CAM (Layer 2)
18
uthor: Bill Buchanan uthor: Bill Buchanan A pplied C isco N etw orking (C C N P B C M SN) Unit4 M LS
-
Upload
kirsten-damia -
Category
Documents
-
view
19 -
download
0
description
CAM (Layer 2). Showing CAM table. External Route Processing. Router-on-a-stick. Internal Route Processing. Layer 3 operation. MLS. Route-cache switching. Topology-based (CEF). MultiLayer Catalyst Switch Operations. Adjacency tables. Change of data frame. Level 2 information. - PowerPoint PPT Presentation
Transcript of CAM (Layer 2)
Au
tho
r: B
ill B
ucha
nan
Au
tho
r: B
ill B
ucha
nan
Applied Cisco Networking(CCNP BCMSN)Unit 4MLS
Au
tho
r: B
ill B
ucha
nan
Au
tho
r: B
ill B
ucha
nan
CAM (Layer 2)
MAC1 MAC2 MAC3 MAC4
CAM P1: MAC1, MAC2P2: MAC3, MAC4
P1 P2
Content Addressable Memory (CAM). These days bridges are hardly ever used, and switches are used instead. The CAM contains a table of MAC addresses for each port, and forwards as required.
Src: MAC1 Dest: MAC4
Au
tho
r: B
ill B
ucha
nan
Au
tho
r: B
ill B
ucha
nan
Showing CAM table
MAC1 MAC2 MAC3 MAC4
CAM P1: MAC1, MAC2P2: MAC3, MAC4
P1 P2
To show the CAM table:
Swi tch# sh mac address- tabl e dynami c Mac Address Tabl e- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Vl an Mac Address Type Ports- - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 000d. 298e. a19a DYNAMI C Gi 0/ 2 1 0011. 5c5e. ac41 DYNAMI C Fa0/ 3 1 0011. 5c5e. ac42 DYNAMI C Fa0/ 4 10 000d. 298e. a19a DYNAMI C Gi 0/ 2 20 000d. 298e. a19a DYNAMI C Gi 0/ 2
Src: MAC1 Dest: MAC4
Au
tho
r: B
ill B
ucha
nan
Au
tho
r: B
ill B
ucha
nan
External Route Processing
192.168.0.1 192.168.1.1
# confi g t( confi g) # r out er r i p( confi g- r out er ) # net wor k 192. 168. 0. 0( confi g- r out er ) # net wor k 192. 168. 1. 0( confi g- r out er ) # exi t( confi g) # i nt f a0/ 1( confi g- i f ) # i p addr ess 192. 168. 0. 254 255. 255. 255. 0( confi g- i f ) # no shut down( confi g- i f ) # exi t( confi g) # i nt f a0/ 2( confi g- i f ) # i p addr ess 192. 168. 1. 254 255. 255. 255. 0( confi g- i f ) # no shut down
( confi g- i f ) # exi tF
a0/1
Fa0
/2
Default gateway set to the router
port
Au
tho
r: B
ill B
ucha
nan
Au
tho
r: B
ill B
ucha
nan
Router-on-a-stick
192.168.0.1 192.168.1.1
# confi g t( confi g) # r out er r i p( confi g- r out er ) # net wor k 192. 168. 0. 0( confi g- r out er ) # net wor k 192. 168. 1. 0( confi g- r out er ) # exi t( confi g) # i nt f a0/ 1. 1( confi g- i f ) # i p addr ess 192. 168. 0. 254 255. 255. 255. 0( confi g- i f ) # encapsul at i on dot 1q 1( confi g- i f ) # exi t( confi g) # i nt f a0/ 1. 2( confi g- i f ) # i p addr ess 192. 168. 1. 254 255. 255. 255. 0( confi g- i f ) # encapsul at i on dot 1q 2
( confi g- i f ) # exi t
Fa
0/1
Default gateway set to the router
port
Fa
0/1
.1
Fa
0/1
.2
Sub-interfaces required to
encapsulate the VLAN
information between the two VLANs
Au
tho
r: B
ill B
ucha
nan
Au
tho
r: B
ill B
ucha
nan
Internal Route Processing
192.168.0.1 192.168.1.1
# confi g t( confi g) # i p r out i ng( confi g) # r out er r i p( confi g- r out er ) # net wor k 192. 168. 0. 0( confi g- r out er ) # net wor k 192. 168. 1. 0( confi g- r out er ) # exi t( confi g) # vl an 1( confi g- vl an) # exi t( confi g) # i nt vl an 1 ( confi g) # i p addr ess 192. 168. 0. 254 255. 255. 255. 0( confi g- vl an) # exi t( confi g) # vl an 2( confi g- vl an) # exi t( confi g) # i nt vl an 2( confi g- i f ) # i p addr ess 192. 168. 1. 254 255. 255. 255. 0( confi g- i f ) # exi t( confi g) # i nt f a0/ 1( confi g- i f ) # swi t chpor t mode access( confi g- i f ) # swi t chpor t access vl an 1( confi g- i f ) # exi t( confi g) # i nt f a0/ 2( confi g- i f ) # swi t chpor t mode access( confi g- i f ) # swi t chpor t access vl an 2
( confi g- i f ) # exi t
VLAN 1:192.168.0.254
VLAN 2:192.168.1.254
Au
tho
r: B
ill B
ucha
nan
Au
tho
r: B
ill B
ucha
nan
Layer 3 operation
# confi g t(confi g)# i p routi ng
(confi g)# i nt f a0/ 1(confi g- i f )# no swi tchport mode access(confi g- i f )# i p address 192. 168. 0. 254 255. 255. 255. 0( confi g- i f ) # no shut down
FA0/1
192.168.0.1 192.168.0.2
192.168.0.254FA0/1
192.168.1.254FA0/1192.168.2.254
192.168.1.1 192.168.1.2 192.168.2.1 192.168.2.2
192.168.4.0 192.168.5.0
.1 .2 .1 .2
Au
tho
r: B
ill B
ucha
nan
Au
tho
r: B
ill B
ucha
nan
( confi g) # i p r out i ng( confi g) # vl an 1( confi g- vl an) # exi t( confi g) # i nt vl an 1 ( confi g- vl an) # i p addr ess 10. 0. 0. 254 255. 255. 255. 0
( confi g- vl an) # exi t
( confi g) # i nt f a0/ 2( confi g- i f ) # swi t chpor t t r unk encapsul at i on dot 1q( confi g- i f ) # swi t chpor t t r unk nat i ve vl an 1( confi g- i f ) # swi t chpor t t r unk al l owed vl an 1, 2( confi g- i f ) # swi t chpor t mode t r unk( confi g- i f ) # swi t chpor t nonegot i at e
FA0/1
192.168.0.1 192.168.0.2
VLAN 1:192.168.0.254
FA0/1 FA0/1
192.168.1.1 192.168.1.2 192.168.2.1 192.168.2.2
VLAN 2:192.168.2.254FA0/2 FA0/2
Au
tho
r: B
ill B
ucha
nan
Au
tho
r: B
ill B
ucha
nan
MLS
MLS (Multilayered Switching). 3550, 4500 and 600- series switches can also forward frames based on Layer 3 and 4 information contained in packets. Two types:· Route cache.· Topology-based.
Au
tho
r: B
ill B
ucha
nan
Au
tho
r: B
ill B
ucha
nan
Route-cache switching
Route-cacheRequires a route processor (RP) and a switch engine (SE).
· The RP process the first packet to determine its destionation.
· The SE listens to this and the resulting destination, and sets up a shortcut entry in its MLS cache.
· The SE forwards all subsequent packets in the same traffic flow based on shortcut entries in its cache.
AKA: Netflow LAN switching, flow-based or demand-based switching, and "route once, switch many.
Route processor
(RP)
MLS cache
SwitchEngine (SE)First-time
route
MLS cacheupdate
Au
tho
r: B
ill B
ucha
nan
Au
tho
r: B
ill B
ucha
nan
Topology-based (CEF)
Topology-basedThis method uses specialized hardware. It uses Layer 3 routing information to build and prepopulate a single database for the entire network topology.
This is a table lookup in hardware and is used to forward packets at high rates. The longest match found in the database is used as the correct Layer 3 destination.
As routing topology change over time, the database contained in the hardware is continually updated.
Cisco Express Forwarding (CEF)
SwitchProcessor
Routinginformation
Forwarding Information Base (FIB)
Au
tho
r: B
ill B
ucha
nan
Au
tho
r: B
ill B
ucha
nan
MultiLayer Catalyst Switch OperationsSecurity ACLs
Inbound/Outbound (TCAM)
QoS ACLsClassification/Policing
(TCAM)
L3 Forwarding Table (FIB)
L2 Forwarding Table(CAM)
IngressQueues
PacketRe-writer
MAC address Egress Port VLAN
000d. 298e. a19a Gi0/2 1
Swi tch# sh mac address- tabl e dynami c Mac Address Tabl e- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Vl an Mac Address Type Ports- - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 000d. 298e. a19a DYNAMI C Gi 0/ 2 1 0011. 5c5e. ac41 DYNAMI C Fa0/ 3 1 0011. 5c5e. ac42 DYNAMI C Fa0/ 4 10 000d. 298e. a19a DYNAMI C Gi 0/ 2 20 000d. 298e. a19a DYNAMI C Gi 0/ 2
0011. 5c5e. ac41 Fa0/3 1
CAM table
IP address Next-hop IP Next-hop MAC
192. 168. 0. 0 192.168.10.1 000d. 298e. a19a
FIB table
Egress Port
Fa0/1
# show i p cefPr efi x Next Hop I nt er f ace0. 0. 0. 0/ 0 192. 168. 1. 5 f a0/ 10. 0. 0. 0/ 32 r ecei ve192. 168. 0. 0/ 24 192. 168. 10. 1 f a0/ 1192. 168. 2. 0/ 30 192. 168. 10. 1 f a0/ 2192. 168. 3. 0/ 30 192. 168. 10. 1 f a0/ 3192. 168. 4. 0/ 24 192. 168. 10. 1 f a0/ 1192. 168. 5. 0/ 30 192. 168. 10. 1 f a0/ 2
# show i p cef summaryI P CEF wi t h swi t chi ng ( Tabl e Ver si on 1267) , fl ags=0x0239 r out es, 0 r er esol ve, 0 unr esol ved ( 0 ol d, 0 new) , peak 33 i nst ant r ecur si ve r esol ut i ons, 0 used backgr ound pr ocess239 l eaves, 153 nodes, 195448 byt es, 776 i nser t s, 537 i nval i dat i ons0 l oad shar i ng el ement s, 0 byt es, 0 r ef er encesuni ver sal per - dest i nat i on l oad shar i ng al gor i t hm, i d 9C1B7D1D3( 0) CEF r eset s, 483 r evi si ons of exi st i ng l eavesResol ut i on Ti mer : Exponent i al ( cur r ent l y 1s, peak 1s)485 i n- pl ace/ 0 abor t ed modi fi cat i onsr ef count s: 40214 l eaf , 39424 node
Tabl e epoch: 0 ( 239 ent r i es at t hi s epoch)
Adj acency Tabl e has 3 adj acenci es
192. 168. 2. 0 192.168.10.1 000d. 298e. a19a Fa0/2
EgressQueues
Permit/deny/other
Au
tho
r: B
ill B
ucha
nan
Au
tho
r: B
ill B
ucha
nan
Adjacency tables
L3 Forwarding Table (FIB)
L2 Forwarding Table(CAM)
IngressQueues
PacketRe-writer
CEF mai ntai ns an adj acency tabl e f rom MAC addresses l earnt through ARP. Thi s tabl e contai ns the MAC address rewri te i nformati on and the desti nati on port. The next- hop address i s the adj acency i nformati on.
· Swi tch detects i ts own desti nati on MAC address.
· I t l ooks up the desti nati on I P address i n the CEF tabl e.
· The fi rst match i n the CEF tabl e poi nts to an adj acency entry that contai ns the MAC rewri te i nformati on and desti nati on i nterface.
· The swi tch then rewri tes the packet and sends i t out the desti nati on i nterface.
Adjacency tables
IP address Next-hop IP Next-hop MAC
192. 168. 0. 0 192.168.10.1 000d. 298e. a19a
FIB table
Egress Port
Fa0/1192. 168. 2. 0 192.168.10.1 000d. 298e. a19a Fa0/2
EgressQueues
Next-hop MAC
000d. 298e. a19a
Port
Fa0/1000d. 298e. a19a Fa0/2
#show adj acency
Pr ot ocol I nt er f ace Addr ess
I P Gi gabi t Et her net 0/ 1 192. 168. 0. 1 ( 11120)I P Fast Et her net 0/ 1 192. 168. 2. 1 ( 7)I P Fast Et her net 0/ 2 100. 1. 1. 1 ( 2005)
#show adj acency detai l
Pr ot ocol I nt er f ace Addr essI P Gi gabi t Et her net 0/ 1 192. 168. 0. 1( 11120) 0 packet s, 0 byt es 000d298ea19a 00D00624440A0800 ARP 00: 05: 40 Epoch: 0
I P Fast Et her net 0/ 1 192. 168. 2. 1 ( 7) 0 packet s, 0 byt es 00D0BCF107C8 00D00624440A0800 ARP 00: 39: 20 Epoch: 0
IP address
192. 168. 0. 1192. 168. 2. 1
Au
tho
r: B
ill B
ucha
nan
Au
tho
r: B
ill B
ucha
nan
Change of data frame
FA0/1
FA0/2
FA0/2
FA0/3
192.168.1.21111.2222.1112
192.168.1.11111.2222.1111
192.168.2.11111.2222.1113
192.168.2.21111.2222.1114
192.168.3.21111.2222.1115
192.168.3.11111.2222.1116
Src IP 192.168.1.1Src MAC: 1111.2222.1111Dest IP 192.168.3.1Dest MAC: 1111.2222.1112
Src IP 192.168.1.1Src MAC: 1111.2222.1113Dest IP 192.168.3.1Dest MAC: 1111.2222.1114
Src IP 192.168.1.1Src MAC: 1111.2222.1115Dest IP 192.168.3.1Dest MAC: 1111.2222.1116
Au
tho
r: B
ill B
ucha
nan
Au
tho
r: B
ill B
ucha
nan
Level 2 information
FA0/1
FA0/2
FA0/2
FA0/3
192.168.1.21111.2222.1112
192.168.1.11111.2222.1111
192.168.2.11111.2222.1113
192.168.2.21111.2222.1114
192.168.3.21111.2222.1115
192.168.3.11111.2222.1116
Src IP 192.168.1.1Src MAC: 1111.2222.1111Dest IP 192.168.3.1Dest MAC: 1111.2222.1112
MAC address Egress Port VLAN
1111. 2222. 1111 Fa0/1 1
Swi tch# sh mac address- tabl e Mac Address Tabl e- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Vl an Mac Address Type Ports- - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 1111. 2222. 1111 DYNAMI C FA0/ 1 1 1111. 2222. 1114 DYNAMI C FA0/ 2 1 1111. 2222. 1112 STATI C FA0/ 1 1 1111. 2222. 1113 STATI C FA0/ 2
Tot al Mac Addr esses f or t hi s cr i t er i on: 4
1111. 2222. 1114 Fa0/2 1
Au
tho
r: B
ill B
ucha
nan
Au
tho
r: B
ill B
ucha
nan
Adjacency table
FA0/1
FA0/2
FA0/2
FA0/3
192.168.1.21111.2222.1112
192.168.1.11111.2222.1111
192.168.2.11111.2222.1113
192.168.2.21111.2222.1114
192.168.3.21111.2222.1115
192.168.3.11111.2222.1116
Src IP 192.168.1.1Src MAC: 1111.2222.1111Dest IP 192.168.3.1Dest MAC: 1111.2222.1112
#show adj acency
Pr ot ocol I nt er f ace Addr ess
I P Fast Et her net 0/ 2 192. 168. 2. 2 ( 7)
#show adj acency detai l
Pr ot ocol I nt er f ace Addr essI P Fast Et her net 0/ 1 192. 168. 2. 2( 7) 0 packet s, 0 byt es 111122221114 1111222211130800 ARP 00: 05: 40 Epoch: 0
The value in parentheses, 7, refers to the number of times an FIB entry points to an adjacency entry
The first 12 characters, 111122221114, is the MAC address of the destination next-hop interface (destination MAC address rewrite).
The next 12 characters, 111122221113 are the MAC address of the source interface of the packet (source MAC address rewrite).
The last four characters (0x0800) represent an IP packet.
Au
tho
r: B
ill B
ucha
nan
Au
tho
r: B
ill B
ucha
nan
CEF table
FA0/1
FA0/2
FA0/2
FA0/3
192.168.1.21111.2222.1112
192.168.1.11111.2222.1111
192.168.2.11111.2222.1113
192.168.2.21111.2222.1114
192.168.3.21111.2222.1115
192.168.3.11111.2222.1116
Src IP 192.168.1.1Src MAC: 1111.2222.1111Dest IP 192.168.3.1Dest MAC: 1111.2222.1112
# show i p cefPr efi x Next Hop I nt er f ace0. 0. 0. 0/ 0 192. 168. 2. 2 f a0/ 20. 0. 0. 0/ 32 r ecei ve192. 168. 3. 0/ 24 192. 168. 2. 2 f a0/ 2192. 168. 2. 2/ 32 at t ached f a0/ 2192. 168. 1. 0/ 24 at t ached f a0/ 1224. 0. 0. 0/ 4 dr op 224. 0. 0. 0/ 24 r ecei ve
Au
tho
r: B
ill B
ucha
nan
Au
tho
r: B
ill B
ucha
nan
TCAMs
TCAM (Ternary Content Addressable Memory )
In normal ACL process, the ACLs are evaluated one at a time, which leads to a delay. In multilayer switches all the matching process that ACLs provide is implemented in hardware. Thus TCAM allows the packet to be evaluated against an entire access list in a single table lookup.
There are also multiple TCAMs for inbound and outbound security and QoS ACLs in parallel with with a Layer 2 or Layer 3 forwarding decision.
Security ACLsInbound/Outbound
(TCAM)
QoS ACLsClassification/Policing
(TCAM)
L3 Forwarding Table (FIB)
L2 Forwarding Table(CAM)
IngressQueues
PacketRe-writer
EgressQueues
Permit/deny/other
