Presentation is loading. Please wait.

Presentation is loading. Please wait.

Improving IP Routing Performance with Multilayer Switching

Published byCarlos Bartlett Modified over 10 years ago

Similar presentations

Presentation on theme: "Improving IP Routing Performance with Multilayer Switching"— Presentation transcript:

1 Improving IP Routing Performance with Multilayer Switching
Chapter 7 Improving IP Routing Performance with Multilayer Switching Purpose: This module overviews multilayer switching and describes how to configure this feature on both Cisco switches and routers. Timing: The total amount of time to complete this chapter: Lesson—3 hours Laboratory Exercises —1 hour Note: This section has a laboratory exercise at the end. Contents: This section includes the following topics: Objectives Defining multilayer switching Hardware and software requirements The components of multilayer switching How multilayer switching works Commands that disable multilayer switching Laboratory Exercise Summary Review Transition: Following are the list of performance objectives that describe what students will be able to do at the end of the course.

2 Objectives Upon completion of this chapter, you will be able to perform the following tasks: Identify network devices necessary to effect MLS Configure the distribution layer devices to participate in multilayer switching Verify existing flow information in the MLS cache Apply flow masks to influence the type of MLS cache entry Purpose: This slide states the module objectives. Timing: The total amount of time to complete this chapter: Lesson—1 hour Laboratory Exercises —1 hour Note: This section has a laboratory exercise at the end Emphasize: Read or state each objective so each student has a clear understanding of the module objectives. At the end of this module, the students will be able to: Configure an MLS-RP Configure an MLS-SE Using access lists, set a flow mask on the MLS-RP Use IOS commands to verify the configuration on both the MLS-SE and MLS-RP Transition: Following is a signpost of the chapter topics.

3 Improving IP Routing Performance with MLS
In this chapter, we discuss the following topics: Multilayer switching fundamentals Configuring the multilayer switch route processor Applying flow masks Configuring the Multilayer Switch Switching Engine MLS topology examples Purpose: This slide discusses what major topic areas are discussed in this chapter. Emphasize: Read or state each topic area so each student has a clear understanding what will be covered in the chapter. At the end of this module, the students will be able to: Transition: Following is a signpost of the topics covered in the first section “Multilayer Switching Fundamentals”

4 Improving IP Routing Performance with MLS (cont.)
In this section we discuss the following topics: Multilayer Switching Fundamentals What is MLS Hardware/Software Requirements MLS Components How MLS works Commands that Disable MLS Configuring the Multilayer Switch Route Processor Applying Flow Masks Configuring the Multilayer Switch Switching Engine Purpose: This slide signposts the topics covered in this section Emphasize: Read or state each topic so each student has a clear understanding of what is covered in this section Transition: Following is a definition of a multilayer switching.

5 Multilayer Switched Environment Conventional Environment
Defining Flows p3 p2 p1 Multilayer Switched Environment Host A Host B Conventional Environment First Packet 1 Host A Host B Purpose: This page defines a flow. Emphasize: A flow is a specific conversation, consisting of many packets, between a network source and destination. Actual network traffic consists of many end-to-end conversations, or flows, between users or applications. The concept of flows is important because Catalyst family of multilayer switches maintains a Layer 3 switching table based on data flows. Transition: Following discusses the Cisco devices that support MLS. 2 Subsequent Packets Each packet of a traditional flow must be processed by the router The first packet of an MLS flow is processed by the router; all subsequent packets are switched

6 Internal Router Processor Software/Hardware Requirements
Route Switch Module (RSM) Cisco IOS™ Release 11.3(2)WA4(4) or Later Purpose: This slide describes the hardware and software requirements when using a multilayer switch. Emphasize: Multilayer switching can be implemented by using a Layer 3 switch or an external router configuration. An integrated, or Layer 3, switch contains a route switch module (RSM) and the NetFlow Feature Card (NFFC) and requires the following software and hardware: Catalyst 2926G, 5000 or 6000 series switch with supervisor engine software Release 4.1(1) or later. Cisco IOS router software Release 11.3(2)WA4(4) or later. Supervisor Engine III, FSX, or III FLX module with a NetFlow Feature Card (NFFC) or NFFC II Route Switch Module (RSM). MLS is also supported on the following software and hardware: Catalyst 5000 series switch with supervisor engine software Release 4.1(1) or later.(The RSFC is supported on the Catalyst 5000 only.) Cisco IOS router software Release 12.0W5 or later. Supervisor Engine IIG or IIIG with an RSFC daughter card. Transition: Following identifies the equipment requirements for MLS when using an external router. Catalyst 2926G, 5000, or 6000 Series Switch Supervisor Engine III, FSX, III FLX, IIG, or IIIG Module Supervisor Engine Software Release 4.1(1) or Later NetFlow Feature Card (NFFC), NFFC II

7 External Router Processor Software/Hardware Requirements
Cisco High-End Routers, such as Cisco 3620, 3640, 7500, 7200, 4500, or 4700 Series Cisco IOS Release 11.3(2)WA4(4) or Later Purpose: This slide describes the hardware and software requirements when using an external router and switch configuration. Emphasize: The following equipment is necessary when implementing MLS with an external router and Catalyst switch combination. Catalyst 2926G, 5000 or 6000 series switch with supervisor engine software Release 4.1(1) or later. Supervisor Engine III, FSX, or III FLX module with a NetFlow Feature Card (NFFC) or NFFC II. Cisco high-end routers, such as Cisco 3620, 3640, 7500, 7200, 4500, 4700, or 8500 series. Cisco IOS router software Release 11.3(2)WA4(4) or later The connection between the external router and the switch can be multiple Ethernet links or Fast Ethernet with the Inter-Switch Link (ISL). Transition: Following defines the multilayer switching components. Catalyst 2926G, 5000, or 6000 Series Switch Supervisor Engine III, FSX, III FLX, IIG, or IIIG Module Supervisor Engine Software Release 4.1(1) or Later NetFlow Feature Card (NFFC), NFFC II

8 MLS Components MLS-RP—Multilayer Switching Route Processor
MLS-SE—Multilayer Switching Switch Engine RSM Cisco 85xx 75XX 72XX 4XXX OR Purpose: This slide identifies the major components in multilayer switching. Emphasize: The MLS-SE is the multilayer switching switch engine. This switching entity handles the function of moving and rewriting the packets. The MLS-SE is a NetFlow Feature card residing on a Supervisor III card in a Catalyst switch. The MLS-RP is the route processor. This component is an Route Switch Module (RSM) or an externally connected Cisco 7500, 7200, 4500, 4700, or 8500 series router with software that supports multilayer switching. The MLS-RP sends MLS configuration information and updates, such as the router MAC address and Vlan number, flow mask, and routing and access list changes. The MLSP is the multilayer switching protocol. This protocol operates between the MLS-Switch Engine and MLS-Route Processor to enable multilayer switching. The MLSP is the method in which the RSM or router advertises routing changes and the Vlans or MAC addresses of the interfaces that are participating in MLS. Transition: Following begins the discussion of how an MLS-RP is made known in the network. MLSP—Multilayer Switching Protocol Multicast Hello Messages sent to MLS-SE by MLS-RP to Inform: MAC addresses used on different VLANs Routing/access—lists changes occurring on MLS-RP

9 MLS-RP Advertisement MLS-RP sends out multicast hello messages
Messages contain MAC, VLAN, and route information Messages use the CGMP multicast well-known address Purpose: This slide describes how the MLSP advertises an MLS-RP when it first starts up in the network. Emphasize: When an MLS-RP is activated in a campus network, the MLS-RP sends out multicast Layer 3-hello message every 15 seconds. This hello message is sent using the MSLP. This message is sent to all switches in the network and contains: The MAC addresses used by the MLS-RP on its interfaces that are participating in MLS. The students will be able to view this information in the MLS cache later in this chapter. Access-List Information. This information is used in flow mask identification and is discussed in detail later in this chapter. Routing table updates and changes. How the MLS-SE handles this information is discussed later in this chapter. MLSP uses the Cisco Group Management Protocol (CGMP) multicast address, ensuring interoperability with other Cisco switches.

10 MLS-RP Advertisement (Text Cont.)
Using the same CGMP multicast address ensures that all the switches in the network will listen to that address and they will be able to participate in Layer 3 switching or the multilayer switching. Using the same CGMP multicast address alleviated Cisco from having to register one more multicast address. Although the multicast address is the same, it has a different protocol type and hence the Network Management Processor (NMP) can distinguish these packets and take appropriate action.. Transition: Following continues the discussion of how the network incorporates an MLS-RP.

11 Receiving MLSP Hello Messages
I am not a Layer 3 Switch but I will still pass on the message. Hello Message Hello Message All switches receive the hello message Layer 3 switches process the hello message IP multicast passes transparently through non-Cisco switches Purpose: This slide describes how the MLS-SE handles MSLP messages. Emphasize: All Cisco switches listen to the well-known multicast address and receive the hello message. Only the switches that have Layer 3 capabilities process the hello message. Those switches without Layer 3 capabilities pass these packets through to downstream switches. When an MLS-SE receives the packet, the device extracts all the MAC addresses received in the packet along with the associated interface or VLAN ID for that address. The MLS-SE records the addresses in the MLS-SE CAM table. Transition: Following describes how the MLS-SE differentiates multiple routers.

12 Assigning XTAGs The MLS-SE assigns a unique identifier to each MSL-RP
MLS-RP A MLS-RP B MLS-RP C MLS-RP A = XTAG34 MLS-RP B = XTAG11 MLS-RP C = XTAG28 The MLS-SE assigns a unique identifier to each MSL-RP XTAG value is a one-byte value that the MLS-SE attaches to the MAC address Used to delete a specific Layer 3 entries when then MLS-RP fails or exits the network Purpose: This slide introduces the concept of XTAGs. Emphasize: The MLS-SE uses XTAGs to distinguish multiple MLS routers. The XTAG value is a locally generated one-byte value attached to the MAC address of the MLS-RP and is used to identify flows in the MLS cache. This value is used when deleting a specific set of Layer 3 entries from the MLS cache when an MLS-RP fails, exits the network, or the flow mask is changed. Transition: Following describes how flows are created

13 Establishing an MLS Cache Entry
Candidate Packet Source MAC = 0010.f663.d000 Destination MAC = L3 Information L2 Information Source IP = Destination IP = 2 3 4 Cache Entry? 1 A 0010.f663.d000 B 0090.b Purpose: This slide introduces the first packet in a flow. Emphasize: The MLS-SE maintains a cache for MLS flows and stores statistics for each flow. The first packet in a flow is called a “Candidate” packet. Step 1: The MLS-SE receives a candidate packet and looks at the destination MAC address in the frame. The switch recognizes the destination address of the packet as the address of the MLS-RP. This address was recorded in the CAM table when the switch received the MLSP hello message. Step 2: The MLS-SE then checks the MLS cache to determine if an MLS flow is already established for this flow. Because this packet is the first packet in a flow, there will not be an entry in the cache. Step 3: The switch creates an entry in the MLS cache and assigns an XTAG to this entry. Step 4: The MLS-SE forwards the frame to the addressed router. Transition: Following continues the discussion of how an MLS flow is established. The MLS-SE receives initial frame The MLS-SE reads and recognizes the destination MAC Address The MLS-SE checks the MLS cache for like entries The MLS-SE forwards the frame to the MLS-RP 1 2 3 4

14 Establishing an MLS Cache Entry (cont.)
Source MAC = Destination MAC = 0090.b Enable Packet Source IP = Destination IP = L3 Information L2 Information 7 5 6 8 A 0010.f663.d000 B 0090.b Purpose: This slide discusses how the router handles the candidate packet. Emphasize: Step 5: The router receives the frame and consults the routing table. Step 6: If the router finds the destination address in the routing table, the router constructs a new header, which now contains the MAC address of the destination host or next-hop router. Step 7: The router also enters its own MAC address as the source MAC address. Step 8: The router then returns the frame to the switch. Transition: Following describes how the MLS-SE handles the returned frame. The MLS-RP receives the frame and consults the routing table The MLS-RP rewrites the header with the new destination MAC address The MLS-RP enters its own MAC address for the source address The MLS-RP forwards the frame to the MLS-SE 5 6 7 8

15 Establishing an MLS Cache Entry (cont.)
Candidate Packet XTAG = 28 Enable Packet XTAG = 28 10 MLS Cache 9 MLS-RP IP MLS-RP ID XTAG MLS-RP MAC-Vlans ,41,42 0010.f663.d000 0090.b A B 12 Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port UDP b /9 MLS Cache Entry 11 Purpose: This slide introduces the enable packet. Emphasize: The Enable packet completes the MSL cache entry for that flow. Step 9: The switch receives the frame from the router and recognizes the MAC address in the source field as that belonging to the router. Step 10: The switch checks the MLS cache to see if there is an entry for this router. The switch compares the XTAGs for both the candidate entry in the MLS cache and the returned frame. If the two XTAGs match, the frame came from the same router for the same flow. Step 11: The MLS-SE records the information from the enable packet in the MLS cache. Step 12: The switch forwards the frame to the destination. Instructor Note: Stress that the MLS-SE must see both the candidate and enable packets in order to establish a flow. Transition: Following completes the discussion the MLS-SE treats subsequent packets in a flow. The MLS-SE receives the frame The MLS-SE compares the XTAGs of the candidate and enable packets The MLS-SE records the enable packet information in the MLS cache The MLS-SE forwards the frame to the destination 9 10 11 12

16 Switching Subsequent Frames in a Flow
Incoming Frame L3 Information Source IP = Destination IP = Source IP = Destination IP = L3 Information L2 Information Rewritten Frame Source MAC = Destination MAC = 0090.b L2 Information 13 15 Source MAC = 0010.f663.d000 Destination MAC = B A 16 0010.f663.d000 0090.b 14 Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port UDP b /9 Purpose: This slide discusses how subsequent packets in the flow are handled. Emphasize: Step 13: The MLS-SE receives subsequent packets in the flow. Step 14: The frames with that destination MAC address are compared against the entry in the MLS Cache. Step 15: The switch performs a packet rewrite, based on information learned from the router (MLS-RP) and stored in the MLS cache Step 16: The switch bypasses the router and sends the packet out the appropriate port to the destination. The entry ages out of the cache when traffic for the flow ceases. The criteria for determining when an entry should be deleted is user configurable and is discussed later in this chapter. Partial, or candidate, entries will remain in the cache for five seconds with no enabled entry before timing out. The maximum MLS cache size is 128K. An MLS cache larger than 32K may increase the probability that packets in a flow will be forwarded to the router. Transition: Following begins the discussion of how to configure the MLS-RP. Note The Catalyst 5000 series 24-port 10/100BaseTX and 12-port 100BaseFX Backbone Fast Ethernet switching modules (WS-X5225R and WS-X5201R) have onboard hardware that performs the packet rewrite, optimizing MLS performance. When the MLS-SE receives the packet, it is formatted as follows: The MLS-SE rewrites the Layer 2 frame header, changing the destination MAC address to the MAC address of Host B and the source MAC address to the MAC address of the MLS-RP (these MAC addresses are stored in the MLS cache entry for this flow). The Layer 3 IP addresses remain the same, but the IP header Time to Live (TTL) is decremented and the checksum is recomputed. The MLS-SE rewrites the switched Layer 3 packets so that they appear to have been routed by a router. The MLS-SE forwards the rewritten packet to Host B's VLAN (the destination VLAN is saved in the MLS cache entry) and Host B receives the packet. After the MLS-SE performs the packet rewrite, the packet is formatted as follows: Frame Header IP Header Payload Destination Source TTL1 Checksum2 Data Checksum Host B MAC MLS-RP MAC Host B IP Host A IP 1The IP header TTL value is decremented by 1. 2The IP header checksum is recalculated. MLS Cache Entry The MLS-SE receives subsequent frames in the flow The MLS-SE compares the incoming frame with the MLS cache entry The MLS-SE rewrites the frame header The MLS-SE forwards the frame to the destination 13 14 15 16

17 Commands that Disable MLS
no ip routing ip security (all forms of this command) ip tcp compression-connections ip tcp header-compression Purpose: This slide lists the ip commands that impact MLS. Emphasis: The following ip commands have an adverse effect on multilayer switching no ip routing—Purges all MLS cache entries and disables MLS on the MLS-RP. ip security (all forms of this command)—Disables MLS on the interface. ip tcp compression-connections—Disables MLS on the interface. ip tcp header-compression—Disables MLS on the interface. clear ip-route—Removes the MLS cache entries in all switches performing Layer 3 switching for this MLS-RP. Transition: The following begins the discussion of enabling the MLS-SE. All MLS Cache Entries Purged Any command that requires the router to process the packet will disable MLS

18 Improving IP Routing Performance with MLS
In this section we discuss the following topics: Multilayer Switching Fundamentals Configuring the Multilayer Switch Route Processor Enabling MLS on a route processor Configuring an External Interface Configuring an Internal Interface Verifying the Configuration Applying Flow Masks Configuring the Multilayer Switch Switching Engine MLS Topology Examples Purpose: This slide states the module objectives. Emphasize: Read or state each objective so each student has a clear understanding of the module objectives. At the end of this module, the students will be able to: Configure an MLS-RP Configure an MLS-SE Using access lists, set a flow mask on the MLS-RP Use IOS commands to verify the configuration on both the MLS-SE and MLS-RP Transition: Following is a definition of a multilayer switching.

19 Enabling MLS on the MLS-RP
Router#show mls rp multilayer switching is globally enabled mls id is 0010.f6b3.d000 mls ip address Router(config)#mls rp ip Purpose: This slide gives the command to globally enable MLS on the MLS-RP. Emphasize: The mls rp ip command enable MLS on the MLS-RP. This command identifies the route processor as an MLS-RP. However, the route processor will not participate in MLS until a management interface has been established and each MLS participating interface has been configured. To globally disable multilayer switching on the MLS-RP, enter the no mls rp ip command in global configuration mode. Cisco System’s MLS implementation Layer 3 switches only IP Multiprotocol packets other than IP packets are routed as in a non-Layer 3 switched network. Transition: Following describes how to assign an interface to the same VTP domain as the participating switch. Globally enabling MLS on a router activates the MLSP protocol for that route processor

20 Assigning a VLAN ID to an Interface on an External Router
Router(config)#int ethernet 0 Router (config-if)#mls rp vlan-id 41 E0 VLAN41 Purpose: This slide describes the procedure to assign a Vlan ID to an interface. Emphasis: This command is entered on external routers only. The RSM inherently uses Vlans ID to identify interfaces. External router interfaces have knowledge regarding subnets but not Vlans. Stress that multilayer switching is routing between Vlans. To assign a Vlan ID to a router interface, enter the following command in interface configuration mode. Router (config)#int interface number Router (config-if)#mls rp vlan-id vlan_id_num The vlan id num value represents the Vlan number you want to assign to this interface. To remove an interface from a Vlan, enter the no mls rp vlan-id vlan-id num command. Vlans and MLS are intrinsically tied together. If you remove the VLAN ID from an interface, MLS is automatically disabled for that interface. Transition: The following describes how to enable MLS on an interface. This command is required on external routers with a non-ISL interface only

21 Assigning an MLS Interface to a VTP Domain
Router#show mls rp multilayer switching is globally disabled mls id is 0010.f6b3.d000 mls ip address mls flow mask is destination-ip number of domains configured for mls 1 vlan domain name: bcmsn Router(config)#int vlan41 Router(config-if)#mls rp vtp-domain bcmsn Purpose: This slide describes the command to place an interface in a VTP domain Emphasis: MLS interfaces must reside in the same VTP domain as the participating switch. Disregard this step if the switch is not assigned to VTP domain. To place an interface in the same VTP domain as the switch, enter the following command in interface configuration mode: Router(config-if)# mls rp vtp-domain domain name The domain name is the name of the VTP domain in which the switch resides. This command only on the primary interface for an ISL interface. All subinterfaces that are part of the primary interface inherit the VTP domain of the primary interface. To remove the MLS interface from a VTP domain, enter the no mls rp vtp-domain domain name command. Transition: The following describes how to remove an interface from a null domain. bcmsn VTP Domain The RSM automatically maps a VLAN to an internal interface

22 Verifying the MLS VTP Domain
Router#show mls rp vtp-domain bcmsn vlan domain name: bcmsn current flow mask: destination-ip current sequence number: current/maximum retry count: 0/10 current domain state: no-change current/next global purge: false/false current/next purge count: 0/0 domain uptime: 6d05h keepalive timer expires in 6 seconds retry timer not running change timer not running Purpose: This slide discusses the show mls rp vtp-domain command. Emphasis: This command displays information about a specific VTP domain in which the route processor is participating. Although the information looks the same as that display resulting from the show mls rp command, note the global mls information is no longer displayed. This command is useful when the route processor is participating in more than one VTP domain and you want information about one specific domain. Management interfaces participating in this domain. Note this display shows only one management interface. Vlans configured in this domain. Note this display now includes the management Vlan 1. Switches participating in MLS with this route processor. Note there are no switches configured as yet. Transition: The following discusses how to display information about a single MLS interface. The show mls rp vtp-domain command displays information about a specific VTP domain Each interface belongs to only one VTP domain

23 Enabling MLS on an Interface
Router#show mls rp (text deleted) 2 mac-vlan(s) configured for multi-layer switching: mac 0010.f6b3.d000 vlan id(s) Router(config)#int vlan41 Router(config-if)#mls rp vtp-domain bcmsn Router(config-if)#mls rp ip Purpose: This slide describes the command to enable MLS on an interface. Emphasis: MLS must be explicitly entered on the interface. Each interface that is to participate in Layer 3 switching must be enabled for multilayer switching. To enable an RSM interface for multilayer switching, enter the following command in interface configuration mode. Router (config)# int Vlan101 Router (config-if)# mls rp ip To disable multilayer switching on an interface, enter the no mls rp ip command. The maximum transmission unit (MTU) for an MLS interface must be the default Ethernet MTU, 1500 bytes. If the MTU value on an interface is any value other than 1500, MLS cannot be enabled on that interface. To enable MLS on an interface that has an MTU set at a value other than 1500, perform the following steps: Step 1: Disable MLS on the interface. Step 2: Enter the mtu 1500 command in configuration mode for that interface. Step 3: Enable MLS on the interface Transition: The following describes how to assign an MLS management interface. MLS must be explicitly entered on the interface

24 Problem: Creating a Null Domain
Router#show mls rp multilayer switching is globally enabled (text deleted) number of domains configured for mls 2 vlan domain name: -null- vlan domain name: bcmsn Router(config)#int vlan41 Router(config-if)#mls rp ip -null- Domain bcmsn VTP Domain Purpose: This slide describes the command to place an interface in a VTP domain Emphasis: MLS interfaces must reside in the same VTP domain as the participating switch. Disregard this step if the switch is not assigned to VTP domain. To place an interface in the same VTP domain as the switch, enter the following command in interface configuration mode: Router(config-if)# mls rp vtp-domain domain name The domain name is the name of the VTP domain in which the switch resides. This command only on the primary interface for an ISL interface. All subinterfaces that are part of the primary interface inherit the VTP domain of the primary interface. To remove the MLS interface from a VTP domain, enter the no mls rp vtp-domain domain name command. Transition: The following describes how to remove an interface from a null domain. Enabling MLS on an interface before assigning the interface in a VTP domain places the interface in a null domain When in a null domain, the interface cannot interact with any switches

25 Solution: Removing an Interface from a Null VTP Domain
Router#show mls rp multilayer switching is globally enabled (text deleted) number of domains configured for mls 1 vlan domain name: bcmsn Router(config)#int vlan41 Router(config-if)#no mls rp ip Purpose: This slide describes the procedure to remove an interface in from a null VTP domain Emphasis: Assigning an MLS interface to a null domain is a common command error. Enabling MLS on an interface prior to putting the interface in a VTP domain places that interface in the null domain. If the MLS interface is in a null domain, the interface cannot participate in MLS with the switch. To remove the MLS interface from a null VTP domain, enter the following command sequence. Router(config-if)#no mls rp ip Router(config-if)#no mls rp management-interface Enter the first command only if the interface is not the designated management interface for the MLS-RP. Enter both commands if the interface is the management interface for the MLS-RP. Transition: The following describes how to assign a Vlan ID to an interface. bcmsn VTP Domain Disabling MLS on an interface removes the interface from a null domain

26 Assigning an MLS Management Interface
Router#show mls rp (text deleted) 1 management interface(s) currently defined: vlan 1 on Vlan1 Router(config)#int vlan1 Router(config-if)#mls rp ip management-interface Purpose: This slide describes the command to assign a management interface. Emphasis: An MLS-RP uses the MLSP to send management information out on the network. This information announces when an MLS-RP comes online, advertises routing changes, and identifies the Vlans or MAC addresses of those interfaces on the device that are participating in MLS. One interface on the MLS-RP must be identified as the management interface. This interface must be connected to the MLS switch. If no management interface is configured, MLSP messages will not be sent. More than one interface on a single MLS-RP can be identified as a management interface; however, caution the students that this action may place unnecessary overhead on the MLS-RP. To identify a management interface on a RSM or router, enter the following command in interface configuration mode. Router(config-if)# mls rp management-interface To disable an the management interface, enter the no mls rp management-interface command in interface configuration mode. Transition: The following describes how to verify the MLS configuration. At least one interface on the MSL-RP must be configured as the management interface

27 Verifying the MLS-RP Configuration
Router#show mls rp Multilayer switching is globally enabled mls id is 0010.f6b3.d000 mls ip address mls flow mask is destination-ip number of domains configured for mls 1 vlan domain name: bcmsn current flow mask: destination-ip current sequence number: current/maximum retry count: 0/10 current domain state: no-change current/next global purge: false/false current/next purge count: 0/0 domain uptime: 00:21:40 keepalive timer expires in 6 seconds retry timer not running change timer not running 1 management interface(s) currently defined: vlan 1 on Vlan1 2 mac-vlan(s) configured for multi-layer switching: mac 0010.f6b3.d000 vlan id(s) router currently aware of following 0 switch(es): This MAC address appears in the MLS Cache The IP Address given to the MLS-SE The domain name must match with the MLS-SE Purpose: This slide describes the use of the show command to verify the MLS configuration. Emphasis: To verify the MLS configuration for an MLS-RP, enter the following command in privilege EXEC mode. Router#show mls rp Point out the following items: Multilayer switching is globally enabled The MLS ID for this MLS-RP is 0010.f6b3.d000 The MLS IP address for this MLS-RP is This ID indicates the MLS-RP is an internal route processor (RSM) The flow mask is the default destination-ip. Flow masks are determined by access lists and dictate how entries are recorded in the MLS cache. Flow masks will be discussed later in this chapter. The route processor is a member of the VTP domain called bcmsn. Transition: The following completes the discussion of the show mls rp command. The interface sending MLSP messages The number of switches for which the MLS-RP is routing

28 Verifying the MLSP-RP Interface Configuration
RSM#show mls rp interface vlan1 mls active on Vlan1, domain bcmsn interface Vlan1 is a management interface Purpose: This slide discusses the display resulting from the show mls rp interface command. Emphasis: You can verify the MLS configuration for a specific interface. To display information about a single MSL interface, enter the following command in privilege EXEC mode. Router#show mls rp interface interface number The display resulting from this command shows the following information. If multilayer switching is active on the interface The VTP domain in which the Vlan ID resides If this interface is configured as the management interface for the MLS-RP If the interface is not configure for multilayer switching, the system responds with the following message: mls not configured on interface name/number Transition: The following begins the discussion of flow masks.

29 Improving IP Routing Performance with MLS
In this section we discuss the following topics: Multilayer Switching Fundamentals Configuring the Multilayer Switch Route Processor Applying Flow Masks What is a Flow Mask? Types of Flow Masks Output Access Lists and MLS Input Access lists and MLS Configuring the Multilayer Switch Switching Engine Purpose: This slide states the module objectives. Emphasize: Read or state each objective so each student has a clear understanding of the module objectives. At the end of this module, the students will be able to: Configure an MLS-RP Configure an MLS-SE Using access lists, set a flow mask on the MLS-RP Use IOS commands to verify the configuration on both the MLS-SE and MLS-RP Transition: Following is a definition of a multilayer switching.

30 MLS Flow Masks No Access List Extended Access List
MLS-RP A MLS-RP C No Access List Extended Access List MLS-RP B Standard Access List Purpose: This slide discusses how access lists affect the flow mask in the MLS cache. Emphasis: The MLS-SE uses flow mask modes to determine how MLS entries are created in the MLS cache. The flow mask mode is based on the access lists configured on the MLS router interfaces. The MLS-SE learns the flow mask through MLSP messages from each MLS-RP for which the MLS-SE is performing Layer 3 switching. MLS-SE supports only one flow mask for all MLS-RPs that are serviced by the MLS-SE. The MLS-SE uses the most specific flow mask detected. When the MLS-SE flow mask changes, the entire MLS cache is purged. In this slide, the route processor called MLS-RP C supports an extended access list. Extended access lists generate the most specific flow mask. The MLS switch will use a flow mask based on the criteria set forth from MLS-RP C. Transition: The following continues the discussion of flow masks. Flows from MLS-RP A, MLS-RP B, and MLS-RP C Are Based on Criteria from MLS-RP C

31 Flow Mask: Destination-IP
interface Vlan41 ip address mls rp vtp-domain bcmsn mls rp management-interface mls rp ip MLS-RP A No Access List Purpose: This slide discusses the flow mask used if there are no access lists set on the MLS-RP. Emphasis: The MLS-SE supports three flow mask modes. The default flow mask is the destination-ip mode. This mode represents the least-specific flow mask. The MLS-SE maintains one MLS entry for each destination IP address. All flows to a given destination IP address use this MLS entry. This mode is used if there are no access lists configured on any of the MLS router interfaces. Transition: The following continues the discussion of flow masks. multilayer switching is globally enabled mls id is 0010.f6b3.d000 mls ip address mls flow mask is destination-ip number of domains configured for mls 1 vlan domain name: bcmsn current flow mask: destination-ip Flow Mask

32 Flow Mask: Source-Destination-IP
interface Vlan11 ip address ip access-group 2 out mls rp vtp-domain bcmsn mls rp management-interface mls rp ip MLS-RP B Standard Access List Router#show mls rp multilayer switching is globally enabled mls id is 0010.f6b3.d000 mls ip address mls flow mask is source-destination-ip number of domains configured for mls 1 vlan domain name: Engineering current flow mask: source-destination-ip Purpose: This slide discusses the flow mask used if there is a standard access list set on the MLS-RP. Emphasis: The next least specific flow mask is the source-destination-ip mode. Using this flow mask, the MLS-SE maintains one MLS entry for each source and destination IP address pair. All flows between a given source and destination use this MLS entry regardless of the IP protocol ports. This mode is used if there is a standard access list on any of the MLS interfaces. Transition: The following continues the discussion of flow masks. Flow Mask

33 Flow Mask: IP-Flow MLS-RP C Extended Access List
interface Vlan11 ip address ip access-group 101 out mls rp vtp-domain bcmsn mls rp management-interface mls rp ip MLS-RP C Extended Access List multilayer switching is globally enabled mls id is 0010.f6b3.d000 mls ip address mls flow mask is ip-flow number of domains configured for mls 1 vlan domain name: Engineering current flow mask: ip-flow Purpose: This slide discusses the flow mask used if there is an extended access list set on the MLS-RP. Emphasis: The most specific flow mask is the ip-flow mode. The MLS-SE creates and maintains a separate MLS cache entry for every IP flow. An ip-flow entry includes the source IP address, destination IP address, protocol, and protocol ports. This mode is used if there is an extended access switching.. Transition: The following discusses the impact of access lists on MLS. Flow Mask

34 Output Access Lists and MLS
ip access-group 101 out 0010.f663.d000 0090.b A B Slide 2 of 4 This slide does not appear in the student text. Purpose: This slide continues the discussion of the impact of output access lists on multilayer switching. Emphasis: As with input access lists, placing an output access list on an MLS enabled interface purging the MLS cache of all existing flows for that interface. Transition: The following continues the discussion of output access lists and MLS. MLS Cache Entries for Flow AB Are Purged

35 Output Access Lists and MLS (cont)
Candidate Packet Enable Packet L3 Information L3 Information Source IP = Destination IP = Source IP = Destination IP = L2 Information L2 Information Source MAC = 0010.f663.d000 Destination MAC = Source MAC = Destination MAC = 0090.b ip access-group 101 out Slide 3 of 4 This slide does not appear in the student text. Purpose: This slide continues the discussion of the impact of output access lists on multilayer switching. Emphasis: However, unlike input access lists, the next packet in the flow is considered a candidate packet by the MLS switch. If the MLS switch detects a enabling packet for this flow, a new cache entry is established for this flow. Transition: The following concludes the discussion of output access lists and MLS. Purpose: This slide concludes the discussion of the impact of output access lists on multilayer switching. All subsequent packets in that flow are multilayer switched and the MLS-RP is bypassed. Transition: The following discusses how to enable input access lists with MLS. 0010.f663.d000 0090.b A B New MLS Cache Entry for Flow AB Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port TCP b /9

36 Input Access Lists and MLS
ip access-group 101 in 0010.f663.d000 0090.b A B Slide 3 of 3 This slide does not appear in the student text. Purpose: This slide concludes the discussion of the impact of input access lists on multilayer switching. Emphasis: Because the default behavior for input access list is to examine and route all incoming packets, all subsequent packets in the flow between end stations A and B are routed. Transition: The following discuss output access lists and MLS. MLS Cache Entries for Flow AB Are Purged All subsequent packets between A and B on that interface are routed

37 Supporting Input Access Lists
Router#sho run Building configuration... Current configuration: ! version 11.3 (Text Deleted) mls rp nde-address mls rp ip input-acl mls rp ip Router(config)#mls rp ip input-acl ip access-group 101 in Purpose: This slide discusses the input-acl command. Emphasis:. To enable multilayer switching to cooperate with input access lists, enter the following command in global configuration mode. Router(config)# mls rp ip input-acl To remove support for input access lists in a multilayer-switching environment, enter the no mls rp ip input-acl command in global configuration mode. Transition: The following discusses the ip routing commands that disable MLS. A B L3 Switched for Flow AB

38 Improving IP Routing Performance with MLS
In this section we discuss the following topics: Multilayer Switching Fundamentals Configuring the Multilayer Switch Route Processor Applying Flow Masks Configuring the Multilayer Switch Switching Engine Enabling MLS on the Switch Aging out Cache Entries Managing Short-Lived Flows Adding External Router MLS Ids Verifying the Configuration MLS Topology Examples Purpose: This slide states the module objectives. Emphasize: Read or state each objective so each student has a clear understanding of the module objectives. At the end of this module, the students will be able to: Configure an MLS-RP Configure an MLS-SE Using access lists, set a flow mask on the MLS-RP Use IOS commands to verify the configuration on both the MLS-SE and MLS-RP Transition: Following is a definition of a multilayer switching.

39 Enabling MLS on the MLS-SE
Switch (enable)#show config (Text Deleted) #mls set mls enable Switch(enable)#set mls enable Purpose: This slide describes how to enable MLS on the switch. Emphasis: MLS is enabled by default on the Catalyst series switches that support Layer 3 switching. If the MLS-RP is the RSM, there is no configuration needed for the switch. Configuring the switch is necessary when the: MLS-RP is an external router. Aging time for MLS cache entries is other than the default. If MLS is not enabled on the switch, enter the following command in privilege EXEC mode on the switch: Switch(enable)#set mls enable To disable MLS on the switch, enter the following command in privilege EXEC mode on the switch: Switch(enable)#set mls disable Transition: The following discusses how long the cache maintains MLS entries. Must be enabled before a switch can participate in MLS Automatically enabled on MLS-capable switches

40 Aging Out Cache Entries
I haven’t seen any packets for this entry within 256 seconds. I will delete this entry from the cache 0010.f663.d000 0090.b A B Slide 2 of 2 Purpose: This slide discusses the aging process for existing cache entries. Emphasis: The MLS-SE deletes MLS entries from the cache if a packet for a flow entry has not been detected for the specified aging time. As we discussed, other events, such as applying access lists, route changes, or disabling MLS on the switch can cause the MLS entries to be purged. Transition: The following discusses how to change the aging time for cache entries. MLS Cache Entry for Flow AB Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port b /8

41 Modifying the Cache Aging Time
Switch (enable)#set mls agingtime 297 Multilayer switching agingtime set to 304 Switch(enable)show config (Text Deleted) #mls set mls enable set mls agingtime 304 Purpose: This slide discusses the set mls agingtime command. Emphasis: The amount of time an MLS entry remains in the cache is user configurable. Enter the following command in privilege EXEC mode on the switch to change the agingtime parameter for the cache. Switch (enable)#set mls agingtime agingtime The agingtime variable is the amount of time an entry remains in the cache before the entry is deleted. The range of the aging time value is from 64 to 1920 seconds. The default value is 256 seconds. Aging time values are entered in 64-second increments. Any aging time value that is not a multiple of 64 seconds is adjusted to the closest one. Transition: The following discusses how to manage short-lived flows. MLS-SE automatically “rounds up” in 8-second increments

42 Managing Short-Lived Flows
I haven’t seen any packets for this entry for over 10 seconds but I still must keep these entries in the cache for the default aging time. DNS Response 0010.f663.d000 0010.7bee.9501 A DNS Request DNS Server Purpose: This slide discusses the concept of short-lived flows. Emphasis: Some MLS flows are sporadic or short-lived. An example of a sporadic or short-lived flow would be packets that are sent to or received from a Domain Name System (DNS) or Trivial File Transfer (TFTP) server. Because the connection may be closed after one request and one reply cycle, that MLS entry in the cache is used only once. Transition: The following continues the discussion of short-lived flows. Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port TCP DNS DNS b-ee /8 TCP DNS DNS d /6 Short-lived flows entries take up MLS cache space even though there is no flow activity

43 Modifying agingtime fast
Switch (enable)#set mls agingtime fast 64 7 Switch (enable)show config (Text Deleted) #mls set mls enable set mls agingtime 304 set mls agingtime fast 64 7 Purpose: This slide discusses the agingtime fast command. Emphasis: Agingtime fast states that if the MLS-SE does not detect a specified number of packets in a certain time period, then that entry is removed from the cache. To configure the fast aging option, enter the following command in privilege EXEC mode. Switch (enable)# set mls agingtime fast fastagingtime pkt_threshold The Fastagingtime variable indicates the amount of time an entry remains in the cache before the entry is deleted. Allowable configuration values are 32, 64, 96, or 128 seconds. The default is 0 seconds. The Pkt threshold indicates the number of packets that must detect within the specified amount of time. Allowable configuration values are 0, 1, 3, 7, 15, 31, 63 packets. The default is 0 packets. In this example, if the switch detect less than 7 matching flow packets in 64 seconds, that flow entry is deleted from the cache. If the agingtime fast parameter is set, it applies to all cache entries regardless if those entries are short-lived or not. agingtime fast sets a threshold for cache entries agingtime fast removes entries from the cache if the threshold has been crossed.

44 Modifying agingtime fast (Text Cont.)
Cisco Systems recommends that the number of MLS entries in the MLS cache be below 32K. If the number of MLS entries is more than 32K, some flows may be sent to the router. To keep the number of MLS cache entries below 32K, enable agingtime fast. Initially set the time to 128 seconds. If the number of cache entries continues to go over 32K, decrease the setting; start with 96, then 64, and 32, as necessary. If cache entries continue to go over 32K, decrease the normal agingtime in increments of 64 seconds from the 256-second default Transition: The following discusses how to include manually configured MLS IP addresses.

45 Verifying the Configuration
Switch (enable) show mls Multilayer switching enabled Multilayer switching aging time = 304 seconds Multilayer switching fast aging time = 64 seconds, packet threshold = 7 Full flow Total packets switched = Active shortcuts = 2138 Netflow Data Export disabled Netflow Data Export port/host is not configured. Total packets exported = 0 MLS-RP IP MLS-RP ID XTAG MLS-RP MAC-Vlans f6b3d f6-b3-d ,41-42 Purpose: This slide discusses the show mls command. Emphasis: The show mls command displays the MLS switch configuration. The above example indicates the: Multilayer switching is enabled Cache aging time is 320 seconds, or about five minutes However, if the switch does not see at least seven packets for any flow with 64 seconds, the flow entry is removed from the cache. Flow mask is set to full flow, indicating that at least one MLS-RP for this MLS-SE is configured with an extended access list. Total number of packet switched for all flows is 101,892. Number of times the MLS-SE multilayer switched packets is 2, 136 Netflow Data Export is disabled. The Netflow Data Export is a tool that allows you to collect statistics for the Layer 3-switched traffic. This tool is not discussed in this course. MLS-RP IP address, MAC address, Xtag, and supported Vlans Transition: The following discusses displaying the switch inclusion list.

46 Including an External Router MLS IP Address
Interface FE 0 Switch (enable) set mls include Multilayer switching enabled for router Purpose: This slide discusses the set mls include command. Emphasis: If the switch supports an externally attached MLS-RP, the switch must be manually configured to recognize that MLS-RP. Inform the student that this command is only necessary for external routers. The MLS-SE automatically includes the IP address of co-resident RSMs in the switch inclusion list. To manually include an external MLS-RP, enter the following command in privilege EXEC mode on the switch. Switch (enable) set mls include ip_addr The IP address variable is the MLS IP address of the external router. To determine the IP address of the MLS-RP, enter the show mls rp command on the MLS-RP. To remove the MLS-RP from the switch inclusion list, enter the clear mls include ip address command. Use the clear mls include all command to remove every externally connected MLS-RPs from the switch inclusion list The auto-included RSM cannot be cleared using the clear mls include command. When the RSM is physically removed from the switch chassis or MLS is disabled on an RSM, the RSM IP address is removed from the inclusion list. Transition: The following discusses how to verify the switch MLS configuration. Required for external routers

47 Displaying the Switch Inclusion List
Automatically Added Internal Route Processor Switch (enable) show mls include Included MLS-RP Purpose: This slide discusses the show mls include command. Emphasis: To display the contents of the switch inclusion list, enter the following command in privilege EXEC mode. Switch(enable) show mls include The resulting display returns the IP addresses of all MLS-RPs that are participating in multilayer switching with the MLS-SE. If the IP address of an MLS-RP does not appear in the switch inclusion list, the MLS-SE will not Layer 3 switch for the MLS-RP. If the MLS-SE is suppose to be Layer 3 switching for a specific router and its IP address is not listed in the inclusion list, check the following: Is the router processor external? If so, did you manually entered the MLS IP address in the inclusion list using the set mls include command? Is the route process an RSM? If so, is the RSM resident and functional? Is multilayer switching is globally enabled on the MLS-RP? Is there a management interface configured for the MLS-RP? Transition: The following discusses displaying entries in the MLS cache. Manually Added External Route Processor

48 Display MLS Cache Entries
Switch (enable) show mls entry Destination IP Source IP Prot DstPrt SrcPrt Destination Mac Vlan Port MLS-RP : UDP b-ee /9 UDP b-ee /9 UDP b-ee /9 MLS-RP : UDP c-06-5b-1e /1 UDP c-06-5b-1e /1 Purpose: This slide discusses the show mls entry command. Emphasis: The show mls entry command displays the MLS cache entries You can further define the show mls entry command by adding the following options: show mls entry destination ip address displays all entries for a specific destination IP address. show mls entry source ip address displays all entries for a specific source IP address. show mls entry flow protocol | source port destination port displays protocol specific information about the entries. The protocol variable can be tcp, udp, icmp, or a decimal number for other protocol families The source destination port variable specify the port pair if the protocol is tcp or udp. A zero (0) value for source and destination port or protocol is treated as a wildcard and all entries are displayed. If the protocol selected is not TCP or UDP, set the source and destination port variable to zero (0). show mls entry rp ip address to display MLS cache entries for a specific MLS-RP. Transition: The following discuss how to clear the MLS cache.

49 Removing MLS Cache Entries
Switch (enable) clear mls entry destination Switch (enable) show mls entry Destination IP Source IP Prot DstPrt SrcPrt Destination Mac Vlan Port MLS-RP : UDP c-06-5b-1e /1 UDP c-06-5b-1e /1 Purpose: This slide discusses the clear mls entry command. Emphasis: To remove entries from the MLS cache, enter the clear mls entry command in privilege EXEC mode. MLS cache entries can be removed using the following criteria. clear mls entry source ip address. Clears all entries from a specific source IP address. clear mls entry destination ip address. Clears all entries to a specific destination IP address. This command is shown in the slide. clear mls entry flow protocol | source port destination port. Clears all entries in a specific flow clear mls entry all. Clears all entries in the cache Refer students to the “Configuring Multilayer Switching” section of the Catalyst Series Switch Configuration Guide (4.3) for details on how to format this command for each of the above instances. Transition: The following begins the discussion on MLS configurations.

50 Improving IP Routing Performance with MLS
In this section we discuss the following topics: Multilayer Switching Fundamentals Configuring the Multilayer Switch Route Processor Applying Flow Masks Configuring the Multilayer Switch Switching Engine MLS Topologies Topology Examples Topology Quiz Unsupported Topology Topology Changes and Routing Impacts Purpose: This slide states the module objectives. Emphasize: Read or state each objective so each student has a clear understanding of the module objectives. At the end of this module, the students will be able to: Configure an MLS-RP Configure an MLS-SE Using access lists, set a flow mask on the MLS-RP Use IOS commands to verify the configuration on both the MLS-SE and MLS-RP Transition: Following is a definition of a multilayer switching.

51 MLS Topology Example 1 Host A sends a packet to the default gateway
MLS-RP R2 3 4 1 2 5 A B R2 R1 6 MLS-SE Host A sends a packet to the default gateway R1 rewrites the frame header to reflect the destination as the next-hop router (R2) MLS-SE forwards the frame to R2 R2 rewrites the frame header to reflect the destination as Host B MLS-SE forwards the frame to Host B All subsequent frames are switched 1 Purpose: This slide describes a MLS configuration example. Emphasis: How routers and switches are placed in relationship to each other is critical to multilayer switching. In this example, end Station A connects to the MLS-SE through router R2. Router R2 is not participating in MLS. Station A wants to send information to B. Station A addresses the frame with the MAC address of R2 at Layer 2 because R2 is its default gateway. To reach Station B, R2 has to use the next hop router R1. R2 rewrites its own MAC address in the source field of the frame header and writes the MAC address of R1 in the destination field. MLS-SE detects the packet and recognizes the MAC address in the destination field. Because this is the first frame in the flow, the frame is sent to R1. The MLS-SE treats this frame as a candidate packet. R1 rewrites with its own MAC address in the source field and the MAC address of end Station B in the destination field. The frame is returned to the switch . The MLS-SE recognizes the source address and treats this frame as the enabling packet. Having established the Layer 3 entry now, all subsequent frames bypass R1 and go straight from Station A through R2, through the MLS-SE, and ultimately, to Station B. Transition: The following discusses another MLS configuration. 2 3 4 5 6

52 MLS Topology Example 2 B A
MLS-RP Host A sends a packet to the default gateway MLS-SE1 forwards the frame to MLS-SE2 MLS-SE2 forwards the frame to MLS-SE3 MLS-SE3 forwards the frame to MLS-RP1 MLS-RP1 rewrites the frame header and forwards the frame to MLS-SE3 MLS-SE3 forwards the frame to MLS-SE2 MLS-SE2 forwards the frame to MLS-SE1 MLS-SE1 forwards the frame to Host B All subsequent frames are switched through MLS-SE1 Entries in MLS-SE2 and 3 time out 1 4 5 2 3 MLS-SE3 10 4 3 6 5 10 MLS-SE2 7 6 2 A MLS-SE1 B 7 Purpose: This slide describes a MLS configuration example where packets traverse multiple switches. Emphasis: This example describes multilayer switching in a configuration that contains external routers and a hierarchy of MLS-SEs. Both Station A and Station B are connected through MLS-SE 3. To communicate with Station B, Station A addresses the frame to the default gateway R1. MLS-SE 3 recognizes this frame as a candidate packet and a partial entry is created in the MLS cache of MLS-SE 3. The frame is then sent to MLS-SE 2. MLS-SE 2 recognizes this frame as a candidate packet and a partial entry is created in the MLS cache of MLS-SE 2. This process is also repeated for MLS-SE 1. MLS-SE 1 then sends the frame to R1. R1 rewrites the destination and source MAC addresses in the frame and sends the frame back to MLS-SE The frame now meets the criteria of an enabling packet and the MLS entry is completed in the cache. This process is repeated in both MLS-SE 2 and MLS-SE 3 and the frame is sent to Station B. A Layer 3 entry switches for the flow between Station A and Station B is established in all three switches. When subsequent packets in this flow come to MLS-SE 3, a match is found is found in the MLS cache and forwarded to Station B. MLS-SE 2 and MLS-SE 1 never receive subsequent frames in this flow and the entries in those MLS caches age out. Transition: The following presents the last MLS configuration example. 1 8 8 9 9 10

53 Quiz: MLS Topology Example
MLS-RP Port in Blocking State S1 X S2 S3 S4 S7 Slide 1 of 2 Purpose: This slide describes an MLS configuration with multiple Layer 2 paths. Emphasis: This example illustrates MLS in a configuration where multiple Layer 2 paths exist between the source and destination devices and how spanning tree operates with this configuration. As in the previous examples, communication is between Station A to Station B. From a spanning-tree perspective, the link between switches S2 and S3 is in blocking mode. Traffic from Station A to Station B takes the following path: S4®S2®S1®R®S1®S3®S7®B The first packet is forwarded along this path and candidate entries are established in S4, S2, and S1. Because this is the first packet in the flow, the frame is forwarded to R, rewritten with the appropriate source and destination headers, and returned to down to S1. The returning packet is the enabling packet, and the entry in the MLS cache of S1 is completed. The packet is then forwarded to S3, S7, and on to Station B. Subsequent packets in this flow are now Layer-3 switched at S1. Because S4 and S2 do not detect an enabling packet, candidate entries created in S4 and S2 age out of those MLS caches. If switch S1 is not a Layer 3 switch, then the packets never bypass the router because it is the only switch that is positioned to detect both the candidate and the enabling packet. Transition: The following completes the discussion of this configuration. S5 S6 A B Original MLS path was A S4 S2 S1 S3 S7B Spanning tree blocked the link between S1 and S3 What is the next available MLS path?

54 Answer: MLS Topology Example
MLS-RP Port in blocking state S1 X S2 S3 S4 S7 Slide 1 of 2 Purpose: This slide describes an MLS configuration with multiple Layer 2 paths. Emphasis: Traffic from Host A to Host B takes the following path: S4®S2®S1®R®S1®S3®S7®B The first packet is forwarded along this path and candidate entries are established in S4, S2, and S1. Because this is the first packet in the flow, the frame is forwarded to R, rewritten with the appropriate source and destination headers, and returned to down to S1. The returning packet is the enabling packet, and the entry in the MLS cache of S1 is completed. The packet is then forwarded to S3, S7, and on to Host B. Subsequent packets in this flow are now Layer-3 switched at S1. Because S4 and S2 do not detect an enabling packet, candidate entries created in S4 and S2 age out of those MLS caches. If switch S1 is not a Layer 3 switch, then the packets never bypass the router because it is the only switch that is positioned to detect both the candidate and the enabling packet. Transition: The following completes the discussion of this topology. S5 S6 A B First packet path = A S4 S2 S1 S2 S3 S7 B Subsequent packet path = A S4 S2 S3 S7 B

55 Unsupported MLS Topology
VLAN41 VLAN42 RSM1 RSM2 Purpose: This slide describes an unsupported MLS configuration where one switch does not detect both the candidate and enable packets. Emphasis: The previous examples discussed how MLS works in different topologies. The following examples examine where MLS does not work. In this example, Station A communicates with Station B through the default gateway R1. Router R1 uses R2 as the next hop to route packets to Station B. The first packet takes the following path A®S1®R1®R2®S2®B A candidate entry is created in S1; however, S1 never detects an enabling packet from R1, which would have completed the entry in the MLS cache. Multlayer switching can not occur in this example. Transition: The following discusses an MLS solution to this configuration. A B

56 Unsupported MLS Topology—Solution 1
VLAN 41 VLAN 42 MLS-RP 1 MLS-RP 2 ISL Link MLS-SE 1 MLS-SE 2 Purpose: This slide discusses an MLS solution to the previously described configuration. Emphasis: One solution for this topology is to configure an ISL link from MLS-RP1 to MSL-SE1. This ISL link would route for both VLANs 41 and 42. With this modification, MLS-SE1 detects both the candidate and enable packet for the flow and a Layer 3 entry is established in the MLS cache of MLS-SE1. Transition: The following discusses another solution to the unsupported MLS configuration. A B Configure an ISL link from MLS-SE1 to MLS-RP1 to carry both VLAN41 and VLAN42

57 Unsupported MLS Topology—Solution 2
VLAN 41 VLAN 42 MLS-RP 1 MLS-RP 2 Link 1 Link 2 MLS-SE 1 MLS-SE 2 Purpose: This slide discusses another MLS solution to the previously described configuration. Emphasis: Another solution for topology is to add another link from R1 to S1. This new interface on R1 now routes for subnet B. The first packet in a flow is sent from A to R1 over one interface and a partial entry is created in the MLS cache of S1. R1 modifies the packet header and sends the packet out the second interface to S1, completing the partial entry. The packet is now forwarded from S1 to Station B by way of S2. Subsequent packets in this flow can now be Layer-3 switched in S1. Transition: The following begins the discussion of how routing changes impact MLS cache entries. A B Configure a second link from MLS-SE1 to MLS-RP1 to route for Subnet 42

58 Impact of a Host Move on the MLS Cache
MLS-RP C is directly connected, VLAN41 C is directly connected, VLAN 42 Interface VLAN41 Interface VLAN42 B Port 2/4 MLS Port Designation Slide 1 of 3 Purpose: This slide discusses how routing changes impact the MLS cache entries. Emphasis: In this example, the MLS-RP is represented as an RSM. End station A on Vlan 11 is communicating with end station B on Vlan 12. End station B is attached to port 4 of the switch. The MLS-RP has a direct route to networks and A flow between end station A and B has been established in the MLS cache. The MLS-SE knows when it detects a packet for this flow, the switch directs the traffic out port 4. Note the MLS cache entry indicates a full flow mask. Transition: The following continues the discussion of Example 1. A Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port TCP b /4 Station A is Layer 3 switching through port 2/4 to Station B

59 Impact of a Host Move on the MLS Cache (cont.)
MLS-RP C is directly connected, VLAN41 C is directly connected, VLAN 42 Interface VLAN41 Interface VLAN42 Candidate Packet Enabled Packet B Port 2/7 MLS Port Designation Slide 2 of 3 Purpose: This slide continues the discussion of how routing changes impact MLS. Emphasis: End station B has been move from port 4 to port 7 on the same MLS-SE. The MLS-SE detects this change and initiates a purge for the associated Layer 3 entry. The next packet in that from end station A is treated as a candidate packet . Transition: The following concludes the discussion for Example 1. Flush Entry From MLS Cache A Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port Station B is moved to port 2/7 The MLS cache is flushed

60 Impact of a Host Move on the MLS Cache (cont.)
MLS-RP C is directly connected, Vlan11 C is directly connected, Vlan 12 C is directly connected, VLAN41 C is directly connected, VLAN 42 Interface VLAN41 Interface VLAN42 B Port 2/7 MLS Port Designation Slide 3 of 3 Purpose: This slide discusses the concept of short lived flows. Emphasis: When the MLS-SE detects the enable packet for this flow, the switch establishes a new entry in the MLS cache indicating the new port number. However, from a routing table standpoint, nothing has changed. The MLS-RP still has the exact same information to get to end station B. Therefore, no routing change information is sent out from the MLS-RP via MLSP. Transition: The following discusses another example of how routing changes impact MLS. A New MLS Cache Entry Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port TCP b /7 A new MLS cache entry is established Station A is Layer 3 switching through port 2/7 to Station B

61 Laboratory Exercise: Visual Objective
Switch Block X VLAN x1 VLAN x2 VLAN x3 VLAN x4 Purpose: This slide discusses laboratory exercise objectives. Emphasis: Discuss what the students will accomplish in the lab. Transition: The following is the chapter summary. Multilayer Switched IP Flow

62 Summary Multilayer switching enhances IP routing performance
Cisco MLS switches consists of both routing and switching entities that function together to effect MLS MLS identifies and maintains a separate cache entry for each MLS flow Flow mask determine how MLS entries are created in the MLS cache The presence or absence of ACLs determine the flow mask used Changes to the routing table in the MLS-RP may or may not affect MLS cache entries. Purpose: This page summarize what was discussed in this module Transition: The following are the review questions.

63 Review Explain how the routing and switching functions of a Cisco MLS switch work together to enable multilayer switching. Describe the three flow mask modes and the impact ACLs have on those modes. Discuss how various router/switch configuration can effect multilayer switching. Purpose: This page provides several topics for discussion Emphasize: Points of discussion for review question 1: Multilayer switching (MLS) is a technique used to increase IP routing performance by handling the packet switching and rewrite function in ASICs. In MLS, the frame forwarding and rewrite process functions previously handled by a router have now been moved into switch hardware. The Cisco implementation of MLS is comprised of three components: Multilayer Switching-Switching Engine (MLS-SE). The multilayer switching switch engine is the switching entity that handles the function of moving and rewriting the packets. The MLS-SE is a NetFlow Feature card residing on a Supervisor III card in a Catalyst switch. Multilayer Switching-Route Processor (MLS-RP). This component is an Route Switch Module (RSM) or an externally connected Cisco 7500, 7200, 4500, 4700, or 8500 series router with software that supports multilayer switching. The MLS-RP sends MLS configuration information and updates, such as the router MAC address and Vlan number, flow mask, and routing and access list changes.

64 Review (Text Only) Multilayer Switching Protocol (MLSP). This protocol operates between the MLS-Switch Engine and MLS-Route Processor to enable multilayer switching. , The MLSP is the method in which the RSM or router advertises routing changes and the Vlans or MAC addresses of the interfaces that are participating in MLS. An MLS cache entry is created for the initial packet of each flow. This is packet is called the Candidate packet. The switch forwards the frame to the MLS-RP. If the MLS-RP finds an entry for the destination address in the routing table, the MLSP-RP rewrites the packet and returns the frame to the switch. The MLS-SE compares the XTAGs for both the candidate entry in the MLS cache and the returned frame. If the two XTAGs match, the frame came from the same router for the same flow. This second frame becomes the “enable” entry in MLS cache and the partial entry for that flow is completed. Points of discussion for review question 2: The three flow mask types supported by the MLS-SE are: destination-ip mode. This mode represents the least-specific flow mask. The MLS-SE maintains one MLS entry for each destination IP address. All flows to a given destination IP address use this MLS entry. This mode is used if there are no access lists configured on any of the MLS router interfaces. source-destination-ip mode. The MLS-SE maintains one MLS entry for each source and destination IP address pair. All flows between a given source and destination use this MLS entry regardless of the IP protocol ports. This mode is used if there is a standard access list on any of the MLS interfaces. ip-flow mode. This mode represents the most-specific flow mask. The MLS-SE creates and maintains a separate MLS cache entry for every IP flow. An ip-flow entry includes the source IP address, destination IP address, protocol, and protocol ports. This mode is used if there is an extended access switching.

65 Review (Text Only) Points of discussion for review question 3:
There is a dependency between the router and the switch at the distribution layer. How these devices are placed in relationship to each other is critical to multilayer switching. As long as the MLS-SE can detect both the candidate and enable packets, multilayer switching will take place. However, if the configuration is designed in such as way as the enabling packet is never returned to the MLS-SE, the candidate packet will age out of the MLS cache and all packets in that flow are routed. Changes to the routing table may affect the behavior of MLS. Whenever a route change takes place, the MLS cache is flushed for any flow entries effected by the route change. As long as the MSL-SE detects both the candidate and enable packets for the new route, a flow entry will be entered into the MLS cache . Transition: This concludes the chapter on Multilayer Switching. The next chapter discusses how to building fault tolerance in your Layer 3 network with Hot Standby Router Protocol.

66 Laboratory Exercise: Diagram (Notes Page)

Download ppt "Improving IP Routing Performance with Multilayer Switching"

Similar presentations

Números.

Números.
1 A B C 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52.

1 A B C
AGVISE Laboratories %Zone or Grid Samples – Northwood laboratory

AGVISE Laboratories %Zone or Grid Samples – Northwood laboratory
Trend for Precision Soil Testing % Zone or Grid Samples Tested compared to Total Samples.

Trend for Precision Soil Testing % Zone or Grid Samples Tested compared to Total Samples.
Virtual Trunk Protocol

Virtual Trunk Protocol
AP STUDY SESSION 2.

AP STUDY SESSION 2.
1

1
EuroCondens SGB 125- 300 E.

EuroCondens SGB E.
Worksheets.

Worksheets.
Network Layer: Address Mapping, Error Reporting, and Multicasting

Network Layer: Address Mapping, Error Reporting, and Multicasting
Sequential Logic Design

Sequential Logic Design
Copyright © 2013 Elsevier Inc. All rights reserved.

Copyright © 2013 Elsevier Inc. All rights reserved.
Addition and Subtraction Equations

Addition and Subtraction Equations
David Burdett May 11, 2004 Package Binding for WS CDL.

David Burdett May 11, 2004 Package Binding for WS CDL.
Create an Application Title 1Y - Youth Chapter 5.

Create an Application Title 1Y - Youth Chapter 5.
Process a Customer Chapter 2. Process a Customer 2-2 Objectives Understand what defines a Customer Learn how to check for an existing Customer Learn how.

Process a Customer Chapter 2. Process a Customer 2-2 Objectives Understand what defines a Customer Learn how to check for an existing Customer Learn how.
Add Governors Discretionary (1G) Grants Chapter 6.

Add Governors Discretionary (1G) Grants Chapter 6.
CALENDAR.

CALENDAR.
CHAPTER 18 The Ankle and Lower Leg

CHAPTER 18 The Ankle and Lower Leg
Communicating over the Network

Communicating over the Network

Similar presentations

Ads by Google