CCNP 3 v5 - Chapter 4

Cisco Networking Academy

CCNP Multilayer Switching
Implementing Inter-VLAN Routing

VLANs
VLANs are associated with individual
networks or subnetworks
Network devices in different VLANs
cannot communicate with one another
without a Layer 3 router
When an end station in one VLAN needs
to communicate with an end station in
another VLAN, inter-VLAN communication
is required


Methods of inter-VLAN routing

A physical interface for each VLAN
Networks with just a couple of VLANs

External router
Cheaper than a Layer 3switch
Performance limited

Internal router
Integration between the layer 2 and 3 elements
More performance

InterInter-VLAN router using multiple

interfaces on an external router
One router interface for each VLAN on the
switch
The router provides all L3 routing
functionality between VLANs


InterInter-VLAN routing using an

external router and a single trunk

Single, trunk-connected link to a router

Must be Fast Ethernet or greater to support ISL
802.1Q is supported in 10Mbps links
Router on a stick = Lollipop routing = One-arm bandit

The router must have a separate logical connection (subinterface)

for each VLAN
ISL, or 802.1Q trunking must be enabled on the single physical
connection between the router and switch

InterInter-VLAN routing configuration

A router interface must on trunk link must be configured

With a subinterface for each VLAN that will be serviced
With the same trunk encapsulation protocol on each
subinterface: ISL or 802.1Q

Inter-VLAN routing verification

ping
R#show vlan
R#show ip route
R#show ip interface brief


Layer 2 switching

Forwards frames based on information in the L2 frame

Occurs in HW
latency decreased
Uses Application-Specific Integrated Circuits (ASIC)
Wire-speed performance in ideal circumstances

A L2 switch builds a forwarding table

Source MAC address + inbound port number of received frame

Cisco Catalysts have 2 primary table architectures

CAM table
Records the source address + inbound port of all frames
Compares destination MAC addresses
TCAM table (Tertiary CAM)
Stores ACLs, QoS and other information

A key
is created to compare the frame to the table content
is fed into a hashing algorithm, which produces a pointer into
the table to access a smaller specific area of the table

Layer 2 Switch Forwarding Process


Multilayer Switching
Ability to switch data based on information at multiple layers
Class of high-performance routers that provide L3 services
and simultaneously forward packets at wire-speed through
switching hardware
Layer 3 switch
Uses ASIC HW: wire-speed PDU header rewrites and forwarding
L3 switching speeds approximate those of L2 switching

Layer 3 switching can occur at two different locations

Centralized switching: central forwarding table
Distributed switching: on a port or line card level

Layer 3 switching methods

Route caching: flow-based
Topology-based switching: uses FIB (Forwarding Information Base)

Frame rewriting using CEF

IP unicast packets and frames are rewritten on the output
interface as follows

Source MAC address changes to the router MAC address

Destination MAC address changes to the next-hop MAC address
TTL is decremented by one
IP header and frame checksums are recalculated


L3 switch virtual interfaces - SVI

Virtual L3 switch interface that can be configured for any VLAN that
exists on a L3 switch

It provides L3 processing for packets from all switch ports associated with
that VLAN

Only one SVI can be associated with a VLAN

It supports routing protocol and bridging configurations

Created upon entering VLAN interface configuration mode

Reasons to configure a SVI
To provide:

A default gateway for a VLAN so traffic can
be routed between VLANs
Fallback bridging if it is required
for nonrutable protocols
L3 IP connectivity to the switch

Routed interfaces on a Multilayer

Switch

Routed switch port

Physical switch port on a Multilayer switch capable of L3 processing
Not associated with a particular VLAN
It behaves like a regular router interface, but it doesnt support VLAN
subinterfaces
It can provide a L3 path into the switch for a number of devices on a specific
subnet, all of which are located out a single switch port
It supports routing protocol and bridging configurations

It is required to remove L2 port functionality

Switch(config-if)#no switchport

Created upon entering

VLAN interface configuration mode


Configuring inter-VLAN routing

Turn on the switches IP routing
functionality:
Switch(config)#ip routing

Routing:
Via the switch virtual interface
A virtual interface in every VLAN
Switch(config)#interface vlan vlan_id
Switch(config-if)#ip address ip_add mask
Switch(config-if)#no shutdown
for VLAN 1

Configuring inter-VLAN routing (II)

Routing
Via the routed port:
Configure a physical switch port/interface
as a router interface
Switch(config)#interface f0/1
Switch(config-if)# no switchport
Switch(config-if)# ip address ip_add mask
Switch(config)# router ip_routing_protocol
<options>


Routing beetwen an external router and

an internal route processor
Goal
access to a WAN interface
Routed port on the switch
RS(config)#interface f0/1
RS(config-if)# no switchport
RS(config-if)#ip address 10.0.1.1 255.255.255.0
ExtR(config)#interface f0/0
ExtR(config-if)#ip address 10.0.1.2 255.255.255.0

Routing between VLANs on switch:

RS(config)#interface vlan
RS(config-if)# ip address
RS(config)#interface vlan
RS(config-if)# ip address

10
10.0.10.1 255.255.255.0
20
10.0.20.1 255.255.255.0

Also, a routing protocol

Configuring router on-a-stick

To configure subinterfaces on a
physical interface:
Identify the interface
Router(config)#interface FastEthernet slot-number
/ port-number.subinterface-number

Define the VLAN encapsulation

Router(config-subif)#encapsulation dot1Q vlannumber

Assign an IP address to the interface

Router(config-subif)#ip address ip-address mask


Configuring the router for the native

VLAN
IOS 12.1(3)T


router subinterface as the native VLAN
RS(config)#interface vlan 10
RS(config-if)# ip address 10.0.10.2 255.255.255.0
RS(config-if)# no shutdown
RS(config)#interface f0/1
RS(config-if)# switchport mode trunk
RS(config-if)# switchport trunk native vlan 1
Router(config)#interface f0/0.1
Router(config-subif)#encapsulation dot1q 1 native
Router(config-subif)# ip address 10.0.1.1 255.255.255.0
Router(config)#interface f0/0.10
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)# ip address 10.0.10.1 255.255.255.0
Router(config)#interface f0/0.20
Router(config-subif)#encapsulation dot1q 20
Router(config-subif)# ip address 10.0.20.1 255.255.255.0

Verifying the interinter-VLAN routing

configuration
show ip route
Confirms IP routing is enabled
show ip interface brief
Shows virtual and routed interfaces
show ip interface fastethernet
module/port
Shows Layer 2/3 functionality
Show interface fastethernet module/port
switchport
Shows Layer 2/3 functionality


Explaining L3 Switch processing

A L3 swich performs 3 major functions:
Packet switching
Router processing
Intelligent network services

Distributed architecture in which the control path and data

path are relatively independent
Control path code (routing protocols)
route processor
Data packets forwarded by the switching fabric

L3 switching can occur:

Centralized
Central forwarding table
Distributed
Port or line-card level

L3 switching methods:
Route caching
Topology-based using routing
table information

CEF-based multilayer switch

CEF
Cisco Express Forwarding
It caches routing information in the Forwarding Information Base (FIB)
It caches L2 next-hop addresses for all FIB entries in an Adjacency
Table
Parallel paths can exist to load balance per packet

CEF operates in 2 modes

Central CEF mode
FIB and Adjacency Table reside on the route processor
The route processor performs the express forwarding

Distributed CEF mode

Line cards maintain identical copies
of the FIB and Adjacency Table


CEF-based multilayer switch

CEF separates the control plane HW from the data plane HW
Control plane: builds FIB & Adjacency tables in SW
Data plane: Forwards IP unicast traffic in HW
Some IP packets can not be processed in HW

IP packets that use IP Header options

Packets with an expiring IP TTL counter
Packets forwarded to a tunnel interface
Packets that arrive/are routed with
nonsupported encapsulation types
Packets that exceed the MTU
of an output interface

CEF Based Tables

FIB
derived from the IP routing table
arranged for maximum lookup throughput

Adjacency table
derived from the ARP table
contains L2 rewrite (MAC) information for the next hop

CEF IP destination prefixes are stored in the TCAM table from the
most specific to the least specific entry
When the CEF TCAM table is full, a wildcard entry redirects to the
L3 engine
When the adjacency table is full, a CEF TCAM table entry points to
the L3 engine to redirect the adjacency
The FIB lookup is based on the L3 destination address prefix
(longest match)
FIB table updates
An ARP entry for the destination next hop changes
The routing table entry for a prefix changes
The routing table entry for the next hop changes


CEF Based Tables

Adjacency table population

The L3 engine queries the switch for a physical MAC address
The switch selects a MAC address from the chassis MAC range and
assigns it to the L3
This MAC address is assigned by the L3 engine as a burned-in address for all
VLAN
This MAC address is used by the switch to initiate L3 packet lookups

The switch installs wildcard CEF entries, which point to drop

adjacencies
The L3 engine informs the switch of its interfaces participating in MLS.
The switch creates the (MAC, VLAN) L2 CAM entry for the L3 engine
The L3 engine informs the switch about features for interfaces
participating in MLS
The L3 engine informs the switch about all CEF entries related to its
interfaces and connected networks. The switch populates the CEF
entries and point them to L3 engine redirect adjacencies

TCAM
Specialized piece of memory designed for rapid, HW based table
lookups of L3 & L4 information

ARP throttling
Only the first few packets for a connected destination reach
the L3 engine so that it can use ARP to locate the host
Throttling adjacency is installed so that subsequent packets
dont initiate more ARPs until an ARP reply is received
Throttling adjacency is removed
When an ARP reply is received
If no ARP reply is seen within 2 seconds

(2) A glean adjacency entry indicates that a particular next hop should be directly connected,
but there is no MAC header rewrite information available
(3) The L3 engine sends an ARP request for host B and installs the drop adjacency for host B.
Then, subsequent frames destined for host B from host A are dropped (ARP throttling)


CEF-based MLS operation

Different types of adjacencies
Null adjacency
packets destined for a Null0 are dropped
Glean adjacency
When a router is connected directly to several hosts, the FIB table
maintains a prefix for the subnet rather than for individual hosts

Punt adjacency
Special handling in higher layers

Discard adjacency
packets are discarded
Drop adjacency
packets are dropped, but the prefix is checked

CEF-Based MLS Operation

1.

A
B : switch recognizes the frame as a L3 packet because the

destination MAC matches the L3 engine MAC

2.

Switch performs a CEF lookup (destination IP). The packet hits the
CEF entry and is redirected to the L3 engine using a glean adjacency

3.

L3 engine installs an ARP throttling adjacency for IP B

4.
5.
6.
7.
8.
9.

L3 engine sends and ARP request for B on VLAN 20

B sends an ARP response to L3 engine
L3 engine installs the resolved adjacency in the switch
Switch forwards the packet to B
Switch receives subsequent packets for B
Switch performs a CEF look up, finds a CEF entry
for B, rewrites packets and forwards
them to B


CEF configuration
CEF is enabled by default in Catalyst 6500 series
Supervisor Engine 720 with PFC2, MSFC3, and
DFC and cannot be disabled
To enable/disable CEF on a 4000:
Router(config)#(no) ip cef

To enable/disable CEF on a 3550:

Router(config-if)#(no) ip route-cache cef

To monitor CEF:

Router#show ip cef
Router#show ip cef detail
Switch#show adjacency detail
Switch#debug ip cef

Common CEF problems and solutions

Steps when troubleshooting CEF:
Ensure that the normal L3 operations on the router processor are
functioning properly
Verify that information from the router processor has properly
populated the FIB and adjacency table

Troubleshooting CEF is verifying that packets are indeed

receiving the full benefit of CEF switching and not being
punted to a slower packet switching or processing method
punt
action of sending a packet down to the next fastest
switching level


The End

Cisco Networking Academy