CCNP 3 v5 - Chapter 4

Cisco Networking Academy CCNP Multilayer Switching

Implementing Inter-VLAN Routing

VLANs
VLANs are associated with individual networks or subnetworks Network devices in different VLANs cannot communicate with one another without a Layer 3 router When an end station in one VLAN needs to communicate with an end station in another VLAN, inter-VLAN communication is required

Methods of inter-VLAN routing

A physical interface for each VLAN
Networks with just a couple of VLANs

External router
Cheaper than a Layer 3switch Performance limited

Internal router
Integration between the layer 2 and 3 elements More performance

Inter-VLAN router using multiple Interinterfaces on an external router

One router interface for each VLAN on the switch The router provides all L3 routing functionality between VLANs

Inter-VLAN routing using an Interexternal router and a single trunk

Single, trunk-connected link to a router
Must be Fast Ethernet or greater to support ISL 802.1Q is supported in 10Mbps links Router on a stick = Lollipop routing = One-arm bandit

The router must have a separate logical connection (subinterface) for each VLAN ISL, or 802.1Q trunking must be enabled on the single physical connection between the router and switch

Inter-VLAN routing configuration Inter A router interface must on trunk link must be configured
With a subinterface for each VLAN that will be serviced With the same trunk encapsulation protocol on each subinterface: ISL or 802.1Q

Inter-VLAN routing verification

ping R#show vlan R#show ip route R#show ip interface brief

Layer 2 switching
Forwards frames based on information in the L2 frame Occurs in HW latency decreased
Uses Application-Specific Integrated Circuits (ASIC) Wire-speed performance in ideal circumstances

A L2 switch builds a forwarding table

Source MAC address + inbound port number of received frame

Cisco Catalysts have 2 primary table architectures

CAM table Records the source address + inbound port of all frames Compares destination MAC addresses TCAM table (Tertiary CAM) Stores ACLs, QoS and other information

A key
is created to compare the frame to the table content is fed into a hashing algorithm, which produces a pointer into the table to access a smaller specific area of the table

Layer 2 Switch Forwarding Process

Multilayer Switching
Ability to switch data based on information at multiple layers Class of high-performance routers that provide L3 services and simultaneously forward packets at wire-speed through switching hardware Layer 3 switch
Uses ASIC HW: wire-speed PDU header rewrites and forwarding L3 switching speeds approximate those of L2 switching

Layer 3 switching can occur at two different locations

Centralized switching: central forwarding table Distributed switching: on a port or line card level

Layer 3 switching methods

Route caching: flow-based Topology-based switching: uses FIB (Forwarding Information Base)

Frame rewriting using CEF

IP unicast packets and frames are rewritten on the output interface as follows
Source MAC address changes to the router MAC address Destination MAC address changes to the next-hop MAC address TTL is decremented by one IP header and frame checksums are recalculated

L3 switch virtual interfaces - SVI

Virtual L3 switch interface that can be configured for any VLAN that exists on a L3 switch It provides L3 processing for packets from all switch ports associated with that VLAN Only one SVI can be associated with a VLAN It supports routing protocol and bridging configurations Created upon entering VLAN interface configuration mode Reasons to configure a SVI To provide:
A default gateway for a VLAN so traffic can be routed between VLANs Fallback bridging if it is required for nonrutable protocols L3 IP connectivity to the switch

Routed interfaces on a Multilayer Switch

Routed switch port
Physical switch port on a Multilayer switch capable of L3 processing Not associated with a particular VLAN It behaves like a regular router interface, but it doesnt support VLAN subinterfaces It can provide a L3 path into the switch for a number of devices on a specific subnet, all of which are located out a single switch port It supports routing protocol and bridging configurations

It is required to remove L2 port functionality

Switch(config-if)#no switchport

Created upon entering VLAN interface configuration mode

Configuring inter-VLAN routing

Turn on the switches IP routing functionality:

Switch(config)#ip routing

Routing:
Via the switch virtual interface
A virtual interface in every VLAN Switch(config)#interface vlan vlan_id Switch(config-if)#ip address ip_add mask Switch(config-if)#no shutdown for VLAN 1

Configuring inter-VLAN routing (II) Routing

Via the routed port:
Configure a physical switch port/interface as a router interface
Switch(config)#interface f0/1 Switch(config-if)# no switchport Switch(config-if)# ip address ip_add mask Switch(config)# router ip_routing_protocol <options>

Routing beetwen an external router and an internal route processor

Goal access to a WAN interface

Routed port on the switch

RS(config)#interface f0/1 RS(config-if)# no switchport RS(config-if)#ip address 10.0.1.1 255.255.255.0 ExtR(config)#interface f0/0 ExtR(config-if)#ip address 10.0.1.2 255.255.255.0

Routing between VLANs on switch:

RS(config)#interface vlan RS(config-if)# ip address RS(config)#interface vlan RS(config-if)# ip address 10 10.0.10.1 255.255.255.0 20 10.0.20.1 255.255.255.0

Also, a routing protocol

Configuring router on-a-stick To configure subinterfaces on a physical interface:

Identify the interface
Router(config)#interface FastEthernet slot-number / port-number.subinterface-number

Define the VLAN encapsulation

Router(config-subif)#encapsulation dot1Q vlannumber

Assign an IP address to the interface

Router(config-subif)#ip address ip-address mask

Configuring the router for the native VLAN

IOS 12.1(3)T router subinterface as the native VLAN

RS(config)#interface vlan 10 RS(config-if)# ip address 10.0.10.2 255.255.255.0 RS(config-if)# no shutdown RS(config)#interface f0/1 RS(config-if)# switchport mode trunk RS(config-if)# switchport trunk native vlan 1
Router(config)#interface f0/0.1 Router(config-subif)#encapsulation dot1q 1 native Router(config-subif)# ip address 10.0.1.1 255.255.255.0 Router(config)#interface f0/0.10 Router(config-subif)#encapsulation dot1q 10 Router(config-subif)# ip address 10.0.10.1 255.255.255.0 Router(config)#interface f0/0.20 Router(config-subif)#encapsulation dot1q 20 Router(config-subif)# ip address 10.0.20.1 255.255.255.0

Verifying the inter-VLAN routing interconfiguration

show ip route Confirms IP routing is enabled show ip interface brief Shows virtual and routed interfaces show ip interface fastethernet module/port Shows Layer 2/3 functionality Show interface fastethernet module/port switchport Shows Layer 2/3 functionality

Explaining L3 Switch processing

A L3 swich performs 3 major functions:
Packet switching Router processing Intelligent network services

Distributed architecture in which the control path and data path are relatively independent
Control path code (routing protocols) route processor Data packets forwarded by the switching fabric

L3 switching can occur:

Centralized Distributed Central forwarding table Port or line-card level

L3 switching methods:
Route caching Topology-based using routing table information

CEF-based multilayer switch

CEF Cisco Express Forwarding
It caches routing information in the Forwarding Information Base (FIB) It caches L2 next-hop addresses for all FIB entries in an Adjacency Table Parallel paths can exist to load balance per packet

CEF operates in 2 modes

Central CEF mode
FIB and Adjacency Table reside on the route processor The route processor performs the express forwarding

Distributed CEF mode

Line cards maintain identical copies of the FIB and Adjacency Table

CEF-based multilayer switch

CEF separates the control plane HW from the data plane HW Control plane: builds FIB & Adjacency tables in SW Data plane: Forwards IP unicast traffic in HW Some IP packets can not be processed in HW
IP packets that use IP Header options Packets with an expiring IP TTL counter Packets forwarded to a tunnel interface Packets that arrive/are routed with nonsupported encapsulation types Packets that exceed the MTU of an output interface

CEF Based Tables

FIB
derived from the IP routing table arranged for maximum lookup throughput

Adjacency table
derived from the ARP table contains L2 rewrite (MAC) information for the next hop

CEF IP destination prefixes are stored in the TCAM table from the most specific to the least specific entry When the CEF TCAM table is full, a wildcard entry redirects to the L3 engine When the adjacency table is full, a CEF TCAM table entry points to the L3 engine to redirect the adjacency The FIB lookup is based on the L3 destination address prefix (longest match) FIB table updates
An ARP entry for the destination next hop changes The routing table entry for a prefix changes The routing table entry for the next hop changes

CEF Based Tables

Adjacency table population
The L3 engine queries the switch for a physical MAC address The switch selects a MAC address from the chassis MAC range and assigns it to the L3
This MAC address is assigned by the L3 engine as a burned-in address for all VLAN This MAC address is used by the switch to initiate L3 packet lookups

The switch installs wildcard CEF entries, which point to drop adjacencies The L3 engine informs the switch of its interfaces participating in MLS. The switch creates the (MAC, VLAN) L2 CAM entry for the L3 engine The L3 engine informs the switch about features for interfaces participating in MLS The L3 engine informs the switch about all CEF entries related to its interfaces and connected networks. The switch populates the CEF entries and point them to L3 engine redirect adjacencies

TCAM
Specialized piece of memory designed for rapid, HW based table lookups of L3 & L4 information

ARP throttling
Only the first few packets for a connected destination reach the L3 engine so that it can use ARP to locate the host Throttling adjacency is installed so that subsequent packets dont initiate more ARPs until an ARP reply is received Throttling adjacency is removed
When an ARP reply is received If no ARP reply is seen within 2 seconds

(2) A glean adjacency entry indicates that a particular next hop should be directly connected, but there is no MAC header rewrite information available (3) The L3 engine sends an ARP request for host B and installs the drop adjacency for host B. Then, subsequent frames destined for host B from host A are dropped (ARP throttling)

CEF-based MLS operation

Different types of adjacencies
Null adjacency packets destined for a Null0 are dropped Glean adjacency
When a router is connected directly to several hosts, the FIB table maintains a prefix for the subnet rather than for individual hosts

Punt adjacency Special handling in higher layers Discard adjacency packets are discarded Drop adjacency packets are dropped, but the prefix is checked

CEF-Based MLS Operation

1. 2. 3. 4. 5. 6. 7. 8. 9. A B : switch recognizes the frame as a L3 packet because the destination MAC matches the L3 engine MAC Switch performs a CEF lookup (destination IP). The packet hits the CEF entry and is redirected to the L3 engine using a glean adjacency L3 engine installs an ARP throttling adjacency for IP B L3 engine sends and ARP request for B on VLAN 20 B sends an ARP response to L3 engine L3 engine installs the resolved adjacency in the switch Switch forwards the packet to B Switch receives subsequent packets for B Switch performs a CEF look up, finds a CEF entry for B, rewrites packets and forwards them to B

CEF configuration
CEF is enabled by default in Catalyst 6500 series Supervisor Engine 720 with PFC2, MSFC3, and DFC and cannot be disabled To enable/disable CEF on a 4000:
Router(config)#(no) ip cef

To enable/disable CEF on a 3550:

Router(config-if)#(no) ip route-cache cef

To monitor CEF:
Router#show ip cef Router#show ip cef detail Switch#show adjacency detail Switch#debug ip cef

Common CEF problems and solutions

Steps when troubleshooting CEF:
Ensure that the normal L3 operations on the router processor are functioning properly Verify that information from the router processor has properly populated the FIB and adjacency table

Troubleshooting CEF is verifying that packets are indeed receiving the full benefit of CEF switching and not being punted to a slower packet switching or processing method punt action of sending a packet down to the next fastest switching level

The End

Cisco Networking Academy