Post on 09-Feb-2016
description
1© 2003, Cisco Systems, Inc. All rights reserved.
CCNP 3 v4 Module 5 Implementing Multilayer Switching
222© 2003, Cisco Systems, Inc. All rights reserved.
Objectives
• Describing Routing Between VLANs• Deploying Cisco Express Forwarding
(CEF)• Enabling Routing Between VLANs on a
Multilayer Switch
333© 2003, Cisco Systems, Inc. All rights reserved.
Overview
• A switch with multiple VLANs requires a means of passing Layer 3 traffic between those VLANs.
• A router that is external to the Layer 2 switch hosting the VLANs can provide the Inter-VLAN routing or it can be done using a Catalyst Multilayer Switch.
• When routing occurs within a Catalyst Multilayer Switch, Cisco Express Forwarding (CEF) is used.
• Routing on a Multilayer Switch is achieved via Switched Virtual Interfaces (SVIs) that act as gateways for an individual VLAN/subnet.
444© 2003, Cisco Systems, Inc. All rights reserved.
Inter-VLAN Routing
• Configuring VLANs allows a network administrator to create smaller broadcast domains and improve security
• However, VLANs require a Layer 3 device to allow for inter-VLAN communication
555© 2003, Cisco Systems, Inc. All rights reserved.
Inter-VLAN Routing
• If a switch supports multiple VLANs but has no Layer 3 capability to route packets between those VLANs, the switch must be connected to an external router.
• An external router can route between VLANs by either:A. Attaching the router’s physical interfaces to each VLAN
with no VLAN taggingB. Using a single physical interface and a VLAN trunking
protocol.– The use of the VLAN trunking protocol enables us to
create additional logical subinterfaces each associated with a particular VLAN.
– The two VLAN trunking protocols are ISL and 802.1Q
666© 2003, Cisco Systems, Inc. All rights reserved.
External Router Options
One physical trunking interfacewith logical subinterfaces
One physical interface per VLAN
777© 2003, Cisco Systems, Inc. All rights reserved.
Advantages and Disadvantages of EachExternal Router with Multiple Phys. Interfaces
External Router with Logical Subinterfaces
888© 2003, Cisco Systems, Inc. All rights reserved.
Using a Single Trunk
• In order for traffic to be routed from VLAN to VLAN the router needs a separate logical interface for every VLAN.
• To do this we can use either the ISL or 802.1Q trunking protocol.ExtRouter(config)#int fa0/0ExtRouter(config-if)#no shutExtRouter(config-if)#int fa0/0.1ExtRouter(config-subif)#encapsulation dot1q 1 nativeExtRouter(config-subif)#ip addr 192.168.1.1 255.255.255.0ExtRouter(config-subif)#int fa0/0.10ExtRouter(config-subif)#encapsulation dot1q 10ExtRouter(config-subif)#ip addr 192.168.10.1 255.255.255.0ExtRouter(config-subif)#int fa0/0.20ExtRouter(config-subif)#encapsulation dot1q 20ExtRouter(config-subif)#ip addr 192.168.20.1 255.255.255.0
Logical subif
802.1Q protocol
VLAN ID
999© 2003, Cisco Systems, Inc. All rights reserved.
Inter-VLAN Routing Scalability
• For networks with more than a few VLANs, virtual/logical subinterfaces is the best strategy.– Both an external and an internal router can be
used with subinterfaces
• The difference between the internal vs. external solutions involves a tradeoff between cost and performance.– An entry level external router (1721) is generally
cheaper than a switch with Layer 3 functionality (Cat 3550)
– However, the Layer 3 switch provides higher efficiency and performance
101010© 2003, Cisco Systems, Inc. All rights reserved.
Layer 2 Switching
• Layer 2 switching forwards frames based on information in the Layer 2 Frame header.
• Switch hardware utilizes specialized chips, called application-specific integrated circuits (ASICs), to handle frame manipulation and forwarding. – By using ASICs, Layer 2 switching can provide wire
speed performance.
111111© 2003, Cisco Systems, Inc. All rights reserved.
Layer 2 Switching Tables
• Cisco Catalysts have two primary table architectures: – CAM Table (Content Addressable Memory)– TCAM Table (Ternary CAM)
121212© 2003, Cisco Systems, Inc. All rights reserved.
CAM Table
• The CAM table is the primary table used to make Layer 2 forwarding decisions.
• The CAM is built by recording the source MAC address of inbound frames on a switchport.– This way frames are forwarded out only the
switchport associated with that MAC addr.• This allows for unicast transmission
– The MAC address table lists MAC and VLAN pairs with associated interfaces.
131313© 2003, Cisco Systems, Inc. All rights reserved.
TCAM Table
• The TCAM table stores ACL, QoS and other information generally associated with upper layer processing. – In a Layer 2 table, all bits of all information are
significant for frame forwarding (for example, VLANs, destination MAC addresses, and destination protocol types).
– The TCAM table allows forwarding decisions to ignore parts of the source and destination fields by way of the access list entry’s wildcard mask.
141414© 2003, Cisco Systems, Inc. All rights reserved.
Layer 2 Forwarding Process
151515© 2003, Cisco Systems, Inc. All rights reserved.
Layer 2 Forwarding Flow Chart
161616© 2003, Cisco Systems, Inc. All rights reserved.
Multilayer Switching
• Multilayer switching includes the ability to switch data based on information at multiple layers.
• Multilayer switching also refers to routers that can forward packets at wire-speed through switching hardware. – -if)# ip route-cache
• Layer 3 switch processing forwards packets at wire-speed by using ASIC hardware instead of CPU based lookups found on a traditional router. – Specific Layer 3 components such as routing tables
or ACLs can be cached into hardware.
171717© 2003, Cisco Systems, Inc. All rights reserved.
Layer 3 Switching
• Layer 3 switching can occur at two different locations on the switch: – Centralized Switching– Distributed Switching
181818© 2003, Cisco Systems, Inc. All rights reserved.
Centralized Switching
• Centralized switching decisions are made on the route processor by a central forwarding table, typically controlled by an ASIC.
191919© 2003, Cisco Systems, Inc. All rights reserved.
Distributed Switching
• Distributed switching decisions can be made on a port or line card level rather than on a central route processor. – Each line card maintains its own FIB table.
• Cached tables are distributed and synchronized to various hardware components so processing can be distributed throughout the switch chassis.
202020© 2003, Cisco Systems, Inc. All rights reserved.
Layer 3 Forwarding
• Layer 3 switching takes place using one of two methods: • Route caching
– Flow-based or demand-based switching, a Layer 3 route cache is built in hardware as the switch sees traffic flows into the switch.
• Topology-based– Information from the routing table is used to populate
the route cache regardless of traffic flow.– The populated route cache is called the Forwarding
Information Base (FIB). – Cisco Express Forwarding (CEF) is the facility that builds
the FIB.
212121© 2003, Cisco Systems, Inc. All rights reserved.
Process Switching
• Process switching is the most basic method of switching packets.
• Process switching moves packets between interfaces, based on information in the routing table and the ARP cache.– As packets arrive, they are moved into a queue to
wait for further processing.– When the scheduler runs, the outbound interface
will be determined and the packet will be switched.– Waiting for the scheduler introduces latency.
222222© 2003, Cisco Systems, Inc. All rights reserved.
CEF Based Multilayer Switching
• To speed this process up, CEF caches information generated by the Layer 3 Routing Engine.
• CEF caches routing information in the forwarding information base (FIB) and caches Layer 2 next-hop addresses for all FIB entries in an Adjacency Table.
• CEF operates in two modes:– Central– Distributed
232323© 2003, Cisco Systems, Inc. All rights reserved.
CEF Example
242424© 2003, Cisco Systems, Inc. All rights reserved.
FIB and Adjacency TablesThe FIB is derived from the IP routing table with the longest match first. The adjacency table is derived from the ARP table, and contains Layer 2 rewrite (MAC) information for the next hop.
252525© 2003, Cisco Systems, Inc. All rights reserved.
Central CEF Mode
• In Central CEF, the FIB and adjacency tables reside on the route processor, and the route processor performs the express forwarding.
• This CEF mode is used when line cards are not available for CEF switching, or when features not compatible with Distributed CEF.
262626© 2003, Cisco Systems, Inc. All rights reserved.
Distributed CEF Mode (dCEF)
• When dCEF is enabled, line cards maintain identical copies of the FIB and adjacency tables.
• The line cards can perform the express forwarding by themselves, relieving the main processor of involvement in the switching operation.
• dCEF uses an Inter-Process Communication (IPC) mechanism to ensure synchronization of FIBs and adjacency tables on the route processor and line cards.
272727© 2003, Cisco Systems, Inc. All rights reserved.
The CEF Control Plane and Data Plane
• CEF breaks the forwarding process into two parts:– The control plane and the data plane
• The control plane is responsible for building the FIB table and adjacency tables in software.
• The data plane is responsible for forwarding IP unicast traffic using hardware.
282828© 2003, Cisco Systems, Inc. All rights reserved.
Control Plane and Data Plane Example
292929© 2003, Cisco Systems, Inc. All rights reserved.
FIB Table Updates
• The FIB table is updated when the following occurs:– An ARP entry for the destination next hop
changes, ages out, or is removed. – The routing table entry for a prefix changes. – The routing table entry for the next hop
changes.
303030© 2003, Cisco Systems, Inc. All rights reserved.
TCAM and ACL Entries
• The Ternary Content Addressable Memory (TCAM) is a specialized piece of memory designed for rapid, hardware based table lookups of Layer 3 and 4 information.
• The TCAM is used to match incoming packets to existing ACLs.– The TCAM table examines the source and
destination wildcard mask of an ACE and creates a “mask” entry for the pair.
– Each mask has eight value patterns that can be associated with that mask.
– The values are the source and destination IP addresses and port numbers that match the mask entry.
http://www.ciscopress.com/articles/article.asp?p=101629&seqNum=4&rl=1
313131© 2003, Cisco Systems, Inc. All rights reserved.
Value, Mask and Result Table (VMR)
access-list 101 permit ip host 10.1.1.1 any access-list 101 deny ip 10.1.1.0 0.0.0.255 any
323232© 2003, Cisco Systems, Inc. All rights reserved.
ARP Throttling
• Only the first few packets for a connected destination reach the Layer 3 engine so that the Layer 3 engine can use Address Resolution Protocol (ARP) to locate the host.– This allows the FIB table to have a corresponding
adjacency entry for Layer 2.• If the Layer 2 address is unknown then the Layer 3 engine
generates an ARP request.• While the Layer 3 engine is waiting for the ARP reply,
subsequent packets to the destination host are dropped. – This is known as ARP throttling.– The throttling adjacency is removed when an ARP reply
is received.
333333© 2003, Cisco Systems, Inc. All rights reserved.
Forwarding ExampleStep 1 Host A sends packet to host B.Step 2 The switch forwards the packet to the Layer 3 engine based on the "glean" entry in the FIB (because a Layer 2 request does not exist in the adj. table).Step 3 The Layer 3 engine sends an ARP request for host B and installs the drop adjacency for host B (ARP throttling).Step 4 Host B responds to the ARP request (ARP throttle removed).Step 5 Frame rewrite (not shown)
343434© 2003, Cisco Systems, Inc. All rights reserved.
Other Adjacency Types
• Null adjacency: Packets destined for a Null0 interface are dropped. This can be used as an effective form of access filtering.
• Glean adjacency: When a router is connected directly to several hosts, the FIB table on the router maintains a prefix for the subnet rather than for the individual host prefixes. The subnet prefix points to a glean adjacency. When packets need to be forwarded to a specific host, the adjacency database is gleaned for the specific prefix.
• Punt adjacency: Features that require special handling or features that are not yet supported in conjunction with CEF switching paths are forwarded to the next switching layer for handling. Features that are not supported are forwarded to the next higher switching level.
• Discard adjacency: Packets are discarded.• Drop adjacency: Packets are dropped, but the prefix is
checked.
353535© 2003, Cisco Systems, Inc. All rights reserved.
CEF Based MLS Operation btwn VLANs
• Step 1 Host A sends a packet to host B. The switch recognizes the frame as a Layer 3 packet because the destination MAC (MAC-M) matches the Layer 3 engine MAC.
• Step 2 The switch performs a CEF lookup based on the destination IP address (IP-B). The packet hits the CEF entry for the connected (VLAN20) network and is redirected to the Layer 3 engine using a "glean" adjacency.
• Step 3 The Layer 3 engine installs an ARP throttling adjacency in the switch for the host B IP address.
• Step 4 The Layer 3 engine sends ARP requests for host B on VLAN20.
363636© 2003, Cisco Systems, Inc. All rights reserved.
CEF Based MLS Operation btwn VLANs
373737© 2003, Cisco Systems, Inc. All rights reserved.
CEF Based MLS Operation btwn VLANs
• Step 5 Host B sends an ARP response to the Layer 3 engine.
• Step 6 The Layer 3 engine installs the resolved adjacency in the switch (removing ARP throttling adjacency).
• Step 7 The switch forwards the packet to host B.• Step 8 The switch receives a subsequent packet for host B
(IP-B).• Step 9 The switch performs a Layer 3 lookup and finds a
CEF entry for host B. The entry points to the adjacency with rewrite information for host B.
• The switch rewrites packets per the adjacency information and forwards the packet to host B on VLAN20.
383838© 2003, Cisco Systems, Inc. All rights reserved.
Frame Rewrite Example
393939© 2003, Cisco Systems, Inc. All rights reserved.
Configuring CEF
404040© 2003, Cisco Systems, Inc. All rights reserved.
Configuring CEF
414141© 2003, Cisco Systems, Inc. All rights reserved.
show ip cef
424242© 2003, Cisco Systems, Inc. All rights reserved.
CEF show interface Commands
434343© 2003, Cisco Systems, Inc. All rights reserved.
CEF show adjacency Command
444444© 2003, Cisco Systems, Inc. All rights reserved.
Verifying CEF
454545© 2003, Cisco Systems, Inc. All rights reserved.
Using Layer 3 Interfaces on a Multilayer Switch
• There are two types of Layer 3 interfaces that you can create on a multilayer switch.1. Logical switched virtual interfaces (SVIs)
2. Physical routed ports
464646© 2003, Cisco Systems, Inc. All rights reserved.
Routing with a Layer 3 Switch
• To route between VLANs on a Layer 3 switch, we use SVIs.
• A switched virtual interface (SVI) is a virtual Layer 3 interface that can be configured for any VLAN that exists on a Layer 3 switch.
• The SVI for the VLAN provides Layer 3 processing for packets from all switch ports associated with that VLAN. – Only one SVI can be associated with a VLAN. – By default, an SVI is created for the default VLAN
(VLAN1) to permit remote switch administration. You must explicitly configure additional SVIs.
474747© 2003, Cisco Systems, Inc. All rights reserved.
Layer 3 Switched Virtual Interface (SVI)
• You configure an SVI for a VLAN for these reasons:– To provide a default gateway for a VLAN so traffic
can be routed between VLANs – To provide fallback bridging if it is required for
nonroutable protocols – To provide Layer 3 IP connectivity to the switch
• This places the switch on that VLAN.
• SVIs are created the first time interface configuration mode is entered for a particular VLAN SVI interface.
484848© 2003, Cisco Systems, Inc. All rights reserved.
Routed Interfaces on a Multilayer Switch
• A routed switch port is a physical switch port on a Multilayer switch that is capable of Layer 3 packet processing.– A routed port is not associated with a particular
VLAN, as is an access port or SVI. – A routed port behaves like a regular router interface,
except that it does not support VLAN subinterfaces. – The number of routed ports and SVIs that can be
configured on a switch is not limited by software. Switch(config)#int fa0/1Switch(config-if)#no switchportSwitch(config-if)#ip addr 172.16.1.2 255.255.255.252Switch(config-if)#exiSwitch(config)#ip routingSwitch(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.1
494949© 2003, Cisco Systems, Inc. All rights reserved.
Routed Switchports per Platform
• On the lower end multilayer switches such as the 3550, 3560 and 3750, all ports are Layer 2 ports by default.– To create a Layer 3 routed port, you must use the
‘no switchport’ command• On the 6500, all ports are Layer 3 ports by
default and you must use the ‘switchport’ interface config. command to change the port to a Layer 2 port.– I’m not sure about the 4500s but you get the idea
505050© 2003, Cisco Systems, Inc. All rights reserved.
Inter-VLAN Routing using SVIs
Optional for running a routing protocol with another device
515151© 2003, Cisco Systems, Inc. All rights reserved.
Inter-VLAN Routing using SVIsSwitch#config tSwitch(config)#ip routingSwitch(config)#int vlan 1Switch(config-if)#ip addr 192.168.1.1 255.255.255.0Switch(config-if)#no shutSwitch(config-if)#int vlan 10Switch(config-if)#ip addr 192.168.10.1 255.255.255.0Switch(config-if)#Switch(config-if)#int vlan 20Switch(config-if)#ip addr 192.168.20.1 255.255.255.0Switch(config-if)#exiSwitch(config)#exi
An SVI will not come up until there is an active port for the VLAN the SVI belongs to.
If a trunking port is up, then the interface vlan 1 SVI will come up even ifthere are no active ports for VLAN 1.
525252© 2003, Cisco Systems, Inc. All rights reserved.
show run OutputSwitch#sh runBuilding configuration...
hostname Switch!no aaa new-modelip subnet-zeroip routing!<output ommitted>!interface Vlan1 ip address 192.168.1.1 255.255.255.0!interface Vlan10 ip address 192.168.10.1 255.255.255.0!interface Vlan20 ip address 192.168.20.1 255.255.255.0!ip classlessip route 0.0.0.0 0.0.0.0 172.16.1.2
Inter-VLAN routing does not require arouting protocol because all networksare directly connected.
A routing protocol is only necessary ifthe multilayer switch needs to advertiseits own networks or learn about otherremote networks.
535353© 2003, Cisco Systems, Inc. All rights reserved.
Summary
• The configuration of multiple Layer 2 VLANs requires that Layer 3 routing occur between those VLANs. This inter-VLAN routing can be provided external to a Layer 2 switch or within a Multilayer Switch through the configuration of Switch Virtual Interfaces and IP routing. When routing occurs within a Catalyst Multilayer Switch, Cisco Express Forwarding is deployed to facilitate Layer 3 switching through hardware-based tables providing an optimal packet forwarding process.