cisco networking academy ccnp – multilayer switching multilayer
TRANSCRIPT
Cisco Networking Academy Cisco Networking Academy Cisco Networking Academy Cisco Networking Academy
CCNP CCNP CCNP CCNP –––– Multilayer SwitchingMultilayer SwitchingMultilayer SwitchingMultilayer Switching
��CCNP 3 v5 CCNP 3 v5 -- Chapter 4Chapter 4
Implementing Inter-VLAN Routing
��VLANsVLANs
• VLANs are associated with individual
networks or subnetworks
• Network devices in different VLANs
cannot communicate with one another
without a Layer 3 router
• When an end station in one VLAN needs
to communicate with an end station in
another VLAN, inter-VLAN communication
is required
��Methods of interMethods of inter--VLAN routingVLAN routing
• A physical interface for each VLAN
– Networks with just a couple of VLANs
• External router
– Cheaper than a Layer 3switch
– Performance limited
• Internal router
– Integration between the layer 2 and 3 elements
– More performance
��InterInter--VLAN router using multiple VLAN router using multiple
interfaces on an external routerinterfaces on an external router
• One router interface for each VLAN on the switch
• The router provides all L3 routing functionality between VLANs
��InterInter--VLAN routing using an VLAN routing using an
external router and a single trunkexternal router and a single trunk
• Single, trunk-connected link to a router
– Must be Fast Ethernet or greater to support ISL
– 802.1Q is supported in 10Mbps links
– Router on a stick = Lollipop routing = One-arm bandit
• The router must have a separate logical connection (subinterface) for each VLAN
• ISL, or 802.1Q trunking must be enabled on the single physical connection between the router and switch
��InterInter--VLAN routing configurationVLAN routing configuration
• A router interface must on trunk link must be configured
– With a subinterface for each VLAN that will be serviced
– With the same trunk encapsulation protocol on each subinterface: ISL or 802.1Q
• Inter-VLAN routing verification– ping
– R#show vlan
– R#show ip route
– R#show ip interface brief
��Layer 2 switchingLayer 2 switching
• Forwards frames based on information in the L2 frame
• Occurs in HW ���� latency decreased
– Uses Application-Specific Integrated Circuits (ASIC)
– Wire-speed performance in ideal circumstances
• A L2 switch builds a forwarding table
– Source MAC address + inbound port number of received frame
• Cisco Catalysts have 2 primary table architectures
– CAM table
• Records the source address + inbound port of all frames
• Compares destination MAC addresses
– TCAM table (Tertiary CAM)
• Stores ACLs, QoS and other information
• A key
– is created to compare the frame to the table content
– is fed into a hashing algorithm, which produces a pointer into the table to access a smaller specific area of the table
��Layer 2 Layer 2 –– Switch Forwarding ProcessSwitch Forwarding Process
• Ability to switch data based on information at multiple layers
• Class of high-performance routers that provide L3 services
and simultaneously forward packets at wire-speed through
switching hardware
• Layer 3 switch
– Uses ASIC HW: wire-speed PDU header rewrites and forwarding
– L3 switching speeds approximate those of L2 switching
• Layer 3 switching can occur at two different locations– Centralized switching: central forwarding table
– Distributed switching: on a port or line card level
• Layer 3 switching methods– Route caching: flow-based
– Topology-based switching: uses FIB (Forwarding Information Base)
��Multilayer SwitchingMultilayer Switching
• IP unicast packets and frames are rewritten on the output
interface as follows
– Source MAC address changes to the router MAC address
– Destination MAC address changes to the next-hop MAC address
– TTL is decremented by one
– IP header and frame checksums are recalculated
��Frame rewriting using CEFFrame rewriting using CEF
• Virtual L3 switch interface that can be configured for any VLAN that
exists on a L3 switch
• It provides L3 processing for packets from all switch ports associated with
that VLAN
• Only one SVI can be associated with a VLAN
• It supports routing protocol and bridging configurations
• Created upon entering VLAN interface configuration mode
• Reasons to configure a SVI � To provide:
– A default gateway for a VLAN so traffic can
be routed between VLANs
– Fallback bridging if it is required
for nonrutable protocols
– L3 IP connectivity to the switch
��L3 switch virtual interfaces L3 switch virtual interfaces -- SVISVI
• Routed switch port
– Physical switch port on a Multilayer switch capable of L3 processing
– Not associated with a particular VLAN
– It behaves like a regular router interface, but it doesn’t support VLAN
subinterfaces
– It can provide a L3 path into the switch for a number of devices on a specific
subnet, all of which are located out a single switch port
– It supports routing protocol and bridging configurations
• It is required to remove L2 port functionality
Switch(config-if)#no switchport
• Created upon entering
VLAN interface configuration mode
��Routed interfaces on a Multilayer Routed interfaces on a Multilayer
SwitchSwitch
��Configuring interConfiguring inter--VLAN routingVLAN routing
• Turn on the switches IP routing
functionality:
– Switch(config)#ip routing
• Routing:
– Via the switch virtual interface
• A virtual interface in every VLAN
• Switch(config)#interface vlan vlan_idSwitch(config-if)#ip address ip_add mask
• Switch(config-if)#no shutdown ���� for VLAN 1
��Configuring interConfiguring inter--VLAN routing (II)VLAN routing (II)
• Routing
– Via the routed port:
• Configure a physical switch port/interface
as a router interface
• Switch(config)#interface f0/1Switch(config-if)# no switchportSwitch(config-if)# ip address ip_add mask
• Switch(config)# router ip_routing_protocol <options>
��Routing beetwen an external router and Routing beetwen an external router and
an internal route processoran internal route processor
• Goal ���� access to a WAN interface
• Routed port on the switch
RS(config)#interface f0/1
RS(config-if)# no switchportRS(config-if)#ip address 10.0.1.1 255.255.255.0
ExtR(config)#interface f0/0
ExtR(config-if)#ip address 10.0.1.2 255.255.255.0
• Routing between VLANs on switch:
RS(config)#interface vlan 10
RS(config-if)# ip address 10.0.10.1 255.255.255.0RS(config)#interface vlan 20RS(config-if)# ip address 10.0.20.1 255.255.255.0
• Also, a routing protocol
��Configuring router onConfiguring router on--aa--stickstick
• To configure subinterfaces on a
physical interface:
– Identify the interface• Router(config)#interface FastEthernet slot-number
/ port-number.subinterface-number
– Define the VLAN encapsulation• Router(config-subif)#encapsulation dot1Q vlan-
number
– Assign an IP address to the interface• Router(config-subif)#ip address ip-address mask
• IOS 12.1(3)T���� router subinterface as the native VLAN
RS(config)#interface vlan 10RS(config-if)# ip address 10.0.10.2 255.255.255.0RS(config-if)# no shutdown
RS(config)#interface f0/1RS(config-if)# switchport mode trunkRS(config-if)# switchport trunk native vlan 1
Router(config)#interface f0/0.1Router(config-subif)#encapsulation dot1q 1 nativeRouter(config-subif)# ip address 10.0.1.1 255.255.255.0 Router(config)#interface f0/0.10Router(config-subif)#encapsulation dot1q 10Router(config-subif)# ip address 10.0.10.1 255.255.255.0 Router(config)#interface f0/0.20Router(config-subif)#encapsulation dot1q 20Router(config-subif)# ip address 10.0.20.1 255.255.255.0
��Configuring the router for the native Configuring the router for the native
VLANVLAN
��Verifying the interVerifying the inter--VLAN routing VLAN routing
configurationconfiguration
• show ip route
– Confirms IP routing is enabled
• show ip interface brief
– Shows virtual and routed interfaces
• show ip interface fastethernet module/port
– Shows Layer 2/3 functionality
• Show interface fastethernet module/port switchport
– Shows Layer 2/3 functionality
• A L3 swich performs 3 major functions:
– Packet switching
– Router processing
– Intelligent network services
• Distributed architecture in which the control path and data
path are relatively independent– Control path code (routing protocols…) � route processor
– Data packets forwarded by the switching fabric
• L3 switching can occur:– Centralized � Central forwarding table
– Distributed � Port or line-card level
• L3 switching methods:– Route caching
– Topology-based using routing
table information
��Explaining L3 Switch processingExplaining L3 Switch processing
• CEF � Cisco Express Forwarding
– It caches routing information in the Forwarding Information Base (FIB)
– It caches L2 next-hop addresses for all FIB entries in an Adjacency
Table
– Parallel paths can exist to load balance per packet
• CEF operates in 2 modes– Central CEF mode
• FIB and Adjacency Table reside on the route processor
• The route processor performs the express forwarding
– Distributed CEF mode
• Line cards maintain identical copies
of the FIB and Adjacency Table
��CEFCEF--based multilayer switchbased multilayer switch
• CEF separates the control plane HW from the data plane HW
• Control plane: builds FIB & Adjacency tables in SW
• Data plane: Forwards IP unicast traffic in HW
• Some IP packets can not be processed in HW
– IP packets that use IP Header options
– Packets with an expiring IP TTL counter
– Packets forwarded to a tunnel interface
– Packets that arrive/are routed with
nonsupported encapsulation types
– Packets that exceed the MTU
of an output interface
��CEFCEF--based multilayer switchbased multilayer switch
��CEF Based TablesCEF Based Tables
• FIB
– derived from the IP routing table
– arranged for maximum lookup throughput
• Adjacency table
– derived from the ARP table
– contains L2 rewrite (MAC) information for the next hop
• CEF IP destination prefixes are stored in the TCAM table from the most specific to the least specific entry
• When the CEF TCAM table is full, a wildcard entry redirects to the L3 engine
• When the adjacency table is full, a CEF TCAM table entry points to the L3 engine to redirect the adjacency
• The FIB lookup is based on the L3 destination address prefix (longest match)
• FIB table updates
– An ARP entry for the destination next hop changes
– The routing table entry for a prefix changes
– The routing table entry for the next hop changes
��CEF Based TablesCEF Based Tables
• Adjacency table population
– The L3 engine queries the switch for a physical MAC address
– The switch selects a MAC address from the chassis MAC range and assigns it to the L3
• This MAC address is assigned by the L3 engine as a burned-in address for all VLAN
• This MAC address is used by the switch to initiate L3 packet lookups
– The switch installs wildcard CEF entries, which point to drop adjacencies
– The L3 engine informs the switch of its interfaces participating in MLS. The switch creates the (MAC, VLAN) L2 CAM entry for the L3 engine
– The L3 engine informs the switch about features for interfaces participating in MLS
– The L3 engine informs the switch about all CEF entries related to its interfaces and connected networks. The switch populates the CEF entries and point them to L3 engine redirect adjacencies
• TCAM
– Specialized piece of memory designed for rapid, HW based table lookups of L3 & L4 information
• Only the first few packets for a connected destination reach
the L3 engine so that it can use ARP to locate the host
• Throttling adjacency is installed so that subsequent packets
don’t initiate more ARPs until an ARP reply is received
• Throttling adjacency is removed
– When an ARP reply is received
– If no ARP reply is seen within 2 seconds
(2) A glean adjacency entry indicates that a particular next hop should be directly connected,
but there is no MAC header rewrite information available
(3) The L3 engine sends an ARP request for host B and installs the drop adjacency for host B.
Then, subsequent frames destined for host B from host A are dropped (ARP throttling)
��ARP throttlingARP throttling
• Different types of adjacencies– Null adjacency � packets destined for a ‘Null0’ are dropped
– Glean adjacency
• When a router is connected directly to several hosts, the FIB table
maintains a prefix for the subnet rather than for individual hosts
– Punt adjacency � Special handling in higher layers
– Discard adjacency � packets are discarded
– Drop adjacency � packets are dropped, but the prefix is checked
��CEFCEF--based MLS operationbased MLS operation
1. A � B : switch recognizes the frame as a L3 packet because the
destination MAC matches the L3 engine MAC
2. Switch performs a CEF lookup (destination IP). The packet hits the
CEF entry and is redirected to the L3 engine using a ‘glean’ adjacency
3. L3 engine installs an ARP throttling adjacency for IP B
4. L3 engine sends and ARP request for B on VLAN 20
5. B sends an ARP response to L3 engine
6. L3 engine installs the resolved adjacency in the switch
7. Switch forwards the packet to B
8. Switch receives subsequent packets for B
9. Switch performs a CEF look up, finds a CEF entry
for B, rewrites packets and forwards
them to B
��CEFCEF--Based MLS OperationBased MLS Operation
��CEF configurationCEF configuration
– CEF is enabled by default in Catalyst 6500 series
Supervisor Engine 720 with PFC2, MSFC3, and
DFC and cannot be disabled
– To enable/disable CEF on a 4000: • Router(config)#(no) ip cef
– To enable/disable CEF on a 3550:• Router(config-if)#(no) ip route-cache cef
– To monitor CEF:• Router#show ip cef• Router#show ip cef detail• Switch#show adjacency detail• Switch#debug ip cef
• Steps when troubleshooting CEF:
– Ensure that the normal L3 operations on the router processor are
functioning properly
– Verify that information from the router processor has properly
populated the FIB and adjacency table
• Troubleshooting CEF is verifying that packets are indeed
receiving the full benefit of CEF switching and not being
‘punted’ to a slower packet switching or processing method
• ‘punt’� action of sending a packet down to the next fastest
switching level
��Common CEF problems and solutionsCommon CEF problems and solutions
Cisco Networking Academy
��The EndThe End