**************************** Cisco - Multilayer Switching **************************** Inter-Vlan Routing ================== - VLANs are isolated broadcast domains - Layer 3 device is required to pass traffic between them - Traditional Inter-VLAN routing techniques * Inter-VLAN Router * Seperate interface per VLAN * Not scaleable beyond a few VLANs * Router with trunk interface * Single Interface used for all VLANs * "Router On A Stick" or " One-Armed Router" * Interface becomes the bottleneck Routing And Switching functions using a multilayer switch (MLS) =============================================================== - SDM templates may need changing depending on IPv4/IPv6 requirements - Layer 3 interfaces can also be configured in an EtherChannel Interface Types --------------- - Layer 2 - Switching occurs between interfaces that are assigned as layer 2 on VLANs and trunk - Layer 3 - Layer 3 switching occurs between any interface which support an assigned layer 3 address - SVI - Switched Virtual Interface, A Layer 3 address assign to represent the entire VLAN Steps To Configure Inter-VLAN routing ------------------------------------- - Enable IP routing on the switch - Configure Static and/or Dynamic routing - Configure Layer 2 ports - Configure Layer 3 ports - Configure SVIs Configuring an SVI interface ---------------------------- - Create VLAN - Configure SVI (VLAN) Interface with assigned IP address SVI Autostate ------------- - By default SVI interface will not show as active until one or more ports in the correct VLAN are also active - Can be overridden in special circumstances (E.g. port mirroring) Multilayer switching with CEF ============================= - Cisco Expres Forwarding (CEF) is the current generation of Cisco multilayer switches - Used to forward packets based on Layer 3 and 4 information - Topology-Based MLS Traditional MLS --------------- - Dual effort between route processor (RP) and switching engine (SE) - "Route Once and Switch Many" - "Shortcut Pathh" avoided subsequent packets needing to goto the RP - Known as "NetFlow Switchin" or "Route Cache Switching" - Used on Legacy Hardware * Catalyst 6000 supervisor 1/1a * Multilayer Switch Feature Card (MSFC) * Catalyst 5500 with Route Switch Module (RSM) * Catalyst 5500 with Route Switch Feature Card (RSFC) CEF Overview ------------ - High Performance Packet Forwarding - Runs By default on modern Cisco switches - Takes advantage of special Hardware - Functional Blocks * Layer 3 Engine (Routing Table, ARP Table) * Layer 3 Forwarding Engine (FIB, Adjacency Table) - Layer 3 Engine build routing information that Layer 3 Forwarding engine can use to switch packets - Some packets cannot be CEF switched and are sent to L3 Engine, known as "CEF punt" * Entry not located in the FIB * FIB table is full * IP TTL expired * MTU Exceeded and Fragmentation needed * ICMP Redirect * Unsupported Encapsulation Type * Packets need to be tunnelled, compressed or encrypted * Access List logging * NAT Operation required Forwarding Information Base (FIB) --------------------------------- - A reordered copy of the routing table so that most specific route is listed first - Contains next-hop for each entry - Host routes (/32) are included for directly connected (adjacent) hosts - Layer 3 engine sends updata to FIB when topology changes - FIB also updated when next-hop or MAC address changes or is aged out - Version number and nuber of changes (Epoch) are tracked CEF Optimization ---------------- - Accelerated CEF (aCEF) * Multiple Layer 3 Forwarding Engine * Individual line cards on chassis switches * Only used a portion of the FIB known as a "FIB Cache" * CEF accelerated on the line card but not at sustained wire speed - Distributed CEF (dCEF) * FIB Completely distributed among multiple Layer 3 Forwarding engines * Catalyst 6500 line cards support dCEF, each has own FIB an Forwarding Engine * Central Layer 3 Engine maintains routing table and downloads FIB to each line card Adjacency Table --------------- - Routers usually maintain Routing Table (Layer 3) and ARP table (Layer 2) seperately - FIB maintains the Layer 3 next hhop for each entry - FIB also has Layer 2 information for next hop, the area of the FIB is known as the "Adjacency Table" - Adjacencies kept for each next hop router and each directly connected host - Entries contain both IP address and MAC address - Built from the ARP table - Updates as new ARP replies are received - Unknown entries (CEF Glean) must be sent to Layer 3 Engine with packets being dropped until the entry is known to avoid exhausting the input queue - Adjacency Types can be one of Null, Drop, Discard or Punt - Null Adjency * Packets to be sent to null interface * Absorbs packet without forwarding - Drop Adjacency * Switches packets that cannot be forwarded * Silently dropped * Used for encapsulation failures, unsupported protocols, no valid route, no adjancy, etc - Discard Adjacency * Packets to be dropped due to access list or other policy action - Punt Adjacency * When packets must be sent to the Layer 3 Engine * Incomplete adjacencies (NO_ADJ) * Incomplete ARP resolution (NO_ENCAP) * Unsupported Packet Features (UNSUPP'TED) * ICMP Redirects (REDIRECT) * Packets destined for switch interfaces (RECEIVED) * IP Options (OPTIONS) * Access list evaluation failure (ACCCESS) * Fragmentation Failures (FRAG) Packet Rewrite -------------- - Last step prior to forwarding requires packets to be rewritten - Layer 2 destination address changes to next hop MAC address - Layer 2 source address changes to outbound L3 swiitch interface mac - Layer 3 IP TTL decremented by 1 - Layer 3 IP Checksum updated - Layer 2 Frame checksum updated - CEF uses dedicated hardware for efficient rewrite and table lookups Multilayer Switch Configuration =============================== Global Configuration -------------------- **Create a VLAN** *NOTE: Should be done before creating an SVI/VLAN interface* :: vlan name **Disable/Enable CEF** *NOTE: CEF cannot be disabled on all platforms* :: [no] ip route-cache cef [no] ip cef Interface Configuration ----------------------- **Configure interface to operate at Layer 2** :: interface switchport **Configure interface to operate at Layer 3** :: interface no switchport **Create an interface to route in/out of the VLAN (SVI)** :: interface Vlan ip address [secondary] no shutdown **Exclude interface from affecting SVI autostate** :: interface switchport autostate exclude Verification Commands --------------------- **Verify Switch Port Mode** :: show interface switchport **Display FIB Table for Specific Interface** :: show ip cef [ | vlan ] [detail] **Display FIB Table by IP Prefix** :: show ip cef [ ] [longer-prefixes] [detail] **Display Adjacency Table** :: show adjacency [ | vlan ] [summary | detail] **Display CEF entries without valid ARP (CEF Glean) :: show ip cef adjacency glean **Display Statistics for CEF Drop reasons** :: show cef drop **Display Statistics for packets not processed by CEF** :: show cef not-cef-switched **List configured VLANs** :: show vlan **Display IP Information about switch interfaces** :: show ip interface **Display Summary of Layer 3 Interfaces** :: show ip interface brief **Display Entire FIB** :: show ip cef