ccnp 3 v4 module 5 implementing multilayer switching

1© 2003, Cisco Systems, Inc. All rights reserved.

CCNP 3 v4 Module 5 Implementing Multilayer Switching


Objectives

• Describing Routing Between VLANs• Deploying Cisco Express Forwarding

(CEF)• Enabling Routing Between VLANs on a

Multilayer Switch


Overview

• A switch with multiple VLANs requires a means of passing Layer 3 traffic between those VLANs.

• A router that is external to the Layer 2 switch hosting the VLANs can provide the Inter-VLAN routing or it can be done using a Catalyst Multilayer Switch.

• When routing occurs within a Catalyst Multilayer Switch, Cisco Express Forwarding (CEF) is used.

• Routing on a Multilayer Switch is achieved via Switched Virtual Interfaces (SVIs) that act as gateways for an individual VLAN/subnet.


Inter-VLAN Routing

• Configuring VLANs allows a network administrator to create smaller broadcast domains and improve security

• However, VLANs require a Layer 3 device to allow for inter-VLAN communication


Inter-VLAN Routing

• If a switch supports multiple VLANs but has no Layer 3 capability to route packets between those VLANs, the switch must be connected to an external router.

• An external router can route between VLANs by either:A. Attaching the router’s physical interfaces to each VLAN

with no VLAN taggingB. Using a single physical interface and a VLAN trunking

protocol.– The use of the VLAN trunking protocol enables us to

create additional logical subinterfaces each associated with a particular VLAN.

– The two VLAN trunking protocols are ISL and 802.1Q


External Router Options

One physical trunking interfacewith logical subinterfaces

One physical interface per VLAN


Advantages and Disadvantages of EachExternal Router with Multiple Phys. Interfaces

External Router with Logical Subinterfaces


Using a Single Trunk

• In order for traffic to be routed from VLAN to VLAN the router needs a separate logical interface for every VLAN.

• To do this we can use either the ISL or 802.1Q trunking protocol.ExtRouter(config)#int fa0/0ExtRouter(config-if)#no shutExtRouter(config-if)#int fa0/0.1ExtRouter(config-subif)#encapsulation dot1q 1 nativeExtRouter(config-subif)#ip addr 192.168.1.1 255.255.255.0ExtRouter(config-subif)#int fa0/0.10ExtRouter(config-subif)#encapsulation dot1q 10ExtRouter(config-subif)#ip addr 192.168.10.1 255.255.255.0ExtRouter(config-subif)#int fa0/0.20ExtRouter(config-subif)#encapsulation dot1q 20ExtRouter(config-subif)#ip addr 192.168.20.1 255.255.255.0

Logical subif

802.1Q protocol

VLAN ID


Inter-VLAN Routing Scalability

• For networks with more than a few VLANs, virtual/logical subinterfaces is the best strategy.– Both an external and an internal router can be

used with subinterfaces

• The difference between the internal vs. external solutions involves a tradeoff between cost and performance.– An entry level external router (1721) is generally

cheaper than a switch with Layer 3 functionality (Cat 3550)

– However, the Layer 3 switch provides higher efficiency and performance


Layer 2 Switching

• Layer 2 switching forwards frames based on information in the Layer 2 Frame header.

• Switch hardware utilizes specialized chips, called application-specific integrated circuits (ASICs), to handle frame manipulation and forwarding. – By using ASICs, Layer 2 switching can provide wire

speed performance.


Layer 2 Switching Tables

• Cisco Catalysts have two primary table architectures: – CAM Table (Content Addressable Memory)– TCAM Table (Ternary CAM)


CAM Table

• The CAM table is the primary table used to make Layer 2 forwarding decisions.

• The CAM is built by recording the source MAC address of inbound frames on a switchport.– This way frames are forwarded out only the

switchport associated with that MAC addr.• This allows for unicast transmission

– The MAC address table lists MAC and VLAN pairs with associated interfaces.


TCAM Table

• The TCAM table stores ACL, QoS and other information generally associated with upper layer processing. – In a Layer 2 table, all bits of all information are

significant for frame forwarding (for example, VLANs, destination MAC addresses, and destination protocol types).

– The TCAM table allows forwarding decisions to ignore parts of the source and destination fields by way of the access list entry’s wildcard mask.


Layer 2 Forwarding Process


Layer 2 Forwarding Flow Chart


Multilayer Switching

• Multilayer switching includes the ability to switch data based on information at multiple layers.

• Multilayer switching also refers to routers that can forward packets at wire-speed through switching hardware. – -if)# ip route-cache

• Layer 3 switch processing forwards packets at wire-speed by using ASIC hardware instead of CPU based lookups found on a traditional router. – Specific Layer 3 components such as routing tables

or ACLs can be cached into hardware.


Layer 3 Switching

• Layer 3 switching can occur at two different locations on the switch: – Centralized Switching– Distributed Switching


Centralized Switching

• Centralized switching decisions are made on the route processor by a central forwarding table, typically controlled by an ASIC.


Distributed Switching

• Distributed switching decisions can be made on a port or line card level rather than on a central route processor. – Each line card maintains its own FIB table.

• Cached tables are distributed and synchronized to various hardware components so processing can be distributed throughout the switch chassis.


Layer 3 Forwarding

• Layer 3 switching takes place using one of two methods: • Route caching

– Flow-based or demand-based switching, a Layer 3 route cache is built in hardware as the switch sees traffic flows into the switch.

• Topology-based– Information from the routing table is used to populate

the route cache regardless of traffic flow.– The populated route cache is called the Forwarding

Information Base (FIB). – Cisco Express Forwarding (CEF) is the facility that builds

the FIB.


Process Switching

• Process switching is the most basic method of switching packets.

• Process switching moves packets between interfaces, based on information in the routing table and the ARP cache.– As packets arrive, they are moved into a queue to

wait for further processing.– When the scheduler runs, the outbound interface

will be determined and the packet will be switched.– Waiting for the scheduler introduces latency.


CEF Based Multilayer Switching

• To speed this process up, CEF caches information generated by the Layer 3 Routing Engine.

• CEF caches routing information in the forwarding information base (FIB) and caches Layer 2 next-hop addresses for all FIB entries in an Adjacency Table.

• CEF operates in two modes:– Central– Distributed


CEF Example


FIB and Adjacency TablesThe FIB is derived from the IP routing table with the longest match first. The adjacency table is derived from the ARP table, and contains Layer 2 rewrite (MAC) information for the next hop.


Central CEF Mode

• In Central CEF, the FIB and adjacency tables reside on the route processor, and the route processor performs the express forwarding.

• This CEF mode is used when line cards are not available for CEF switching, or when features not compatible with Distributed CEF.


Distributed CEF Mode (dCEF)

• When dCEF is enabled, line cards maintain identical copies of the FIB and adjacency tables.

• The line cards can perform the express forwarding by themselves, relieving the main processor of involvement in the switching operation.

• dCEF uses an Inter-Process Communication (IPC) mechanism to ensure synchronization of FIBs and adjacency tables on the route processor and line cards.


The CEF Control Plane and Data Plane

• CEF breaks the forwarding process into two parts:– The control plane and the data plane

• The control plane is responsible for building the FIB table and adjacency tables in software.

• The data plane is responsible for forwarding IP unicast traffic using hardware.


Control Plane and Data Plane Example


FIB Table Updates

• The FIB table is updated when the following occurs:– An ARP entry for the destination next hop

changes, ages out, or is removed. – The routing table entry for a prefix changes. – The routing table entry for the next hop

changes.


TCAM and ACL Entries

• The Ternary Content Addressable Memory (TCAM) is a specialized piece of memory designed for rapid, hardware based table lookups of Layer 3 and 4 information.

• The TCAM is used to match incoming packets to existing ACLs.– The TCAM table examines the source and

destination wildcard mask of an ACE and creates a “mask” entry for the pair.

– Each mask has eight value patterns that can be associated with that mask.

– The values are the source and destination IP addresses and port numbers that match the mask entry.

http://www.ciscopress.com/articles/article.asp?p=101629&seqNum=4&rl=1

http://www.ciscopress.com/articles/article.asp?p=101629&seqNum=4&rl=1


Value, Mask and Result Table (VMR)

access-list 101 permit ip host 10.1.1.1 any access-list 101 deny ip 10.1.1.0 0.0.0.255 any


ARP Throttling

• Only the first few packets for a connected destination reach the Layer 3 engine so that the Layer 3 engine can use Address Resolution Protocol (ARP) to locate the host.– This allows the FIB table to have a corresponding

adjacency entry for Layer 2.• If the Layer 2 address is unknown then the Layer 3 engine

generates an ARP request.• While the Layer 3 engine is waiting for the ARP reply,

subsequent packets to the destination host are dropped. – This is known as ARP throttling.– The throttling adjacency is removed when an ARP reply

is received.


Forwarding ExampleStep 1 Host A sends packet to host B.Step 2 The switch forwards the packet to the Layer 3 engine based on the "glean" entry in the FIB (because a Layer 2 request does not exist in the adj. table).Step 3 The Layer 3 engine sends an ARP request for host B and installs the drop adjacency for host B (ARP throttling).Step 4 Host B responds to the ARP request (ARP throttle removed).Step 5 Frame rewrite (not shown)


Other Adjacency Types

• Null adjacency: Packets destined for a Null0 interface are dropped. This can be used as an effective form of access filtering.

• Glean adjacency: When a router is connected directly to several hosts, the FIB table on the router maintains a prefix for the subnet rather than for the individual host prefixes. The subnet prefix points to a glean adjacency. When packets need to be forwarded to a specific host, the adjacency database is gleaned for the specific prefix.

• Punt adjacency: Features that require special handling or features that are not yet supported in conjunction with CEF switching paths are forwarded to the next switching layer for handling. Features that are not supported are forwarded to the next higher switching level.

• Discard adjacency: Packets are discarded.• Drop adjacency: Packets are dropped, but the prefix is

checked.


CEF Based MLS Operation btwn VLANs

• Step 1 Host A sends a packet to host B. The switch recognizes the frame as a Layer 3 packet because the destination MAC (MAC-M) matches the Layer 3 engine MAC.

• Step 2 The switch performs a CEF lookup based on the destination IP address (IP-B). The packet hits the CEF entry for the connected (VLAN20) network and is redirected to the Layer 3 engine using a "glean" adjacency.

• Step 3 The Layer 3 engine installs an ARP throttling adjacency in the switch for the host B IP address.

• Step 4 The Layer 3 engine sends ARP requests for host B on VLAN20.



• Step 5 Host B sends an ARP response to the Layer 3 engine.

• Step 6 The Layer 3 engine installs the resolved adjacency in the switch (removing ARP throttling adjacency).

• Step 7 The switch forwards the packet to host B.• Step 8 The switch receives a subsequent packet for host B

(IP-B).• Step 9 The switch performs a Layer 3 lookup and finds a

CEF entry for host B. The entry points to the adjacency with rewrite information for host B.

• The switch rewrites packets per the adjacency information and forwards the packet to host B on VLAN20.


Frame Rewrite Example


Configuring CEF


show ip cef


CEF show interface Commands


CEF show adjacency Command


Verifying CEF


Using Layer 3 Interfaces on a Multilayer Switch

• There are two types of Layer 3 interfaces that you can create on a multilayer switch.1. Logical switched virtual interfaces (SVIs)

2. Physical routed ports


Routing with a Layer 3 Switch

• To route between VLANs on a Layer 3 switch, we use SVIs.

• A switched virtual interface (SVI) is a virtual Layer 3 interface that can be configured for any VLAN that exists on a Layer 3 switch.

• The SVI for the VLAN provides Layer 3 processing for packets from all switch ports associated with that VLAN. – Only one SVI can be associated with a VLAN. – By default, an SVI is created for the default VLAN

(VLAN1) to permit remote switch administration. You must explicitly configure additional SVIs.


Layer 3 Switched Virtual Interface (SVI)

• You configure an SVI for a VLAN for these reasons:– To provide a default gateway for a VLAN so traffic

can be routed between VLANs – To provide fallback bridging if it is required for

nonroutable protocols – To provide Layer 3 IP connectivity to the switch

• This places the switch on that VLAN.

• SVIs are created the first time interface configuration mode is entered for a particular VLAN SVI interface.


Routed Interfaces on a Multilayer Switch

• A routed switch port is a physical switch port on a Multilayer switch that is capable of Layer 3 packet processing.– A routed port is not associated with a particular

VLAN, as is an access port or SVI. – A routed port behaves like a regular router interface,

except that it does not support VLAN subinterfaces. – The number of routed ports and SVIs that can be

configured on a switch is not limited by software. Switch(config)#int fa0/1Switch(config-if)#no switchportSwitch(config-if)#ip addr 172.16.1.2 255.255.255.252Switch(config-if)#exiSwitch(config)#ip routingSwitch(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.1


Routed Switchports per Platform

• On the lower end multilayer switches such as the 3550, 3560 and 3750, all ports are Layer 2 ports by default.– To create a Layer 3 routed port, you must use the

‘no switchport’ command• On the 6500, all ports are Layer 3 ports by

default and you must use the ‘switchport’ interface config. command to change the port to a Layer 2 port.– I’m not sure about the 4500s but you get the idea


Inter-VLAN Routing using SVIs

Optional for running a routing protocol with another device


Inter-VLAN Routing using SVIsSwitch#config tSwitch(config)#ip routingSwitch(config)#int vlan 1Switch(config-if)#ip addr 192.168.1.1 255.255.255.0Switch(config-if)#no shutSwitch(config-if)#int vlan 10Switch(config-if)#ip addr 192.168.10.1 255.255.255.0Switch(config-if)#Switch(config-if)#int vlan 20Switch(config-if)#ip addr 192.168.20.1 255.255.255.0Switch(config-if)#exiSwitch(config)#exi

An SVI will not come up until there is an active port for the VLAN the SVI belongs to.

If a trunking port is up, then the interface vlan 1 SVI will come up even ifthere are no active ports for VLAN 1.


show run OutputSwitch#sh runBuilding configuration...

hostname Switch!no aaa new-modelip subnet-zeroip routing!<output ommitted>!interface Vlan1 ip address 192.168.1.1 255.255.255.0!interface Vlan10 ip address 192.168.10.1 255.255.255.0!interface Vlan20 ip address 192.168.20.1 255.255.255.0!ip classlessip route 0.0.0.0 0.0.0.0 172.16.1.2

Inter-VLAN routing does not require arouting protocol because all networksare directly connected.

A routing protocol is only necessary ifthe multilayer switch needs to advertiseits own networks or learn about otherremote networks.


Summary

• The configuration of multiple Layer 2 VLANs requires that Layer 3 routing occur between those VLANs. This inter-VLAN routing can be provided external to a Layer 2 switch or within a Multilayer Switch through the configuration of Switch Virtual Interfaces and IP routing. When routing occurs within a Catalyst Multilayer Switch, Cisco Express Forwarding is deployed to facilitate Layer 3 switching through hardware-based tables providing an optimal packet forwarding process.

ccnp 3 v4 module 5 implementing multilayer switching

Documents