Transcript Slide 1
Author: Bill Buchanan Applied Cisco Networking (CCNP BCMSN) Unit 4 MLS CAM (Layer 2) Content Addressable Memory (CAM). These days bridges are hardly ever used, and switches are used instead. The CAM contains a table of MAC addresses for each port, and forwards as required. Src: MAC1 Dest: MAC4 P2 P1 MAC1 MAC2 MAC3 MAC4 Author: Bill Buchanan CAM P1: MAC1, MAC2 P2: MAC3, MAC4 Showing CAM table To show the CAM table: Switch# sh mac address-table dynamic Mac Address Table ------------------------------------------- Src: MAC1 Vlan ---1 1 1 10 20 Dest: MAC4 Mac Address ----------000d.298e.a19a 0011.5c5e.ac41 0011.5c5e.ac42 000d.298e.a19a 000d.298e.a19a Type -------DYNAMIC DYNAMIC DYNAMIC DYNAMIC DYNAMIC Ports ----Gi0/2 Fa0/3 Fa0/4 Gi0/2 Gi0/2 P2 P1 MAC1 MAC2 MAC3 MAC4 Author: Bill Buchanan CAM P1: MAC1, MAC2 P2: MAC3, MAC4 Fa0/2 Default gateway set to the router port 192.168.0.1 # config t (config)# router rip (config-router)# network 192.168.0.0 (config-router)# network 192.168.1.0 (config-router)# exit (config)# int fa0/1 (config-if)# ip address 192.168.0.254 255.255.255.0 (config-if)# no shutdown (config-if)# exit (config)# int fa0/2 (config-if)# ip address 192.168.1.254 255.255.255.0 (config-if)# no shutdown (config-if)# exit 192.168.1.1 Author: Bill Buchanan Fa0/1 External Route Processing Router-on-a-stick Fa0/1 # config t (config)# router rip (config-router)# network 192.168.0.0 (config-router)# network 192.168.1.0 (config-router)# exit (config)# int fa0/1.1 (config-if)# ip address 192.168.0.254 255.255.255.0 (config-if)# encapsulation dot1q 1 (config-if)# exit (config)# int fa0/1.2 (config-if)# ip address 192.168.1.254 255.255.255.0 (config-if)# encapsulation dot1q 2 (config-if)# exit Default gateway set to the router port Author: Bill Buchanan Subinterfaces required to encapsulate the VLAN information between the two VLANs Fa0/1.2 192.168.1.1 Fa0/1.1 192.168.0.1 Internal Route Processing 192.168.0.1 192.168.1.1 Author: Bill Buchanan VLAN 1: 192.168.0.254 VLAN 2: 192.168.1.254 # config t (config)# ip routing (config)# router rip (config-router)# network 192.168.0.0 (config-router)# network 192.168.1.0 (config-router)# exit (config)# vlan 1 (config-vlan)# exit (config)# int vlan 1 (config)# ip address 192.168.0.254 255.255.255.0 (config-vlan)# exit (config)# vlan 2 (config-vlan)# exit (config)# int vlan 2 (config-if)# ip address 192.168.1.254 255.255.255.0 (config-if)# exit (config)# int fa0/1 (config-if)# switchport mode access (config-if)# switchport access vlan 1 (config-if)# exit (config)# int fa0/2 (config-if)# switchport mode access (config-if)# switchport access vlan 2 (config-if)# exit Layer 3 operation # config t (config)# ip routing (config)# int fa0/1 (config-if)# no switchport mode access (config-if)# ip address 192.168.0.254 255.255.255.0 (config-if)# no shutdown 192.168.5.0 .1 FA0/1 192.168.0.254 192.168.0.1 192.168.0.2 .2 .1 FA0/1 192.168.1.254 192.168.1.1 192.168.1.2 .2 FA0/1 192.168.2.254 192.168.2.1 192.168.2.2 Author: Bill Buchanan 192.168.4.0 (config)# ip routing (config)# vlan 1 (config-vlan)# exit (config)# int vlan 1 (config-vlan)# ip address 10.0.0.254 255.255.255.0 (config-vlan)# exit (config)# int fa0/2 (config-if)# switchport trunk encapsulation dot1q (config-if)# switchport trunk native vlan 1 (config-if)# switchport trunk allowed vlan 1,2 (config-if)# switchport mode trunk (config-if)# switchport nonegotiate FA0/1 192.168.0.1 192.168.0.2 VLAN 2: 192.168.2.254 FA0/2 FA0/2 FA0/1 192.168.1.1 192.168.1.2 FA0/1 192.168.2.1 192.168.2.2 Author: Bill Buchanan VLAN 1: 192.168.0.254 MLS Author: Bill Buchanan MLS (Multilayered Switching). 3550, 4500 and 600- series switches can also forward frames based on Layer 3 and 4 information contained in packets. Two types: · Route cache. · Topology-based. Route-cache switching Route processor (RP) MLS cache update Route-cache Requires a route processor (RP) and a switch engine (SE). MLS cache · The RP process the first packet to determine its destionation. · The SE listens to this and the resulting destination, and sets up a shortcut entry in its MLS cache. · The SE forwards all subsequent packets in the same traffic flow based on shortcut entries in its cache. AKA: Netflow LAN switching, flowbased or demand-based switching, and "route once, switch many. Author: Bill Buchanan First-time route Switch Engine (SE) Topology-based (CEF) Switch Processor Topology-based Forwarding Information Base (FIB) This method uses specialized hardware. It uses Layer 3 routing information to build and prepopulate a single database for the entire network topology. This is a table lookup in hardware and is used to forward packets at high rates. The longest match found in the database is used as the correct Layer 3 destination. As routing topology change over time, the database contained in the hardware is continually updated. Cisco Express Forwarding (CEF) Author: Bill Buchanan Routing information MultiLayer Catalyst Switch Operations Security ACLs Inbound/Outbound (TCAM) QoS ACLs Classification/Policing (TCAM) Ingress Queues Permit/deny/ other Packet Re-writer L3 Forwarding Table (FIB) Egress Queues L2 Forwarding Table (CAM) FIB table MAC address Egress Port VLAN 000d.298e.a19a 0011.5c5e.ac41 Gi0/2 Fa0/3 1 1 Switch# sh mac address-table dynamic Mac Address Table ------------------------------------------Vlan ---1 1 1 10 20 Mac Address ----------000d.298e.a19a 0011.5c5e.ac41 0011.5c5e.ac42 000d.298e.a19a 000d.298e.a19a Type -------DYNAMIC DYNAMIC DYNAMIC DYNAMIC DYNAMIC Ports ----Gi0/2 Fa0/3 Fa0/4 Gi0/2 Gi0/2 Next-hop IP Next-hop MAC Egress Port 192.168.10.1 192.168.10.1 000d.298e.a19a 000d.298e.a19a Fa0/1 Fa0/2 # show ip cef Prefix Next Hop 0.0.0.0/0 192.168.1.5 0.0.0.0/32 receive 192.168.0.0/24 192.168.10.1 192.168.2.0/30 192.168.10.1 192.168.3.0/30 192.168.10.1 192.168.4.0/24 192.168.10.1 192.168.5.0/30 192.168.10.1 Interface fa0/1 fa0/1 fa0/2 fa0/3 fa0/1 fa0/2 # show ip cef summary IP CEF with switching (Table Version 1267), flags=0x0 239 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 3 3 instant recursive resolutions, 0 used background process 239 leaves, 153 nodes, 195448 bytes, 776 inserts, 537 invalidations 0 load sharing elements, 0 bytes, 0 references universal per-destination load sharing algorithm, id 9C1B7D1D 3(0) CEF resets, 483 revisions of existing leaves Resolution Timer: Exponential (currently 1s, peak 1s) 485 in-place/0 aborted modifications refcounts: 40214 leaf, 39424 node Table epoch: 0 (239 entries at this epoch) Adjacency Table has 3 adjacencies Author: Bill Buchanan CAM table IP address 192.168.0.0 192.168.2.0 Adjacency tables Ingress Queues Packet Re-writer L3 Forwarding Table (FIB) Egress Queues L2 Forwarding Table (CAM) FIB table Adjacency tables IP address Next-hop MAC Port 192.168.0.1 192.168.2.1 000d.298e.a19a 000d.298e.a19a Fa0/1 Fa0/2 IP address Next-hop IP Next-hop MAC Egress Port 192.168.0.0 192.168.2.0 192.168.10.1 192.168.10.1 000d.298e.a19a 000d.298e.a19a Fa0/1 Fa0/2 #show adjacency · Switch detects its own destination MAC address. · It looks up the destination IP address in the CEF table. · The first match in the CEF table points to an adjacency entry that contains the MAC rewrite information and destination interface. · The switch then rewrites the packet and sends it out the destination interface. Address IP IP IP 192.168.0.1 (11120) 192.168.2.1 (7) 100.1.1.1 (2005) GigabitEthernet0/1 FastEthernet0/1 FastEthernet0/2 #show adjacency detail Protocol Interface Address IP GigabitEthernet0/1 192.168.0.1(11120) 0 packets, 0 bytes 000d298ea19a 00D00624440A0800 ARP 00:05:40 Epoch: 0 IP FastEthernet0/1 192.168.2.1 (7) 0 packets, 0 bytes 00D0BCF107C8 00D00624440A0800 ARP 00:39:20 Epoch: 0 Author: Bill Buchanan CEF maintains an adjacency table from MAC addresses learnt through ARP. This table contains the MAC address rewrite information and the destination port. The next-hop address is the adjacency information. Protocol Interface Change of data frame Src IP 192.168.1.1 Src MAC: 1111.2222.1113 Dest IP 192.168.3.1 Dest MAC: 1111.2222.1114 FA0/2 192.168.2.1 1111.2222.1113 FA0/3 192.168.3.2 1111.2222.1115 FA0/1 192.168.1.2 1111.2222.1112 Src IP 192.168.1.1 Src MAC: 1111.2222.1115 Dest IP 192.168.3.1 Dest MAC: 1111.2222.1116 192.168.1.1 1111.2222.1111 192.168.3.1 1111.2222.1116 Author: Bill Buchanan Src IP 192.168.1.1 Src MAC: 1111.2222.1111 Dest IP 192.168.3.1 Dest MAC: 1111.2222.1112 192.168.2.2 1111.2222.1114 FA0/2 Level 2 information 192.168.2.2 1111.2222.1114 FA0/2 FA0/3 192.168.3.2 1111.2222.1115 FA0/2 192.168.2.1 1111.2222.1113 MAC address Egress Port VLAN 1111.2222.1111 1111.2222.1114 Fa0/1 Fa0/2 1 1 Switch# sh mac address-table Mac Address Table ------------------------------------------- 192.168.1.1 1111.2222.1111 Vlan ---1 1 1 1 Mac Address ----------1111.2222.1111 1111.2222.1114 1111.2222.1112 1111.2222.1113 Type Ports -----------DYNAMIC FA0/1 DYNAMIC FA0/2 STATIC192.168.3.1 FA0/1 STATIC1111.2222.1116 FA0/2 Total Mac Addresses for this criterion: 4 Author: Bill Buchanan Src IP 192.168.1.1 Src MAC: 1111.2222.1111 Dest IP 192.168.3.1 Dest MAC: 1111.2222.1112 FA0/1 192.168.1.2 1111.2222.1112 Adjacency table 192.168.2.2 1111.2222.1114 FA0/2 FA0/2 192.168.2.1 1111.2222.1113 #show adjacency Protocol Interface Address IP 192.168.2.2 (7) FastEthernet0/2 #show adjacency detail 192.168.1.1 1111.2222.1111 Protocol Interface Address IP FastEthernet0/1 192.168.2.2(7) 0 packets, 0 bytes 111122221114 1111222211130800 ARP 00:05:40 Epoch: 0 The first 12 characters, 111122221114, is the MAC address of the destination next-hop interface (destination MAC address rewrite). The next 12 characters, 111122221113 are the MAC address of the source interface of the packet (source MAC address rewrite). 192.168.3.1 1111.2222.1116 The last four characters (0x0800) represent an IP packet. Author: Bill Buchanan Src IP 192.168.1.1 Src MAC: 1111.2222.1111 Dest IP 192.168.3.1 Dest MAC: 1111.2222.1112 FA0/1 192.168.1.2 1111.2222.1112 FA0/3 The value in parentheses, 7, refers to the number of times 192.168.3.2 an FIB entry points to an adjacency entry 1111.2222.1115 CEF table 192.168.2.2 1111.2222.1114 FA0/2 FA0/3 192.168.3.2 1111.2222.1115 FA0/2 192.168.2.1 1111.2222.1113 # show ip cef Prefix 0.0.0.0/0 0.0.0.0/32 192.168.3.0/24 192.168.2.2/32 192.168.1.0/24 224.0.0.0/4 224.0.0.0/24 Next Hop 192.168.2.2 receive 192.168.2.2 attached attached drop receive Interface fa0/2 fa0/2 fa0/2 fa0/1 192.168.1.1 1111.2222.1111 192.168.3.1 1111.2222.1116 Author: Bill Buchanan Src IP 192.168.1.1 Src MAC: 1111.2222.1111 Dest IP 192.168.3.1 Dest MAC: 1111.2222.1112 FA0/1 192.168.1.2 1111.2222.1112 TCAMs Security ACLs Inbound/Outbound (TCAM) Ingress Queues L3 Forwarding Table (FIB) L2 Forwarding Table (CAM) Packet Re-writer Egress Queues TCAM (Ternary Content Addressable Memory ) In normal ACL process, the ACLs are evaluated one at a time, which leads to a delay. In multilayer switches all the matching process that ACLs provide is implemented in hardware. Thus TCAM allows the packet to be evaluated against an entire access list in a single table lookup. There are also multiple TCAMs for inbound and outbound security and QoS ACLs in parallel with with a Layer 2 or Layer 3 forwarding decision. Author: Bill Buchanan QoS ACLs Classification/Policing (TCAM) Permit/deny/ other