MULTILAYER CERAMIC CAPACITORS Capacitor Arrays Series … · Multilayer Ceramic Capacitors ...
© 1999, Cisco Systems, Inc. 7-1 Chapter 7 Improving IP Routing Performance with Multilayer...
-
Upload
carlos-bartlett -
Category
Documents
-
view
219 -
download
0
Transcript of © 1999, Cisco Systems, Inc. 7-1 Chapter 7 Improving IP Routing Performance with Multilayer...
© 1999, Cisco Systems, Inc. 7-1
Chapter 7
Improving IP Routing Performance with
Multilayer Switching
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-2
ObjectivesObjectives
Upon completion of this chapter, you will be able to perform the following tasks:
• Identify network devices necessary to effect MLS
• Configure the distribution layer devices to participate in multilayer switching
• Verify existing flow information in the MLS cache
• Apply flow masks to influence the type of MLS cache entry
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-3
Improving IP Routing Performance with MLS
Improving IP Routing Performance with MLS
In this chapter, we discuss the following topics:
• Multilayer switching fundamentals
• Configuring the multilayer switch route processor
• Applying flow masks
• Configuring the Multilayer Switch Switching Engine
• MLS topology examples
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-4
Improving IP Routing Performance with MLS (cont.)
In this section we discuss the following topics:
• Multilayer Switching Fundamentals
—What is MLS
—Hardware/Software Requirements
—MLS Components
—How MLS works
—Commands that Disable MLS
• Configuring the Multilayer Switch Route Processor
• Applying Flow Masks
• Configuring the Multilayer Switch Switching Engine
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-5
Defining Flows
Host B
p1
Host A
p3
11
22
• Each packet of a traditional flow must be processed by the router
• The first packet of an MLS flow is processed by the router; all subsequent packets are switched
Host B
Conventional Environment First Packet
Subsequent PacketsHost A
Multilayer Switched Environmentp2
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-6
Route Switch Module (RSM)
Cisco IOS™ Release 11.3(2)WA4(4) or Later
Internal Router ProcessorSoftware/Hardware Requirements
Catalyst 2926G, 5000, or 6000 Series Switch
Supervisor Engine III, FSX, III FLX, IIG, or IIIG Module
Supervisor Engine Software Release 4.1(1) or Later
NetFlow Feature Card (NFFC), NFFC II
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-7
Catalyst 2926G, 5000, or 6000 Series Switch
Supervisor Engine III, FSX, III FLX, IIG, or IIIG Module
Supervisor Engine Software Release 4.1(1) or Later
NetFlow Feature Card (NFFC), NFFC II
Cisco High-End Routers, such as Cisco 3620, 3640, 7500, 7200, 4500, or 4700 Series
Cisco IOS Release 11.3(2)WA4(4) or Later
External Router ProcessorSoftware/Hardware Requirements
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-8
MLS Components
MLS-SE—MultilayerSwitching Switch Engine
MLSP—Multilayer Switching ProtocolMulticast Hello Messages sent to MLS-SE by MLS-RP to Inform:• MAC addresses used on different VLANs• Routing/access—lists changes occurring on MLS-RP
Cisco85xx75XX72XX4XXX
OR
RSM
MLS-RP—Multilayer Switching Route Processor
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-9
MLS-RP Advertisement
• MLS-RP sends out multicast hello messages • Messages contain MAC, VLAN, and route information• Messages use the CGMP multicast well-known
address
Hello Message
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-11
Hello Message
• All switches receive the hello message• Layer 3 switches process the hello message• IP multicast passes transparently through non-
Cisco switches
Receiving MLSP Hello MessagesReceiving MLSP Hello Messages
Hello Message
I am not a Layer 3 Switch but I will still pass on the
message.
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-12
Assigning XTAGs
MLS-RP A MLS-RP B
• The MLS-SE assigns a unique identifier to each MSL-RP
• XTAG value is a one-byte value that the MLS-SE attaches to the MAC address
• Used to delete a specific Layer 3 entries when then MLS-RP fails or exits the network
MLS-RP C
MLS-RP A = XTAG34MLS-RP B = XTAG11MLS-RP C = XTAG28
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-13
Candidate PacketCandidate Packet
Source MAC = 0010.f663.d000Destination MAC = 0010.0679.5800
L3 InformationL3 Information
L2 InformationL2 Information
Source IP = 172.16.10.123Destination IP = 172.16.22.57
Establishing an MLS Cache Entry
• The MLS-SE receives initial frame
• The MLS-SE reads and recognizes the destination MAC Address
• The MLS-SE checks the MLS cache for like entries
• The MLS-SE forwards the frame to the MLS-RP
11
22
33
44
B
0010.0679.5800172.16.68.13
0090.b133.7000172.16.22.57
11
22 33Cache Entry?
A
0010.f663.d000172.16.10.123
44
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-14
B
0010.0679.5800172.16.68.13
0090.b133.7000172.16.22.57
A
0010.f663.d000172.16.10.123
Source MAC = 0010.0679.5800Destination MAC = 0090.b133.7000
Enable PacketEnable Packet
Source IP = 172.16.10.123Destination IP = 172.16.22.57
L3 InformationL3 Information
L2 InformationL2 Information
Establishing an MLS Cache Entry (cont.)
• The MLS-RP receives the frame and consults the routing table
• The MLS-RP rewrites the header with the new destination MAC address
• The MLS-RP enters its own MAC address for the source address
• The MLS-RP forwards the frame to the MLS-SE
55
66
77
88
55
66 88
77
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-15
MLS-RP IP MLS-RP ID XTAG MLS-RP MAC-Vlans172.16.68.13 001006795800 28 00-10-67-95-80-00 1,41,42
Establishing an MLS Cache Entry (cont.)
A B0010.f663.d000
172.16.10.123
0010.0679.5800172.16.68.13
0090.b133.7000172.16.22.57
MLS Cache
Candidate Packet XTAG = 28
• The MLS-SE receives the frame
• The MLS-SE compares the XTAGs of the candidate and enable packets
• The MLS-SE records the enable packet information in the MLS cache
• The MLS-SE forwards the frame to the destination
99
1010
1111
1212
99
Enable Packet XTAG = 28 1010
1212
Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port172.16.22.57 172.16.10.123 UDP 1238 60224 00-90-b1-33-70-00 45 2/9
MLS Cache Entry1111
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-16
Switching Subsequent Frames in a Flow
• The MLS-SE receives subsequent frames in the flow
• The MLS-SE compares the incoming frame with the MLS cache entry
• The MLS-SE rewrites the frame header
• The MLS-SE forwards the frame to the destination
1313
1414
1515
1616
Incoming FrameIncoming Frame
Source MAC = 0010.f663.d000Destination MAC = 0010.0679.5800
L3 InformationL3 Information
L2 InformationL2 Information
Source IP = 172.16.10.123Destination IP = 172.16.22.57
Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port172.16.22.57 172.16.10.123 UDP 1238 60224 00-90-b1-33-70-00 45 2/9
MLS Cache Entry
Source IP = 172.16.10.123Destination IP = 172.16.22.57
L3 InformationL3 Information
L2 InformationL2 Information
Rewritten FrameRewritten Frame
Source MAC = 0010.0679.5800Destination MAC = 0090.b133.7000
0010.f663.d000172.16.10.123
0090.b133.7000172.16.22.57
A B
1313
1414
1515
1616
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-17
A B
Commands that Disable MLS
• no ip routing
• ip security (all forms of this command)
• ip tcp compression-connections
• ip tcp header-compression
All MLS Cache Entries Purged
• Any command that requires the router to process the packet will disable MLS
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-18
Improving IP Routing Performance with MLS
In this section we discuss the following topics:
• Multilayer Switching Fundamentals
• Configuring the Multilayer Switch Route Processor
—Enabling MLS on a route processor
—Configuring an External Interface
—Configuring an Internal Interface
—Verifying the Configuration
• Applying Flow Masks
• Configuring the Multilayer Switch Switching Engine
• MLS Topology Examples
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-19
Enabling MLS on the MLS-RP
Router(config)#mls rp ipRouter#show mls rpmultilayer switching is globally enabledmls id is 0010.f6b3.d000mls ip address 172.16.31.113
• Globally enabling MLS on a router activates the MLSP protocol for that route processor
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-20
Router(config)#int ethernet 0Router (config-if)#mls rp vlan-id 41
Assigning a VLAN ID to an Interface on an External Router
• This command is required on external routers with a non-ISL interface only
E0VLAN41
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-21
Router(config)#int vlan41Router(config-if)#mls rp vtp-domain bcmsn
Assigning an MLS Interface to a VTP Domain
• The RSM automatically maps a VLAN to an internal interface
Router#show mls rpmultilayer switching is globally disabledmls id is 0010.f6b3.d000mls ip address 172.16.1.141mls flow mask is destination-ipnumber of domains configured for mls 1
vlan domain name: bcmsn
bcmsnVTP Domain
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-22
Verifying the MLS VTP Domain
Router#show mls rp vtp-domain bcmsnvlan domain name: bcmsn vlan domain name: bcmsn current flow mask: destination-ip current sequence number: 779898042 current/maximum retry count: 0/10 current domain state: no-change current/next global purge: false/false current/next purge count: 0/0 domain uptime: 6d05h keepalive timer expires in 6 seconds retry timer not running change timer not running
• The show mls rp vtp-domain command displays information about a specific VTP domain
• Each interface belongs to only one VTP domain
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-23
Router(config)#int vlan41Router(config-if)#mls rp vtp-domain bcmsnRouter(config-if)#mls rp ip
Enabling MLS on an Interface
Router#show mls rp(text deleted)
2 mac-vlan(s) configured for multi-layer switching: mac 0010.f6b3.d000 vlan id(s) 1 41
• MLS must be explicitly entered on the interface
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-24
Router(config)#int vlan41Router(config-if)#mls rp ip
Problem: Creating a Null Domain
• Enabling MLS on an interface before assigning the interface in a VTP domain places the interface in a null domain
• When in a null domain, the interface cannot interact with any switches
-null-Domain
Router#show mls rpmultilayer switching is globally enabled(text deleted)number of domains configured for mls 2vlan domain name: -null-(text deleted)vlan domain name: bcmsn
bcmsnVTP Domain
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-25
bcmsnVTP Domain
Solution: Removing an Interface from a Null VTP Domain
• Disabling MLS on an interface removes the interface from a null domain
Router(config)#int vlan41Router(config-if)#no mls rp ip
Router#show mls rpmultilayer switching is globally enabled(text deleted)number of domains configured for mls 1
vlan domain name: bcmsn
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-26
Router(config)#int vlan1Router(config-if)#mls rp ip management-interface
Assigning an MLS Management Interface
• At least one interface on the MSL-RP must be configured as the management interface
Router#show mls rp(text deleted)
1 management interface(s) currently defined: vlan 1 on Vlan1
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-27
Verifying the MLS-RP Configuration
This MAC address appears in the MLS Cache
The domain name must match with the MLS-SE
The interface sending MLSP messages
The number of switches for which the MLS-RP is routing
Router#show mls rpMultilayer switching is globally enabledmls id is 0010.f6b3.d000mls ip address 172.16.1.142mls flow mask is destination-ipnumber of domains configured for mls 1vlan domain name: bcmsn current flow mask: destination-ip current sequence number: 779898001 current/maximum retry count: 0/10 current domain state: no-change current/next global purge: false/false current/next purge count: 0/0 domain uptime: 00:21:40 keepalive timer expires in 6 seconds retry timer not running change timer not running1 management interface(s) currently defined:vlan 1 on Vlan1 2 mac-vlan(s) configured for multi-layer switching: mac 0010.f6b3.d000
vlan id(s) 1 41 42
router currently aware of following 0 switch(es):
The IP Address given to the MLS-SE
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-28
Verifying the MLSP-RP Interface Configuration
RSM#show mls rp interface vlan1
mls active on Vlan1, domain bcmsninterface Vlan1 is a management interface
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-29
Improving IP Routing Performance with MLS
In this section we discuss the following topics:
• Multilayer Switching Fundamentals
• Configuring the Multilayer Switch Route Processor
• Applying Flow Masks
—What is a Flow Mask?
—Types of Flow Masks
—Output Access Lists and MLS
—Input Access lists and MLS
• Configuring the Multilayer Switch Switching Engine
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-30
Flows from MLS-RP A, MLS-RP B, and MLS-RP C Are Based on Criteria from MLS-RP C
MLS Flow Masks
MLS-RP AMLS-RP A
MLS-RP BMLS-RP BNo Access List
Standard Access List
MLS-RP CMLS-RP C
Extended Access List
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-31
Flow Mask: Destination-IP
MLS-RP A
No Access List
interface Vlan41 ip address 172.16.41.168 255.255.255.0 mls rp vtp-domain bcmsn mls rp management-interface mls rp ip
Flow Mask
multilayer switching is globally enabledmls id is 0010.f6b3.d000mls ip address 172.16.41.168mls flow mask is destination-ip number of domains configured for mls 1vlan domain name: bcmsn current flow mask: destination-ip
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-32
Flow Mask: Source-Destination-IP
Standard Access List
Flow Mask
interface Vlan11 ip address 172.16.11.113 255.255.255.0 ip access-group 2 out mls rp vtp-domain bcmsn mls rp management-interface mls rp ip
Router#show mls rp multilayer switching is globally enabledmls id is 0010.f6b3.d000mls ip address 172.16.31.113mls flow mask is source-destination-ipnumber of domains configured for mls 1vlan domain name: Engineering current flow mask: source-destination-ip
MLS-RP B
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-33
Extended Access List
Flow Mask
MLS-RP C
Flow Mask: IP-Flow
interface Vlan11 ip address 172.16.11.113 255.255.255.0 ip access-group 101 out mls rp vtp-domain bcmsn mls rp management-interface mls rp ip
multilayer switching is globally enabledmls id is 0010.f6b3.d000mls ip address 172.16.31.113mls flow mask is ip-flownumber of domains configured for mls 1vlan domain name: Engineering current flow mask: ip-flow
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-34
Output Access Lists and MLS
ip access-group 101 out
A B0010.f663.d000
172.16.10.123
0010.0679.5800172.16.68.13
0090.b133.7000172.16.22.57
MLS Cache Entries for Flow AB Are Purged
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-35
A B0010.f663.d000
172.16.10.123
0010.0679.5800172.16.68.13
0090.b133.7000172.16.22.57
Output Access Lists and MLS (cont)
New MLS Cache EntryNew MLS Cache Entryfor Flow ABfor Flow AB
ip access-group 101 out
Candidate PacketCandidate Packet
Source MAC = 0010.f663.d000Destination MAC = 0010.0679.5800
L3 InformationL3 Information
L2 InformationL2 Information
Source IP = 172.16.10.123Destination IP = 172.16.22.57
Source MAC = 0010.0679.5800Destination MAC = 0090.b133.7000
Enable PacketEnable Packet
Source IP = 172.16.10.123Destination IP = 172.16.22.57
L3 InformationL3 Information
L2 InformationL2 Information
Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port172.16.22.57 172.16.10.123 TCP 7001 7004 00-90-b1-33-70-00 68 2/9
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-36
Input Access Lists and MLS
• All subsequent packets between A and B on that interface are routed
ip access-group 101 in
A B0010.f663.d000
172.16.10.123
0010.0679.5800172.16.68.13
0090.b133.7000172.16.22.57
MLS Cache Entries for Flow AB Are Purged
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-37
Supporting Input Access Lists
Router(config)#mls rp ip input-acl
Router#sho runBuilding configuration...
Current configuration:!version 11.3(Text Deleted)mls rp nde-address 172.16.31.113mls rp ip input-aclmls rp ip
A B
L3 Switched for Flow AB
ip access-group 101 in
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-38
Improving IP Routing Performance with MLS
In this section we discuss the following topics:
• Multilayer Switching Fundamentals
• Configuring the Multilayer Switch Route Processor
• Applying Flow Masks
• Configuring the Multilayer Switch Switching Engine
— Enabling MLS on the Switch
— Aging out Cache Entries
— Managing Short-Lived Flows
— Adding External Router MLS Ids
— Verifying the Configuration
• MLS Topology Examples
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-39
Enabling MLS on the MLS-SE
Switch(enable)#set mls enable
Switch (enable)#show config(Text Deleted)#mlsset mls enable
• Must be enabled before a switch can participate in MLS• Automatically enabled on MLS-capable switches
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-40
A0010.f663.d000
172.16.10.123
0010.0679.5800
Aging Out Cache Entries
I haven’t seen any packets for this entry within
256 seconds. I willdelete this entry from the cache
I haven’t seen any packets for this entry within
256 seconds. I willdelete this entry from the cache
B0090.b133.7000172.16.22.57
Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port172.16.46.122 172.16.10.123 00-90-b1-33-70-00 3 2/8
MLS Cache EntryMLS Cache Entryfor Flow ABfor Flow AB
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-41
Modifying the Cache Aging Time
Switch(enable)show config(Text Deleted)#mlsset mls enableset mls agingtime 304
• MLS-SE automatically “rounds up” in 8-second increments
Switch (enable)#set mls agingtime 297Multilayer switching agingtime set to 304
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-42
A0010.f663.d000
172.16.10.123
0010.0679.5800
Managing Short-Lived Flows
DNS Server
DNS Response
0010.7bee.9501172.16.46.122
Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port172.16.46.122 172.16.10.123 TCP DNS DNS 00-10-7b-ee-95-01 3 2/8172.16.10.123 182.16.46.122 TCP DNS DNS 00-10-16-63-d0-00 3 2/6
DNS Request
• Short-lived flows entries take up MLS cache space even though there is no flow activity
I haven’t seen any packetsfor this entry for over 10
seconds but I still must keep these entries in the cache for
the default aging time.
I haven’t seen any packetsfor this entry for over 10
seconds but I still must keep these entries in the cache for
the default aging time.
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-43
Modifying agingtime fast
Switch (enable)#set mls agingtime fast 64 7
Switch (enable)show config(Text Deleted)#mlsset mls enableset mls agingtime 304set mls agingtime fast 64 7
• agingtime fast sets a threshold for cache entries• agingtime fast removes entries from the cache if the
threshold has been crossed.
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-45
Verifying the Configuration
Switch (enable) show mls
Multilayer switching enabledMultilayer switching aging time = 304 secondsMultilayer switching fast aging time = 64 seconds, packet threshold = 7Full flowTotal packets switched = 101892Active shortcuts = 2138Netflow Data Export disabledNetflow Data Export port/host is not configured.Total packets exported = 0
MLS-RP IP MLS-RP ID XTAG MLS-RP MAC-Vlans--------- ----------- ---- ------------------------172.16.41.168 0010f6b3d000 28 00-10-f6-b3-d0-00 1,41-42
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-46
Switch (enable) set mls include 172.16.41.168Multilayer switching enabled for router 172.16.41.168
Including an External Router MLS IP Address
• Required for external routers
Interface FE 0 172.16.41.168
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-47
Displaying the Switch Inclusion List
17.16.1.142
17.16.41.168
Switch (enable) show mls includeIncluded MLS-RP----------------------172.16.1.142 172.16.41.168
Automatically Added Internal Route Processor
Manually Added External Route Processor
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-48
Display MLS Cache Entries
Switch (enable) show mls entry
Destination IP Source IP Prot DstPrt SrcPrt Destination Mac Vlan Port--------------- --------------- ---- ------ ------ ----------------- ---- -----MLS-RP 172.16.1.142:172.16.53.1 172.16.87.3 UDP 1238 60224 00-10-7b-ee-94-70 1 2/9172.16.53.1 172.16.87.3 UDP 69 60224 00-10-7b-ee-94-70 1 2/9172.16.53.1 172.16.87.3 UDP 69 36776 00-10-7b-ee-94-70 1 2/9
MLS-RP 172.16.41.168:172.16.41.17 172.16.53.1 UDP 60224 1238 00-00-0c-06-5b-1e 41 2/1172.16.41.17 172.16.53.1 UDP 36776 69 00-00-0c-06-5b-1e 41 2/1
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-49
Removing MLS Cache Entries
Switch (enable) clear mls entry destination 172.16.1.142
Switch (enable) show mls entryDestination IP Source IP Prot DstPrt SrcPrt Destination Mac Vlan Port--------------- --------------- ---- ------ ------ ----------------- ---- -----MLS-RP 172.16.41.168:172.16.41.17 172.16.53.1 UDP 60224 1238 00-00-0c-06-5b-1e 41 2/1172.16.41.17 172.16.53.1 UDP 36776 69 00-00-0c-06-5b-1e 41 2/1
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-50
Improving IP Routing Performance with MLS
In this section we discuss the following topics:
• Multilayer Switching Fundamentals
• Configuring the Multilayer Switch Route Processor
• Applying Flow Masks
• Configuring the Multilayer Switch Switching Engine
• MLS Topologies
—Topology Examples
—Topology Quiz
—Unsupported Topology
—Topology Changes and Routing Impacts
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-51
MLS Topology Example 1
R2MLS-RP
BR2R2R1 MLS-SE
A
• Host A sends a packet to the default gateway• R1 rewrites the frame header to reflect the destination as
the next-hop router (R2)• MLS-SE forwards the frame to R2• R2 rewrites the frame header to reflect the destination as
Host B• MLS-SE forwards the frame to Host B• All subsequent frames are switched
11
22
33
44
55
11 22
33
44
66
55
66
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-52
MLS Topology Example 2 MLS-RP
MLS-SE3
MLS-SE2
MLS-SE1
A B
• Host A sends a packet to the default gateway
• MLS-SE1 forwards the frame to MLS-SE2
• MLS-SE2 forwards the frame to MLS-SE3
• MLS-SE3 forwards the frame to MLS-RP1
• MLS-RP1 rewrites the frame header and
forwards the frame to MLS-SE3
• MLS-SE3 forwards the frame to MLS-SE2
• MLS-SE2 forwards the frame to MLS-SE1
• MLS-SE1 forwards the frame to Host B
• All subsequent frames are switched
through MLS-SE1
• Entries in MLS-SE2 and 3 time out
11
22
33
44
55
66
77
88
99
1010
11
22
33
44 55
66
77
88
99
1010
1010
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-53
Quiz: MLS Topology Example
BA
MLS-RP
S1
S2
S6S5
S4 S7
Port inBlocking State
S3
• Original MLS path was AA S4 S4 S2 S2 S1 S1 S3 S3 S7 S7BB• Spanning tree blocked the link between S1 and S3• What is the next available MLS path?
XX
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-54
Answer: MLS Topology Example
BA
MLS-RP
S1
S2
S6S5
S4 S7
Port inblocking state
S3
XX
• First packet path = AA S4 S4 S2 S2 S1 S1 S2 S2 S3 S3 S7 S7 B B• Subsequent packet path = AA S4 S4 S2 S2 S3 S3 S7 S7 B B
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-55
Unsupported MLS Topology
BA
VLAN41 VLAN42
RSM1 RSM2
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-56
Unsupported MLS Topology—Solution 1
BA
VLAN 41 VLAN 42
ISL Link
• Configure an ISL link from MLS-SE1 to MLS-RP1 to carry both VLAN41 and VLAN42
MLS-RP 2
MLS-SE 2
MLS-RP 1
MLS-SE 1
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-57
VLAN 41 VLAN 42
Unsupported MLS Topology—Solution 2
• Configure a second link from MLS-SE1 to MLS-RP1 to route for Subnet 42
Link 1
MLS-RP 2
MLS-SE 2
BA
MLS-RP 1
MLS-SE 1
Link 2
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-58
C 172.16.68.0 is directly connected, VLAN41C 172.16.22.0 is directly connected, VLAN 42
Impact of a Host Move on the MLS Cache
A
B
MLS-RP
Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port--------------- --------------- ------ -------- ------ ---------------------- ------ ------172.16.22.57 172.16.10.123 TCP 7001 7003 00-90-b1-33-70-00 12 2/4
MLS Port Designation
172.16.10.123
172.16.22.57
Interface VLAN41 Interface VLAN42
Port 2/4
• Station A is Layer 3 switching through port 2/4 to Station B
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-59
Port 2/7
Impact of a Host Move on the MLS Cache (cont.)
Flush EntryFrom MLS Cache
CandidatePacket
Enabled Packet
A
B
MLS-RP
Interface VLAN41
MLS Port Designation
172.16.10.123
172.16.22.57
Interface VLAN42
Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port--------------- --------------- ------ -------- ------ ---------------------- ------ ------
C 172.16.68.0 is directly connected, VLAN41C 172.16.22.0 is directly connected, VLAN 42
• Station B is moved to port 2/7
• The MLS cache is flushed
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-60
Impact of a Host Move on the MLS Cache (cont.)
New MLS Cache Entry
C 172.16.68.0 is directly connected, Vlan11C 172.16.22.0 is directly connected, Vlan 12
C 172.16.68.0 is directly connected, VLAN41C 172.16.22.0 is directly connected, VLAN 42
A
B
MLS-RP
MLS Port Designation
172.16.10.123
172.16.22.57
Interface VLAN41 Interface VLAN42
Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port--------------- --------------- ------ -------- ------ ---------------------- ------ ------172.16.22.57 172.16.10.123 TCP 7001 7003 00-90-b1-33-70-00 41 2/7
• A new MLS cache entry is established
• Station A is Layer 3 switching through port 2/7 to Station B
Port 2/7
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-61
Laboratory Exercise: Visual Objective
Switch Block X
VLAN x1
VLAN x3
VLAN x2
VLAN x4
Multilayer Switched IP Flow
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-62
Summary Summary
• Multilayer switching enhances IP routing performance
• Cisco MLS switches consists of both routing and switching entities that function together to effect MLS
• MLS identifies and maintains a separate cache entry for each MLS flow
• Flow mask determine how MLS entries are created in the MLS cache
• The presence or absence of ACLs determine the flow mask used
• Changes to the routing table in the MLS-RP may or may not affect MLS cache entries.
© 1999, Cisco Systems, Inc. www.cisco.com BCMSN—7-63
Review Review
• Explain how the routing and switching functions of a Cisco MLS switch work together to enable multilayer switching.
• Describe the three flow mask modes and the impact ACLs have on those modes.
• Discuss how various router/switch configuration can effect multilayer switching.