10-2CCNP2-SWITCH-mod04-v6.0-Implementing InterVLAN Routing

CCNP-SWITCH (V6.
0)
Building Cisco Multilayer
Switched Networks
(BCMSN) v3.0
l Module 4 : Implementing Inter-VALN routing

§ Origin : Cisco Academic Press
§ Update : 이훈재(李焄宰) HoonJae Lee, 동서대학교
§ e-mail : hjlee@dongseo.ac.kr
§ Homepage : http://kowon.dongseo.ac.kr/~hjlee
l http://crypto.dongseo.ac.kr
Module 4. Implementing Inter-VLAN

routing
- @ cisco flash v5.0 -
SWITCH v6.0 / MCMSN v5.0 (Cisco flash v5.0)

module 4
Dongseo University
HoonJae Lee
1
routing (flash v5.0)
4.1 Describing Routing Between VLANs

4.2 Enabling Routing Between VLANS
4.3 Deploying CEF-Based Multilayer Switching
4.4 Inter-VLAN Routing Lab Exercises
Inter-VLAN Routing
l A VLAN is a logical group of ports, usually belonging to a single IP

subnet to control the size of the broadcast domain.
l Even though devices in different VLANs may be “physically”
connected, as shown in the previous slides, these devices cannot
communicate without the services of a default gateway, a router.
l Because VLANs isolate traffic to a defined broadcast domain and
subnet, network devices in different VLANs cannot communicate
with each other without the use of a router.
l This is known as Inter-VLAN Routing.
4
2
Inter-VLAN Routing
l The following devices are Or trunk port
capable of providing inter-
VLAN routing:
1. Any Layer 3
multilayer Catalyst
switch
2. Any external router
with an interface that
supports trunking
(“router-on-a-stick”)
3. Any external router or
group of routers with a
separate interface in
each VLAN
Inter-VLAN Routing with External Router
• a single trunk link between the

switch and the router that can
carry the traffic of multiple VLANs
and which, in turn, can be routed
by the router.
3
Inter-VLAN Routing with External Router
l The advantages are as follows:
Ø Implementation is simple.
Ø Layer 3 services are not required on the switch.
Ø The router provides communications between VLANs.
l The disadvantages are as follows:

Ø The router is a single point of failure.
Ø The single traffic path between the switch and the router may
become congested.
Ø Latency is higher than on a Layer 3 switch.
Router On a Stick
l Router on a stick is very simple to implement because routers are

usually available in every network.
l Most enterprise networks use multilayer switches to achieve high
packet-processing rates using hardware switching.
l Multilayer (layer 3) switches usually have packet-switching
throughputs in the millions of packets per second (pps), whereas
traditional general-purpose routers provide packet switching in the
range of 100,000 pps to just over 1 million pps. à 1/10 speed down!
8
4
Connecting VLANs with Multilayer Switches
Layer 2 Interfaces:
l Access port— Carries
traffic for a single VLAN
l Trunk port— Carries
traffic for multiple
VLANs using Inter-
Switch Link (ISL)
encapsulation or
802.1Q tagging
Describing Inter-VLAN Routing Using External

Router Configuration Commands
10
5
Inter-VLAN Routing on External Router:
802.1Q Trunk Link
switch(config)#interface FastEthernet 0/0
switch(config-if)#switchport trunk encapsulation dot1q
switch(config-if)#switchport mode trunk
11
Inter-VLAN Routing on External Router: ISL

Trunk Link
switch(config)#interface FastEthernet 0/0
switch(config-if)#switchport trunk encapsulation isl
switch(config-if)#switchport mode trunk
12
6
Verifying Inter-VLAN Routing
13
Explaining Multilayer Switching

l MLS(multilayer switch) = Switch + Router
into one device
l A multilayer switch combines the functionality of a
switch and a router into one device, therefore
enabling the device to switch traffic when the
source and destination are in the same VLAN and
to route traffic when the source and destination are
in different VLANs (that is, different subnets).
Ø The same VLAN à switching
Ø Different VLANs à routing
l ASIC: wire speed
l Routing table, access control list (ACL) à

store in CAM, TCAM 14
7
Layer 2 Switch Forwarding process – In MLS
15
Logical Flow for a Multilayer Switch
16
8
Frame Rewrite
l The source MAC address changes from the sender MAC address to the
router MAC address.
l The destination MAC address changes from the router MAC to the next-hop
MAC address.
l The TTL is decremented by one and, as a result, the IP header checksum
is recalculated.
17
l The frame checksum is recalculated.
Switching Table Architectures - Details
CAM TCAM
l Routing, switching, ACL, and QoS tables are stored in a high-speed

table memory so that forwarding decisions and restrictions can be
made in high-speed hardware.
l Cisco Catalyst switches create and use two primary table
architectures:
Ø CAM (content addressable memory)
two results: 0 (true) or 1 (false).
MAC address tables.
Ø TCAM (ternary content addressable memory ) – Ternary Logic
three results: 0 (don’t care), 1 (true), 2 (false)
IP tables : routing, ACL, QoS 18
9
CAM Application
VLAN ID
Key Key
l The information a switch uses to perform a lookup in a CAM table is

called a key.
l For example, a Layer 2 lookup would use a destination MAC address
and a VLAN ID as a key.
19
l In specific high-end switch platforms, the TCAM

TCAM is a portion of memory designed for rapid,
hardware-based table lookups of Layer 3 and
Layer 4 information. In the TCAM, a single
lookup provides all Layer 2 and Layer 3
forwarding information for frames, including CAM
and ACL information.
l How the values are stored in the TCAM:
access-list 101 permit ip host 10.1.1.1 any
access-list 101 deny ip 10.1.1.0 0.0.0.255 any
l Longest match region :
Each longest match region consists of groups of
Layer 3 address entries (“buckets”) organized in
decreasing order by mask length. All entries
within a bucket share the same mask value and
key size. The buckets can change their size
dynamically by borrowing address entries from
neighboring buckets. Although the size of the
whole protocol region is fixed, you can
reconfigure it. The reconfigured size of the
protocol region takes effect only after the next
system reboot
l First-Match region :
The first-match region consists of ACL entries.
20
Lookup stops after the first match of the entry.
10

Layer 3 Interfaces
The Catalyst multilayer switches support three different types of Layer 3

interfaces:
l Routed port— A pure Layer 3 interface similar to a routed port on a
Cisco IOS router.
l Switch virtual interface (SVI) — A virtual VLAN interface for inter-
VLAN routing. In other words, SVIs are the virtual routed VLAN
interfaces.
l Bridge virtual interface (BVI) — A Layer 3 virtual bridging interface.
(Not discussed)
22
11
MLS Layer 3 Interface: Routed Port
23

l A routed switch port is a physical switch port on a multilayer switch that is
capable of Layer 3 packet processing. A routed port is not associated with a
particular VLAN, as contrasted with an access port or SVI. The switch port
functionality is removed from the interface. A routed port behaves like a
regular router interface, except that it does not support VLAN subinterfaces.
Routed switch ports can be configured using most commands applied to a
physical router interface, including the assignment of an IP address and the
configuration of Layer 3 routing protocols.
l A routed switch port is a standalone port that is not associated with a VLAN,
whereas an SVI is a virtual interface that is associated with a VLAN. SVIs
generally provide Layer 3 services for devices connected to the ports of the
switch where the SVI is configured. Routed switch ports can provide a Layer
3 path into the switch for a number of devices on a specific subnet, all of
which are accessible from a single physical switch port.
l The number of routed ports and SVIs that can be configured on a switch is
not limited by software. However, the interrelationship between these
interfaces and other features configured on the switch may overload the
CPU because of hardware limitations.
24
12
l A routed port has the following characteristics and functions:

Ø Physical switch port with Layer 3 capability
Ø Not associated with any VLAN
Ø Serves as the default gateway for devices out that switch port
Ø Layer 2 port functionality must be removed before it can be
configured 25
Configuration of Routed Ports on a Multilayer

Switch
26
13
MLS Layer 3 Interface: SVI
DLSwitch(config)#interface vlan 1
DLSwitch(config-if)#ip address 172.16.1.1 255.255.255.0
l Switch virtual interfaces (SVI) are Layer 3 interfaces that are

configured on multilayer Layer 3 Catalyst switches that are used for
inter-VLAN routing.
l An SVI is a virtual VLAN interface that is associated with the VLAN-
ID to enable routing capability on that VLAN.
l Note: These are virtual interfaces!
27
l To configure communication between VLANs, you must configure each

SVI with an IP address and subnet mask in the chosen address
range for that subnet.
l The IP address associated with the VLAN interface is the default
gateway of the workstation.
28
14
Layer 3 SVI
l To provide a default
gateway for a VLAN so
that traffic can be routed
between VLANs
l To provide fallback
bridging if it is required for
non-routable protocols
l To provide Layer 3 IP
connectivity to the switch
l To support routing protocol
and bridging configurations
29
Configuring Inter-VLAN Routing on a Multilayer Switch
30
15

MLS and CEF
l One of the bottlenecks in high-speed networking is the

decision-making process within the router.
l Two of the methods used by Cisco devices to speed
up this process are:
1. Multilayer Switching (MLS)
2. Cisco Express Forwarding (CEF)
32
16
Internal route processors
Route Processors include:

Ø Route Switch Module (RSM) – 4000, 5000, 6000, 7000
Ø Route Switch Feature Card (RSFC) - 5000
Ø Multilayer Switch Module (MSM) - 6000
Ø Multilayer Switch Feature Card (MSFC) - 6000
Other terms used
Ø Layer-3 Card, or Layer-3 “Blade”
Ø MultiLayer Switch Route Processor (MLS-RP)
ü The router in the network (handles the first packet in every
flow)
33
Introduction to MLS
l MLS is a technology used by a small number of older

Catalyst switches to provide wire-speed routing.
l MLS is sometimes known as "Route once, switch
many"
Ø The first packet of a flow is routed by the router in
software and the remaining packets are forwarded in
hardware by the switch
34
17
Introduction to CEF
l CEF is the technology used by newer Cisco devices to

provide wire-speed routing.
l Unlike MLS, which requires the route processor to route
the first packet of a flow, CEF enables packet switching
to circumvent the route processor altogether
Ø This is accomplished by the communication process
between the route processor and the switch
processor to create the shortcut info before the first
packet arrives
Ø “Route never, switch always”
35
Multilayer Switching
Traditional MLS CEF-Based MLS
l Multilayer switching refers to the ability of a Catalyst switch to

support switching and routing of packets in hardware, with optional
support for Layers 4 through 7 switching in hardware as well.
l Hardware switching: A route processor (Layer 3 engine) must
download software-based routing, switching, access lists, QoS, and
other information to the hardware for packet processing.
36
18
Traditional and CEF-based MLS
l To accomplish multilayer switching (packet processing in hardware),

Cisco Catalyst switches use either:
§ Traditional multilayer switching (traditional MLS)
§ Cisco Express Forwarding (CEF)-based MLS architecture.
l Traditional MLS is a legacy feature, whereas all leading-edge
Catalyst switches support CEF-based multilayer switching (CEF-based
MLS).
37
l The term multilayer switching (MLS) is a general networking term

that refers to hardware-based PDU header rewriting and forwarding,
based on information specific to one or more OSI layers
Ø When used in the context of this class, MLS refers to Cisco MLS
38
19
Traditional MLS
l MLS enables specialized
application-specific integrated
circuits (ASICs) to perform
Layer 2 rewrite operations of
routed packets.
l Layer 2 rewrites include
rewriting the source and
destination MAC addresses
and writing a recalculated cyclic
redundancy check (CRC).
l Because the source and
destination MAC addresses
change during Layer 3 rewrites,
the switch must recalculate the
CRC for these new MAC
addresses.
39
Traditional MLS
l For Catalyst switches that support traditional MLS, the switch learns
Layer 2 rewrite information from an MLS router via an MLS protocol.
§ Also known as netflow-based switching.
l With traditional MLS, the Layer 3 engine (route processor) and
switching ASICs work together to build Layer 3 entries on the switch.
l Each entry contains a source, a source and destination, or full flow
information including Layer 4 protocol information.
40
20
Traditional MLS
dot1q Tag Ethernet Header IP Header IP

(inside Eth. Hdr) Data
VLAN D-MAC= 00-00- S-MAC= 00-AA- S-IP = D-IP =
1 0C-11-11-11 00-11-11-11 10.1.1.10 10.1.2.20
l With traditional MLS, the switch forwards the first packet in any flow to
the Layer 3 engine for processing using software switching.
l After the routing of the first packet in the flow, the Layer 3 engine
programs the hardware-switching components for routing for
subsequent packets.
41
Traditional MLS
MLS-RP The Destination MAC

Candidate Packet Info
Address is one of the
Layer 3 Info
router’s interfaces.
S-IP 10.1.1.10
D-IP 10.1.2.20 There is not an existing
flow, so I will flag this as
Layer 2 Info
a candidate packet.
S-MAC 00-AA-00-11-11-11
D-MAC 00-00-0C-11-11-11
MLS-SE

1 0C-11-11-11 00-11-11-11 10.1.1.10 10.1.2.20
42
21
Traditional MLS
MLS-RP
MLS-SE

VLAN 2 D-MAC= 00-AA- S-MAC= 00-00- S-IP = D-IP =
00-22-22-22 0C-22-22-22 10.1.1.10 10.1.2.20
43
Traditional MLS
MLS-RP
Found match in MLS
Layer 3 Info
S-IP 10.1.1.10
Cache, rewrite Ethernet
D-IP 10.1.2.20 Header and send directly
Layer 2 Info to Host B, forget the
S-MAC 00-AA-00-11-11-11 router!
D-MAC 00-00-0C-11-11-11
MLS-SE
Future Packets
Dst IP Src IP Port Dst Src Dst Src VLAN Interface

MLS Port Port MAC MAC
10.1.2.20 10.1.1.10 TCP 23 1238 00-AA- 00-00- 2 3/1
Cache 00-22- 0C-22-
22-22 22-22
44
22
CEF-based MLS
45
CEF
l CEF-based MLS forwarding model is used to download the control

plane information such as the access lists to the data plane on the
supervisor, port, or line card for hardware switching of packets.
Ø Control plane represents the Layer 3 engine (route processor)
Ø Data plane represents the hardware components such as ASICs
used by the switch for hardware switching.
l CEF is a topology-based forwarding model in which all routing
information is prepopulated into a forwarding information base
(FIB).
l As a result of the prepopulation of routing information, Catalyst
switches can quickly look up routing information such as IP
adjacencies and next-hop IP and MAC addresses.
46
23
Routing Table
CEF
The two main components of CEF are FIB and Adjacency Table
• Forwarding information base (FIB)
Ø Used make IP destination prefix-based switching decisions.
Ø Similar to a routing table or information base.
Ø It maintains a mirror image of the forwarding information contained in the
IP routing table.
Ø When routing or topology changes occur in the network, the IP routing
table is updated, and those changes are reflected in the FIB.
Ø The FIB maintains next-hop address information based on the
information in the IP routing table.
Ø In the context of CEF-based MLS, both the Layer 3 engine and the
hardware-switching components maintain an FIB.
47
CEF
l Adjacency tables
Ø Network nodes in the network are said to be adjacent if they can
reach each other with a single hop across a link layer. (OSPF,
EIGRP)
Ø A router normally maintains:
§ Routing table containing Layer 3 network and next-hop
information
§ ARP table containing Layer 3 to Layer 2 address mapping.
§ These tables are kept independently.
48
24
Layer 2 MAC Addresses,
CEF Next Hop Information
l Adjacency tables
Ø Recall that the FIB keeps the Layer 3 next-hop address for each
entry.
Ø To streamline packet forwarding even more, the FIB has
corresponding Layer 2 information for every next-hop entry.
Ø This portion of the FIB is called the adjacency table, consisting of
the MAC addresses of nodes that can be reached in a single Layer
2 hop.
49
CEF No ARP entry,

L3 forwarding
engine can’t
forward packet
in hardware,
must send to L3
Engine. I’ll generate the ARP
Request and get an
ARP Reply.
l Adjacency tables (summary, more detail coming)

Ø The adjacency table information is built from the ARP table.
Ø As a next-hop address receives a valid ARP entry, the adjacency
table is updated.
Ø If an ARP entry does not exist, the FIB entry is marked as “CEF
glean(이삭 줍기).”
Ø This means that the Layer 3 forwarding engine can't forward the
packet in hardware, due to the missing Layer 2 next-hop address.
Ø The packet is sent to the Layer 3 engine so that it can generate an
ARP request and receive an ARP reply.
Ø This is known as the “CEF glean” state, where the Layer 3 engine
must glean the next-hop destination's MAC address.
50
25
CEF
l Adjacency tables
Ø During the time that a FIB entry is in the CEF glean state waiting for
the ARP resolution, subsequent packets to that host are
immediately dropped so that the input queues do not fill and the
Layer 3 engine does not become too busy worrying about the need
for duplicate ARP requests.
Ø This is called ARP throttling(목 조르기) or throttling adjacency.
Ø If an ARP reply is not received in two seconds, the throttling is
released so that another ARP request can be triggered.
Ø Otherwise, after an ARP reply is received, the throttling is released,
the FIB entry can be completed, and packets can be forwarded
completely in hardware.
51
Explaining Layer 3 Switch Processing
52
26
l Layer 3 switching refers to a class of high performance routers
optimized for the campus LAN or intranet, providing both wire-speed
Ethernet routing and switching services.
l A Layer 3 switch router performs the following three major functions:
Ø Packet switching
Ø Route processing
Ø Intelligent network services
l Compared to other routers, Layer 3 switch routers process more
packets faster by using ASIC hardware instead of microprocessor-
based engines. Layer 3 switch routers also improve network
performance with two software functions: route processing and
intelligent network services.
l Layer 3 switching software employs a distributed architecture in
which the control path and data path are relatively independent. The
control path code, such as routing protocols, runs on the route
processor, whereas most of the data packets are forwarded by the
Ethernet interface module and the switching fabric. 53

l Each interface module includes a microcoded processor that
handles all packet forwarding. The control layer functions between
the routing protocol and the with the firmware datapath microcode
following primary duties:
Ø Manages the internal data and control circuits for the packet-
forwarding and control functions
Ø Extracts the other routing and packet forwarding-related control
information from the Layer 2 and Layer 3 bridging and routing
protocols and the configuration data, and then conveys the
information to the interface module to control the datapath
Ø Collects the datapath information, such as traffic statistics, from
the interface module to the route processor
Ø Handles certain data packets sent from the Ethernet interface
modules to the route processor
54
27
55

l Layer 3 switching can occur at two different locations on the switch:
Ø Centralized: Switching decisions are made on the route
processor by a central forwarding table, typically controlled by an
ASIC.
Ø Distributed: Switching decisions are made on a port or line-card
level. Cached tables are distributed and synchronized to various
hardware components so that processing can be distributed
throughout the switch chassis.
l Layer 3 switching uses one of these two methods, depending on the
platform:
Ø Route caching: Also known as flow-based or demand-based
switching, a Layer 3 route cache is built in hardware, since the
switch sees traffic flow into the switch.
Ø Topology-based: Information from the routing table is used to
populate the route cache regardless of traffic flow. The
populated route cache is called the forwarding information base
(FIB). CEF builds the FIB. 56
28
Explaining CEF-based Multilayer Switches
• CEF Operation modes: • CEF-based Cisco MultiLayer Switches:

• Central CEF Catalyst 2970, Catalyst 3550,Catalyst 3560
Catalyst 3750, Catalyst 4500,Catalyst 4948;
• Distributed CEF
Catalyst 6500 : two card modules of CP and DP
57

l Cisco Layer 3 devices can use a variety of methods to switch packets from
one port to another. The most basic method of switching packets between
interfaces is called process switching. Process switching moves packets
between interfaces on a scheduled basis, based on information in the
routing table and the Address Resolution Protocol (ARP) cache. As packets
arrive, they are put in a queue to wait for further processing. When the
scheduler runs, the outbound interface is determined, and the packet is
switched. Waiting for the scheduler introduces latency.
l To speed the switching process, strategies exist to switch packets on
demand as they arrive and to cache the information necessary to make
packet-forwarding decisions.
l CEF uses these strategies to expediently switch data packets to their
destination. It caches information generated by the Layer 3 routing engine.
CEF caches routing information in one table (the FIB), and caches Layer 2
next-hop addresses for all FIB entries in an adjacency table. Because CEF
maintains multiple tables for forwarding information, parallel paths can exist
and enable CEF to load balance per packet.
58
29
l CEF operates in one of two modes.
Ø Central CEF: The FIB and adjacency tables reside on the route
processor, and the route processor performs the express forwarding.
Use this mode when line cards are not available for CEF switching, or
when features are not compatible with distributed CEF.
Ø Distributed CEF (dCEF): Supported only on Cisco Catalyst 6500
switches. Line cards maintain identical copies of the FIB and adjacency
tables. The line cards can perform the express forwarding by
themselves, relieving the main processor of being involved in the
switching operation. Distributed CEF uses an interprocess
communications (IPC) mechanism to ensure that the FIBs and
adjacency tables are synchronized on the route processor and line
cards.
59
Identifying the Multilayer Switch Packet Forwarding Process
60
30
l CEF separates the control plane hardware from the data plane hardware
and switching. ASICs separate the control plane and data plane, thereby
achieving higher data throughput.
Ø The control plane is responsible for building the FIB and adjacency
tables in software.
Ø The data plane is responsible for forwarding IP unicast traffic using
hardware.
l When traffic cannot be processed in hardware, the traffic must receive
processing in software by the Layer 3 engine, thereby not receiving the
benefit of expedited hardware-based forwarding. A number of different
packet types may force the Layer 3 engine to process them. Some
examples of IP exception packets are the following :
Ø IP packets that use IP header options. (Packets that use TCP header options are
switched in hardware because they do not affect the forwarding decision.)
Ø Packets that have an expiring IP Time to Live (TTL) counter.
Ø Packets that are forwarded to a tunnel interface.
Ø Packets that arrive with non-supported encapsulation types.
Ø Packets that are routed to an interface with non-supported encapsulation types.
Ø Packets that exceed the maximum transmission unit (MTU) of an output interface
and must be fragmented. 61
62
31
l CEF-based tables are initially populated and used as follows :
Ø The FIB is derived from the IP routing table and is arranged for maximum lookup throughput.
Ø The adjacency table is derived from the ARP table, and it contains Layer 2 rewrite (MAC) information for the
next hop.
Ø CEF IP destination prefixes are stored in the TCAM table, from the most specific to the least specific entry.
Ø When the CEF TCAM table is full, a wildcard entry redirects frames to the Layer 3 engine.
Ø When the adjacency table is full, a CEF TCAM table entry points to the Layer 3 engine to redirect the
adjacency.
Ø The FIB lookup is based on the Layer 3 destination address prefix (longest match).
l The FIB table is updated when the following occurs:
Ø An ARP entry for the destination next hop changes, ages out, or is removed.
Ø The routing table entry for a prefix changes.
Ø The routing table entry for the next hop changes.
l These are the basic steps for initially populating the adjacency table:
Ø Step 1 The Layer 3 engine queries the switch for a physical MAC address.
Ø Step 2 The switch selects a MAC address from the chassis MAC range and assigns it to the Layer 3 engine.
This MAC address is assigned by the Layer 3 engine as a burned-in address for all VLANs and is used by
the switch to initiate Layer 3 packet lookups.
Ø Step 3 The switch installs wildcard CEF entries, which point to drop adjacencies (for handling CEF table
lookup misses).
Ø Step 4 The Layer 3 engine informs the switch of its interfaces participating in MLS (MAC address and
associated VLAN). The switch creates the (MAC, VLAN) Layer 2 CAM entry for the Layer 3 engine.
Ø Step 5 The Layer 3 engine informs the switch about features for interfaces participating in MLS.
Ø Step 6 The Layer 3 engine informs the switch about all CEF entries related to its interfaces and connected
networks. The switch populates the CEF entries and points them to Layer 3 engine redirect adjacencies.
63
64
32
l These are the steps that would occur when you use CEF to forward frames between
host A and host B on different VLANs:
Ø Step 1 Host A sends a packet to host B. The switch recognizes the frame as a
Layer 3 packet because the destination MAC (MAC-M) matches the Layer 3
engine MAC.
Ø Step 2 The switch performs a CEF lookup based on the destination IP address
(IP-B). The packet hits the CEF entry for the connected (VLAN20) network and is
redirected to the Layer 3 engine using a glean adjacency.
Ø Step 3 The Layer 3 engine installs an ARP throttling adjacency in the switch for
the host B IP address.
Ø Step 4 The Layer 3 engine sends ARP requests for host B on VLAN20.
Ø Step 5 Host B sends an ARP response to the Layer 3 engine.
Ø Step 6 The Layer 3 engine installs the resolved adjacency in the switch
(removing the ARP throttling adjacency).
Ø Step 7 The switch forwards the packet to host B.
Ø Step 8 The switch receives a subsequent packet for host B (IP-B).
Ø Step 9 The switch performs a Layer 3 lookup and finds a CEF entry for host B.
The entry points to the adjacency with rewrite information for host B.
Ø Step 10 The switch rewrites packets per the adjacency information and forwards
the packet to host B on VLAN20.
65
Populating FIB and Adjacency Table
66
33
67
l An example of ARP throttling, which consists of these steps:

Ø Step 1 Host A sends a packet to host B.
Ø Step 2 The switch forwards the packet to the Layer 3 engine
based on the “glean” entry in the FIB. A glean adjacency entry
indicates that a particular next hop should be directly connected,
but there is no MAC header rewrite information available.
Ø Step 3 The Layer 3 engine sends an ARP request for host B and
installs the drop adjacency for host B. At this point, subsequent
frames destined for host B from host A are dropped (ARP
throttling).
Ø Step 4 Host B responds to the ARP request. The Layer 3 engine
installs an adjacency for host B and removes the drop
adjacency.
68
34
ARP
Throttling
l When a router is directly connected to a multiaccess segment

(Ethernet), the router maintains an additional prefix for the subnet..
l This subnet prefix points to a glean adjacency.
l When a router receives a packets that needs to be forwarded to a
specific host, the adjacency database is gleaned for a specific prefix.
l If the prefix does not exist, the subnet prefix is consulted.
l The glean adjacency indicates that any address with this range
should be forwarded to the Layer 3 engine ARP processing.
69
ARP
Throttling
1. Host A sends a packet to Host B.

l CEF lookup shows glean adjacency (ARP entry does not exist so
no entry in adjacency table).
l No rewrite information exists.
2. Packet passed to Layer 3 Engine for processing.
70
35
ARP
Throttling
Throttling Adjacency is
removed when no ARP
Reply is received in 2
seconds. This allows
for another packet to ARP
initiate a new ARP Drop packets until ARP
Reply received Request
Request.
(Throttling Adjacency)
Throttling Adjacency
relieves the Layer 3
Engine of excessive
ARP processing or
ARP-based DoS
attacks.
3. Obtaining rewrite information.

l L3 Engine sends an ARP Request for Host B and waits for ARP Reply.
l Throttling Adjacency: While in glean state, subsequent packets to that
host are dropped, so that input queues do not fill and so the Layer 3
engine isn’t busy with duplicate ARP Requests. (Note: Cisco’s routers
drop the first packet when there is no ARP entry, while sending the ARP
Request.) 71
ARP
Throttling
Drop packets until ARP

Reply received
(Throttling Adjacency) ARP
Reply
4. Host B sends ARP Reply.
72
36
ARP
Throttling 10.20.10.2

Reply received
5. The Layer 3 Engine installs Adjacency for Host B and removes the
throttling (drop) adjacency.
Next: Packet Rewrite (Coming!)
73
Describing CEF Configuration Commands
74
37
Verifying CEF
75
Common CEF Problems
l Does the Ideal switching (CEF, DCEF) used ?

l CEF table is perfected or accuracy ?
76
38
Verify Layer 3 Switching
Switch#show interface {{type mod/port} | {port-channel

number}} | begin L3
Switch#show interface fastethernet 3/3 | begin L3

L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 12 pkt, 778 bytes mcast
L3 out Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes
4046399 packets input, 349370039 bytes, 0 no buffer
Received 3795255 broadcasts, 2 runts, 0 giants, 0 throttles
.....
Switch#
77
Displaying Hardware Layer 3 Switching

Statistics
Switch#show interfaces {{type mod/port} | {port-channel

number}} include switched
Switch#show interfaces gigabitethernet 9/5 | include switched

L2 Switched: ucast: 8199 pkt, 1362060 bytes - mcast: 6980 pkt, 371952 bytes
78
39
Adjacency Information
Switch#show adjacency [{{type mod/port} |

{port-channel number}} | detail | internal | summary]
Switch#show adjacency gigabitethernet 9/5 detail

Protocol Interface Address
IP GigabitEthernet9/5 172.20.53.206(11)
504 packets, 6110 bytes
00605C865B82
000164F83FA50800
ARP 03:49:31
79
Debugging CEF Operations
Switch#debug ip cef {drops | access-list | receive |

events | prefix-ipc | table}
• Displays debug information for CEF
Switch#debug ip cef {ipc | interface-ipc}
• Displays debug information related to IPC in CEF
Switch#ping ip
• Performs an extended ping
80
40
Troubleshooting Layer 3 CEF-Based MLS
l Things to check
(1) Check Layer 3 operations.
(2) Verify the FIB and adjacency table.
l Step 1 : Verify CEF.
show ip cef summary
show ip cef vlan 10
l Step 2 : Verify the running configuration
l Step 3 : Verify the routing
Switch#show ip route | include 192.168.150.0
l Step 4 : Verify an ARP entry on the route processor.
At Switch check ARP atable for 192.168.199.3
l Step5: Verify the CEF FIB table entry for the route
Switch# show ip cef 192.168.150.0
l Step 6 : Verify an adjacency table entry for the destination.
Switch#show adjacency detail | begin 192.168.199.3
l Step 7: Verify CEF from the supervisor engine for
modular switch platforms.
81


41
routing
l Multilayer Switched Networks

l CCNP 3 version 5
l Rick Graziani
Internetwork Communications
C:>ping 172.16.30.100
l Can two hosts on different subnets communicate without a router?

l What would happen if a host tried to ping another host?
No they cannot communicate.
l Would it send an ARP Request? Why or why not?
The host would not send an ARP Request because there is no
default-gateway.
84
42
Trunking with Default Gateway
C:>ping 172.16.30.100
l What difference would it make if these hosts were on different VLANs?

The Broadcasts would not be forwarded out all ports by the switch.
l Why does the host send the ARP Request to the router and not the
destination host? After all they’re on the same switch.
The host doesn’t know where the destination host is, just that it’s
not on its’ network.
85
Internetwork Communications
l Then Destination MAC Address is that of the same device as the Destination IP
Address.
l Check ARP cache for entry of Destination IP Address and its MAC Address.
If no entry, ARP Request Destination IP Address asking for MAC Address.
• Then Destination MAC Address will be that of the Default Gateway.

• Check ARP cache for entry of Default Gateway’s IP Address and its MAC
Address.
– If no entry, ARP Request Default Gateway’s IP Address asking for MAC
Address.
86
43
Inter-VLAN Routing
l VLAN is a logical group of ports, usually belonging to a single IP

subnet to control the size of the broadcast domain.
l Even though devices in different VLANs may be “physically”
connected, these devices cannot communicate without the services of
a default gateway, a router.
This is known as Inter-VLAN Routing.
87
Inter-VLAN Routing
l The following devices are
capable of providing inter-
VLAN routing: Or trunk port
Any external router or
group of routers with a
separate interface in
each VLAN
Any external router with
an interface that
supports trunking
(router on a stick)
Any Layer 3 multilayer
Catalyst switch
88
44
External Router separate interface in each VLAN
l Download: PT-Topology-MLS-1
l Configure the router to route between VLANs.
l Is a routing protocol necessary? Why or why not?
No, because all of our networks are directly connected.
89
Router-on-a-Stick
172.16.10.100/24 172.16.20.100/24
• Download: PT-Topology-MLS-2.pkt
• Single trunk link carries traffic for multiple VLANs to and from router.
90
45
Configure Router On A Stick: 802.1Q Trunk Link
interface GigabitEthernet5/0
no shutdown ! Does not show in config
!
interface GigabitEthernet5/0.1
description VLAN 1
encapsulation dot1Q 1 native
ip address 172.16.1.1 255.255.255.0
172.16.10.100/ 172.16.20.100/ !
24 24
description VLAN 10
encapsulation dot1Q 10
interface GigabitEthernet1/1 ip address 172.16.10.1 255.255.255.0
switchport mode trunk !
description VLAN 20
• Router on a stick is very ip address 172.16.20.1 255.255.255.0
simple to implement !
because routers are usually interface GigabitEthernet5/0.30
description VLAN 30
available in every network. encapsulation dot1Q 30
ip address 172.16.30.1 255.255.255.0
!
description VLAN 40
ip address 172.16.40.1 255.255.255.0 91
Multilayer Switches
Layer 2 Interfaces:
l Access port— Carries
traffic for a single VLAN
l Which are the access
ports?
l Trunk port— Carries
traffic for multiple
VLANs using Inter-
Switch Link (ISL)
encapsulation or
802.1Q tagging
l Which are the trunk
ports?
92
46
Connecting VLANs with Multilayer Switches
Layer 2 Interfaces
SwitchA(config)#interface fa 0/1
SwitchA(config-if-range)#switchport mode access
SwitchA(config-if-range)#switchport access vlan 10
SwitchA(config)#interface gigabitethernet 1/2

SwitchA(config-if-range)#switchport trunk encapsulation dot1q
SwitchA(config-if-range)#switchport mode trunk
l Cisco IOS Switchport command

The switchport command configures an interface as a Layer 2
interface.
Note: The no switchport command configures an interface as a

Layer 3 interface.
93
Layer 3 Interfaces
The Catalyst multilayer switches support three different types of Layer 3

interfaces:
l Routed port— A pure Layer 3 interface similar to a routed port on a
Cisco IOS router.
l Switch virtual interface (SVI)— A virtual VLAN interface for inter-
VLAN routing. In other words, SVIs are the virtual routed VLAN
interfaces.
l Bridge virtual interface (BVI)— A Layer 3 virtual bridging interface.
(Not discussed)
94
47
l Download: PT-Topology-MLS-3.pkt
l A routed port is a physical port that acts similarly to a port on a
traditional router with Layer 3 addresses configured.
Not associated with a particular VLAN.
Like a regular router interface, except that it does not support
subinterfaces.
95
192.168.1.4/30
MLS Layer 3 Interface:
Routed Port
192.168.1.0/30 192.168.1.8/30
• Configure the other

Core and
Distribution switches.
Core1(config)# interface GigabitEthernet0/1

Core1(config-if)# no switchport
Core1(config-if)# ip address 192.168.1.5 255.255.255.252

96
48
192.168.1.4/30
Routed Port
192.168.1.0/30 192.168.1.8/30


97
192.168.1.4/30
Routed Port
192.168.1.0/30 192.168.1.8/30
DLS1(config)# interface GigabitEthernet0/2

DLS1(config-if)# no switchport
DLS1(config-if)# ip address 192.168.1.2 255.255.255.252
DLS2(config)# interface GigabitEthernet0/2

DLS2(config-if)# no switchport
98
49
SVI
l Switch virtual interfaces (SVI)

Layer 3 interfaces that are configured on multilayer Layer 3
switches
Used for inter-VLAN routing.
A virtual VLAN interface
Associated with the VLAN-ID
Enable routing capability on that VLAN.
l Note: These are virtual interfaces!
99

SVI
l To configure communication
between VLANs, you must
configure each SVI with an IP
address and subnet mask in
the chosen address range for
that subnet.
l The IP address associated with
the VLAN interface is the default
gateway of the workstation.
DLS1(config)# interface vlan 1

DLS1(config-if)# no shutdown
DLS1(config-if)# no shutdown 100
50
SVI

• The switch routes frames between VLANs directly on the switch via
hardware switching without requiring an external router.
– An SVI is mostly implemented to interconnect the VLANs on the
Building Distribution submodules or the Building Access submodules in the
multilayer switched network.
101
MLS Layer 3 Interface: BVI
l http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note0
9186a0080094663.shtml
l BVI.PDF
l A bridge virtual interface (BVI) is a Layer 3 virtual interface that acts
like a normal SVI to route packets across bridged or routed domains.
Bridging Layer 2 packets across Layer 3 interfaces is a legacy method
of moving frames in a network. To configure a BVI to route, use the
integrated routing and bridging (IRB) feature, which makes it possible
to route a given protocol between routed interfaces and bridge groups
within the same device. Specifically, routable traffic is routed to other
routed interfaces and bridge groups, while local or unroutable traffic is
bridged among the bridged interfaces in the same bridge group. As a
result, bridging creates a single instance of spanning tree in multiple
VLANs or routed subnets. This type of configuration complicates
spanning tree and the behavior of other protocols, which in turn makes
troubleshooting difficult.
l In today's network, however, bridging across routed domains is highly
discouraged.
102
51
IP Broadcast
Forwarding
l DHCP use IP subnet broadcasts to the 255.255.255.255 address.

l Routers do not route these packets by default.
l Routers and Layer 3 switches can be configured to forward these
DHCP and other UDP broadcast packets to a:
unicast
directed broadcast address
103
DHCP Relay Agent
MLS(config)#interface vlan 1
MLS(configif)#description DHCP Server VLAN
MLS(config-if)#ip address 10.1.1.1 255.255.255.0
MLS(config-if)#no ip directed-broadcast
MLS(config-ig)#description DHCP clients
MLS(config-if)#no shutdown
MLS(config-if)#ip helper-address 10.1.1.254
l Layer 3 devices do not pass broadcasts.

l What issue does this cause for DHCP Servers?
Each subnet requires a DHCP server.
l To enable the DHCP relay agent feature, configure the ip helper-address
command with the DHCP server IP address(es) on the client VLAN interfaces.
104
52
DHCP Relay Agent
The ip helper-address command not only forwards DHCP UDP packets but also
forwards TFTP, DNS, Time, NetBIOS, name server, and BOOTP packets by
default.
By default, the ip helper-address command forwards the eight UDPs services.
105
DHCP Relay Agent
MLS(configif)#description DHCP Server VLAN
MLS(config-ig)#description DHCP clients See Improving Security on
MLS(config-if)#ip address 10.1.2.1 255.255.255.0 Routers:
MLS(config-if)#no shutdown http://www.cisco.com/warp/public/
MLS(config-if)#no ip directed-broadcast 707/21.html
MLS(config-if)#ip helper-address 10.1.1.254
l ip helper-address - make sure the ip directed-broadcast is not

configured on any outbound interfaces that the UDP broadcast packets need to
traverse.
l The no ip directed-broadcast command configures the router or switch to
prevent the translation of a directed broadcast to a physical broadcast (MAC FF).
l This is a default behavior since Cisco IOS Release 12.0, implemented as a
security measure.
106
53
UDP Broadcast Forwarding
Router(config)#interface vlan 1
Router(config-if)#ip address 10.100.1.1 255.255.255.0
Router(config-if)#ip helper-address 10.200.1.254
Router(config)#ip forward-protocol udp mobile-ip

Router(config)#no ip forward-protocol udp netbios-ns
l To specify additional UDP broadcasts for forwarding by the router

when configuring the ip helper-address interface command, use the
following global command:
ip forward protocol udp udp_ports
l Use the no option to remove default or configured applications.
107
Traditional and CEF Based

54
l Multilayer switching - ability of a Catalyst switch to support switching

and routing of packets in hardware.
Optional support for Layers 4 through 7 switching in hardware as
well.
l Hardware switching: A route processor (Layer 3 engine) must
download software-based routing, switching, access lists, QoS, and
other information to the hardware for packet processing.
109
Traditional and CEF-based MLS
l Cisco Catalyst switches use either:

Traditional multilayer switching (traditional MLS)
A legacy feature
Cisco Express Forwarding (CEF)-based MLS architecture.
All leading-edge Catalyst switches support CEF-based
multilayer switching
110
55
Traditional MLS
l Specialized application-specific integrated circuits (ASICs) perform

Layer 2 rewrite operations of routed packets:
Source MAC address
Destination MAC address
Cyclic redundancy check (CRC).
Because the source and destination MAC addresses change
during Layer 3 rewrites, the switch must recalculate the CRC
for these new MAC addresses.
111
Traditional MLS
l Switch learns Layer 2 rewrite information from an MLS router via

an MLS protocol.
netflow-based switching.
l With traditional MLS, the Layer 3 engine (route processor) and
switching ASICs work together to build Layer 3 entries on the switch.
l Each entry can be populated in one of three ways:
Source IP address only
Source and destination IP addresses
Full Flow Information with Layer 4 protocol information.
112
56
Traditional MLS

VLAN D-MAC= 00-00- S-MAC= 00-AA-00-11-
S-MAC= 00- S-IP = D-IP =
11-11
1 0C-11-11-11 AA-00-11-11-11 10.1.1.10 10.1.2.20
l The switch forwards the first packet in any flow to the Layer 3 engine
for processing using software switching.
l After the routing of the first packet in the flow, the Layer 3 engine
programs the hardware-switching components for routing for
subsequent packets.
113
MLS-RP
Candidate Packet Info The Destination MAC
Layer 3 Info Address is one of the
S-IP 10.1.1.10 router’s interfaces.
D-IP 10.1.2.20 There is not an existing
Layer 2 Info flow, so I will flag this as a
S-MAC 00-AA-00-11-11-11 candidate packet.
D-MAC 00-00-0C-11-11-11
MLS-SE

1 0C-11-11-11 00-11-11-11 10.1.1.10 10.1.2.20
l When workstation A sends a packet to workstation B, workstation A sends the

packet to its default gateway.
The default gateway is the RSM.
l The switch (MLS-SE) recognizes this packet as an MLS candidate packet
because the destination MAC address matches the MAC address of the MLS
router (MLS-RP).
l As a result, the switch creates a candidate entry for this flow.
114
57
MLS-RP
MLS-SE

VLAN 2 D-MAC= 00-AA- S-MAC= 00-00- S-IP = D-IP =
00-22-22-22 0C-22-22-22 10.1.1.10 10.1.2.20
l Next, the router accepts the packets from workstation A, rewrites the
Layer 2 MAC addresses and CRC, and forwards the packet to
workstation B.
l The switch refers to the routed packet from the RSM as the enabler
packet.
115
MLS-RP
Layer 3 Info
S-IP 10.1.1.10
D-IP 10.1.2.20
Layer 2 Info
S-MAC 00-AA-00-11-11-11
D-MAC 00-00-0C-11-11-11
MLS-SE

VLAN D-MAC= 00-AA- S-MAC= 00-00- S-IP = D-IP =
2 00-22-22-22 0C-22-22-22 10.1.1.10 10.1.2.20
l MLS-SE recognizes various matches including CAM, details not included.

l Basically, the MLS-SE recognizes that the packet going out of VLAN 2
was the same one that came in on VLAN 1.
l The switch, upon seeing both the candidate and enabler packets, creates an
MLS entry in hardware (MLS Cache) such that the switch rewrites and
forwards all future packets matching this flow.
116
58
MLS-RP
Found match in MLS
Layer 3 Info
S-IP 10.1.1.10
Cache, rewrite Ethernet
D-IP 10.1.2.20 Header and send directly
Layer 2 Info to Host B, forget the
S-MAC 00-AA-00-11-11-11 router!
D-MAC 00-00-0C-11-11-11
MLS-SE
Future Packets
Dst IP Src IP Port Dst Src Dst Src VLAN Interface

MLS Port Port MAC MAC
Cache 10.1.2.20 10.1.1.10 TCP 23 1238 00-AA-

00-22-
00-00-
0C-22-
2 3/1
22-22 22-22
l As future packets from the “flow” arrive, the MLS-SE uses the destination IP
address to look up the entry in the MLS cache.
l Finding a match, rewrite engine modifies the necessary header information
and forwards the frame (the packet is not forwarded to the router).
l The rewrite operation modifies all the same fields initially modified by the router
for the first packet, including the source MAC and destination MAC addresses.
117
CEF-based MLS
118
59
CEF
l CEF-based MLS forwarding model is used to download the control

plane information such as the access lists to the data plane on the
supervisor, port, or line card for hardware switching of packets.
Control plane represents the Layer 3 engine (route processor)
Data plane represents the hardware components such as ASICs
used by the switch for hardware switching.
l CEF is a topology-based forwarding model in which all routing
information is prepopulated into a forwarding information base
(FIB).
l Result is switches can quickly look up routing information such as
IP adjacencies and next-hop IP and MAC addresses.
119
Routing Table
CEF
The two main components of CEF are :

FIB
Adjacency Table
• Forwarding information base
Make IP destination switching decisions.
Similar to a routing table
Mirror image of the forwarding information contained in the IP routing
table.
When routing or topology changes occur in the network, the IP routing
table is updated, and those changes are reflected in the FIB.
Maintains next-hop address information based on the information in
the IP routing table.
Both the Layer 3 engine and the hardware-switching components maintain
a FIB.
120
60
CEF
l Adjacency tables
Network nodes in the network are said to be adjacent if they can
reach each other with a single hop across a link layer. (OSPF,
EIGRP)
A router normally maintains:
Routing table containing Layer 3 network and next-hop
information
ARP table containing Layer 3 to Layer 2 address mapping.
These tables are kept independently.
121
Layer 2 MAC Addresses,

CEF Next Hop Information
Next hop?
l Adjacency tables
The FIB keeps the Layer 3 next-hop address for each entry.
To streamline packet forwarding even more, the FIB has
corresponding Layer 2 information for every next-hop entry.
This portion of the FIB is called the adjacency table, consisting of
the MAC addresses of nodes that can be reached in a single Layer
2 hop.
122
61
No ARP entry,
CEF L3 forwarding
engine can’t
forward packet
in hardware,
must send to L3
Engine.
I’ll generate the ARP
Request and get an
ARP Reply.
l Adjacency tables (summary, more detail coming)

Built from the ARP table.
As a next-hop address receives a valid ARP entry, the adjacency
table is updated.
If an ARP entry does not exist, the FIB entry is marked as “CEF
glean.”
This means that the Layer 3 forwarding engine can't forward the
packet in hardware, due to the missing Layer 2 next-hop address.
The packet is sent to the Layer 3 engine so that it can generate an
ARP request and receive an ARP reply.
This is known as the “CEF glean” state, where the Layer 3 engine
must glean the next-hop destination's MAC address.
123
CEF
l Adjacency tables
What happens to subsequent packets while FIB entry is in glean state? (L3
engine is sending ARP Request.)
These packets are dropped.
So input queues do not fill.
So Layer 3 engine does not become too busy worrying about the need
for duplicate ARP requests.
This is called ARP throttling or throttling adjacency.
If an ARP reply is not received in two seconds, the throttling is
released so that another ARP request can be triggered.
After ARP reply is received:
Throttling is released
FIB entry can be completed
Subsequent packets can be forwarded in hardware 124
62
ARP
Throttling
1. Host A sends a packet to Host B.

l CEF lookup shows glean adjacency (ARP entry does not exist so
no entry in adjacency table).
l No rewrite information exists.
2. Packet passed to Layer 3 Engine for processing.
125
ARP
Throttling
Throttling Adjacency is
removed when no ARP
Reply is received in 2
seconds. This allows
for another packet to to ARP
initiate a new ARP Drop packets until ARP
Reply received Request
Request.
Throttling Adjacency
relieves the Layer 3 X
Engine of excessive X
ARP processing or X
ARP-based DoS
attacks.
3. Obtaining rewrite information.

l L3 Engine sends an ARP Request for Host B and waits for ARP Reply.
l Throttling Adjacency: While in glean state, subsequent packets to that
host are dropped, so that input queues do not fill and so the Layer 3
engine isn’t busy with duplicate ARP Requests. (Note: Cisco’s routers
drop the first packet when there is no ARP entry, while sending the ARP
Request.) 126
63
ARP
Throttling

Reply received
(Throttling Adjacency) ARP
Reply
X
X
X
4. Host B sends ARP Reply.
127
ARP Host B’s
Throttling 10.20.10.2 MAC

Address

Reply received
5. The Layer 3 Engine installs Adjacency for Host B and removes the
throttling (drop) adjacency.
Next: Packet Rewrite (Coming!)
128
64
Packet Rewrite
Egress
Packet
129
Host B’s
10.20.10.2 MAC
Packet Rewrite Address
L2 Checksum L3 Checksum
Default Host A TTL

Gateway
The switch receives another packet:

l After a multilayer switch finds valid entries in the FIB and adjacency
tables, a packet is almost ready to be forwarded.
l One step remains—the packet header information must be rewritten.
l Multilayer switching occurs as quick table lookups:
Find the next-hop address
Outbound switch port.
l The IP header must also be adjusted, as if a traditional router had
done the forwarding (TTL).
130
65
Host B’s
10.20.10.2 MAC
Host B
Default Host
L3 switch
A TTL
Gateway
MAC Add outbound -1
interface
The packet rewrite engine makes the following changes to the packet just prior
to forwarding:
l Layer 2 destination address— Changed to the next-hop device's MAC address
l Layer 2 source address— Changed to the outbound Layer 3 switch interface's
MAC address
l Layer 3 IP Time To Live (TTL)— Decremented by one, as one router hop has
just occurred
l Layer 2 frame checksum— Recalculated to include changes to the Layer 2 and
Layer 3 headers
l Layer 3 IP checksum— Recalculated to include changes to the IP header
131
Host B’s
10.20.10.2 MAC
Host B
Default Host
L3 switch
A TTL
Gateway
MAC Add outbound -1
interface
l A traditional router would normally make the same changes to each

packet.
l The multilayer switch must act as if a traditional router were being used,
making identical changes.
The multilayer switch:
Can do this very efficiently with dedicated packet rewrite
hardware and with address information obtained from table
lookups.
132
66
Host B’s
10.20.10.2 MAC
Host B
Default Host
L3 switch
A TTL
Gateway
MAC Add outbound -1
interface
l The switch performs a Layer 3

lookup and finds a CEF entry for
Host B.
l The switch rewrites packets per
the adjacency information and
forwards the packet to Host B on
its VLAN.
133
CEF
l Catalyst switches do not support routing of all types of frames in hardware.

l For example, the following list details common frame types that are not supported by
hardware switching:
Packets with IP header options
Packets sourced from or destined to tunnel interfaces
Packets using Ethernet encapsulation types other than ARPA
Packets that require fragmentation (exceed MTU of the interface)
l Two types of CEF
Central CEF – Forwarding decisions done by ASIC that is central to all interfaces.
Distributed CEF (dCEF) – Forwarding decisions done on independently on
interfaces or line modules (faster).
134
67
Switching Table Architectures
l Multilayer switches build the following tables for centralized or

distributed switching in hardware using high-speed memory tables :
Routing (CEF FIB and adjacency)
Bridging
QoS
Access Control :ist (ACL) tables.
135
Switching Table Architectures - Details
CAM TCAM
Multilayer switches deploy memory tables using specialized memory

architectures:
l CAM (content addressable memory)
Provides only two results: 0 (true) or 1 (false).
For exact matches such as MAC address tables.
l TCAM (ternary content addressable memory ) – Ternary Logic
Provides three results: 0 (don’t care), 1 (true), 2 (false); Ternary
Logic; Ternary number system (Base 3) - trits
For longest matches such as IP routing tables organized by IP
prefixes.
136
68
CAM
l For Layer 2 switching tables.

l With CAM tables, switches must find exact matches or the switches
use a default behavior.
l Switch must find an exact match to a destination MAC address or
the switch floods the packet out all ports in the VLAN.
137
CAM
VLAN ID
Key Key
l The information a switch uses to perform a lookup in a CAM table is

called a key.
Destination MAC address
VLAN ID
138
69
TCAM
l TCAM is a specialized CAM designed for
rapid table lookups.
l For example, the Catalyst 2950, 3550,
4500, and 6500 families of switches use
TCAM to handle ACL lookups at line
rate.
l Thus applying ACLs does not affect the
performance of the switch.
l Single lookup provides the following
information:
Layer 2
Layer 3
ACL
139
TCAM
l VMR (value, mask, and result) refers to the
format of entries in TCAM.
l The “value” in VMR refers to the pattern that
is to be matched:
Examples include IP addresses and
protocol ports
l The “mask” refers to the mask bits
associated with the pattern and determines
the prefix.
l The “result” refers to the result or action that
occurs in the case where a lookup returns a
hit for the pattern and mask.
This result might be a “permit” or “deny”
in the case of a TCAM for ACLs.
Another example of a result is a pointer to
an entry in the hardware adjacency table
that contains the next-hop MAC rewrite
information in the case of a TCAM used
for IP routing.
l If TCAM becomes full the wildcard entry will
force the packet to route via the routing table.
140
70
CEF-Based MLS Lookups
1. Layer 3 packets initiate TCAM lookup.

2. The longest match returns adjacency with rewrite information.
3. The packet is rewritten per adjacency information and forwarded.
141
Inter-VLAN Routing Summary

l A router on a stick can be used to route between VLANs using either
ISL or 802.1Q as the trunking protocol.
l A router on a stick requires subinterfaces, one for
each VLAN.
l Verify inter-VLAN routing by generating IP packets between two
subnets.
l Multilayer switches can forward traffic both at Layer 2 and at Layer
3.
l Multilayer switches rewrite the Layer 2 and Layer 3 header using
tables held in hardware.
142
71
Configuring Inter-VLAN Routing
Through an SVI
Step 1 : Configure IP routing.
Switch(config)#ip routing
Step 2 : Create an SVI interface.

Switch(config)#interface vlan vlan-id
Step 3 : Assign an IP address to the SVI.
Switch(config-if)#ip address ip-address mask
Step 4 : Configure the IP routing protocol if needed.
Switch(config)#router ip_routing_protocol <options>
143
Configuring a Routed Port

Step 1 : Configure IP routing.
Switch(config)#ip routing
Step 2 : Create a routed port.

Switch(config-if)#no switchport
Step 3 : Assign an IP address to the routed port.
Switch(config-if)#ip address ip-address mask
Step 4 : Configure the IP routing protocol if needed.
Switch(config)#router ip_routing_protocol <options>
144
72
Enabling CEF
The commands required to enable CEF are platform

dependent:
– On the Cisco Catalyst 4000 switch

Switch(config-if)#ip cef
– On the Cisco Catalyst 3550 switch

Switch(config-if)#ip route-cache cef
145
Verifying CEF
Switch#show ip cef [type mod/port | vlan_interface] [detail]
Switch# show ip cef vlan 11 detail
IP CEF with switching (Table Version 11), flags=0x0

10 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 0
13 leaves, 12 nodes, 14248 bytes, 14 inserts, 1 invalidations
0 load sharing elements, 0 bytes, 0 references
universal per-destination load sharing algorithm, id 4B936A24
2(0) CEF resets, 0 revisions of existing leaves
Resolution Timer: Exponential (currently 1s, peak 1s)
0 in-place/0 aborted modifications
refcounts: 1061 leaf, 1052 node
Table epoch: 0 (13 entries at this epoch)
172.16.11.0/24, version 6, epoch 0, attached, connected

0 packets, 0 bytes
via Vlan11, 0 dependencies
valid glean adjacency
146
73
Verify Layer 3 Switching
Switch#show interface {{type mod/port} | {port-channel
number}} | begin L3
Switch#show interface fastethernet 3/3 | begin L3

4046399 packets input, 349370039 bytes, 0 no buffer
Received 3795255 broadcasts, 2 runts, 0 giants, 0 throttles
.....
Switch#
147
Displaying Hardware Layer 3 Switching

Statistics
Switch#show interfaces {{type mod/port} | {port-channel
number}} include switched
Switch#show interfaces gigabitethernet 9/5 | include switched

L2 Switched: ucast: 8199 pkt, 1362060 bytes - mcast: 6980 pkt, 371952 bytes
148
74
Adjacency Information
Switch#show adjacency [{{type mod/port} |
{port-channel number}} | detail | internal | summary]
Switch#show adjacency gigabitethernet 9/5 detail

Protocol Interface Address
IP GigabitEthernet9/5 172.20.53.206(11)
504 packets, 6110 bytes
00605C865B82
000164F83FA50800
ARP 03:49:31
149
Debugging CEF Operations
Switch#debug ip cef {drops | access-list | receive |

events | prefix-ipc | table}
• Displays debug information for CEF
Switch#debug ip cef {ipc | interface-ipc}
• Displays debug information related to IPC in CEF
Switch#ping ip
• Performs an extended ping
150
75
CEF Summary
l Layer 3 switching is high-performance packet switching in
hardware.
l MLS functionality can be implemented through CEF.
l CEF uses tables in hardware to forward packets.
l Specific commands are used to enable and verify
CEF operations.
l Commands to enable CEF are platform dependent.
l CEF problems can be matched to specific solutions.
l Specific commands are used to troubleshoot and solve CEF
problems.
l Ordered steps assist in troubleshooting CEF-based problems.
151

routing
l SWITCH v6.0 / MCMSN v5.0 (Cisco flash v5.0)

l CCNP 3 version 5
76

10-2CCNP2-SWITCH-mod04-v6.0-Implementing InterVLAN Routing

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

10-2CCNP2-SWITCH-mod04-v6.0-Implementing InterVLAN Routing

Caricato da

Copyright:

Formati disponibili

CCNP-SWITCH (V6.

l Module 4 : Implementing Inter-VALN routing

Module 4. Implementing Inter-VLAN

SWITCH v6.0 / MCMSN v5.0 (Cisco flash v5.0)

4.1 Describing Routing Between VLANs

l A VLAN is a logical group of ports, usually belonging to a single IP

Inter-VLAN Routing with External Router

• a single trunk link between the

l The disadvantages are as follows:

l Router on a stick is very simple to implement because routers are

Describing Inter-VLAN Routing Using External

Inter-VLAN Routing on External Router: ISL

Explaining Multilayer Switching

Ø Different VLANs à routing

l ASIC: wire speed

l Routing table, access control list (ACL) à

Logical Flow for a Multilayer Switch

Switching Table Architectures - Details

l Routing, switching, ACL, and QoS tables are stored in a high-speed

l The information a switch uses to perform a lookup in a CAM table is

l In specific high-end switch platforms, the TCAM

4.1 Describing Routing Between VLANs

The Catalyst multilayer switches support three different types of Layer 3

MLS Layer 3 Interface: Routed Port

l A routed port has the following characteristics and functions:

Configuration of Routed Ports on a Multilayer

l Switch virtual interfaces (SVI) are Layer 3 interfaces that are

MLS Layer 3 Interface: SVI

l To configure communication between VLANs, you must configure each

Configuring Inter-VLAN Routing on a Multilayer Switch

4.1 Describing Routing Between VLANs

MLS and CEF

l One of the bottlenecks in high-speed networking is the

Route Processors include:

l MLS is a technology used by a small number of older

l CEF is the technology used by newer Cisco devices to

Traditional MLS CEF-Based MLS

l Multilayer switching refers to the ability of a Catalyst switch to

l To accomplish multilayer switching (packet processing in hardware),

l The term multilayer switching (MLS) is a general networking term

dot1q Tag Ethernet Header IP Header IP

MLS-RP The Destination MAC

dot1q Tag Ethernet Header IP Header IP

dot1q Tag Ethernet Header IP Header IP

Dst IP Src IP Port Dst Src Dst Src VLAN Interface

l CEF-based MLS forwarding model is used to download the control

CEF No ARP entry,

l Adjacency tables (summary, more detail coming)

Explaining Layer 3 Switch Processing

Explaining Layer 3 Switch Processing

Explaining Layer 3 Switch Processing

• CEF Operation modes: • CEF-based Cisco MultiLayer Switches:

Explaining CEF-based Multilayer Switches

Identifying the Multilayer Switch Packet Forwarding Process

Identifying the Multilayer Switch Packet Forwarding Process

Identifying the Multilayer Switch Packet Forwarding Process

Populating FIB and Adjacency Table

Identifying the Multilayer Switch Packet Forwarding Process

l An example of ARP throttling, which consists of these steps:

l When a router is directly connected to a multiaccess segment

1. Host A sends a packet to Host B.

3. Obtaining rewrite information.