Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Inter-VLAN Routing
Malin Bornhager
Halmstad University
Session Number
Version 2002-1
Objectives
Fundamentals of Spanning Tree Protocol
RSTP
MSTP
EtherChannel
Routing between VLANs
External route processors
CEF-based multilayer switching
Internal route processors
Version 2002-1
Transparent Bridges
Do not modify frames that are forwarded
Learns addresses by listening on a port
Forwards broadcasts and unknown unicasts on all ports
Version 2002-1
Redundant Topologies
Layer 2 loops
Broadcast storms
Version 2002-1
Redundant Topologies
Layer 2 loops
Broadcast storm
Version 2002-1
Redundant Topologies
Version 2002-1
Version 2002-1
Version 2002-1
Version 2002-1
10
Port Roles
Root port
Designated port
Non-designated port
Version 2002-1
11
Spanning-Tree Operation
Version 2002-1
12
BPDU
Bridge Protocol Data Unit (BPDU) is sent between switches to
establish and maintain a loop free topology
Root ID The lowest BID in the topology
Cost of Path Cost of all links from the transmitting switch to the root
bridge
Bridge ID (BID) of the transmitting switch
Port ID Transmitting switch port ID
STP timer values Max_Age, Hello Time, Forward Delay
Version 2002-1
13
Version 2002-1
14
Bridge ID
Lower BID values are preferred
Default priority = 32768
Version 2002-1
15
BPDU Process
Version 2002-1
16
Spanning-Tree Operation
Version 2002-1
17
Version 2002-1
18
Version 2002-1
19
Port States
Version 2002-1
20
STP Timers
Version 2002-1
21
Version 2002-1
22
Version 2002-1
23
PortFast
Version 2002-1
24
Version 2002-1
25
Alternate port
Offers an alternate path toward the root bridge
Backup port
Additional port with a redundant link to the segment
Version 2002-1
26
Edge port
Version 2002-1
27
Discarding
Learning
Forwarding
Version 2002-1
28
Version 2002-1
29
Version 2002-1
30
MST carries the instance number in the 12-bit Extended System ID field
of the Bridge ID.
Version 2002-1
31
32
BPDU filtering: Restricts the switch from sending unnecessary BPDUs out access
ports.
Root guard: Prevents switches connected on ports configured as access ports from
becoming the root switch.
Loop guard: Prevents root ports and alternate ports from moving to forwarding state
when they stop receiving BPDUs.
Version 2002-1
33
BPDU Guard
BPDU Guard puts an interface configured for STP PortFast in the errdisable state upon receipt of a BPDU. BPDU guard disables interfaces
as a preventive step to avoid potential bridging loops.
Version 2002-1
34
BPDU Filtering
BPDU filtering prevents a Cisco switch from sending BPDUs on PortFastenabled interfaces, preventing unnecessary BPDUs from being transmitted to
host devices.
If BPDUs are seen, the port loses its PortFast status, BPDU filtering is
disabled, and STP sends and receives BPDUs on the port as it would with
any other STP port on the switch.
Upon startup, the port transmits ten BPDUs. If this port receives any
BPDUs during that time, PortFast and PortFast BPDU filtering are
disabled.
It sends no BPDUs.
Version 2002-1
35
Root Guard
Version 2002-1
36
Switches A and B comprise the core of the network. Switch A is the root
bridge.
Having Switch D as the root causes the Gigabit Ethernet link connecting the
two core switches to block, thus causing all the data to flow via a 100-Mbps
link across the access layer. This is obviously a terrible outcome.
Version 2002-1
37
After the root guard feature is enabled on a port, the switch does not
enable that port to become an STP root port.
Version 2002-1
38
The current design recommendation is to enable root guard on all access ports so
that a root bridge is not established through these ports.
When Switch D stops sending superior BPDUs, the port unblocks again and goes
through regular STP transition of listening and learning, and eventually to the
forwarding state. Recovery is automatic; no intervention is required.
Version 2002-1
39
Loop Guard
The Loop Guard STP feature improves the stability of Layer 2 networks by preventing bridging loops.
In STP, switches rely on continuous reception or transmission of BPDUs, depending on the port role.
A designated port transmits BPDUs whereas a nondesignated port receives BPDUs.
Bridging loops occur when a port erroneously transitions to forwarding state because it has stopped
receiving BPDUs.
Ports with loop guard enabled do an additional check before transitioning to forwarding state. If a
nondesignated port stops receiving BPDUs, the switch places the port into the STP loop-inconsistent
blocking state.
If a switch receives a BPDU on a port in the loop-inconsistent STP state, the port transitions through
STP states according to the received BPDU. As a result, recovery is automatic, and no manual
intervention is necessary.
Version 2002-1
40
When the Loop Guard feature places a port into the loop-inconsistent
blocking state, the switch logs the following message:
SPANTREE-2-LOOPGUARDBLOCK: No BPDUs were received on port
3/2 in vlan 3.
Moved to loop-inconsistent state.
Version 2002-1
41
Version 2002-1
42
Version 2002-1
43
The link between Switches B and C becomes unidirectional. Switch B can receive
traffic from Switch C, but Switch C cannot receive traffic from Switch B.
Switch C waits until the max-age timer (20 seconds) expires before it takes action.
When this timer expires, Switch C moves through the listening and learning states
and then to the forwarding state. At this moment, both Switch B and Switch C are
forwarding to each other and there is no blocking port in the network.
Version 2002-1
44
UDLD Modes
Version 2002-1
45
Flex Links
Version 2002-1
EtherChannel
Load balancing
Automatic failover
Version 2002-1
47
EtherChannel - Protocols
Cisco proprietary
Version 2002-1
48
PAgP Modes
Mode
Purpose
Auto
Places an interface in a passive negotiating state in which the interface responds to the
PAgP packets that it receives but does not initiate PAgP negotiation (default).
Desirable
On
Nonsilent
Version 2002-1
49
LACP Modes
Mode
Purpose
Passive
Places a port in a passive negotiating state. In this state, the port responds
to the LACP packets that it receives but does not initiate LACP packet
negotiation (default).
Active
Places a port in an active negotiating state. In this state, the port initiates
negotiations with other ports by sending LACP packets.
On
Version 2002-1
50
Version 2002-1
51
Version 2002-1
52
Advantages:
Implementation is simple
Disadvantages:
Version 2002-1
53
Destination IP address is
compared against Layer 3
forwarding table
Version 2002-1
54
Multilayer switches build routing, bridging, QoS, and ACL tables for
centralized or distributed switching.
Version 2002-1
55
Tables
CAM table: Primary table used to make Layer 2 forwarding decisions.
The table is built by recording the source address and inbound port of
all frames. When a frame arrives at the switch with a destination MAC
address of an entry in the CAM table, the frame is forwarded out only
through the port associated with that specific MAC address.
TCAM table: Stores ACL, QoS, and other information generally
associated with upper-layer processing. TCAM is most useful for
building tables for searching on the longest match, such as IP routing
tables organized by IP prefixes.
Version 2002-1
56
Version 2002-1
57
Behaves like a regular router interface, but does not support subinterfaces
Version 2002-1
58
Version 2002-1
59
The control path code, such as routing protocols, runs on the route
processor.
Version 2002-1
60
Process Switching
Fast Switching
Version 2002-1
61
Router strips off the Layer 2 header for each incoming frame
All these operations are done by software running on the CPU for each
individual frame.
Version 2002-1
62
After the lookup of the first packet destined for a particular IP network,
the router initializes the fast-switching cache used by the fast
switching mode.
When subsequent frames arrive, the destination is found in this fastswitching cache.
Version 2002-1
63
A router with CEF enabled uses information from tables built by the CPU, such as the
routing table and ARP table, to build hardware-based tables known as the Forwarding
Information Base (FIB) and adjacency tables.
These tables are then used to make hardware-based forwarding decisions for all frames in
a data flow
Although CEF is the fastest switching mode, there are limitations, such as other features
that are not compatible with CEF or rare instances in which CEF functions can actually
degrade performance, such as CEF polarization in a topology using load-balanced Layer 3
paths.
Version 2002-1
64
Version 2002-1
65
Route Caching
Version 2002-1
66
Topology-Based Switching
Version 2002-1
67
CEF Processing
CEF caches routing information in one table (FIB) and caches Layer 2
next-hop addresses and frame header rewrite information for all FIB
entries in another table, called the adjacency table (AT).
Version 2002-1
68
When TCAM full, wildcard entry redirects frames to the Layer 3 engine.
Updated after each network change but only once. Each change in the
IP routing table triggers a similar change in the FIB.
Version 2002-1
69
Derived from ARP table and contains Layer 2 header rewrite (MAC)
information for each next hop contained in the FIB. Nodes in network
are said to be adjacent if they are within a single hop from each other.
Each time adjacency entry created (such as via ARP), a Layer 2 header
for that adjacent node is pre-computed and stored in the adjacency
table.
When the adjacency table is full, a CEF TCAM entry points to the Layer
3 engine to redirect the adjacency.
Version 2002-1
70
Version 2002-1
71
Version 2002-1
72
Version 2002-1
73
Step 3: The Layer 3 engine installs an ARP adjacency in the switch for
Host B IP address
Step 4: The Layer 3 engine sends ARP requests for Host B on VLAN20
Version 2002-1
74
Version 2002-1
75
Version 2002-1
76
Step 9: The switch performs a Layer 3 lookup and finds a CEF entry
for Host B. The entry points to the adjacency with rewrite information
for Host B
Version 2002-1
77
Step 10: The switch rewrites packet per the adjacency information and
forwards the packet to Host B on VLAN20
Version 2002-1
78
Summary
Version 2002-1
79
Summary
Version 2002-1
80