Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

M7i Compact Forwarding Engine Board (CFEB) and Enhanced Compact Forwarding Engine Board (CFEB-E) Description

 

The M7i Multiservice Edge Router houses either a Compact Forwarding Engine Board (CFEB) or an Enhanced Compact Forwarding Engine Board (CFEB-E), which is located on the rear of the router above the power supplies, as shown in M7i Chassis Description. It provides route lookup, filtering, and switching on incoming data packets, then directs outbound packets to the appropriate interface for transmission to the network. It can process 16 million packets per second (Mpps). The CFEB or CFEB-E communicates with the Routing Engine using a dedicated 100-Mbps link that transfers routing table data from the Routing Engine to the forwarding table. The link is also used to transfer routing link-state updates and other packets destined for the router from the CFEB or CFEB-E to the Routing Engine.

The CFEB or CFEB-E provides the following functions:

  • Route lookups—Performs route lookups using the forwarding table stored in the synchronous SRAM (SSRAM) on CFEBs or stored in the RLDRAM on CFEB-Es.

  • Management of shared memory —Uniformly allocates incoming data packets throughout the router's shared memory.

  • Transfer of outgoing data packets—Passes data packets to the destination FIC or PIC when the data is ready to be transmitted.

  • Transfer of exception and control packets—Passes exception packets to the microprocessor on the CFEB or CFEB-E, which processes almost all of them. The remainder are sent to the Routing Engine for further processing. Any errors originating in the Packet Forwarding Engine and detected by the CFEB or CFEB-E are sent to the Routing Engine using system log messages.

  • Built-in tunnel interface—Encapsulates arbitrary packets inside a transport protocol, providing a private, secure path through an otherwise public network.

    The built-in tunnel interface on the CFEB or CFEB-E is configured the same way as a PIC. For information about configuring the built-in tunnel interface, see the Junos OS Services Interfaces Library for Routing Devices.

  • Optional Adaptive Services Module (ASM)—Provides one or more services on one PIC. See M7i Adaptive Services Module for more information.

The CFEB and CFEB-E are hot-pluggable when you replace a CFEB with a CFEB or a CFEB-E with a CFEB-E. Upgrading or downgrading a CFEB device requires a system reboot, as described in Upgrading and Downgrading the CFEB and CFEB-E. You can remove and replace the CFEB or CFEB-E without powering down the router, but the routing functions of the system are interrupted when it is removed.

CFEB

The CFEB has the following major components:

  • Processing components:

    • 266-MHz CPU and supporting circuitry

    • Integrated ASIC

    • 33-MHz PCI bus

  • Storage components:

    • 128-MB SDRAM for packet memory

    • 128-MB SDRAM for the microkernel

    • 8-MB SSRAM for route lookup

    • 4-MB SSRAM for control memory

  • Services interfaces:

    • Built-in tunnel interface

    • Optional Adaptive Services Module

  • System interfaces:

    • 100-Mbps link for internal interface to the Routing Engine

    • 19.44-MHz reference clock—Generates clock signal for SONET/SDH PICs.

    • I2C controller to read the I2C/EEPROMs in the PICs and temperature sensors

    • I2C/EEPROM containing the serial number and revision level

    • Two 512-KB boot flash EPROMs (programmable on the board)

  • One PowerPC 8245 integrated processor

  • Three LEDs—A green LED labeled OK, a red LED labeled FAIL, and a blue LED labeled MASTER indicate CFEB status.

  • Online/Offline button—Prepares the CFEB for removal from the router when pressed.

  • Ejector levers—Control the locking system that secures the CFEB in the chassis.

Figure 1: CFEB
CFEB
Figure 2: CFEB with Adaptive Services Module
CFEB with Adaptive Services Module

CFEB-E

The CFEB-E provides the following additional and enhanced functions:

  • Optional MultiServices Module (MSM)—Provides one or more services on one PIC. See M7i MultiServices Module for more information.

  • Increased number of logical interfaces.

  • Increased route, nexthop, and interface lookup memory.

  • Increased FPC throughput.

  • Enhanced class of service features, including:

    • More queues and priority levels

    • Increased drop precedence per queue

    • Excess bandwidth allocation in proportion to weights

    • Hierarchical policing

    • Increased number of WRED profiles

    • Independent EXP and DSCP rewrite

    • Independent Layer 2 and Layer 3 classification on same port

The CFEB-E has the following major components:

  • Processing components:

    • 1-GHz CPU and supporting circuitry

    • Integrated ASIC

    • 33-MHz PCI bus

  • Storage components:

    • Three 256-MB SDRAMs for packet memory

    • 1-GB SDRAM for the microkernel

    • Two 64-MB RLDRAMs for route lookup

    • Two 64-MB RLDRAMs for control memory

  • Services interfaces:

    • Built-in tunnel interface

    • Optional Adaptive Services Module

    • Optional MultiServices Module

  • System interfaces:

    • 100-Mbps link for internal interface to the Routing Engine

    • 19.44-MHz reference clock—Generates clock signal for SONET/SDH PICs

    • I2C controller to read the I2C/EEPROMs in the PICs and temperature sensors

    • I2C/EEPROM containing the serial number and revision level

    • Two 512-KB boot flash EPROMs (programmable on the board)

  • One MPC8545 integrated processor with 1-GB DDR2 SDRAM

  • Three LEDs—A green LED labeled OK, a red LED labeled FAIL, and a blue LED labeled MASTER indicate CFEB-E status.

  • Offline button—Prepares the CFEB-E for removal from the router when pressed.

  • Ejector levers—Control the locking system that secures the CFEB-E in the chassis.

Figure 3: CFEB-E
CFEB-E
Figure 4: CFEB-E with Adaptive Services Module
CFEB-E with Adaptive Services Module
Figure 5: CFEB-E with MultiServices Module
CFEB-E with MultiServices Module

M7i Adaptive Services Module

The Adaptive Services Module is an optional component of the CFEB and CFEB-E. The Adaptive Services Module is similar to the standalone Adaptive Services PIC, but operates at a reduced bandwidth. The Adaptive Services Module enables you to perform one or more services on the same PIC by configuring a set of services and applications.

The Adaptive Services Module provides the following services:

  • Stateful firewall—A type of firewall filter that considers state information derived from previous communications and other applications when evaluating traffic.

  • Network Address Translation (NAT)—A security procedure for concealing host addresses on a private network behind a pool of public addresses.

  • Intrusion detection services (IDS)—A set of tools for detecting, redirecting, and preventing certain kinds of network attack and intrusion.

The configuration for these three services comprises a series of rules that you can arrange in order of precedence as a rule set. Each rule follows the structure of a firewall filter, with a from statement containing input or match conditions and a then statement containing actions to be taken if the match conditions are met.

For information about configuring interfaces on the ASM, see the Junos OS Services Interfaces Library for Routing Devices.

M7i MultiServices Module

The MultiServices Module is an optional component of the CFEB-E. The CFEB does not support the MultiServices Module. The MultiServices Module enables you to perform one or more services on the same PIC by configuring a set of services and applications. Like the standalone MultiServices 100 PIC, the MultiServices Module supports the following services:

  • Layer 3 Services:

    • Stateful firewall—A type of firewall filter that considers state information derived from previous communications and other applications when evaluating traffic.

    • Network Address Translation (NAT)—A security procedure for concealing host addresses on a private network behind a pool of public addresses.

    • Intrusion detection services (IDS)—A set of tools for detecting, redirecting, and preventing certain kinds of network attack and intrusion.

    • IPsec

    • Layer 2 Tunneling Protocol (L2TP)

    • Active monitoring (cflowd)

    • Tunnel services

    • GRE prefragmentation

    • GRE key stamping

    • RPM

  • Layer 2 Services:

    • MLPPP

    • MLFR

    • cRTP

    • Multiclass MLPPP

    • RPM

Note

You can enable either Layer 2 or Layer 3 services on the MultiServices Module, but you cannot enable both Layer 2 and Layer 3 services concurrently.

The configuration for these services comprises a series of rules that you can arrange in order of precedence as a rule set. Each rule follows the structure of a firewall filter, with a from statement containing input or match conditions and a then statement containing actions to be taken if the match conditions are met.

For information about configuring interfaces on the MSM, see the Junos OS Services Interfaces Library for Routing Devices.

Related Documentation