia
A forwarding information base (FIB), also known as a forwarding table, is most commonly used in network bridging
, routing
, and similar functions to find the proper interface to which the input interface should send a packet to be transmitted by the router.
In contrast to routing information bases (RIB), also known as routing table
s, FIBs are optimized for fast lookup of destination addresses. Earlier implementations cached only a subset of the routes most frequently used in actual forwarding, and this worked reasonably well for enterprises where there is a meaningful most-frequently-used subset. Routers used for accessing the entire Internet, however, experienced severe performance degradation in refreshing a small cache, and various implementations moved to having FIBs in one-to-one correspondence with the RIB . RIBs are optimized for efficient updating by routing protocol
s and other control plane
methods, and contain the full set of routes learned by the router.
FIBs may also be implemented with fast hardware lookup mechanisms, such as ternary content addressable memory (TCAM). TCAM, however, is quite expensive, and tends to be used more in edge routers with relatively small numbers of routes than in routers that must carry full Internet routing tables, with supplementary internal routes .
technology, such as media access control
(MAC) protocols on local area network
s, has an address that has no significance beyond a single medium. In contrast, network layer addresses, such as IP
addresses, are conceptually similar on all media in the routing domain.
Besides IEEE 802.1 bridging of MAC layer addresses, other link-local technologies using forwarding tables include frame relay
and asynchronous transfer mode
switches, and multiprotocol label switching
(MPLS). ATM has both link-local addresses and addresses that have end-to-end significance in the ATM domain.
If the bridge has not seen the address yet, it floods the frame out all active interfaces (as is also done with broadcast frames), except for the interface on which the frame was received.
. These tables may be configured statically, or they can be distributed by the private network-to-network interface (PNNI) protocol, an ATM routing protocol with considerable similarity to the open shortest path first
(OSPF) used for IP routing.
When PNNI is in use, the ATM switches at the edges of the ATM "cloud" will map one of the standard ATM end-to-end identifiers, such as an NSAP, to the next-hop VPI/VCI.
, which has been called "ATM without cells", has many similarities, at the forwarding level, to ATM. The label edge routers (LER) at the edges of an MPLS cloud map between the end-to-end identifier, such as an IP address, and a link-local label.
At each MPLS hop, there is a forwarding table that tells the label switched router (LSR) which outgoing interface is to receive the MPLS packet, and what label to use when sending the packet out that interface.
(BCP) of ingress filtering
. Though the simplest form of implementing ingress filtering is to use access lists to drop packets with improper source addresses, use of access lists becomes difficult on routers with a large number of adjacent networks, and traditional access lists are not used in high-performance router forwarding paths.
While the IETF document BCP 38 on ingress filtering does not specify a method of implementing source address filtering, some router vendors have implemented a mechanism which employs lookups in the router's tables to perform this check. (See also reverse path filtering.) This is often implemented as a lookup in the FIB of the source address of the packet. If the interface has no route to the source address, the packet is assumed to be part of a denial of service attack, using a false or spoofed source address, and the router discards the packet.
When the router is multihomed, ingress filtering becomes more complex. There are perfectly reasonable operational scenarios in which a packet could arrive on one interface, but that specific interface might not have a route to the source address. For the routers near the edge of the Internet, packet filters can provide a simpler and more effective solution than methods which employ routing information lookup, though this approach can be challenging when managing routers which are reconfigured often. Ingress filtering for multihomed routers will accept the packet if there is a route back to its source address from any interface on the router. For this type of filtering, the router may also maintain an adjacency table, also organized for fast lookup, that keeps track of the router interface addresses that are on all directly connected routers.
provides an additional method to select outgoing interfaces, based on a field that indicates the forwarding priority of the packet, as well as the preference of the packet to be dropped in the presence of congestion.
Routers that support differentiated service not only have to look up the output interface for the destination address, but need to send the packet to the interface that best matches the differentiated services requirements. In other words, as well as matching the destination address, the FIB has to match differentiated services code points (DSCP).
Bridging (networking)
Bridging is a forwarding technique used in packet-switched computer networks. Unlike routing, bridging makes no assumptions about where in a network a particular address is located. Instead, it depends on flooding and examination of source addresses in received packet headers to locate unknown...
, routing
Routing
Routing is the process of selecting paths in a network along which to send network traffic. Routing is performed for many kinds of networks, including the telephone network , electronic data networks , and transportation networks...
, and similar functions to find the proper interface to which the input interface should send a packet to be transmitted by the router.
In contrast to routing information bases (RIB), also known as routing table
Routing table
In computer networking a routing table, or Routing Information Base , is a data table stored in a router or a networked computer that lists the routes to particular network destinations, and in some cases, metrics associated with those routes. The routing table contains information about the...
s, FIBs are optimized for fast lookup of destination addresses. Earlier implementations cached only a subset of the routes most frequently used in actual forwarding, and this worked reasonably well for enterprises where there is a meaningful most-frequently-used subset. Routers used for accessing the entire Internet, however, experienced severe performance degradation in refreshing a small cache, and various implementations moved to having FIBs in one-to-one correspondence with the RIB . RIBs are optimized for efficient updating by routing protocol
Routing protocol
A routing protocol is a protocol that specifies how routers communicate with each other, disseminating information that enables them to select routes between any two nodes on a computer network, the choice of the route being done by routing algorithms. Each router has a priori knowledge only of...
s and other control plane
Control plane
In routing, the control plane is the part of the router architecture that is concerned with drawing the network map, or the information in a routing table that defines what to do with incoming packets. Control plane functions, such as participating in routing protocols, run in the architectural...
methods, and contain the full set of routes learned by the router.
FIBs may also be implemented with fast hardware lookup mechanisms, such as ternary content addressable memory (TCAM). TCAM, however, is quite expensive, and tends to be used more in edge routers with relatively small numbers of routes than in routers that must carry full Internet routing tables, with supplementary internal routes .
Applications for data link and other link-local technologies
A link-localLink-local
Link-local can refer to:* The data link layer, which is layer 2 of the OSI network model* Link-local addresses, which are intended only for use in the local layer 2 domain...
technology, such as media access control
Media Access Control
The media access control data communication protocol sub-layer, also known as the medium access control, is a sublayer of the data link layer specified in the seven-layer OSI model , and in the four-layer TCP/IP model...
(MAC) protocols on local area network
Local area network
A local area network is a computer network that interconnects computers in a limited area such as a home, school, computer laboratory, or office building...
s, has an address that has no significance beyond a single medium. In contrast, network layer addresses, such as IP
Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
addresses, are conceptually similar on all media in the routing domain.
Besides IEEE 802.1 bridging of MAC layer addresses, other link-local technologies using forwarding tables include frame relay
Frame relay
Frame Relay is a standardized wide area network technology that specifies the physical and logical link layers of digital telecommunications channels using a packet switching methodology...
and asynchronous transfer mode
Asynchronous Transfer Mode
Asynchronous Transfer Mode is a standard switching technique designed to unify telecommunication and computer networks. It uses asynchronous time-division multiplexing, and it encodes data into small, fixed-sized cells. This differs from approaches such as the Internet Protocol or Ethernet that...
switches, and multiprotocol label switching
Multiprotocol Label Switching
Multiprotocol Label Switching is a mechanism in high-performance telecommunications networks that directs data from one network node to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table. The labels identify virtual links between...
(MPLS). ATM has both link-local addresses and addresses that have end-to-end significance in the ATM domain.
Bridging
MAC layer bridges learn the interface on which they first saw a particular source address, and associate that interface with that address. When the bridge subsequently receives a frame with a destination address in its forwarding table, it sends the frame out the interface stored in the forwarding table.If the bridge has not seen the address yet, it floods the frame out all active interfaces (as is also done with broadcast frames), except for the interface on which the frame was received.
Frame Relay
While the exact mechanics of a forwarding table is implementation-specific, the general model is that frame relay switches have statically defined forwarding tables, one per interface. When a frame with a given data link connection identifier (DLCI) is received on one interface, the table associated with that interface gives the outgoing interface, and the new DLCI to insert into the frame's address field.Asynchronous Transfer Mode
ATM switches have link-level forwarding tables much like those used in frame relay. Rather than a DLCI, however, interfaces have forwarding tables that specify the outgoing interface, virtual path identifier, and virtual circuit identifierVirtual Circuit Identifier
A Virtual Channel Identifier is a unique identifier which indicates a particular virtual circuit on a network. It is a 16-bit field in the header of an ATM cell...
. These tables may be configured statically, or they can be distributed by the private network-to-network interface (PNNI) protocol, an ATM routing protocol with considerable similarity to the open shortest path first
Open Shortest Path First
Open Shortest Path First is an adaptive routing protocol for Internet Protocol networks. It uses a link state routing algorithm and falls into the group of interior routing protocols, operating within a single autonomous system . It is defined as OSPF Version 2 in RFC 2328 for IPv4...
(OSPF) used for IP routing.
When PNNI is in use, the ATM switches at the edges of the ATM "cloud" will map one of the standard ATM end-to-end identifiers, such as an NSAP, to the next-hop VPI/VCI.
Multiprotocol Label Switching
MPLSMultiprotocol Label Switching
Multiprotocol Label Switching is a mechanism in high-performance telecommunications networks that directs data from one network node to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table. The labels identify virtual links between...
, which has been called "ATM without cells", has many similarities, at the forwarding level, to ATM. The label edge routers (LER) at the edges of an MPLS cloud map between the end-to-end identifier, such as an IP address, and a link-local label.
At each MPLS hop, there is a forwarding table that tells the label switched router (LSR) which outgoing interface is to receive the MPLS packet, and what label to use when sending the packet out that interface.
FIBs in ingress filtering against Denial of Service
FIBs can also play a role in an Internet best current practiceBest Current Practice
A best current practice is a de facto, dynamic level of performance in engineering and information technology. It is more flexible than a standard, since techniques and tools are continually evolving....
(BCP) of ingress filtering
Ingress filtering
In computer networking, ingress filtering is a technique used to make sure that incoming packets are actually from the networks that they claim to be from.- Problem :...
. Though the simplest form of implementing ingress filtering is to use access lists to drop packets with improper source addresses, use of access lists becomes difficult on routers with a large number of adjacent networks, and traditional access lists are not used in high-performance router forwarding paths.
While the IETF document BCP 38 on ingress filtering does not specify a method of implementing source address filtering, some router vendors have implemented a mechanism which employs lookups in the router's tables to perform this check. (See also reverse path filtering.) This is often implemented as a lookup in the FIB of the source address of the packet. If the interface has no route to the source address, the packet is assumed to be part of a denial of service attack, using a false or spoofed source address, and the router discards the packet.
When the router is multihomed, ingress filtering becomes more complex. There are perfectly reasonable operational scenarios in which a packet could arrive on one interface, but that specific interface might not have a route to the source address. For the routers near the edge of the Internet, packet filters can provide a simpler and more effective solution than methods which employ routing information lookup, though this approach can be challenging when managing routers which are reconfigured often. Ingress filtering for multihomed routers will accept the packet if there is a route back to its source address from any interface on the router. For this type of filtering, the router may also maintain an adjacency table, also organized for fast lookup, that keeps track of the router interface addresses that are on all directly connected routers.
FIBs in differentiated services/Quality of Service routing
IP differentiated servicesDifferentiated services
Differentiated Services or DiffServ is a computer networking architecture that specifies a simple, scalable and coarse-grained mechanism for classifying and managing network traffic and providing Quality of Service on modern IP networks...
provides an additional method to select outgoing interfaces, based on a field that indicates the forwarding priority of the packet, as well as the preference of the packet to be dropped in the presence of congestion.
Routers that support differentiated service not only have to look up the output interface for the destination address, but need to send the packet to the interface that best matches the differentiated services requirements. In other words, as well as matching the destination address, the FIB has to match differentiated services code points (DSCP).