lunes, 10 de agosto de 2009

Modulo 4-Implementing Inter-VLAN Routing.Parte2

4.2 Enabling Routing Between VLANs


4.2.1 Describing Layer 3 SVI


An SVI is a virtual Layer 3 interface that can be configured for any VLAN that exists on a Layer 3 switch. It is virtual in that there is no physical interface for the VLAN, and yet it can accept configuration parameters applied to Layer 3 router interfaces. The SVI for the VLAN provides Layer 3 processing for packets from all switch ports associated with that VLAN. Only one SVI can be associated with a VLAN. You configure an SVI for a VLAN for the following reasons:

  • To provide a default gateway for a VLAN so that traffic can be routed between VLANs

  • To provide fallback bridging if it is required for non-routable protocols

  • To provide Layer 3 IP connectivity to the switch

  • To support routing protocol and bridging configurations

By default, an SVI is created for the default VLAN (VLAN1) to permit remote switch administration. Additional SVIs must be explicitly created.

SVIs are created the first time a VLAN interface configuration mode is entered for a particular VLAN SVI. The VLAN corresponds to the VLAN tag associated with data frames on an Ethernet trunk or to the VLAN ID (VID) configured for an access port. An IP address is assigned in interface configuration mode to each VLAN SVI that is to route traffic off of and on to the local VLAN.


4.2.2 Describing Configuration Commands for Inter-VLAN Communication on a Multilayer Switch


The commands in Figure are used to configure inter-VLAN routing on a multilayer switch using SVIs. These commands are described in Figure .


4.2.3 Configuring Inter-VLAN Routing on a Multilayer Switch


To configure inter-VLAN routing on a Cisco Catalyst SVI, perform the steps in Figure . Figure describes each of these steps.


4.2.4 Describing Routed Ports on a Multilayer Switch


A routed switch port is a physical switch port on a multilayer switch that is capable of Layer 3 packet processing. A routed port is not associated with a particular VLAN, as contrasted with an access port or SVI.


The switch port functionality is removed from the interface. A routed port behaves like a regular router interface, except that it does not support VLAN subinterfaces. Routed switch ports can be configured using most commands applied to a physical router interface, including the assignment of an IP address and the configuration of Layer 3 routing protocols.


A routed switch port is a standalone port that is not associated with a VLAN, whereas an SVI is a virtual interface that is associated with a VLAN. SVIs generally provide Layer 3 services for devices connected to the ports of the switch where the SVI is configured. Routed switch ports can provide a Layer 3 path into the switch for a number of devices on a specific subnet, all of which are accessible from a single physical switch port.

The number of routed ports and SVIs that can be configured on a switch is not limited by software. However, the interrelationship between these interfaces and other features configured on the switch may overload the CPU because of hardware limitations.


4.2.5 Configuration of Routed Ports on a Multilayer Switch


Routed switch ports are typically configured by removing the Layer 2 switch port capability of the switch port. On most switches, the ports are Layer 2 ports by default. On some switches, the ports are Layer 3 ports by default. The layer at which the port functions determines the commands that can be configured on the port.

A routed port has the following characteristics and functions:

  • Physical switch port with Layer 3 capability

  • Not associated with any VLAN

  • Serves as the default gateway for devices out that switch port

  • Layer 2 port functionality must be removed before it can be configured

4.2.6 Configuring Routed Ports on a Multilayer Switch


To configure a routed port, perform the steps in Figure . Figure describes each of these steps.


4.3 Deploying CEF-Based Multilayer Switching

4.3.1 Explaining Layer 3 Switch Processing

Layer 3 switching refers to a class of high performance routers optimized for the campus LAN or intranet, providing both wire-speed Ethernet routing and switching services.

A Layer 3 switch router performs the following three major functions:

  • Packet switching

  • Route processing

  • Intelligent network services

Compared to other routers, Layer 3 switch routers process more packets faster by using ASIC hardware instead of microprocessor-based engines. Layer 3 switch routers also improve network performance with two software functions: route processing and intelligent network services.

Layer 3 switching software employs a distributed architecture in which the control path and data path are relatively independent. The control path code, such as routing protocols, runs on the route processor, whereas most of the data packets are forwarded by the Ethernet interface module and the switching fabric.

Each interface module includes a microcoded processor that handles all packet forwarding. The control layer functions between the routing protocol and the firmware datapath microcode with the following primary duties:

  • Manages the internal data and control circuits for the packet-forwarding and control functions

  • Extracts the other routing and packet forwarding-related control information from the Layer 2 and Layer 3 bridging and routing protocols and the configuration data, and then conveys the information to the interface module to control the datapath

  • Collects the datapath information, such as traffic statistics, from the interface module to the route processor

  • Handles certain data packets sent from the Ethernet interface modules to the route processor

Layer 3 switching can occur at two different locations on the switch:

  • Centralized: Switching decisions are made on the route processor by a central forwarding table, typically controlled by an ASIC.

  • Distributed: Switching decisions are made on a port or line-card level. Cached tables are distributed and synchronized to various hardware components so that processing can be distributed throughout the switch chassis.

Layer 3 switching uses one of these two methods, depending on the platform:

  • Route caching: Also known as flow-based or demand-based switching, a Layer 3 route cache is built in hardware, since the switch sees traffic flow into the switch.

  • Topology-based: Information from the routing table is used to populate the route cache regardless of traffic flow. The populated route cache is called the forwarding information base (FIB). CEF builds the FIB.


4.3.2 Explaining CEF-based Multilayer Switches

Cisco Layer 3 devices can use a variety of methods to switch packets from one port to another. The most basic method of switching packets between interfaces is called process switching. Process switching moves packets between interfaces on a scheduled basis, based on information in the routing table and the Address Resolution Protocol (ARP) cache. As packets arrive, they are put in a queue to wait for further processing. When the scheduler runs, the outbound interface is determined, and the packet is switched. Waiting for the scheduler introduces latency.


To speed the switching process, strategies exist to switch packets on demand as they arrive and to cache the information necessary to make packet-forwarding decisions.

CEF uses these strategies to expediently switch data packets to their destination. It caches information generated by the Layer 3 routing engine. CEF caches routing information in one table (the FIB), and caches Layer 2 next-hop addresses for all FIB entries in an adjacency table. Because CEF maintains multiple tables for forwarding information, parallel paths can exist and enable CEF to load balance per packet.

CEF operates in one of two modes.

  • Central CEF: The FIB and adjacency tables reside on the route processor, and the route processor performs the express forwarding. Use this mode when line cards are not available for CEF switching, or when features are not compatible with distributed CEF.

  • Distributed CEF (dCEF): Supported only on Cisco Catalyst 6500 switches. Line cards maintain identical copies of the FIB and adjacency tables. The line cards can perform the express forwarding by themselves, relieving the main processor of being involved in the switching operation. Distributed CEF uses an interprocess communications (IPC) mechanism to ensure that the FIBs and adjacency tables are synchronized on the route processor and line cards.

There is a wide range of CEF-based Cisco multilayer switches:

  • Catalyst 2970

  • Catalyst 3550

  • Catalyst 3560

  • Catalyst 3750

  • Catalyst 4500

  • Catalyst 4948

  • Catalyst 6500

The Cisco Catalyst 6500 is a modular switch in which the Multilayer Switch Feature Card (MSFC) is responsible for control-plane operations, and the supervisor Policy Feature Card (PFC) is responsible for the data-plane operations.


4.3.3 Identifying the Multilayer Switch Packet Forwarding Process


CEF separates the control plane hardware from the data plane hardware and switching. ASICs separate the control plane and data plane, thereby achieving higher data throughput. The control plane is responsible for building the FIB and adjacency tables in software. The data plane is responsible for forwarding IP unicast traffic using hardware.


When traffic cannot be processed in hardware, the traffic must receive processing in software by the Layer 3 engine, thereby not receiving the benefit of expedited hardware-based forwarding. A number of different packet types may force the Layer 3 engine to process them. Some examples of IP exception packets are the following :

  • IP packets that use IP header options. (Packets that use TCP header options are switched in hardware because they do not affect the forwarding decision.)

  • Packets that have an expiring IP Time to Live (TTL) counter.

  • Packets that are forwarded to a tunnel interface.

  • Packets that arrive with non-supported encapsulation types.

  • Packets that are routed to an interface with non-supported encapsulation types.

  • Packets that exceed the maximum transmission unit (MTU) of an output interface and must be fragmented.

CEF-based tables are initially populated and used as follows :

  • The FIB is derived from the IP routing table and is arranged for maximum lookup throughput.

  • The adjacency table is derived from the ARP table, and it contains Layer 2 rewrite (MAC) information for the next hop.

  • CEF IP destination prefixes are stored in the TCAM table, from the most specific to the least specific entry.

  • When the CEF TCAM table is full, a wildcard entry redirects frames to the Layer 3 engine.

  • When the adjacency table is full, a CEF TCAM table entry points to the Layer 3 engine to redirect the adjacency.

  • The FIB lookup is based on the Layer 3 destination address prefix (longest match).

The FIB table is updated when the following occurs:

  • An ARP entry for the destination next hop changes, ages out, or is removed.

  • The routing table entry for a prefix changes.

  • The routing table entry for the next hop changes.

These are the basic steps for initially populating the adjacency table:

Step 1

The Layer 3 engine queries the switch for a physical MAC address.

Step 2

The switch selects a MAC address from the chassis MAC range and assigns it to the Layer 3 engine. This MAC address is assigned by the Layer 3 engine as a burned-in address for all VLANs and is used by the switch to initiate Layer 3 packet lookups.

Step 3

The switch installs wildcard CEF entries, which point to drop adjacencies (for handling CEF table lookup misses).

Step 4

The Layer 3 engine informs the switch of its interfaces participating in MLS (MAC address and associated VLAN). The switch creates the (MAC, VLAN) Layer 2 CAM entry for the Layer 3 engine.

Step 5

The Layer 3 engine informs the switch about features for interfaces participating in MLS.

Step 6

The Layer 3 engine informs the switch about all CEF entries related to its interfaces and connected networks. The switch populates the CEF entries and points them to Layer 3 engine redirect adjacencies.


Only the first few packets for a connected destination reach the Layer 3 engine so that the Layer 3 engine can use ARP to locate the host. A throttling adjacency is installed so that subsequent packets to that host are dropped in hardware until an ARP response is received. The throttling adjacency is removed when an ARP reply is received (and a complete rewrite adjacency is installed for the host). The switch removes the throttling adjacency if no ARP reply is seen within 2 seconds to allow more packets through to reinitiate ARP. This relieves the Layer 3 engine from excessive ARP processing or from ARP-based denial of service attacks.

Figure provides an example of ARP throttling, which consists of these steps:

Step 1

Host A sends a packet to host B.

Step 2

The switch forwards the packet to the Layer 3 engine based on the “glean” entry in the FIB. A glean adjacency entry indicates that a particular next hop should be directly connected, but there is no MAC header rewrite information available.

Step 3

The Layer 3 engine sends an ARP request for host B and installs the drop adjacency for host B. At this point, subsequent frames destined for host B from host A are dropped (ARP throttling).

Step 4

Host B responds to the ARP request. The Layer 3 engine installs an adjacency for host B and removes the drop adjacency.

The adjacency table is populated as adjacencies are discovered. Each time an adjacency entry is created (such as through the ARP protocol) a link-layer header for that adjacent node is pre-computed and stored in the adjacency table. After a route is determined, it points to a next hop and corresponding adjacency entry. The route is subsequently used for encapsulation during CEF switching of packets.

A route might have several paths to a destination prefix, as when a router is configured for simultaneous load balancing and redundancy. For each resolved path, a pointer is added for the adjacency corresponding to the next-hop interface for that path. This mechanism is used for load balancing across several paths.

In addition to adjacencies associated with next-hop interfaces (host-route adjacencies), other types of adjacencies are used to expedite switching when certain exception conditions exist. When the prefix is defined, prefixes requiring exception processing are cached with one of the following special adjacencies:

  • Null adjacency: Packets destined for a null0 interface are dropped. This can be used as an effective form of access filtering.

  • Glean adjacency: When a router is connected directly to several hosts, the FIB table on the router maintains a prefix for the subnet rather than for the individual host prefixes. The subnet prefix points to a glean adjacency. When packets need to be forwarded to a specific host, the adjacency database is gleaned for the specific prefix.

  • Punt adjacency: Features that require special handling, or features that are not yet supported in conjunction with CEF switching paths, are forwarded to the next switching layer for handling. For example, the packet may require CPU processing. Features that are not supported are forwarded to the next-higher switching level.

  • Discard adjacency: Packets are discarded.

  • Drop adjacency: Packets are dropped, but the prefix is checked.

When a link-layer header is appended to packets, FIB requires the appended header to point to an adjacency corresponding to the next hop. If an adjacency was created by FIB and not discovered through a mechanism such as ARP, the Layer 2 addressing information is not known, and the adjacency is considered incomplete. The packet is forwarded to the route processor where an ARP request would be used to find the Layer 2 information and complete the adjacency.

These are the steps that would occur when you use CEF to forward frames between host A and host B on different VLANs:

Step 1

Host A sends a packet to host B. The switch recognizes the frame as a Layer 3 packet because the destination MAC (MAC-M) matches the Layer 3 engine MAC.

Step 2

The switch performs a CEF lookup based on the destination IP address (IP-B). The packet hits the CEF entry for the connected (VLAN20) network and is redirected to the Layer 3 engine using a glean adjacency.

Step 3

The Layer 3 engine installs an ARP throttling adjacency in the switch for the host B IP address.

Step 4

The Layer 3 engine sends ARP requests for host B on VLAN20.

Step 5

Host B sends an ARP response to the Layer 3 engine.

Step 6

The Layer 3 engine installs the resolved adjacency in the switch (removing the ARP throttling adjacency).

Step 7

The switch forwards the packet to host B.

Step 8

The switch receives a subsequent packet for host B (IP-B).

Step 9

The switch performs a Layer 3 lookup and finds a CEF entry for host B. The entry points to the adjacency with rewrite information for host B.

Step 10

The switch rewrites packets per the adjacency information and forwards the packet to host B on VLAN20.


No hay comentarios:

Publicar un comentario