Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
0)
Building Cisco Multilayer
Switched Networks
(BCMSN) v3.0
Dongseo University
HoonJae Lee
1
Module 4. Implementing Inter-VLAN
routing (flash v5.0)
Inter-VLAN Routing
2
Inter-VLAN Routing
l The following devices are Or trunk port
capable of providing inter-
VLAN routing:
1. Any Layer 3
multilayer Catalyst
switch
2. Any external router
with an interface that
supports trunking
(“router-on-a-stick”)
3. Any external router or
group of routers with a
separate interface in
each VLAN
3
Inter-VLAN Routing with External Router
l The advantages are as follows:
Ø Implementation is simple.
Ø Layer 3 services are not required on the switch.
Ø The router provides communications between VLANs.
Router On a Stick
4
Connecting VLANs with Multilayer Switches
Layer 2 Interfaces:
l Access port— Carries
traffic for a single VLAN
l Trunk port— Carries
traffic for multiple
VLANs using Inter-
Switch Link (ISL)
encapsulation or
802.1Q tagging
10
5
Inter-VLAN Routing on External Router:
802.1Q Trunk Link
switch(config)#interface FastEthernet 0/0
switch(config-if)#switchport trunk encapsulation dot1q
switch(config-if)#switchport mode trunk
11
12
6
Verifying Inter-VLAN Routing
13
7
Layer 2 Switch Forwarding process – In MLS
15
16
8
Frame Rewrite
l The source MAC address changes from the sender MAC address to the
router MAC address.
l The destination MAC address changes from the router MAC to the next-hop
MAC address.
l The TTL is decremented by one and, as a result, the IP header checksum
is recalculated.
17
l The frame checksum is recalculated.
CAM TCAM
9
CAM Application
VLAN ID
Key Key
19
10
Module 4. Implementing Inter-VLAN
routing (flash v5.0)
Layer 3 Interfaces
22
11
MLS Layer 3 Interface: Routed Port
23
24
12
MLS Layer 3 Interface: Routed Port
26
13
MLS Layer 3 Interface: SVI
DLSwitch(config)#interface vlan 1
DLSwitch(config-if)#ip address 172.16.1.1 255.255.255.0
DLSwitch(config)#interface vlan 10
DLSwitch(config-if)#ip address 172.16.10.1 255.255.255.0
DLSwitch(config)#interface vlan 20
DLSwitch(config-if)#ip address 172.16.20.1 255.255.255.0
DLSwitch(config)#interface vlan 30
DLSwitch(config-if)#ip address 172.16.30.1 255.255.255.0
27
DLSwitch(config)#interface vlan 1
DLSwitch(config-if)#ip address 172.16.1.1 255.255.255.0
DLSwitch(config)#interface vlan 10
DLSwitch(config-if)#ip address 172.16.10.1 255.255.255.0
DLSwitch(config)#interface vlan 20
DLSwitch(config-if)#ip address 172.16.20.1 255.255.255.0
DLSwitch(config)#interface vlan 30
DLSwitch(config-if)#ip address 172.16.30.1 255.255.255.0
28
14
Layer 3 SVI
l To provide a default
gateway for a VLAN so
that traffic can be routed
between VLANs
l To provide fallback
bridging if it is required for
non-routable protocols
l To provide Layer 3 IP
connectivity to the switch
l To support routing protocol
and bridging configurations
29
30
15
Module 4. Implementing Inter-VLAN
routing (flash v5.0)
32
16
Internal route processors
33
Introduction to MLS
34
17
Introduction to CEF
35
Multilayer Switching
36
18
Traditional and CEF-based MLS
Multilayer Switching
38
19
Traditional MLS
l MLS enables specialized
application-specific integrated
circuits (ASICs) to perform
Layer 2 rewrite operations of
routed packets.
l Layer 2 rewrites include
rewriting the source and
destination MAC addresses
and writing a recalculated cyclic
redundancy check (CRC).
l Because the source and
destination MAC addresses
change during Layer 3 rewrites,
the switch must recalculate the
CRC for these new MAC
addresses.
39
Traditional MLS
l For Catalyst switches that support traditional MLS, the switch learns
Layer 2 rewrite information from an MLS router via an MLS protocol.
§ Also known as netflow-based switching.
l With traditional MLS, the Layer 3 engine (route processor) and
switching ASICs work together to build Layer 3 entries on the switch.
l Each entry contains a source, a source and destination, or full flow
information including Layer 4 protocol information.
40
20
Traditional MLS
l With traditional MLS, the switch forwards the first packet in any flow to
the Layer 3 engine for processing using software switching.
l After the routing of the first packet in the flow, the Layer 3 engine
programs the hardware-switching components for routing for
subsequent packets.
41
Traditional MLS
MLS-SE
42
21
Traditional MLS
MLS-RP
MLS-SE
43
Traditional MLS
MLS-RP
Candidate Packet Info
Found match in MLS
Layer 3 Info
S-IP 10.1.1.10
Cache, rewrite Ethernet
D-IP 10.1.2.20 Header and send directly
Layer 2 Info to Host B, forget the
S-MAC 00-AA-00-11-11-11 router!
D-MAC 00-00-0C-11-11-11
MLS-SE
Future Packets
22
CEF-based MLS
45
CEF
46
23
Routing Table
CEF
The two main components of CEF are FIB and Adjacency Table
• Forwarding information base (FIB)
Ø Used make IP destination prefix-based switching decisions.
Ø Similar to a routing table or information base.
Ø It maintains a mirror image of the forwarding information contained in the
IP routing table.
Ø When routing or topology changes occur in the network, the IP routing
table is updated, and those changes are reflected in the FIB.
Ø The FIB maintains next-hop address information based on the
information in the IP routing table.
Ø In the context of CEF-based MLS, both the Layer 3 engine and the
hardware-switching components maintain an FIB.
47
CEF
l Adjacency tables
Ø Network nodes in the network are said to be adjacent if they can
reach each other with a single hop across a link layer. (OSPF,
EIGRP)
Ø A router normally maintains:
§ Routing table containing Layer 3 network and next-hop
information
§ ARP table containing Layer 3 to Layer 2 address mapping.
§ These tables are kept independently.
48
24
Layer 2 MAC Addresses,
CEF Next Hop Information
l Adjacency tables
Ø Recall that the FIB keeps the Layer 3 next-hop address for each
entry.
Ø To streamline packet forwarding even more, the FIB has
corresponding Layer 2 information for every next-hop entry.
Ø This portion of the FIB is called the adjacency table, consisting of
the MAC addresses of nodes that can be reached in a single Layer
2 hop.
49
25
CEF
l Adjacency tables
Ø During the time that a FIB entry is in the CEF glean state waiting for
the ARP resolution, subsequent packets to that host are
immediately dropped so that the input queues do not fill and the
Layer 3 engine does not become too busy worrying about the need
for duplicate ARP requests.
Ø This is called ARP throttling(목 조르기) or throttling adjacency.
Ø If an ARP reply is not received in two seconds, the throttling is
released so that another ARP request can be triggered.
Ø Otherwise, after an ARP reply is received, the throttling is released,
the FIB entry can be completed, and packets can be forwarded
completely in hardware.
51
52
26
Explaining Layer 3 Switch Processing
l Layer 3 switching refers to a class of high performance routers
optimized for the campus LAN or intranet, providing both wire-speed
Ethernet routing and switching services.
l A Layer 3 switch router performs the following three major functions:
Ø Packet switching
Ø Route processing
Ø Intelligent network services
l Compared to other routers, Layer 3 switch routers process more
packets faster by using ASIC hardware instead of microprocessor-
based engines. Layer 3 switch routers also improve network
performance with two software functions: route processing and
intelligent network services.
l Layer 3 switching software employs a distributed architecture in
which the control path and data path are relatively independent. The
control path code, such as routing protocols, runs on the route
processor, whereas most of the data packets are forwarded by the
Ethernet interface module and the switching fabric. 53
54
27
Explaining Layer 3 Switch Processing
55
28
Explaining CEF-based Multilayer Switches
58
29
Explaining CEF-based Multilayer Switches
l CEF operates in one of two modes.
Ø Central CEF: The FIB and adjacency tables reside on the route
processor, and the route processor performs the express forwarding.
Use this mode when line cards are not available for CEF switching, or
when features are not compatible with distributed CEF.
Ø Distributed CEF (dCEF): Supported only on Cisco Catalyst 6500
switches. Line cards maintain identical copies of the FIB and adjacency
tables. The line cards can perform the express forwarding by
themselves, relieving the main processor of being involved in the
switching operation. Distributed CEF uses an interprocess
communications (IPC) mechanism to ensure that the FIBs and
adjacency tables are synchronized on the route processor and line
cards.
59
60
30
Identifying the Multilayer Switch Packet Forwarding Process
l CEF separates the control plane hardware from the data plane hardware
and switching. ASICs separate the control plane and data plane, thereby
achieving higher data throughput.
Ø The control plane is responsible for building the FIB and adjacency
tables in software.
Ø The data plane is responsible for forwarding IP unicast traffic using
hardware.
l When traffic cannot be processed in hardware, the traffic must receive
processing in software by the Layer 3 engine, thereby not receiving the
benefit of expedited hardware-based forwarding. A number of different
packet types may force the Layer 3 engine to process them. Some
examples of IP exception packets are the following :
Ø IP packets that use IP header options. (Packets that use TCP header options are
switched in hardware because they do not affect the forwarding decision.)
Ø Packets that have an expiring IP Time to Live (TTL) counter.
Ø Packets that are forwarded to a tunnel interface.
Ø Packets that arrive with non-supported encapsulation types.
Ø Packets that are routed to an interface with non-supported encapsulation types.
Ø Packets that exceed the maximum transmission unit (MTU) of an output interface
and must be fragmented. 61
62
31
Identifying the Multilayer Switch Packet Forwarding Process
l CEF-based tables are initially populated and used as follows :
Ø The FIB is derived from the IP routing table and is arranged for maximum lookup throughput.
Ø The adjacency table is derived from the ARP table, and it contains Layer 2 rewrite (MAC) information for the
next hop.
Ø CEF IP destination prefixes are stored in the TCAM table, from the most specific to the least specific entry.
Ø When the CEF TCAM table is full, a wildcard entry redirects frames to the Layer 3 engine.
Ø When the adjacency table is full, a CEF TCAM table entry points to the Layer 3 engine to redirect the
adjacency.
Ø The FIB lookup is based on the Layer 3 destination address prefix (longest match).
l The FIB table is updated when the following occurs:
Ø An ARP entry for the destination next hop changes, ages out, or is removed.
Ø The routing table entry for a prefix changes.
Ø The routing table entry for the next hop changes.
l These are the basic steps for initially populating the adjacency table:
Ø Step 1 The Layer 3 engine queries the switch for a physical MAC address.
Ø Step 2 The switch selects a MAC address from the chassis MAC range and assigns it to the Layer 3 engine.
This MAC address is assigned by the Layer 3 engine as a burned-in address for all VLANs and is used by
the switch to initiate Layer 3 packet lookups.
Ø Step 3 The switch installs wildcard CEF entries, which point to drop adjacencies (for handling CEF table
lookup misses).
Ø Step 4 The Layer 3 engine informs the switch of its interfaces participating in MLS (MAC address and
associated VLAN). The switch creates the (MAC, VLAN) Layer 2 CAM entry for the Layer 3 engine.
Ø Step 5 The Layer 3 engine informs the switch about features for interfaces participating in MLS.
Ø Step 6 The Layer 3 engine informs the switch about all CEF entries related to its interfaces and connected
networks. The switch populates the CEF entries and points them to Layer 3 engine redirect adjacencies.
63
64
32
Identifying the Multilayer Switch Packet Forwarding Process
l These are the steps that would occur when you use CEF to forward frames between
host A and host B on different VLANs:
Ø Step 1 Host A sends a packet to host B. The switch recognizes the frame as a
Layer 3 packet because the destination MAC (MAC-M) matches the Layer 3
engine MAC.
Ø Step 2 The switch performs a CEF lookup based on the destination IP address
(IP-B). The packet hits the CEF entry for the connected (VLAN20) network and is
redirected to the Layer 3 engine using a glean adjacency.
Ø Step 3 The Layer 3 engine installs an ARP throttling adjacency in the switch for
the host B IP address.
Ø Step 4 The Layer 3 engine sends ARP requests for host B on VLAN20.
Ø Step 5 Host B sends an ARP response to the Layer 3 engine.
Ø Step 6 The Layer 3 engine installs the resolved adjacency in the switch
(removing the ARP throttling adjacency).
Ø Step 7 The switch forwards the packet to host B.
Ø Step 8 The switch receives a subsequent packet for host B (IP-B).
Ø Step 9 The switch performs a Layer 3 lookup and finds a CEF entry for host B.
The entry points to the adjacency with rewrite information for host B.
Ø Step 10 The switch rewrites packets per the adjacency information and forwards
the packet to host B on VLAN20.
65
66
33
Identifying the Multilayer Switch Packet Forwarding Process
67
68
34
ARP
Throttling
69
ARP
Throttling
35
ARP
Throttling
Throttling Adjacency is
removed when no ARP
Reply is received in 2
seconds. This allows
for another packet to ARP
initiate a new ARP Drop packets until ARP
Reply received Request
Request.
(Throttling Adjacency)
Throttling Adjacency
relieves the Layer 3
Engine of excessive
ARP processing or
ARP-based DoS
attacks.
ARP
Throttling
72
36
ARP
Throttling 10.20.10.2
5. The Layer 3 Engine installs Adjacency for Host B and removes the
throttling (drop) adjacency.
Next: Packet Rewrite (Coming!)
73
74
37
Verifying CEF
75
76
38
Verify Layer 3 Switching
77
78
39
Adjacency Information
79
Switch#ping ip
80
40
Troubleshooting Layer 3 CEF-Based MLS
l Things to check
(1) Check Layer 3 operations.
(2) Verify the FIB and adjacency table.
l Step 1 : Verify CEF.
show ip cef summary
show ip cef vlan 10
l Step 2 : Verify the running configuration
l Step 3 : Verify the routing
Switch#show ip route | include 192.168.150.0
l Step 4 : Verify an ARP entry on the route processor.
At Switch check ARP atable for 192.168.199.3
l Step5: Verify the CEF FIB table entry for the route
Switch# show ip cef 192.168.150.0
l Step 6 : Verify an adjacency table entry for the destination.
Switch#show adjacency detail | begin 192.168.199.3
l Step 7: Verify CEF from the supervisor engine for
modular switch platforms.
81
41
Module 5. Implementing Inter-VLAN
routing
Internetwork Communications
C:>ping 172.16.30.100
84
42
Trunking with Default Gateway
C:>ping 172.16.30.100
85
Internetwork Communications
l Then Destination MAC Address is that of the same device as the Destination IP
Address.
l Check ARP cache for entry of Destination IP Address and its MAC Address.
If no entry, ARP Request Destination IP Address asking for MAC Address.
43
Inter-VLAN Routing
Inter-VLAN Routing
l The following devices are
capable of providing inter-
VLAN routing: Or trunk port
Any external router or
group of routers with a
separate interface in
each VLAN
Any external router with
an interface that
supports trunking
(router on a stick)
Any Layer 3 multilayer
Catalyst switch
88
44
External Router separate interface in each VLAN
l Download: PT-Topology-MLS-1
l Configure the router to route between VLANs.
l Is a routing protocol necessary? Why or why not?
No, because all of our networks are directly connected.
89
Router-on-a-Stick
172.16.10.100/24 172.16.20.100/24
• Download: PT-Topology-MLS-2.pkt
• Single trunk link carries traffic for multiple VLANs to and from router.
90
45
Configure Router On A Stick: 802.1Q Trunk Link
interface GigabitEthernet5/0
no shutdown ! Does not show in config
!
interface GigabitEthernet5/0.1
description VLAN 1
encapsulation dot1Q 1 native
ip address 172.16.1.1 255.255.255.0
172.16.10.100/ 172.16.20.100/ !
24 24
interface GigabitEthernet5/0.10
description VLAN 10
encapsulation dot1Q 10
interface GigabitEthernet1/1 ip address 172.16.10.1 255.255.255.0
switchport mode trunk !
interface GigabitEthernet5/0.20
description VLAN 20
encapsulation dot1Q 20
• Router on a stick is very ip address 172.16.20.1 255.255.255.0
simple to implement !
because routers are usually interface GigabitEthernet5/0.30
description VLAN 30
available in every network. encapsulation dot1Q 30
ip address 172.16.30.1 255.255.255.0
!
interface GigabitEthernet5/0.40
description VLAN 40
encapsulation dot1Q 40
ip address 172.16.40.1 255.255.255.0 91
Multilayer Switches
Layer 2 Interfaces:
l Access port— Carries
traffic for a single VLAN
l Which are the access
ports?
l Trunk port— Carries
traffic for multiple
VLANs using Inter-
Switch Link (ISL)
encapsulation or
802.1Q tagging
l Which are the trunk
ports?
92
46
Connecting VLANs with Multilayer Switches
Layer 2 Interfaces
SwitchA(config)#interface fa 0/1
SwitchA(config-if-range)#switchport mode access
SwitchA(config-if-range)#switchport access vlan 10
93
Layer 3 Interfaces
94
47
MLS Layer 3 Interface: Routed Port
l Download: PT-Topology-MLS-3.pkt
l A routed port is a physical port that acts similarly to a port on a
traditional router with Layer 3 addresses configured.
Not associated with a particular VLAN.
Like a regular router interface, except that it does not support
subinterfaces.
95
192.168.1.4/30
MLS Layer 3 Interface:
Routed Port
192.168.1.0/30 192.168.1.8/30
96
48
192.168.1.4/30
MLS Layer 3 Interface:
Routed Port
192.168.1.0/30 192.168.1.8/30
97
192.168.1.4/30
MLS Layer 3 Interface:
Routed Port
192.168.1.0/30 192.168.1.8/30
98
49
MLS Layer 3 Interface: SVI
SVI
l To configure communication
between VLANs, you must
configure each SVI with an IP
address and subnet mask in
the chosen address range for
that subnet.
l The IP address associated with
the VLAN interface is the default
gateway of the workstation.
50
MLS Layer 3 Interface:
SVI
101
l http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note0
9186a0080094663.shtml
l BVI.PDF
l A bridge virtual interface (BVI) is a Layer 3 virtual interface that acts
like a normal SVI to route packets across bridged or routed domains.
Bridging Layer 2 packets across Layer 3 interfaces is a legacy method
of moving frames in a network. To configure a BVI to route, use the
integrated routing and bridging (IRB) feature, which makes it possible
to route a given protocol between routed interfaces and bridge groups
within the same device. Specifically, routable traffic is routed to other
routed interfaces and bridge groups, while local or unroutable traffic is
bridged among the bridged interfaces in the same bridge group. As a
result, bridging creates a single instance of spanning tree in multiple
VLANs or routed subnets. This type of configuration complicates
spanning tree and the behavior of other protocols, which in turn makes
troubleshooting difficult.
l In today's network, however, bridging across routed domains is highly
discouraged.
102
51
IP Broadcast
Forwarding
103
MLS(config)#interface vlan 1
MLS(configif)#description DHCP Server VLAN
MLS(config-if)#ip address 10.1.1.1 255.255.255.0
MLS(config-if)#no ip directed-broadcast
MLS(config)#interface vlan 2
MLS(config-ig)#description DHCP clients
MLS(config-if)#ip address 10.2.1.1 255.255.255.0
MLS(config-if)#no shutdown
MLS(config-if)#no ip directed-broadcast
MLS(config-if)#ip helper-address 10.1.1.254
104
52
DHCP Relay Agent
The ip helper-address command not only forwards DHCP UDP packets but also
forwards TFTP, DNS, Time, NetBIOS, name server, and BOOTP packets by
default.
By default, the ip helper-address command forwards the eight UDPs services.
105
MLS(config)#interface vlan 1
MLS(configif)#description DHCP Server VLAN
MLS(config-if)#ip address 10.1.1.1 255.255.255.0
MLS(config-if)#no ip directed-broadcast
MLS(config)#interface vlan 2
MLS(config-ig)#description DHCP clients See Improving Security on
MLS(config-if)#ip address 10.1.2.1 255.255.255.0 Routers:
MLS(config-if)#no shutdown http://www.cisco.com/warp/public/
MLS(config-if)#no ip directed-broadcast 707/21.html
MLS(config-if)#ip helper-address 10.1.1.254
53
UDP Broadcast Forwarding
Router(config)#interface vlan 1
Router(config-if)#ip address 10.100.1.1 255.255.255.0
Router(config-if)#ip helper-address 10.200.1.254
107
54
Multilayer Switching
109
110
55
Traditional MLS
111
Traditional MLS
112
56
Traditional MLS
l The switch forwards the first packet in any flow to the Layer 3 engine
for processing using software switching.
l After the routing of the first packet in the flow, the Layer 3 engine
programs the hardware-switching components for routing for
subsequent packets.
113
MLS-RP
Candidate Packet Info The Destination MAC
Layer 3 Info Address is one of the
S-IP 10.1.1.10 router’s interfaces.
D-IP 10.1.2.20 There is not an existing
Layer 2 Info flow, so I will flag this as a
S-MAC 00-AA-00-11-11-11 candidate packet.
D-MAC 00-00-0C-11-11-11
MLS-SE
57
MLS-RP
MLS-SE
l Next, the router accepts the packets from workstation A, rewrites the
Layer 2 MAC addresses and CRC, and forwards the packet to
workstation B.
l The switch refers to the routed packet from the RSM as the enabler
packet.
115
MLS-RP
Candidate Packet Info
Layer 3 Info
S-IP 10.1.1.10
D-IP 10.1.2.20
Layer 2 Info
S-MAC 00-AA-00-11-11-11
D-MAC 00-00-0C-11-11-11
MLS-SE
58
MLS-RP
Candidate Packet Info
Found match in MLS
Layer 3 Info
S-IP 10.1.1.10
Cache, rewrite Ethernet
D-IP 10.1.2.20 Header and send directly
Layer 2 Info to Host B, forget the
S-MAC 00-AA-00-11-11-11 router!
D-MAC 00-00-0C-11-11-11
MLS-SE
Future Packets
l As future packets from the “flow” arrive, the MLS-SE uses the destination IP
address to look up the entry in the MLS cache.
l Finding a match, rewrite engine modifies the necessary header information
and forwards the frame (the packet is not forwarded to the router).
l The rewrite operation modifies all the same fields initially modified by the router
for the first packet, including the source MAC and destination MAC addresses.
117
CEF-based MLS
118
59
CEF
Routing Table
CEF
60
CEF
l Adjacency tables
Network nodes in the network are said to be adjacent if they can
reach each other with a single hop across a link layer. (OSPF,
EIGRP)
A router normally maintains:
Routing table containing Layer 3 network and next-hop
information
ARP table containing Layer 3 to Layer 2 address mapping.
These tables are kept independently.
121
Next hop?
l Adjacency tables
The FIB keeps the Layer 3 next-hop address for each entry.
To streamline packet forwarding even more, the FIB has
corresponding Layer 2 information for every next-hop entry.
This portion of the FIB is called the adjacency table, consisting of
the MAC addresses of nodes that can be reached in a single Layer
2 hop.
122
61
No ARP entry,
CEF L3 forwarding
engine can’t
forward packet
in hardware,
must send to L3
Engine.
I’ll generate the ARP
Request and get an
ARP Reply.
CEF
l Adjacency tables
What happens to subsequent packets while FIB entry is in glean state? (L3
engine is sending ARP Request.)
These packets are dropped.
So input queues do not fill.
So Layer 3 engine does not become too busy worrying about the need
for duplicate ARP requests.
This is called ARP throttling or throttling adjacency.
If an ARP reply is not received in two seconds, the throttling is
released so that another ARP request can be triggered.
After ARP reply is received:
Throttling is released
FIB entry can be completed
Subsequent packets can be forwarded in hardware 124
62
ARP
Throttling
ARP
Throttling
Throttling Adjacency is
removed when no ARP
Reply is received in 2
seconds. This allows
for another packet to to ARP
initiate a new ARP Drop packets until ARP
Reply received Request
Request.
(Throttling Adjacency)
Throttling Adjacency
relieves the Layer 3 X
Engine of excessive X
ARP processing or X
ARP-based DoS
attacks.
63
ARP
Throttling
127
5. The Layer 3 Engine installs Adjacency for Host B and removes the
throttling (drop) adjacency.
Next: Packet Rewrite (Coming!)
128
64
Packet Rewrite
Egress
Packet
129
Host B’s
10.20.10.2 MAC
Packet Rewrite Address
L2 Checksum L3 Checksum
65
Host B’s
10.20.10.2 MAC
Packet Rewrite Address
L2 Checksum L3 Checksum
Host B
Default Host
L3 switch
A TTL
Gateway
MAC Add outbound -1
interface
The packet rewrite engine makes the following changes to the packet just prior
to forwarding:
l Layer 2 destination address— Changed to the next-hop device's MAC address
l Layer 2 source address— Changed to the outbound Layer 3 switch interface's
MAC address
l Layer 3 IP Time To Live (TTL)— Decremented by one, as one router hop has
just occurred
l Layer 2 frame checksum— Recalculated to include changes to the Layer 2 and
Layer 3 headers
l Layer 3 IP checksum— Recalculated to include changes to the IP header
131
Host B’s
10.20.10.2 MAC
Packet Rewrite Address
L2 Checksum L3 Checksum
Host B
Default Host
L3 switch
A TTL
Gateway
MAC Add outbound -1
interface
132
66
Host B’s
10.20.10.2 MAC
Packet Rewrite Address
L2 Checksum L3 Checksum
Host B
Default Host
L3 switch
A TTL
Gateway
MAC Add outbound -1
interface
133
CEF
134
67
Switching Table Architectures
CAM TCAM
68
CAM
137
CAM
VLAN ID
Key Key
138
69
TCAM
l TCAM is a specialized CAM designed for
rapid table lookups.
l For example, the Catalyst 2950, 3550,
4500, and 6500 families of switches use
TCAM to handle ACL lookups at line
rate.
l Thus applying ACLs does not affect the
performance of the switch.
l Single lookup provides the following
information:
Layer 2
Layer 3
ACL
139
TCAM
l VMR (value, mask, and result) refers to the
format of entries in TCAM.
l The “value” in VMR refers to the pattern that
is to be matched:
Examples include IP addresses and
protocol ports
l The “mask” refers to the mask bits
associated with the pattern and determines
the prefix.
l The “result” refers to the result or action that
occurs in the case where a lookup returns a
hit for the pattern and mask.
This result might be a “permit” or “deny”
in the case of a TCAM for ACLs.
Another example of a result is a pointer to
an entry in the hardware adjacency table
that contains the next-hop MAC rewrite
information in the case of a TCAM used
for IP routing.
l If TCAM becomes full the wildcard entry will
force the packet to route via the routing table.
140
70
CEF-Based MLS Lookups
141
142
71
Configuring Inter-VLAN Routing
Through an SVI
Step 1 : Configure IP routing.
Switch(config)#ip routing
143
Switch(config)#ip routing
144
72
Enabling CEF
145
Verifying CEF
Switch#show ip cef [type mod/port | vlan_interface] [detail]
146
73
Verify Layer 3 Switching
Switch#show interface {{type mod/port} | {port-channel
number}} | begin L3
147
148
74
Adjacency Information
Switch#show adjacency [{{type mod/port} |
{port-channel number}} | detail | internal | summary]
149
Switch#ping ip
150
75
CEF Summary
l Layer 3 switching is high-performance packet switching in
hardware.
l MLS functionality can be implemented through CEF.
l CEF uses tables in hardware to forward packets.
l Specific commands are used to enable and verify
CEF operations.
l Commands to enable CEF are platform dependent.
l CEF problems can be matched to specific solutions.
l Specific commands are used to troubleshoot and solve CEF
problems.
l Ordered steps assist in troubleshooting CEF-based problems.
151
76