Multilayer Switching. ▻CCNP 3 v5 - Chapter 4. Implementing Inter-VLAN
Routing. ▻VLANs. • VLANs are associated with individual networks or
subnetworks.
�CCNP 3 v5 - Chapter 4
Cisco Networking Academy CCNP – Multilayer Switching Implementing Inter-VLAN Routing
�VLANs • VLANs are associated with individual networks or subnetworks • Network devices in different VLANs cannot communicate with one another without a Layer 3 router • When an end station in one VLAN needs to communicate with an end station in another VLAN, inter-VLAN communication is required
�Methods of inter-VLAN routing • A physical interface for each VLAN – Networks with just a couple of VLANs
• External router – Cheaper than a Layer 3switch – Performance limited
• Internal router – Integration between the layer 2 and 3 elements – More performance
�InterInter-VLAN router using multiple interfaces on an external router • One router interface for each VLAN on the switch • The router provides all L3 routing functionality between VLANs
�InterInter-VLAN routing using an external router and a single trunk •
Single, trunk-connected link to a router – Must be Fast Ethernet or greater to support ISL – 802.1Q is supported in 10Mbps links – Router on a stick = Lollipop routing = One-arm bandit
• •
The router must have a separate logical connection (subinterface) for each VLAN ISL, or 802.1Q trunking must be enabled on the single physical connection between the router and switch
�InterInter-VLAN routing configuration •
A router interface must on trunk link must be configured – With a subinterface for each VLAN that will be serviced – With the same trunk encapsulation protocol on each subinterface: ISL or 802.1Q
•
Inter-VLAN routing verification – – – –
ping R#show vlan R#show ip route R#show ip interface brief
�Layer 2 switching • •
Forwards frames based on information in the L2 frame Occurs in HW � latency decreased – Uses Application-Specific Integrated Circuits (ASIC) – Wire-speed performance in ideal circumstances
•
A L2 switch builds a forwarding table – Source MAC address + inbound port number of received frame
•
Cisco Catalysts have 2 primary table architectures – CAM table • Records the source address + inbound port of all frames • Compares destination MAC addresses – TCAM table (Tertiary CAM) • Stores ACLs, QoS and other information
•
A key – is created to compare the frame to the table content – is fed into a hashing algorithm, which produces a pointer into the table to access a smaller specific area of the table
�Layer 2 – Switch Forwarding Process
�Multilayer Switching • Ability to switch data based on information at multiple layers • Class of high-performance routers that provide L3 services and simultaneously forward packets at wire-speed through switching hardware • Layer 3 switch – Uses ASIC HW: wire-speed PDU header rewrites and forwarding – L3 switching speeds approximate those of L2 switching
• Layer 3 switching can occur at two different locations – Centralized switching: central forwarding table – Distributed switching: on a port or line card level
• Layer 3 switching methods – Route caching: flow-based – Topology-based switching: uses FIB (Forwarding Information Base)
�Frame rewriting using CEF • IP unicast packets and frames are rewritten on the output interface as follows – – – –
Source MAC address changes to the router MAC address Destination MAC address changes to the next-hop MAC address TTL is decremented by one IP header and frame checksums are recalculated
�L3 switch virtual interfaces - SVI •
Virtual L3 switch interface that can be configured for any VLAN that exists on a L3 switch
•
It provides L3 processing for packets from all switch ports associated with that VLAN
•
Only one SVI can be associated with a VLAN
•
It supports routing protocol and bridging configurations
•
Created upon entering VLAN interface configuration mode
•
Reasons to configure a SVI � To provide: – A default gateway for a VLAN so traffic can be routed between VLANs – Fallback bridging if it is required for nonrutable protocols – L3 IP connectivity to the switch
�Routed interfaces on a Multilayer Switch •
Routed switch port – Physical switch port on a Multilayer switch capable of L3 processing – Not associated with a particular VLAN – It behaves like a regular router interface, but it doesn’t support VLAN subinterfaces – It can provide a L3 path into the switch for a number of devices on a specific subnet, all of which are located out a single switch port – It supports routing protocol and bridging configurations
•
It is required to remove L2 port functionality Switch(config-if)#no switchport
•
Created upon entering VLAN interface configuration mode
�Configuring inter-VLAN routing • Turn on the switches IP routing functionality: – Switch(config)#ip routing
• Routing: – Via the switch virtual interface • A virtual interface in every VLAN • Switch(config)#interface vlan vlan_id Switch(config-if)#ip address ip_add mask • Switch(config-if)#no shutdown � for VLAN 1
�Configuring inter-VLAN routing (II) • Routing – Via the routed port: • Configure a physical switch port/interface as a router interface • Switch(config)#interface f0/1 Switch(config-if)# no switchport Switch(config-if)# ip address ip_add mask • Switch(config)# router ip_routing_protocol
�Routing beetwen an external router and an internal route processor • Goal � access to a WAN interface • Routed port on the switch RS(config)#interface f0/1 RS(config-if)# no switchport RS(config-if)#ip address 10.0.1.1 255.255.255.0 ExtR(config)#interface f0/0 ExtR(config-if)#ip address 10.0.1.2 255.255.255.0
• Routing between VLANs on switch: RS(config)#interface vlan RS(config-if)# ip address RS(config)#interface vlan RS(config-if)# ip address
10 10.0.10.1 255.255.255.0 20 10.0.20.1 255.255.255.0
• Also, a routing protocol
�Configuring router on-a-stick • To configure subinterfaces on a physical interface: – Identify the interface • Router(config)#interface FastEthernet slot-number / port-number.subinterface-number
– Define the VLAN encapsulation • Router(config-subif)#encapsulation dot1Q vlannumber
– Assign an IP address to the interface • Router(config-subif)#ip address ip-address mask
�Configuring the router for the native VLAN • IOS 12.1(3)T� � router subinterface as the native VLAN RS(config)#interface vlan 10 RS(config-if)# ip address 10.0.10.2 255.255.255.0 RS(config-if)# no shutdown RS(config)#interface f0/1 RS(config-if)# switchport mode trunk RS(config-if)# switchport trunk native vlan 1 Router(config)#interface f0/0.1 Router(config-subif)#encapsulation dot1q 1 native Router(config-subif)# ip address 10.0.1.1 255.255.255.0 Router(config)#interface f0/0.10 Router(config-subif)#encapsulation dot1q 10 Router(config-subif)# ip address 10.0.10.1 255.255.255.0 Router(config)#interface f0/0.20 Router(config-subif)#encapsulation dot1q 20 Router(config-subif)# ip address 10.0.20.1 255.255.255.0
�Verifying the interinter-VLAN routing configuration • show ip route – Confirms IP routing is enabled • show ip interface brief – Shows virtual and routed interfaces • show ip interface fastethernet module/port – Shows Layer 2/3 functionality • Show interface fastethernet module/port switchport – Shows Layer 2/3 functionality
�Explaining L3 Switch processing • A L3 swich performs 3 major functions: – Packet switching – Router processing – Intelligent network services
• Distributed architecture in which the control path and data path are relatively independent – Control path code (routing protocols…) � route processor – Data packets forwarded by the switching fabric
• L3 switching can occur: – Centralized � Central forwarding table – Distributed � Port or line-card level
• L3 switching methods: – Route caching – Topology-based using routing table information
�CEF-based multilayer switch • CEF � Cisco Express Forwarding – It caches routing information in the Forwarding Information Base (FIB) – It caches L2 next-hop addresses for all FIB entries in an Adjacency Table – Parallel paths can exist to load balance per packet
• CEF operates in 2 modes – Central CEF mode • FIB and Adjacency Table reside on the route processor • The route processor performs the express forwarding
– Distributed CEF mode • Line cards maintain identical copies of the FIB and Adjacency Table
�CEF-based multilayer switch • CEF separates the control plane HW from the data plane HW • Control plane: builds FIB & Adjacency tables in SW • Data plane: Forwards IP unicast traffic in HW • Some IP packets can not be processed in HW – – – –
IP packets that use IP Header options Packets with an expiring IP TTL counter Packets forwarded to a tunnel interface Packets that arrive/are routed with nonsupported encapsulation types – Packets that exceed the MTU of an output interface
�CEF Based Tables •
FIB – derived from the IP routing table – arranged for maximum lookup throughput
•
Adjacency table – derived from the ARP table – contains L2 rewrite (MAC) information for the next hop
• • • • •
CEF IP destination prefixes are stored in the TCAM table from the most specific to the least specific entry When the CEF TCAM table is full, a wildcard entry redirects to the L3 engine When the adjacency table is full, a CEF TCAM table entry points to the L3 engine to redirect the adjacency The FIB lookup is based on the L3 destination address prefix (longest match) FIB table updates – An ARP entry for the destination next hop changes – The routing table entry for a prefix changes – The routing table entry for the next hop changes
�CEF Based Tables •
Adjacency table population – The L3 engine queries the switch for a physical MAC address – The switch selects a MAC address from the chassis MAC range and assigns it to the L3 • This MAC address is assigned by the L3 engine as a burned-in address for all VLAN • This MAC address is used by the switch to initiate L3 packet lookups
– The switch installs wildcard CEF entries, which point to drop adjacencies – The L3 engine informs the switch of its interfaces participating in MLS. The switch creates the (MAC, VLAN) L2 CAM entry for the L3 engine – The L3 engine informs the switch about features for interfaces participating in MLS – The L3 engine informs the switch about all CEF entries related to its interfaces and connected networks. The switch populates the CEF entries and point them to L3 engine redirect adjacencies
•
TCAM – Specialized piece of memory designed for rapid, HW based table lookups of L3 & L4 information
�ARP throttling • Only the first few packets for a connected destination reach the L3 engine so that it can use ARP to locate the host • Throttling adjacency is installed so that subsequent packets don’t initiate more ARPs until an ARP reply is received • Throttling adjacency is removed – When an ARP reply is received – If no ARP reply is seen within 2 seconds
(2) A glean adjacency entry indicates that a particular next hop should be directly connected, but there is no MAC header rewrite information available (3) The L3 engine sends an ARP request for host B and installs the drop adjacency for host B. Then, subsequent frames destined for host B from host A are dropped (ARP throttling)
�CEF-based MLS operation • Different types of adjacencies – Null adjacency � packets destined for a ‘Null0’ are dropped – Glean adjacency • When a router is connected directly to several hosts, the FIB table maintains a prefix for the subnet rather than for individual hosts
– Punt adjacency � Special handling in higher layers – Discard adjacency � packets are discarded – Drop adjacency � packets are dropped, but the prefix is checked
�CEF-Based MLS Operation 1.
A � B : switch recognizes the frame as a L3 packet because the destination MAC matches the L3 engine MAC
2.
Switch performs a CEF lookup (destination IP). The packet hits the CEF entry and is redirected to the L3 engine using a ‘glean’ adjacency
3.
L3 engine installs an ARP throttling adjacency for IP B
4. 5. 6. 7. 8. 9.
L3 engine sends and ARP request for B on VLAN 20 B sends an ARP response to L3 engine L3 engine installs the resolved adjacency in the switch Switch forwards the packet to B Switch receives subsequent packets for B Switch performs a CEF look up, finds a CEF entry for B, rewrites packets and forwards them to B
�CEF configuration – CEF is enabled by default in Catalyst 6500 series Supervisor Engine 720 with PFC2, MSFC3, and DFC and cannot be disabled – To enable/disable CEF on a 4000: • Router(config)#(no) ip cef
– To enable/disable CEF on a 3550: • Router(config-if)#(no) ip route-cache cef
– To monitor CEF: • • • •
Router#show ip cef Router#show ip cef detail Switch#show adjacency detail Switch#debug ip cef
�Common CEF problems and solutions • Steps when troubleshooting CEF: – Ensure that the normal L3 operations on the router processor are functioning properly – Verify that information from the router processor has properly populated the FIB and adjacency table
• Troubleshooting CEF is verifying that packets are indeed receiving the full benefit of CEF switching and not being ‘punted’ to a slower packet switching or processing method • ‘punt’� action of sending a packet down to the next fastest switching level
�The End
Cisco Networking Academy
