Cisco Presentation Template

Download Report

Transcript Cisco Presentation Template 

Chapter 7
Improving IP Routing
Performance with
Multilayer Switching
© 1999, Cisco Systems, Inc.
7-1
Objectives
Upon completion of this chapter, you will be
able to perform the following tasks:
• Identify network devices necessary to effect MLS
• Configure the distribution layer devices to
participate in multilayer switching
• Verify existing flow information in the MLS cache
• Apply flow masks to influence the type of MLS
cache entry
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-2
Improving IP Routing Performance
with MLS
In this chapter, we discuss the following
topics:
• Multilayer switching fundamentals
• Configuring the multilayer switch route
processor
• Applying flow masks
• Configuring the Multilayer Switch
Switching Engine
• MLS topology examples
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-3
Improving IP Routing Performance
with MLS (cont.)
In this section we discuss the following topics:
• Multilayer Switching Fundamentals
—What is MLS
—Hardware/Software Requirements
—MLS Components
—How MLS works
—Commands that Disable MLS
• Configuring the Multilayer Switch Route
Processor
• Applying Flow Masks
• Configuring the Multilayer Switch
Switching Engine
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-4
Defining Flows
p3
Host A
p2
Multilayer Switched Environment
p1
Host B
Conventional Environment
1 First
Packet
Host A
Host B
2 Subsequent Packets
• Each packet of a traditional flow must be processed
by the router
• The first packet of an MLS flow is processed by the
router; all subsequent packets are switched
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-5
Internal Router Processor
Software/Hardware Requirements
Route Switch Module (RSM)
Cisco IOS™ Release 11.3(2)WA4(4) or Later
Catalyst 2926G, 5000, or 6000 Series Switch
Supervisor Engine III, FSX, III FLX, IIG, or IIIG Module
Supervisor Engine Software Release 4.1(1) or Later
NetFlow Feature Card (NFFC), NFFC II
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-6
External Router Processor
Software/Hardware Requirements
Cisco High-End Routers, such as Cisco 3620, 3640, 7500, 7200, 4500, or 4700 Series
Cisco IOS Release 11.3(2)WA4(4) or Later
Catalyst 2926G, 5000, or 6000 Series Switch
Supervisor Engine III, FSX, III FLX, IIG, or IIIG Module
Supervisor Engine Software Release 4.1(1) or Later
NetFlow Feature Card (NFFC), NFFC II
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-7
MLS Components
MLS-RP—Multilayer
Switching Route Processor
RSM
MLS-SE—Multilayer
Switching Switch Engine
Cisco
85xx
OR
75XX
72XX
4XXX
MLSP—Multilayer Switching Protocol
Multicast Hello Messages sent to
MLS-SE by MLS-RP to Inform:
• MAC addresses used on different VLANs
• Routing/access—lists changes occurring on MLS-RP
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-8
MLS-RP Advertisement
Hello Message
• MLS-RP sends out multicast hello messages
• Messages contain MAC, VLAN, and route information
• Messages use the CGMP multicast well-known
address
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-9
Receiving MLSP Hello Messages
Hello Message
Hello Message
I am not a
Layer 3 Switch
but I will still
pass on the
message.
• All switches receive the hello message
• Layer 3 switches process the hello message
• IP multicast passes transparently through nonCisco switches
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-11
Assigning XTAGs
MLS-RP A
MLS-RP B
MLS-RP C
MLS-RP A = XTAG34
MLS-RP B = XTAG11
MLS-RP C = XTAG28
• The MLS-SE assigns a unique identifier to each MSL-RP
• XTAG value is a one-byte value that the MLS-SE
attaches to the MAC address
• Used to delete a specific Layer 3 entries when then
MLS-RP fails or exits the network
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-12
Establishing an MLS Cache
Entry
Candidate Packet
0010.0679.5800
172.16.68.13
L3 Information
Source IP = 172.16.10.123
Destination IP = 172.16.22.57
L2 Information
3
2
Source MAC = 0010.f663.d000
Destination MAC = 0010.0679.5800
4
A
Cache Entry?
1
B
0090.b133.7000
172.16.22.57
0010.f663.d000
172.16.10.123
1• The MLS-SE receives initial frame
2• The MLS-SE reads and recognizes the destination MAC Address
3• The MLS-SE checks the MLS cache for like entries
4• The MLS-SE forwards the frame to the MLS-RP
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-13
Establishing an MLS Cache
Entry (cont.)
Enable Packet
L3 Information
Source IP = 172.16.10.123
Destination IP = 172.16.22.57
L2 Information
0010.0679.5800
172.16.68.13
7
5
6
8
Source MAC = 0010.0679.5800
Destination MAC = 0090.b133.7000
A
B
0090.b133.7000
172.16.22.57
0010.f663.d000
172.16.10.123
5• The MLS-RP receives the frame and consults the routing table
6• The MLS-RP rewrites the header with the new destination MAC address
7• The MLS-RP enters its own MAC address for the source address
8• The MLS-RP forwards the frame to the MLS-SE
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-14
Establishing an MLS Cache
Entry (cont.)
0010.0679.5800
172.16.68.13
Candidate Packet XTAG = 28
Enable Packet XTAG = 28
10
MLS Cache
9
0010.f663.d000
172.16.10.123
A
MLS-RP IP
172.16.68.13
12
11
MLS-RP ID
XTAG MLS-RP
MAC-Vlans
001006795800 28
00-10-67-95-80-00 1,41,42
B
0090.b133.7000
172.16.22.57
MLS Cache Entry
Destination IP Source IP
Port DstPrt SrcPrt Destination Mac Vlan Port
172.16.22.57 172.16.10.123 UDP 1238 60224 00-90-b1-33-70-00 45 2/9
9• The MLS-SE receives the frame
• The MLS-SE compares the XTAGs of the candidate and enable packets
10
• The MLS-SE records the enable packet information in the MLS cache
11
• The MLS-SE forwards the frame to the destination
12
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-15
Switching Subsequent Frames
in a Flow
Incoming Frame
L3 Information
Rewritten Frame
Source IP = 172.16.10.123
Destination IP = 172.16.22.57
L2 Information
L3 Information
15
13
Source MAC = 0010.f663.d000
Destination MAC = 0010.0679.5800
L2 Information
B
A
16
0010.f663.d000
172.16.10.123
14
Source IP = 172.16.10.123
Destination IP = 172.16.22.57
Source MAC = 0010.0679.5800
Destination MAC = 0090.b133.7000
0090.b133.7000
172.16.22.57
Destination IP Source IP
Port DstPrt SrcPrt Destination Mac Vlan Port
172.16.22.57 172.16.10.123 UDP 1238 60224 00-90-b1-33-70-00 45 2/9
MLS Cache Entry
• The MLS-SE receives subsequent frames in the flow
13
• The MLS-SE compares the incoming frame with the MLS cache entry
14
15
• The MLS-SE rewrites the frame header
16
• The MLS-SE forwards the frame to the destination
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-16
Commands that Disable MLS
• no ip routing
• ip security (all forms of this command)
• ip tcp compression-connections
• ip tcp header-compression
A
B
All MLS Cache Entries Purged
• Any command that requires the router to process
the packet will disable MLS
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-17
Improving IP Routing
Performance with MLS
In this section we discuss the following topics:
• Multilayer Switching Fundamentals
• Configuring the Multilayer Switch Route Processor
—Enabling MLS on a route processor
—Configuring an External Interface
—Configuring an Internal Interface
—Verifying the Configuration
• Applying Flow Masks
• Configuring the Multilayer Switch
Switching Engine
• MLS Topology Examples
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-18
Enabling MLS on the MLS-RP
Router#show mls rp
multilayer switching is globally enabled
mls id is 0010.f6b3.d000
mls ip address 172.16.31.113
Router(config)#mls rp ip
• Globally enabling MLS on a router activates the MLSP
protocol for that route processor
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-19
Assigning a VLAN ID to an
Interface on an External Router
Router(config)#int ethernet 0
Router (config-if)#mls rp vlan-id 41
E0
VLAN41
• This command is required on external routers with a
non-ISL interface only
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-20
Assigning an MLS Interface to a
VTP Domain
Router#show mls rp
multilayer switching is globally disabled
mls id is 0010.f6b3.d000
mls ip address 172.16.1.141
mls flow mask is destination-ip
number of domains configured for mls 1
Router(config)#int vlan41
Router(config-if)#mls rp vtp-domain bcmsn
vlan domain name: bcmsn
bcmsn
VTP Domain
• The RSM automatically maps a VLAN to an
internal interface
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-21
Verifying the MLS VTP Domain
Router#show mls rp vtp-domain bcmsn
vlan domain name: bcmsn
vlan domain name: bcmsn
current flow mask: destination-ip
current sequence number: 779898042
current/maximum retry count: 0/10
current domain state: no-change
current/next global purge: false/false
current/next purge count: 0/0
domain uptime: 6d05h
keepalive timer expires in 6 seconds
retry timer not running
change timer not running
• The show mls rp vtp-domain command displays
information about a specific VTP domain
• Each interface belongs to only one VTP domain
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-22
Enabling MLS on an Interface
Router#show mls rp
(text deleted)
2 mac-vlan(s) configured for multilayer switching:
mac 0010.f6b3.d000
vlan id(s)
1
41
Router(config)#int vlan41
Router(config-if)#mls rp vtp-domain bcmsn
Router(config-if)#mls rp ip
• MLS must be explicitly entered on the interface
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-23
Problem: Creating a Null
Domain
Router#show mls rp
multilayer switching is globally enabled
(text deleted)
number of domains configured for mls 2
vlan domain name: -null(text deleted)
vlan domain name: bcmsn
Router(config)#int vlan41
Router(config-if)#mls rp ip
-nullDomain
bcmsn
VTP Domain
• Enabling MLS on an interface before assigning the interface
in a VTP domain places the interface in a null domain
• When in a null domain, the interface cannot interact with
any switches
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-24
Solution: Removing an Interface
from a Null VTP Domain
Router#show mls rp
multilayer switching is globally enabled
(text deleted)
number of domains configured for mls 1
Router(config)#int vlan41
Router(config-if)#no mls rp ip
vlan domain name: bcmsn
bcmsn
VTP Domain
• Disabling MLS on an interface removes the interface from a null
domain
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-25
Assigning an MLS
Management Interface
Router#show mls rp
(text deleted)
1 management interface(s) currently
defined:
vlan 1 on Vlan1
Router(config)#int vlan1
Router(config-if)#mls rp ip management-interface
• At least one interface on the MSL-RP must be configured as the
management interface
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-26
Verifying the MLS-RP
Configuration
This MAC address appears in
the MLS Cache
The IP Address given to the
MLS-SE
The domain name must
match with the MLS-SE
The interface sending MLSP
messages
The number of switches for
which the MLS-RP is routing
© 1999, Cisco Systems, Inc.
Router#show mls rp
Multilayer switching is globally enabled
mls id is 0010.f6b3.d000
mls ip address 172.16.1.142
mls flow mask is destination-ip
number of domains configured for mls 1
vlan domain name: bcmsn
current flow mask: destination-ip
current sequence number: 779898001
current/maximum retry count: 0/10
current domain state: no-change
current/next global purge: false/false
current/next purge count: 0/0
domain uptime: 00:21:40
keepalive timer expires in 6 seconds
retry timer not running
change timer not running
1 management interface(s) currently defined:
vlan 1 on Vlan1
2 mac-vlan(s) configured for multi-layer switching:
mac 0010.f6b3.d000
vlan id(s)
1 41 42
router currently aware of following 0 switch(es):
www.cisco.com
BCMSN—7-27
Verifying the MLSP-RP
Interface Configuration
RSM#show mls rp interface vlan1
mls active on Vlan1, domain bcmsn
interface Vlan1 is a management interface
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-28
Improving IP Routing
Performance with MLS
In this section we discuss the following topics:
• Multilayer Switching Fundamentals
• Configuring the Multilayer Switch Route Processor
• Applying Flow Masks
—What is a Flow Mask?
—Types of Flow Masks
—Output Access Lists and MLS
—Input Access lists and MLS
• Configuring the Multilayer Switch
Switching Engine
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-29
MLS Flow Masks
MLS-RP A
MLS-RP C
No Access List
Extended Access List
MLS-RP B
Standard Access List
Flows from MLS-RP A, MLS-RP B, and MLS-RP C
Are Based on Criteria from MLS-RP C
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-30
Flow Mask: Destination-IP
MLS-RP A
interface Vlan41
ip address 172.16.41.168 255.255.255.0
mls rp vtp-domain bcmsn
mls rp management-interface
mls rp ip
No Access List
multilayer switching is globally enabled
mls id is 0010.f6b3.d000
mls ip address 172.16.41.168
mls flow mask is destination-ip
number of domains configured for mls 1
vlan domain name: bcmsn
current flow mask: destination-ip
© 1999, Cisco Systems, Inc.
www.cisco.com
Flow Mask
BCMSN—7-31
Flow Mask: Source-Destination-IP
MLS-RP B
interface Vlan11
ip address 172.16.11.113 255.255.255.0
ip access-group 2 out
mls rp vtp-domain bcmsn
mls rp management-interface
mls rp ip
Standard Access List
Router#show mls rp
multilayer switching is globally enabled
mls id is 0010.f6b3.d000
mls ip address 172.16.31.113
mls flow mask is source-destination-ip
number of domains configured for mls 1
vlan domain name: Engineering
current flow mask: source-destination-ip
© 1999, Cisco Systems, Inc.
www.cisco.com
Flow Mask
BCMSN—7-32
Flow Mask: IP-Flow
MLS-RP C
interface Vlan11
ip address 172.16.11.113 255.255.255.0
ip access-group 101 out
mls rp vtp-domain bcmsn
mls rp management-interface
mls rp ip
Extended Access List
multilayer switching is globally enabled
mls id is 0010.f6b3.d000
mls ip address 172.16.31.113
mls flow mask is ip-flow
number of domains configured for mls 1
vlan domain name: Engineering
current flow mask: ip-flow
© 1999, Cisco Systems, Inc.
www.cisco.com
Flow Mask
BCMSN—7-33
Output Access Lists and MLS
0010.0679.5800
172.16.68.13
ip access-group 101 out
0010.f663.d000
172.16.10.123
A
B
0090.b133.7000
172.16.22.57
MLS Cache Entries for
Flow AB Are Purged
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-34
Output Access Lists and MLS
(cont)
Candidate Packet
Enable Packet
L3 Information
L3 Information
Source IP = 172.16.10.123
Destination IP = 172.16.22.57
Source IP = 172.16.10.123
Destination IP = 172.16.22.57
L2 Information
Source MAC = 0010.f663.d000
Destination MAC = 0010.0679.5800
0010.0679.5800 L2 Information
172.16.68.13
Source MAC = 0010.0679.5800
Destination MAC = 0090.b133.7000
ip access-group 101 out
0010.f663.d000
172.16.10.123
A
B
0090.b133.7000
172.16.22.57
New MLS Cache Entry
for Flow AB
Destination IP Source IP
Port DstPrt SrcPrt Destination Mac Vlan Port
172.16.22.57 172.16.10.123 TCP 7001 7004 00-90-b1-33-70-00 68 2/9
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-35
Input Access Lists and MLS
0010.0679.5800
172.16.68.13
ip access-group 101 in
0010.f663.d000
172.16.10.123
A
B
0090.b133.7000
172.16.22.57
MLS Cache Entries for
Flow AB Are Purged
• All subsequent packets between A and B on that interface
are routed
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-36
Supporting Input Access Lists
Router#sho run
Building configuration...
Current configuration:
!
version 11.3
(Text Deleted)
mls rp nde-address 172.16.31.113
mls rp ip input-acl
mls rp ip
Router(config)#mls rp ip input-acl
ip access-group 101 in
A
B
L3 Switched for Flow AB
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-37
Improving IP Routing
Performance with MLS
In this section we discuss the following topics:
• Multilayer Switching Fundamentals
• Configuring the Multilayer Switch Route Processor
• Applying Flow Masks
• Configuring the Multilayer Switch
Switching Engine
— Enabling MLS on the Switch
— Aging out Cache Entries
— Managing Short-Lived Flows
— Adding External Router MLS Ids
— Verifying the Configuration
• MLS Topology Examples
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-38
Enabling MLS on the MLS-SE
Switch (enable)#show config
(Text Deleted)
#mls
set mls enable
Switch(enable)#set mls enable
• Must be enabled before a switch can participate in MLS
• Automatically enabled on MLS-capable switches
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-39
Aging Out Cache Entries
I haven’t seen
any packets for
this entry within
256 seconds. I will
delete this entry
from the cache
0010.0679.5800
0010.f663.d000
172.16.10.123
A
B
0090.b133.7000
172.16.22.57
MLS Cache Entry
for Flow AB
Destination IP Source IP
Port
172.16.46.122 172.16.10.123
© 1999, Cisco Systems, Inc.
DstPrt SrcPrt Destination Mac Vlan Port
00-90-b1-33-70-00 3
2/8
www.cisco.com
BCMSN—7-40
Modifying the Cache Aging
Time
Switch (enable)#set mls agingtime 297
Multilayer switching agingtime set to 304
Switch(enable)show config
(Text Deleted)
#mls
set mls enable
set mls agingtime 304
• MLS-SE automatically “rounds up” in 8-second
increments
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-41
Managing Short-Lived Flows
0010.0679.5800
I haven’t seen any packets
for this entry for over 10
seconds but I still must keep
these entries in the cache for
the default aging time.
DNS
Response
0010.f663.d000
172.16.10.123
A
DNS Request
0010.7bee.9501
172.16.46.122
DNS Server
Destination IP Source IP
Port DstPrt SrcPrt Destination Mac Vlan Port
172.16.46.122 172.16.10.123 TCP DNS DNS 00-10-7b-ee-95-01 3
2/8
172.16.10.123 182.16.46.122 TCP DNS DNS 00-10-16-63-d0-00 3
2/6
• Short-lived flows entries take up MLS cache
space even though there is no flow activity
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-42
Modifying agingtime fast
Switch (enable)#set mls agingtime fast
64 7
Switch (enable)show config
(Text Deleted)
#mls
set mls enable
set mls agingtime 304
set mls agingtime fast 64 7
• agingtime fast sets a threshold for cache entries
• agingtime fast removes entries from the cache if the
threshold has been crossed.
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-43
Verifying the Configuration
Switch (enable) show mls
Multilayer switching enabled
Multilayer switching aging time = 304 seconds
Multilayer switching fast aging time = 64 seconds, packet threshold = 7
Full flow
Total packets switched = 101892
Active shortcuts = 2138
Netflow Data Export disabled
Netflow Data Export port/host is not configured.
Total packets exported = 0
MLS-RP IP
--------172.16.41.168
© 1999, Cisco Systems, Inc.
MLS-RP ID
XTAG
-------------0010f6b3d000 28
www.cisco.com
MLS-RP MAC-Vlans
-----------------------00-10-f6-b3-d0-00 1,41-42
BCMSN—7-45
Including an External Router
MLS IP Address
Interface FE 0
172.16.41.168
Switch (enable) set mls include 172.16.41.168
Multilayer switching enabled for router 172.16.41.168
• Required for external routers
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-46
Displaying the Switch
Inclusion List
17.16.1.142
17.16.41.168
Automatically Added Internal
Route Processor
Switch (enable) show mls include
Included MLS-RP
---------------------172.16.1.142
172.16.41.168
Manually Added External
Route Processor
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-47
Display MLS Cache Entries
Switch (enable) show mls entry
Destination IP Source IP
--------------- --------------MLS-RP 172.16.1.142:
172.16.53.1
172.16.87.3
172.16.53.1
172.16.87.3
172.16.53.1
172.16.87.3
MLS-RP 172.16.41.168:
172.16.41.17
172.16.53.1
172.16.41.17
172.16.53.1
© 1999, Cisco Systems, Inc.
Prot DstPrt SrcPrt Destination Mac
Vlan Port
---- ------ ------ ----------------- ---- ----UDP
UDP
UDP
1238
69
69
60224
60224
36776
00-10-7b-ee-94-70 1
00-10-7b-ee-94-70 1
00-10-7b-ee-94-70 1
2/9
2/9
2/9
UDP
UDP
60224
36776
1238
69
00-00-0c-06-5b-1e 41
00-00-0c-06-5b-1e 41
2/1
2/1
www.cisco.com
BCMSN—7-48
Removing MLS Cache Entries
Switch (enable) clear mls entry destination 172.16.1.142
Switch (enable) show mls entry
Destination IP Source IP
Prot DstPrt SrcPrt Destination Mac
Vlan Port
--------------- --------------- ---- ------ ------ ----------------- ---- ----MLS-RP 172.16.41.168:
172.16.41.17
172.16.53.1
UDP 60224 1238
00-00-0c-06-5b-1e 41
2/1
172.16.41.17
172.16.53.1
UDP 36776 69
00-00-0c-06-5b-1e 41
2/1
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-49
Improving IP Routing
Performance with MLS
In this section we discuss the following topics:
• Multilayer Switching Fundamentals
• Configuring the Multilayer Switch Route Processor
• Applying Flow Masks
• Configuring the Multilayer Switch
Switching Engine
• MLS Topologies
—Topology Examples
—Topology Quiz
—Unsupported Topology
—Topology Changes and Routing Impacts
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-50
MLS Topology Example 1
MLS-RP
R2
3
4
A
2•
3•
4•
5•
6•
B
R2
R1
1•
5
2
1
MLS-SE
6
Host A sends a packet to the default gateway
R1 rewrites the frame header to reflect the destination as
the next-hop router (R2)
MLS-SE forwards the frame to R2
R2 rewrites the frame header to reflect the destination as
Host B
MLS-SE forwards the frame to Host B
All subsequent frames are switched
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-51
MLS Topology Example 2
MLS-RP
1• Host A sends a packet to the default gateway
3• MLS-SE2 forwards the frame to MLS-SE3
10
4• MLS-SE3 forwards the frame to MLS-RP1
10
forwards the frame to MLS-SE3
6• MLS-SE3 forwards the frame to MLS-SE2
8• MLS-SE1 forwards the frame to Host B
9• All subsequent frames are switched
MLS-SE3
6
3
5• MLS-RP1 rewrites the frame header and
7• MLS-SE2 forwards the frame to MLS-SE1
5
4
2• MLS-SE1 forwards the frame to MLS-SE2
MLS-SE2
7
2
MLS-SE1
A
1
8
B
9
through MLS-SE1
10• Entries in MLS-SE2 and 3 time out
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-52
Quiz: MLS Topology Example
MLS-RP
S1
X
S2
Port in
Blocking State
S3
S4
S7
S5
S6
A
B
• Original MLS path was A S4 S2 S1 S3 S7B
• Spanning tree blocked the link between S1 and S3
• What is the next available MLS path?
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-53
Answer: MLS Topology
Example
MLS-RP
S1
X
S2
Port in
blocking state
S3
S4
S7
S5
S6
A
B
• First packet path = A S4 S2 S1 S2 S3 S7 B
• Subsequent packet path = A S4 S2 S3 S7 B
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-54
Unsupported MLS Topology
VLAN41
VLAN42
RSM1
RSM2
A
© 1999, Cisco Systems, Inc.
B
www.cisco.com
BCMSN—7-55
Unsupported MLS Topology—
Solution 1
VLAN 41
VLAN 42
MLS-RP 1
MLS-RP 2
ISL Link
MLS-SE 1
MLS-SE 2
A
B
• Configure an ISL link from MLS-SE1 to MLS-RP1 to carry both
VLAN41 and VLAN42
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-56
Unsupported MLS Topology—
Solution 2
VLAN 41
VLAN 42
MLS-RP 1
MLS-RP 2
Link 1
Link 2
MLS-SE 1
MLS-SE 2
A
B
• Configure a second link from MLS-SE1 to MLS-RP1 to route for
Subnet 42
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-57
Impact of a Host Move on the
MLS Cache
MLS-RP
Interface VLAN41
C
172.16.68.0 is directly connected, VLAN41
C
172.16.22.0 is directly connected, VLAN 42
Interface VLAN42
B
Port 2/4
172.16.22.57
MLS Port
Designation
A
172.16.10.123
Destination IP Source IP
Port DstPrt SrcPrt Destination Mac Vlan Port
---------------------------------- -------- ------ ---------------------- ------ -----172.16.22.57 172.16.10.123 TCP 7001 7003 00-90-b1-33-70-00 12 2/4
• Station A is Layer 3 switching through port 2/4 to Station B
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-58
Impact of a Host Move on the
MLS Cache (cont.)
MLS-RP
Interface VLAN41
Candidate
Packet
C
172.16.68.0 is directly connected, VLAN41
C
172.16.22.0 is directly connected, VLAN 42
Interface VLAN42
Enabled Packet
B
Port 2/7
172.16.22.57
MLS Port
Designation
Flush Entry
From MLS Cache
A
Destination IP Source IP
-----------------------------
Port DstPrt SrcPrt Destination Mac
------ -------- ------ ----------------------
Vlan Port
------ ------
172.16.10.123
• Station B is moved to port 2/7
• The MLS cache is flushed
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-59
Impact of a Host Move on the
MLS Cache (cont.)
MLS-RP
Interface VLAN41
C C 172.16.68.0
is directly
connected,
Vlan11
172.16.68.0
is directly
connected,
VLAN41
C C 172.16.22.0
is directly
connected,
Vlan
12 42
172.16.22.0
is directly
connected,
VLAN
Interface VLAN42
B
Port 2/7
172.16.22.57
A
172.16.10.123
MLS Port
Designation
New MLS Cache Entry
Destination IP Source IP
Port DstPrt SrcPrt Destination Mac Vlan Port
---------------------------------- -------- ------ ---------------------- ------ -----172.16.22.57 172.16.10.123 TCP 7001 7003 00-90-b1-33-70-00 41 2/7
• A new MLS cache entry is established
• Station A is Layer 3 switching through port 2/7 to Station B
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-60
Laboratory Exercise: Visual
Objective
Switch Block X
VLAN x1
VLAN x2
VLAN x4
VLAN x3
Multilayer Switched IP Flow
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-61
Summary
• Multilayer switching enhances IP routing performance
• Cisco MLS switches consists of both routing and
switching entities that function together to effect MLS
• MLS identifies and maintains a separate cache entry for
each MLS flow
• Flow mask determine how MLS entries are created in
the MLS cache
• The presence or absence of ACLs determine the flow
mask used
• Changes to the routing table in the MLS-RP may or may
not affect MLS cache entries.
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-62
Review
• Explain how the routing and switching
functions of a Cisco MLS switch work
together to enable multilayer switching.
• Describe the three flow mask modes and the
impact ACLs have on those modes.
• Discuss how various router/switch
configuration can effect multilayer switching.
© 1999, Cisco Systems, Inc.
www.cisco.com
BCMSN—7-63