Implementing Inter-VLAN Routing

Transcription

1 Internetwork Communications C:>ping Implementing Inter-VLAN Routing Can two hosts on different subnets communicate without a router? No What would happen if a host tried to ping another host? They could not communicate. Would it send an ARP Request? Why or why not? The host would not send an ARP Request because there is no defaultgateway. 2003, Cisco Systems, Inc. All rights reserved , Cisco Systems, Inc. All rights reserved. BCMSN v Internetwork Communications InterVLAN Routing External Router VLAN 1 VLAN 2 VLAN 3 Router on a stick VLANs 1, 2, 3 Trunk Multilayer Switch VLAN 1 VLAN 2 VLAN 3 Or Trunk 2003, Cisco Systems, Inc. All rights reserved. BCMSN v External Router Router(config)# inter fa 0/1 Router(config-if) if) ip address Router(config)# inter fa 0/2 Router(config-if) ip address Router(config)# inter fa 0/3 Router(config-if) ip address , Cisco Systems, Inc. All rights reserved. BCMSN v

2 Inter-VLAN Routing External Router Configuration Commands Inter-VLAN Routing on External Router: 802.1Q Trunk Link Configure on subinterface encapsulation dot1q (or isl) 10 ip address Verify show vlan 10 show ip route 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. BCMSN v Inter-VLAN Routing on External Router: ISL Trunk Link Verifying Inter-VLAN Routing The ping command tests connectivity to remote hosts. 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. BCMSN v

3 Verifying the Inter-VLAN Routing Configuration Router#show vlan Displays the current IP configuration per VLAN Router#show ip route Displays IP route table information Router#show ip interface brief Multilayer Switching Displays IP address on interfaces and current state of interface 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved Explaining Multilayer Switching 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. BCMSN v

4 Multilayer Switch Interfaces Layer 2: Access or Trunk Ports Multilayer Switch Interfaces Layer 2: Access or Trunk Ports Logical Interface (SVI) Physical Interface Logical Interface (SVI-L3) Physical Interface (L3) DLS1# show interface gig 0/2 switchport Name: Gig0/2 Switchport: Enabled <output omitted> 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. BCMSN v Multilayer Switch Interfaces Layer 3 Port Configuration Physical Interfaces DLS1(config)# interface gig 0/1 DLS1(config-if)# no switchport DLS1(config-if)# ip address DLS2(config)# interface gig 0/1 DLS2(config-if)# no switchport DLS2(config-if)# ip address If in Layer 3 mode switchport interface command puts the port into Layer 2 mode. 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. BCMSN v

5 Physical Interfaces and EtherChannel SwitchA(config)# interface port-channel 5 SwitchA(config-if)# no switchport SwitchA(config-if)# ip address SwitchB(config)# interface port-channel 5 SwitchB(config-if)# no switchport SwitchB(config-if)# if)# ip address If several interfaces are bundled together using EtherChannel the IP address is assigned to the port-channel interface, not the individual physical links. To configure Layer 3 EtherChannels,: First you must create the port-channel logical interface Then you add the Ethernet ports into the port-channel 2003, Cisco Systems, Inc. All rights reserved. BCMSN v What about EtherChannel Interfaces? Fa 0/11 Fa 0/11 Port-channel 5 Port-channel Fa 0/12 Fa 0/12 SwitchA(config)# interface port-channel 5 SwitchA(config-if)# no switchport SwitchA(config-if)# ip address SwitchA(config)# interface range fa 0/11-12 SwitchA(config-if-range)# no ip address SwitchA(config-if-range)# no switchport SwitchA(config-if-range)# g channel-group 5 mode active SwitchB(config)# interface port-channel 5 SwitchB(config-if)# no switchport SwitchB(config-if)# if)# ip address SwitchB(config)# interface range fa 0/11-12 SwitchB(config-if-range)# no ip address SwitchB(config-if-range)# no switchport SwitchB(config-if-range)# channel-group 5 mode active First you must create the port-channel logical interface Then you add the Ethernet ports into the port-channel Using LACP in this example. Remember, the channel-group number is associated with the port-channel interface. 2003, Cisco Systems, Inc. All rights reserved. BCMSN v SVI Interfaces - Logical Interfaces 2003, Cisco Systems, Inc. All rights reserved. BCMSN v Switch(config)# vlan vlan-number Switch(config-vlan)# name vlan-name SwitchA(config)# interface vlan vlan-number SwitchA(config-if)# ip address ip-address mask SwitchA(config-if)# no shutdown Layer 3 functionality can also be enabled for an entire VLAN. The IP address is assigned to the logical interface the VLAN. This is needed when routing is required between VLANs. SVI (Switched Virtual Interface) No physical connection VLANs must be created before the SVI can be used. The IP address associated of the VLAN interface is the default gateway of the 2003, Cisco Systems, workstation. Inc. All rights reserved. BCMSN v

6 Configuring a Routed Port Configuring Inter-VLAN Routing Through an SVI Step 1 : Configure IP routing. Switch(config)#ip routing Step 2 : Create a routed port. Switch(config-if)#no switchport Step 3 : Assign an IP address to the routed port. Switch(config-if)#ip address ip-address mask Step 4 : Configure the IP routing protocol if needed. Switch(config)#router ip_routing_protocol _ <options> 2003, Cisco Systems, Inc. All rights reserved. BCMSN v Step 1 : Configure IP routing. Switch(config)#ip routing Step 2 : Create an SVI interface. Switch(config)#interface vlan vlan-id Step 3 : Assign an IP address to the SVI. Switch(config-if)#ip address ip-address mask Step 4 : Configure the IP routing protocol if needed. Switch(config)#router ip_routing_protocol <options> 2003, Cisco Systems, Inc. All rights reserved. 22 BCMSN v Routing Enable routing on DLS1 and DLS2. Configure EIGRP DLS1 and DLS2. Turn off auto-summarization DLS1(config)# ip routing DLS1(config)# router eigrp 1 DLS1(config-router)# network DLS1(config-router)# network DLS1(config-router)# no auto-summary DLS2(config)# ip routing DLS2(config)# router eigrp 1 DLS2(config-router)# network DLS2(config-router)# network DLS2(config-router)# no auto-summary 2003, Cisco Systems, Inc. All rights reserved. BCMSN v Verifying DLS1#show ip route Core Network /24 is subnetted, 1 subnets D [90/ ] via , 00:00:07, FastEthernet0/ /24 is subnetted, 5 subnets C is directly connected, Vlan10 C is directly connected, Vlan11 D [90/ ] via , :29:41, GigabitEthernet0/1 DLS2 Networks (VLANs) D [90/ ] via , 01:29:41, GigabitEthernet0/1 C is directly connected, Vlan /30 is subnetted, 3 subnets C is directly connected, GigabitEthernet0/1 C is directly connected, FastEthernet0/1 D [90/28416] via , 01:17:18, GigabitEthernet0/1 DLS1# Network between DLS2 and Core 2003, Cisco Systems, Inc. All rights reserved. 24 BCMSN v

7 Defining Flows - MLS Layer 2 Switch Forwarding Process p3 p2 p1 Multilayer Switched Environment Host A Conventional Environment Host B 1 First Packet Host A 2 Host B Subsequent Packets Each packet of a traditional flow must be processed by the router The first packet of an MLS flow is processed by the router; all subsequent packets are switched 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. BCMSN v Logical Packet Flow for a Multilayer Switch MLS-RP Advertisement Hello Message MLS-RP sends out multicast hello messages Messages contain MAC, VLAN, and route information Messages use the CGMP multicast well-known address 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. BCMSN v

8 Receiving MLSP Hello Messages Establishing an MLS Cache Entry Hello Message Hello Message I am not a Layer 3 Switch but I will still pass on the message. All switches receive the hello message Layer 3 switches process the hello message IP multicast passes transparently through non- Cisco switches 2003, Cisco Systems, Inc. All rights reserved. BCMSN v Candidate Packet L3 Information Source IP = Destination IP = L2 Information Source MAC = 0010.f663.d000 Destination MAC = Cache Entry? A f663.d B 0090.b The MLS-SE SE receives initial frame 2 The MLS-SE reads and recognizes the destination MAC Address 3 The MLS-SE checks the MLS cache for like entries 4 The MLS-SE forwards the frame to the MLS-RP 2003, Cisco Systems, Inc. All rights reserved. BCMSN v Establishing an MLS Cache Entry (cont.) Enable Packet L3 Information Source IP = Destination IP = L2 Information Source MAC = Destination MAC = 0090.b A 0010.f663.d B 0090.b The MLS-RP receives the frame and consults the routing table 6 The MLS-RP rewrites the header with the new destination MAC address The MLS-RP enters its own MAC address for the source address 7 8 The MLS-RP forwards the frame to the MLS-SE 2003, Cisco Systems, Inc. All rights reserved. BCMSN v Switching Subsequent Frames in a Flow Incoming Frame L3 Information Source IP = Destination IP = L2 Information Source MAC = 0010.f663.d000 Destination MAC = A B f663.d b Rewritten Frame L3 Information Source IP = Destination IP = L2 Information Source MAC = Destination MAC = 0090.b Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port UDP b /9 MLS Cache Entry The MLS-SE receives subsequent frames in the flow The MLS-SE compares the incoming frame with the MLS cache entry The MLS-SE rewrites the frame header The MLS-SE forwards the frame to the destination 2003, Cisco Systems, Inc. All rights reserved. BCMSN v

9 IP Unicast Frame and Packet Rewrite Improving IP Routing Performance with MLS Incoming IP Unicast Packet Rewritten IP Unicast Packet In this section we discuss the following topics: Multilayer Switching Fundamentals Configuring the Multilayer Switch Route Processor Applying Flow Masks Configuring the Multilayer Switch Switching Engine MLS Topologies Topology Examples Topology Quiz Unsupported U d Topology Topology Changes and Routing Impacts 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. BCMSN v MLS Topology Example 1 MLS Topology Example 2 A MLS-RP 3 R R2 R1 MLS-SE 1 Host A sends a packet to the default gateway 2 R1 rewrites the frame header to reflect the destination as the next-hop router (R2) 3 MLS-SE SE forwards the frame to R2 4 R2 rewrites the frame header to reflect the destination as Host B 5 MLS-SE forwards the frame to Host B 6 All subsequent frames are switched 2003, Cisco Systems, Inc. All rights reserved. BCMSN v B Host A sends a packet to the default gateway MLS-SE1 forwards the frame to MLS-SE2 MLS-SE2 SE2 forwards the frame to MLS-SE3SE3 MLS-SE3 forwards the frame to MLS-RP1 MLS-RP1 rewrites the frame header and forwards the frame to MLS-SE3 MLS-SE3 forwards the frame to MLS-SE MLS-SE2 forwards the frame to MLS-SE1 A 1 8 MLS-SE1 forwards the frame to Host B 9 All subsequent frames are switched 9 through MLS-SE1 10 Entries in MLS-SE2 and 3 time out MLS-RP MLS-SE3SE3 MLS-SE2 MLS-SE1 2003, Cisco Systems, Inc. All rights reserved. BCMSN v B

10 Quiz: MLS Topology Example Answer: MLS Topology Example S2 S1 MLS-RP Port in Blocking State X S3 S2 S1 MLS-RP Port in blocking state X S3 S4 A S5 S6 B S7 S4 A S5 S6 B S7 Original MLS path was A S4 S2 S1 S3 S7 B Spanning tree blocked the link between S1 and ds3 What is the next available MLS path? 2003, Cisco Systems, Inc. All rights reserved. BCMSN v First packet path = A S4 S2 S1 S2 S3 S7 B Subsequent packet path = A S4 S2 S3 S7 B 2003, Cisco Systems, Inc. All rights reserved. BCMSN v Unsupported MLS Topology Unsupported MLS Topology Solution 1 VLAN41 VLAN42 RSM1 RSM2 VLAN 41 VLAN 42 MLS-RP 1 MLS-RP 2 ISL Link MLS-SE 1 MLS-SE 2 A B A B Configure an ISL link from MLS-SE1 to MLS-RP1 to carry both VLAN41 and VLAN , Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. BCMSN v

11 Unsupported MLS Topology Solution 2 CAM Table VLAN 41 VLAN 42 MLS-RP 1 MLS-RP 2 Link 1 Link 2 MLS-SE 1 MLS-SE 2 A B Configure a second link from MLS-SE1 SE1 to MLS-RP1 to route for Subnet 42 Requires an exact match on all bits Matching is a binary operation: 0 or 1 Provides very high-speed lookups 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. BCMSN v TCAM Table Matches only significant values Matches based on three values: 0, 1, or X (either) Masks used to wildcard some content fields Summary A router on a stick can be used to route between VLANs using either ISL or 802.1Q as the trunking protocol. A router on a stick requires subinterfaces, one for each VLAN. Verify inter-vlan routing by generating IP packets between two subnets. Multilayer switches can forward traffic at both Layer 2 and Layer 3. Multilayer switches rewrite the Layer 2 and Layer 3 header using tables held in hardware. 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. BCMSN v

12 Multilayer Switching Deploying CEF-Based Multilayer Switching Traditional MLS CEF-Based MLS Multilayer switching - ability of a Catalyst switch to support switching and routing of packets in hardware. Optional support for Layers 4 through 7 switching in hardware as well. A route processor (or Layer 3 engine) must download software-based routing, switching, access lists, QoS, and other information to the hardware for packet processing. 2003, Cisco Systems, Inc. All rights reserved , Cisco Systems, Inc. All rights reserved. BCMSN v Traditional and CEF-based MLS Traditional MLS RP Traditional MLS Cisco Catalyst switches use either: CEF-Based MLS Traditional multilayer switching (traditional MLS) A legacy feature Cisco Express Forwarding (CEF)-based MLS architecture. All leading-edge Catalyst switches support CEF-based multilayer switching 2003, Cisco Systems, Inc. All rights reserved. BCMSN v SE Dual effort between: Route Processor (RP) Switching Engine (SE) Traditional MLS: Route once, switch many Specialized Application-Specific Integrated Circuits (ASICs) perform Layer 2 rewrite operations of routed packets: Source MAC address Destination MAC address Cyclic redundancy check (CRC). Because the source and destination MAC addresses change during Layer 3 rewrites, the switch must recalculate the CRC for these new MAC addresses. 2003, Cisco Systems, Inc. All rights reserved. BCMSN v

13 Traditional MLS Traditional MLS SE: Listens in to the first packet going g to the router (RP) and going g from the router (RP). If the SE can switch the packet in both directions: It can learn a shortcut path for subsequent packets to use. Thus, bypassing the router (RP). This technique is also known as: Netflow-based switching. With traditional MLS, the Layer 3 engine (route processor) and switching ASICs work together to build Layer 3 entries on the switch. MSFC Hardware consists of: Independent RP NetFlow-capable SE RSM RSFC Netflow switching (or route cache switching) performed on Cisco hardware such as: Catalyst 6000 Supervisor 1/1a and Multilayer Switch Feature Card (MSFC) Catalyst 550 with a Route Switch Module (RSM) Route Switch Feature Card (RSFC) External Router 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. BCMSN v Traditional MLS Candidate Packet Info Layer 3 Info S-IP D-IP Layer 2 Info S-MAC 00-AA D-MAC C MLS- RP The Destination MAC Address is one of the router s interfaces. There is not an existing flow, so I will flag this as a candidate packet. MLS- SE dot1q Tag (inside Eth. Hdr) VLAN 1 Ethernet Header IP Header IP Data D-MAC= C S-MAC= 00-AA AA S-IP = D-IP = dot1q Tag (inside Eth. Hdr) VLAN 1 D-MAC= C Ethernet Header IP Header IP Data S-MAC= 00-AA S-IP = D-IP = The switch forwards the first packet in any flow to the Layer 3 engine for processing using software switching/routing. After the routing of the first packet in the flow, the Layer 3 engine programs the hardware-switching components for routing for subsequent packets. Workstation ti A sends a packet to workstation ti B, Workstation A sends the packet to its default gateway (which is the RSM). Switch (MLS-SE) recognizes this packet as an MLS candidate packet because the destination MAC address matches the MAC address of the MLS router (MLS-RP). As a result, the switch creates a candidate entry for this flow. 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. BCMSN v

14 MLS- RP MLS- RP Candidate Packet Info MLS- SE Layer 3 Info S-IP D-IP Layer 2 Info S-MAC 00-AA D-MAC C MLS- SE dot1q Tag (inside Eth. Hdr) VLAN 2 D-MAC= 00-AA Ethernet Header IP Header IP Data S-MAC= C S-IP = D-IP = dot1q Tag (inside Eth. Hdr) VLAN 2 Ethernet Header IP Header IP Data D-MAC= 00-AA S-MAC= C S-IP = D-IP = Next, the router accepts the packets from workstation A, rewrites the Layer 2 MAC addresses and CRC, and forwards the packet to workstation B. The switch refers to the routed packet from the RSM as the enabler packet. 2003, Cisco Systems, Inc. All rights reserved. BCMSN v MLS-SE SE recognizes various matches including CAM, details not included. d Basically, the MLS-SE recognizes that the packet going out of VLAN 2 was the same one that came in on VLAN 1. The switch, upon seeing both the candidate and enabler packets, creates an MLS entry in hardware (MLS Cache) such that the switch rewrites and forwards all future packets matching this flow. 2003, Cisco Systems, Inc. All rights reserved. BCMSN v Candidate Packet Info Layer 3 Info S-IP D-IP Layer 2 Info S-MAC 00-AA D-MAC C MLS- RP Found match in MLS Cache, rewrite Ethernet Header and send directly to Host B, forget the router! CEF-Based Multilayer Switches CEF caches routing information in the FIB table and Layer 2 next-hop addresses in the adjacency table. Future Packets MLS- SE MLS Cache Dst IP Src IP Port Dst Src Dst Src VLAN Interface Port Port MAC MAC TCP AA C /1 As future packets from the flow arrive, the MLS-SE uses the destination IP address to look up the entry in the MLS cache. Finding a match, rewrite engine modifies the necessary header information and forwards the frame (the packet is not forwarded to the router). The rewrite operation modifies all the same fields initially modified by the router for the first packet, including the source MAC and destination MAC addresses. 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. BCMSN v

15 CEF CEF Routing Table CEF-based MLS forwarding model is used to: Download the control plane information (such as the access lists) to the data plane (on the supervisor, port, or line card) for hardware switching of packets. Control plane represents the Layer 3 engine (route processor) Data plane represents the hardware components such as ASICs used by the switch for hardware switching. CEF is a topology-based forwarding model in which all routing information is prepopulated into a forwarding information base (FIB). Result is switches can quickly look up routing information such as IP adjacencies and next-hop IP and MAC addresses. 2003, Cisco Systems, Inc. All rights reserved. BCMSN v The two main components of CEF are : 1. FIB 2. Adjacency Table DLS1#show ip cef Prefix Next Hop Interface /0 no route /32 receive / FastEthernet0/ /24 attached Vlan /32 receive Vlan /32 receive Vlan /32 receive Vlan /24 attached Vlan /32 receive Vlan /32 receive Vlan / /32 receive Vlan / GigabitEthernet0/ / GigabitEthernet0/ /24 attached Vlan /32 receive Vlan /32 receive Vlan /32 receive Vlan /30 attached GigabitEthernet0/ /32 receive GigabitEthernet0/ /32 receive GigabitEthernet0/ / GigabitEthernet0/ / receive GigabitEthernet0/ /30 attached FastEthernet0/ /32 receive FastEthernet0/ / FastEthernet0/ /32 receive FastEthernet0/ /32 receive FastEthernet0/ / / GigabitEthernet0/ /4 drop /24 receive /32 receive DLS1# Forwarding information base Makes IP destination switching decisions. Similar to a routing table: Reformatted into an ordered list with most specific route first for each IP network/subnet in the routing table. Ordered with most specific (longest match) first followed by less specific subnets. Mirror image of the forwarding information contained in the IP routing table. When routing or topology changes occur in the network, the IP routing table is updated, and those changes are reflected in the FIB. Maintains next-hop address information based on the information in the IP routing table. 2003, Cisco Systems, Inc. All rights reserved. BCMSN v CEF CEF-Based MLS Lookups Adjacency tables Network nodes in the network are said to be adjacent if they can reach each other with a single hop across a link layer. (OSPF, EIGRP) A router normally maintains: Routing table containing Layer 3 network and next-hop information ARP table containing Layer 3 to Layer 2 address mapping. These tables are kept independently. 1. Layer 3 packets initiate TCAM lookup. 2. The longest match returns adjacency with rewrite information. 3. The packet is rewritten per adjacency information and forwarded. 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. BCMSN v

16 CEF Layer 2 MAC Addresses, Next Hop Information DLS1# show adjacency detail Protocol Interface Address IP Vlan Next hop? 0 packets, 0 bytes epoch 0 sourced in sev-epoch 3 Encap length E E6D393C0800 ARP IP GigabitEthernet0/ packets, 0 bytes epoch 0 sourced in sev-epoch 3 Encap length B C85B ARP IP FastEthernet0/1 p g , 0 packets, 0 bytes epoch 0 sourced in sev-epoch 3 Encap length A0A C85B ARP DLS1# Adjacency tables The FIB keeps the Layer 3 next-hop address for each entry. To streamline packet forwarding even more, the FIB has corresponding Layer 2 information for every next-hop entry. This portion of the FIB is called the adjacency table, consisting of the MAC addresses of nodes that can be reached in a single Layer 2 hop , Cisco Systems, Inc. All rights reserved. BCMSN v CEF No ARP entry, L3 forwarding engine can t forward packet in hardware, must send to L3 Engine. I ll generate the ARP Request and get an ARP Reply. Adjacency tables (summary, more detail coming) Built from the ARP table. As a next-hop address receives a valid ARP entry, the adjacency table is updated. If an ARP entry does not exist, the FIB entry is marked as CEF glean. This means that the Layer 3 forwarding engine can't forward the packet in hardware, due to the missing Layer 2 next-hop address. The packet is sent to the Layer 3 engine so that it can generate an ARP request and receive an ARP reply. py This is known as the CEF glean state, where the Layer 3 engine must glean the next-hop destination's MAC address. 2003, Cisco Systems, Inc. All rights reserved. BCMSN v CEF ARP Throttling Adjacency tables What happens to subsequent packets while FIB entry is in glean state? (L3 engine is sending ARP Request.) These packets are dropped. So input queues do not fill. So Layer 3 engine does not become too busy worrying about the need for duplicate ARP requests. This is called ARP throttling or throttling adjacency. If an ARP reply is not received in two seconds, the throttling is released so that another ARP request can be triggered. After ARP reply is received: Throttling is released FIB entry can be completed Subsequent packets can be forwarded in hardware 2003, Cisco Systems, Inc. All rights reserved. BCMSN v Host A sends a packet to Host B. CEF lookup shows glean adjacency (ARP entry does not exist so no entry in adjacency table). No rewrite information exists. 2. Packet passed to Layer 3 Engine for processing. 2003, Cisco Systems, Inc. All rights reserved. BCMSN v

17 ARP Throttling ARP Throttling Throttling Adjacency is removed when no ARP Reply is received in 2 seconds. This allows for another packet to to initiate a new ARP Request. Throttling Adjacency relieves the Layer 3 Engine of excessive ARP processing or ARP-based DoS attacks. Drop packets until ARP Reply received (Throttling Adjacency) X X X ARP Request 3. Obtaining rewrite information. L3 Engine sends an ARP Request for Host B and waits for ARP Reply. Throttling Adjacency: While in glean state, subsequent packets to that host are dropped, so that input queues es do not fill and so the Layer 3 engine isn t busy with duplicate ARP Requests. (Note: Cisco s routers drop the first packet when there is no ARP entry, while sending the ARP Request.) 2003, Cisco Systems, Inc. All rights reserved. BCMSN v Drop packets until ARP Reply received (Throttling Adjacency) X 4. Host B sends ARP Reply. X X ARP Reply 2003, Cisco Systems, Inc. All rights reserved. BCMSN v ARP Throttling Throttling Host B s MAC Address CEF-Based MLS Operation Drop packets until ARP Reply received (Throttling Adjacency) 5. The Layer 3 Engine installs Adjacency for Host B and removes the throttling (drop) adjacency. Next: Packet Rewrite (Coming!) 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. BCMSN v

18 Packet Rewrite Packet Rewrite Host B s MAC Address L2 Checksum L3 Checksum Default Gateway Host A TTL Egress Packet 2003, Cisco Systems, Inc. All rights reserved. BCMSN v The switch receives another packet: After a multilayer switch finds valid entries in the FIB and adjacency tables,, a packet is almost ready to be forwarded. One step remains the packet header information must be rewritten. Multilayer switching occurs as quick table lookups: Find the next-hop address Outbound switch port. The IP header must also be adjusted, as if a traditional router had done the forwarding (TTL). 2003, Cisco Systems, Inc. All rights reserved. BCMSN v Packet Rewrite Host B s MAC Address Packet Rewrite Host B s MAC Address L2 Checksum L3 Checksum L2 Checksum L3 Checksum Default Host B Gateway MAC Add Host L3 switch A outbound interface TTL -1 Default Host B Gateway MAC Add Host L3 switch A outbound interface TTL -1 The packet rewrite engine makes the following changes to the packet just prior to forwarding: Layer 2 destination address Changed to the next-hop device's MAC address Layer 2 source address Changed to the outbound Layer 3 switch interface's MAC address Layer 3 IP Time To Live (TTL) Decremented by one, as one router hop has just occurred Layer 2 frame checksum Recalculated to include changes to the Layer 2 and Layer 3 headers Layer 3 IP checksum Recalculated to include changes to the IP header The packet rewrite engine makes the following changes to the packet just prior to forwarding: Layer 2 destination address Changed to the next-hop device's MAC address Layer 2 source address Changed to the outbound Layer 3 switch interface's MAC address Layer 3 IP Time To Live (TTL) Decremented by one, as one router hop has just occurred Layer 2 frame checksum Recalculated to include changes to the Layer 2 and Layer 3 headers Layer 3 IP checksum Recalculated to include changes to the IP header 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. BCMSN v

19 Packet Rewrite Host B s MAC Address Packet Rewrite Host B s MAC Address L2 Checksum L3 Checksum L2 Checksum L3 Checksum Default Host B Gateway MAC Add Host L3 switch A outbound interface TTL -1 Default Host B Gateway MAC Add Host L3 switch A outbound interface TTL -1 A traditional router would normally make the same changes to each packet. The multilayer switch must act as if a traditional router were being used, making identical changes. The multilayer switch: Can do this very efficiently with dedicated packet rewrite hardware and with address information obtained from table lookups. The switch performs a Layer 3 lookup and finds a CEF entry for Host B. The switch rewrites packets per the adjacency information and forwards the packet to Host B on its VLAN. 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. 74 BCMSN v CEF Multilayer Switch Packet Forwarding Process Catalyst switches do not support routing of all types of frames in hardware. For example, the following list details common frame types that are not supported by hardware switching: Packets with IP header options Packets sourced from or destined to tunnel interfaces Packets using Ethernet encapsulation types other than ARPA Packets that require fragmentation (exceed MTU of the interface) Two types of CEF Central CEF or Accelerated CEF Forwarding decisions done by ASIC that is central to all interfaces. Distributed CEF (dcef) Forwarding decisions done on independently on interfaces or line modules line cards (faster). 2003, Cisco Systems, Inc. All rights reserved. BCMSN v Some IP packets cannot be processed in hardware. If an IP packet cannot be processed din hardware, itis processed by the Layer 3 engine. 2003, Cisco Systems, Inc. All rights reserved. BCMSN v

20 Enabling CEF Verifying CEF The commands required to enable CEF are platform dependent: On the Cisco Catalyst 4000 switch Switch(config-if)#ip cef On the Cisco Catalyst 3550 switch Switch(config-if)#ip if)#i route-cache cef Switch#show ip cef [type mod/port vlan_interface] [detail] Switch# show ip cef vlan 11 detail IP CEF with switching (Table Version 11), flags=0x0 10 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 0 13 leaves, 12 nodes, bytes, 14 inserts, 1 invalidations 0 load sharing elements, 0 bytes, 0 references universal per-destination load sharing algorithm, id 4B936A24 2(0) CEF resets, 0 revisions of existing leaves Resolution Timer: Exponential (currently 1s, peak 1s) 0 in-place/0 aborted modifications refcounts: 1061 leaf, 1052 node Table epoch: 0 (13 entries at this epoch) /24, version 6, epoch 0, attached, connected 0 packets, 0 bytes via Vlan11, 0 dependencies valid glean adjacency 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. BCMSN v Verify Layer 3 Switching Displaying Hardware Layer 3 Switching Statistics Switch#show interface {{type mod/port} {port-channel number}} begin L3 Switch#show interfaces {{type mod/port} {port-channel number}} include switched Switch#show interface fastethernet 3/3 begin L3 L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 12 pkt, 778 bytes mcast L3 out Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes packets input, bytes, 0 no buffer Received broadcasts, 2 runts, 0 giants, 0 throttles... Switch# Switch#show interfaces gigabitethernet g 9/5 include switched L2 Switched: ucast: 8199 pkt, bytes - mcast: 6980 pkt, bytes L3 in Switched: ucast: 3045 pkt, bytes - mcast: 0 pkt, 0 bytes mcast L3 out Switched: ucast: 2975 pkt, bytes - mcast: 0 pkt, 0 bytes 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. BCMSN v

21 Adjacency Information Debugging CEF Operations Switch#show adjacency [{{type mod/port} {port-channel number}} detail internal summary] Switch#show adjacency gigabitethernet 9/5 detail Protocol Interface Address IP GigabitEthernet9/ (11) (11) 504 packets, 6110 bytes 00605C865B F83FA50800 ARP 03:49:31 Switch#debug ip cef {drops access-list receive events prefix-ipc table} Displays debug information for CEF Switch#debug ip cef {ipc interface-ipc} Displays debug information related to IPC in CEF Switch#ping ip Performs an extended ping 2003, Cisco Systems, Inc. All rights reserved. BCMSN v , Cisco Systems, Inc. All rights reserved. BCMSN v Summary Layer 3 switching is high-performance packet switching in hardware. MLS functionality can be implemented through CEF. CEF uses tables in hardware to forward packets. Specific commands are used to enable and verify CEF operations. Commands to enable CEF are platform dependent. CEF problems can be matched to specific solutions. Specific commands are used to troubleshoot and solve CEF problems. Ordered steps assist in troubleshooting CEF-based problems. 2003, Cisco Systems, Inc. All rights reserved. BCMSN v