0% found this document useful (0 votes)
51 views88 pages

SWITCH M2,5 ENG v7

The document discusses inter-VLAN routing using multilayer switches. It covers concepts like switch virtual interfaces, routed ports, routing protocols, DHCP, and packet processing methods in switches like fast and Cisco Express Forwarding.

Uploaded by

bochramiinfo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
51 views88 pages

SWITCH M2,5 ENG v7

The document discusses inter-VLAN routing using multilayer switches. It covers concepts like switch virtual interfaces, routed ports, routing protocols, DHCP, and packet processing methods in switches like fast and Cisco Express Forwarding.

Uploaded by

bochramiinfo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 88

Inter VLAN

Routing

SWITCH Module 2 and 5

1
Agenda
 Intro
 Router-on-a-Stick
 MLS Routing
 Routed ports
 SVIs
 DHCP
 Multilayer Switch Processing
 Packet Switching
 Fast Switching
 Cisco Express Forwarding
 Switch Database Management
 DHCPv6

2
Introduction to Inter-VLAN Routing

• VLANs isolate traffic by design


• Inter-VLAN router of some sort required
• Inter-VLAN routing should occur in the distribution layer
• Multilayer switch is recommended to terminate VLANs

3
Routed vs. Switched Design
 Routing can now be performed at L2 switching speeds by switching
frames/packets using specialized ASICs
 L3 switches serve as default gateways, terminating VLANs
 Routed ports or L2/L3 EC allow to isolate VLAN at the distribution layer
 L3 connection between Distribution and Core layer allows to decrease L2 domains,
use multipath and/or fast convergence

4
Inter VLAN Routing
Using External
Router

5
Router-on-a-Stick

 Router interface, typically


Fast Ethernet, subdivided
into logical subinterfaces,
one per VLAN.
 L2 switch is connected to
the router via trunk port
 “Configuring InterVLAN
Routing and ISL/802.1Q
Trunking on a Catalyst
2900XL/3500XL/2950
Switch Using an External
Router”
6
Configuring Router-on-a-Stick
1) Enable trunking on a switch interface
2) Create sub-interfaces for each VLAN that requires inter-
VLAN routing
Router(config)# interface type slot/port.subiface

3) Configure the trunking encapsulation and IP address on


sub-interface; optionally mark native VLAN
Router(config-subif)#
encapsulation [ dot1q | isl ] vlan-id {native}

7
Example

8
External Router Scenario

Advantages Disadvantages
 Works with any switch,  The router is a single
since Layer 3 services are point of failure
not required on the switch  Single traffic path may
 Implementation is simple become congested
 The router provides  Latency may be
communication between introduced as frames
VLANs leave and reenter the
switch chassis multiple
times, and the router
makes software-based
routing decisions
9
MLS Routing

10
MLS Routing Interfaces
 Switch Virtual Interface
 Routed port
 Routed Etherchannel

11
Switch Virtual Interface
 Switch Virtual Interface (SVI)
 A virtual interface for internal connection of route processor and
VLAN
 VLAN 1 SVI is created by default
 Every VLAN CAN have separate SVI
 MLS use SVI for routing between VLANs

12
SVI Configuration Guide
1) Enable IP routing
Switch(config)# ip routing

2) Configure SVI for VLAN


Switch(config)# interface Vlan vlan-id

3) Assign IP address
Switch(config-if)# ip address address mask

4) Enable SVI
Switch(config-if)# no shutdown

5) Configure routing protocol

13
SVI Example
Switch(config)# ip routing
Switch(config)# vlan 10,20
Switch(config-vlan)# exit
Switch(config)# int vlan10
Switch(config-if)# ip address 10.1.1.1 255.255.255.0
Switch(config-if)# int vlan20
Switch(config-if)# ip address 10.2.2.1 255.255.255.0

 ip routing enables L3
switching
 This command enables all
L3 functions and commands
 routing table
 routing protocols

14
SVI Interface
 SVI is not always active interface as loopback
 SVI is in “up/up” state IF
1. VLAN associated with SVI is created and active
2. The VLAN interface is not administratively down
3. VLAN has at least one active port
a) An access port in VLAN
b) A trunk port where VLAN is enabled
 Necessary for proper function of routing protocols/table
 IF it is desired to not include access/trunk VLAN presence
in the SVI line-state calculation THEN configure:
Switch(config-if)# switchport autostate exclude

15
Routed Port ①

 Physical port similar to Ethernet on a router


 DOES NOT belong to any VLAN
 DOES NOT support trunking
 DOES NOT support subinterfaces
 Requires removal of L2 functionality

 Routed port configuration:


Switch(config)# ip routing
enable/disable
Switch(config)# int fa0/5 L2 function
Switch(config-if)# no switchport
Switch(config-if)# ip address 10.0.3.1 255.255.255.0

16
Routed Port ②

 A routed port is internally represented with an internal VLAN


 Internal Usage VLAN
Switch# show vlan internal usage

 Internal VLANs are usually allocated starting from 1006


 Some platforms can enable descending allocation from 4094
 Recommendation:
 Allocate extended VLAN from 4094 to avoid conflict with internal
VLAN
Switch(conf-t)#
vlan internal allocation policy ascending descending

17
Routed Etherchannel
 Layer 2 EtherChannel bundles access or trunk ports
between switches or other devices (e.g., servers)
 Layer 3 EtherChannel bundles routed ports between
switches

18
Routed Etherchannel Example
 The no switchport command is applied both on the
physical ports and on the EtherChannel interface

19
Revert Back to L2 Switching

Switch(config)# int fa0/5


Switch(config-if)# no ip address
Switch(config-if)# switchport

20
The ip default-gateway Command
 On L2 switches or L3 switches without ip routing
enabled it is wise to configure default-gateway
 Without previous command, devices with IP addresses will
not be able to cross borders of their subnet
 Hence, L2 switches are configured with following command:
Switch(config)# ip default-gateway ADDRESS

21
Packet Processing

22
Common Inter-VLAN Routing Problems
Problem Possible Cause
VLAN might not be defined across all the switches.
Missing VLAN VLAN might not be enabled on the trunk ports.
Ports might not be in the right VLANs.
Virtual interface might have the wrong IP address or subnet mask.
Layer 3 Virtual interface might not be up.
interface Virtual interface number might not be match with the VLAN number.
configuration Routing has to be enabled to route frames between VLAN.
Routing might not be enabled.
Every interface or network needs to be added in the routing protocol.
Routing The new interface might not be added to the routing protocol.
protocol Routing protocol configuration is needed only if VLAN subnets
misconfig needs to communicate to the other routers, as previously mentioned
in this chapter.
Host might not have the right IP or subnetmask.
Each host has to have the default gateway that is the SVI or Layer
Host misconfig 3 interface to communicate the other networks and VLAN. Host
might not be configured with the default gateway.

23
Dynamic Host
Control Protocol

24
Overview
 Clients in access VLANs need
DHCP service
 DHCP service can be provided
by the distribution switches,
acting as gateways, or
external DHCP server
elsewhere in the network

25
DHCP Operation

26
Configuration and Example
 Configure DHCP pool with network,
mask, and other parameters
 Configure excluded addresses
 Pool is selected when DHCP request
is received from matching subnet

Switch(config)# ip dhcp excluded-address 10.1.10.1 10.1.10.20


Switch(config)# ip dhcp pool XYZ10
Switch(config-dhcp)# network 10.1.10.0 255.255.255.0
Switch(config-dhcp)# default-router 10.1.10.1
Switch(config-dhcp)# option 150 10.1.1.50
! Lease for 0 days 8 hours 0 minutes
Switch(config-dhcp)# lease 0 8 0
Switch(config)# interface vlan10
Switch(config-if)# ip address 10.1.10.1 255.255.255.0

27
DHCP Relay Motivation

A client that resides in VLAN 55 needs to have the following two


configurations to forward the DHCP broadcast to the centralized server
192.168.1.244:
 The multilayer switch must have a Layer 3 IP address that will receive the
client DHCP request that is 10.0.55.1/24. This address may be a routed port
or an SVI.
 The ip helper-address command must be configured on the multilayer
switch Layer 3 interface. With the DHCP relay address, when the switch
receives a DHCP request in the form of a broadcast message from a client,
the switch forwards this request, as a unicast message, to the IP address
that is specified in the ip helper-address command.
 The ip helper-address command not only forwards DHCP UDP
packets but also forwards other UDP broadcasts such as TFTP, DNS, time,
NetBIOS, name server, and BOOTP packets by default.
28
DHCP Relay
 Use the ip helper-address command on the interface
which connects to the subnet containing devices which
request IP addresses from the DHCP server
 On a multilayer switch, the interface “connecting” to the
relevant subnet is typically an SVI

Switch(config)# interface vlan10


Switch(config-if)# ip address 10.1.10.1 255.255.255.0
Switch(config-if)# ip helper-address 10.1.100.1

29
Configuring DHCP Options
 Use DHCP options to “expand” the basic DHCP commands.
 The following are some of the commonly used options.
 Option 43: Vendor-encapsulated option that enables vendors to
have their own list of options on the server. For example, you can
use it to tell a lightweight access point where the Wireless LAN
Controller (WLC) is.
 Option 69: SMTP server, if you want to specify available SMTP
servers to the client.
 Option 70: POP3 server, if you want to specify available POP3
servers to the client.
 Option 150: TFTP server that enables your phones to access a list
of TFTP servers.

30
Verifying and Troubleshooting DHCP

Switch# show ip dhcp binding


Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
10.1.10.21 0100.1bd5.132a.d2 Jun 25 2009 06:09 AM Automatic
10.1.10.22 0100.4096.a46a.90 Jun 25 2009 09:40 AM Automatic
10.1.10.23 0100.4096.aa98.95 Jun 25 2009 11:28 AM Automatic

Switch# debug ip dhcp server packet


DHCPD: DHCPDISCOVER received from client 0100.1bd5.132a.d2 on interface Vlan6.
DHCPD: Sending DHCPOFFER to client 0100.1bd5.132a.d2 (10.1.10.21).
DHCPD: broadcasting BOOTREPLY to client 001b.d513.2ad2.
DHCPD: DHCPREQUEST received from client 0100.1bd5.132a.d2.
DHCPD: Sending DHCPACK to client 0100.1bd5.132a.d2 (10.1.10.21).
DHCPD: broadcasting BOOTREPLY to client 001b.d513.2ad2.

31
MLS Processing

32
MAC Address Forwarding

 Where should the frame be forwarded?


 Are there restrictions preventing the forwarding of the frame?
 Is there any prioritization or marking that needs to be applied to
the frame?
33
Layer 2 Switch Operation
 Layer 2 forwarding table
 The Layer 2 forwarding table, also called the MAC table , contains
information about where to forward the frame. Specifically, it contains
MAC addresses and destination ports. The switches reference the
destination MAC address of the incoming frame in the MAC table and
forward the frames to the destination ports specified in the table. If the
MAC address is not found, the frame is flooded through all ports in the
same VLAN.
 ACLs
 Access control lists (ACLs) do not only apply to routers. Switches can
also apply ACLs based on MAC and IP addresses. Generally only
higher-end switches support ACLs based on both MAC and IP
addresses, whereas Layer 2 switches support ACLs only with MAC
addresses.
 QoS
 Incoming frames can be classified according to QoS parameters. Traffic
can then be marked, prioritized, or rate-limited.
34
Frame Rewrite
1. FCS check of
incoming frame.

2. Payload
extraction, IP
checksum check

3. Routing
decision.

4. TTL
decrementing,
computing new
checksum

5. Rewriting frame
header

6. Computing
FCS and sending
the frame
35
Unicast routing in IPv4 Networks ①

1) The frame has the right size and correct FCS


 IF not THEN the frame is discarded

2) IP header checksum is correct


 IF not THEN the packet is discarded

3) Is the packet designated to the local IP address?


 IF yes THEN packet is not routed

4) TTL value is greater than 1


 IF not THEN packet is discarded and ICMP message is sent

36
Unicast routing in IPv4 Networks ②
5) The routing table is searched for an appropriate entry to the
destination address
 The routing table is arranged in descending order according to network
masks
 The routing table is searched for a row where hold:
Destination IP address & network mask = network
 IF there is no route to the destination THEN packet is discarded and
ICMP message is sent as reply
6) The row in the routing table points to the outgoing interface
 IF not THEN the row points to the address of next hop router, hence
remember the address and go to the step 
7) L2 information are searched for the last remembered IP
address
 ARP table, Frame Relay map …

37
Unicast routing in IPv4 Networks ③

8) TTL field in the IP header is decremented and the


checksum is recalculated
9) IP packet is encapsulated to the frame (using information
from the step ) and sent to the interface (found in the
step )

 Every packet is processed according to these steps, this is


known as Process switching (slow way how to route)
 The processing speed of packets depends on the router
architecture and CPU load
 Bigger traffic can cause huge processor load
38
Efficiency of Routing
 Previously described algorithm DOES NOT take into account
specific situations:
 Fragmentation
 ACL
 Tunneling, ciphering/deciphering
 NAT …
 The most time consuming are steps , and 
 Router performs lookups for every packet in several tables to make
routing decisions
 Checksum can be implemented using ASIC
 Research efforts focus on accelerating the routing
lookup/decision
 Process switching, Fast switching, Autonomous switching, Silicon
switching engine (SSE) switching, Optimum switching, Distributed fast
switching, Cisco Express Forwarding (CEF), Distributed Cisco Express
Forwarding (dCEF)

39
Distributed Hardware Forwarding
 Network devices contain at least three planes of operation:
 Management plane
 Control plane
 Forwarding plane

40
Distributed Hardware Forwarding
 The management plane is responsible for the network management, such
as SSH access and SNMP, and may operate over an out-of-band (OOB)
port.
 The control plane is responsible for protocols and routing decisions, and
the forwarding plane is responsible for the actual routing (or switching) of
most packets.
 Multilayer switches must achieve high performance at line rate across a
large number of ports. To do so, multilayer switches deploy independent
control and forwarding planes.
 The control plane will program the forwarding plane on how to route
packets.
 Multilayer switches may also employ multiple forwarding planes. For
example, a Catalyst 6800 uses forwarding planes on each line module, with
a central control plane on the supervisor module.
 To continue the example of the Catalyst 6800, each line module includes a
microcoded processor that handles all packet forwarding.
 For the control plane on the supervisor to communicate with the line
module, a control layer communication protocol exists.

41
Cisco Switching Methods
A Cisco IOS-based routers uses one of three methods to
forward packets:
 Process Switching
 Process switching is the slowest form of routing because the
processor must route and rewrite using software.

 Fast Switching
 Is a faster method by which the first packet in a flow is routed and
rewritten by a route processor using software, and each subsequent
packet is then handled by hardware.

 Cisco Express Forwarding (CEF)


 The CEF method uses hardware forwarding tables for most common
traffic flows, with only a few exceptions. If you use CEF, the route
processor spends its cycles mostly on other tasks.
42
Fast Switching
 Cisco Document ID: 13706, „How to Choose the
Best Router Switching Path for Your Network“
 Fast Switching is also known as route cache
 Fast Switching = router, route cache = L3 switch
 a.k.a. flow-based or demand-based switching
 Main idea
 First packet in a stream is switched/routed in software
 Information (outbound interface, MAC addresses
needed for frame rewrite etc.) are then stored into the
route cache (binary tree with 32 levels - fast access
and search)
 All subsequent packets in the flow are switched in the
hardware
 Route once, forward many times
 Disadvantages
 Route cache is created only with incoming packets (first
packet needs to be switched in software)
 It is necessary to expire entries from route cache -
synchronization
 IF ARP table changes THEN some portion of the fast
cache must be invalidated 43
Cisco Express Forwarding (CEF)
 a.k.a. Topology-based Switching
 Main idea
 Routing information are cached in Forwarding Information Base
(FIB) table
 Frame header rewrite information for all FIB entries are cached in
adjacency table
 FIB entry points to appropriate entry in the adjacency table

 Advantages
 Separation of control plane and data plane
 FIB and adjacency table are created from existing entries (routing
table, ARP table)
 Change in adjacency table DOES NOT require change in FIB

44
CEF
 Implementation either in software or
hardware
 CEF in software
 FIB is implemented using tree (trie or
mtrie)
 Adjacency table (association field)
 Both tables are stored in RAM
 FIB points to Adjacency table
 Software implementation are used by
smaller routers
 CEF in hardware
 Hardware implementation uses
specialized memory architecture for
storing the FIB
 Ternary Content Addressable
Memory (TCAM)

45
Caches
 CAM and TCAM are extremely fast access and allow for line-rate
switching performance
 CAM and TCAM are two types of cache memory
 CAM contains information needed for L2 switching
 TCAM contains information needed for L3 switching, ACL, QoS
 CAM lookups for exactly the same information (exact match)
 Matches based on two values: 0 (true) or 1 (false)
 TCAM lookups for the exact match, longest match or first match
 Matches based on 0, 1, X (don’t care)
 Usually divided into regions with different match options
 TCAM is used for FIB typically on multilayer switch (MLS) or
high-end routers
 Cisco Support Community: “CAM vs. TCAM”
46
L2 Switches also Use CAM and TCAM

 Lookup key for


CAM enters hash
function
 Function returns
appropriate row
in table
47
Lookup in the TCAM
 TCAM is divided into
several regions
 Exact Match
 Longest Match
 First Match

 Some platforms allow to


change the size of region

48
TCAM Protocol Regions
Cisco IOS Key
Region Name Lookup Type Sample Result
Region Name Size
MAC address rewrite
IP adjacency ip-adjacency Exact-match 32 bits
information
Next-hop routing
IP prefix ip-prefix Longest-match 32 bits
information
Next-hop routing
IP multicast ip-mcast Longest-match 64 bits
information
Layer 2 Destination interface
l2-switching Exact-match 64 bits
switching and VLAN
Next-hop routing or
UDP flooding udp-flooding Exact-match 64 bits MAC address rewrite
information
Permit, deny, or
Access Lists access-list First-match 128 bits
wildcard

49
Cisco Express Forwarding

50
Packet Flow Using CEF MLS

51
Configuring CEF
 Enabling CEF:
Switch(config)# ip cef

 CEF cannot be disabled on multilayer switch

 Enabling/disabling CEF on interface


Switch(config)# int fa0/1
Switch(config-if)# [no] ip route-cache cef

 CEF is enabled/disabled on ingress interface


 Route-cache is enabled/disabled on egress interface

 Show information from FIB and ADB


Switch# show ip cef [detail]
Switch# show adjacency [detail | internal | summary]
52
Troubleshooting CEF
1) Verify that the IP routing information on the Layer 3
engine is correct
show ip route
show ip route destination-network
2) Verify that the next-hop address has a valid next-hop
MAC address
show ip arp ip-address
3) Verify that the IP route entry in the FIB on the Layer 3
engine contains the same next-hop address as in 
show ip cef destination-network
4) Verify that the CEF adjacency table contains the same
rewrite information as the ARP table from 
show adjacency detail | begin next-hop-ip

53
Troubleshooting Example
!Something bad is happening with traffic to 194.160.136.5

sw-vd-FRI# show ip cef 194.160.136.5 detail


194.160.136.0/24, epoch 1
nexthop 158.193.26.1 Vlan26

sw-vd-FRI# show ip arp 158.193.26.1


Protocol Address Age (min) Hardware Addr Type Iface
Internet 158.193.26.1 0 00e0.4c38.c6d5 ARPA Vlan26

sw-vd-FRI# show adjacency 158.193.26.1 detail


Protocol Interface Address
IP Vlan26 158.193.26.1(11)
2 packets, 116 bytes
epoch 0
sourced in sev-epoch 88
Encap length 14
00E04C38C6D5001B8F8FDE410800
ARP
54
FIB Example
sw-vd-FRI# show ip cef Default route
Prefix Next Hop Interface FIB
0.0.0.0/0 158.193.7.158 Vlan709
0.0.0.0/32 receive
158.193.7.84/30 158.193.7.158 Vlan709
158.193.7.92/30 158.193.7.158 Vlan709
158.193.7.152/29 attached Vlan709
158.193.7.152/32 receive Vlan709
158.193.7.157/32 receive Vlan709
158.193.7.158/32 attached Vlan709
158.193.7.159/32 receive Vlan709
158.193.26.0/24 attached Vlan26
158.193.26.0/32 receive Vlan26
158.193.26.1/32 attached Vlan26
158.193.26.6/32 receive Vlan26
158.193.26.20/32 attached Vlan26
158.193.26.21/32 attached Vlan26
--More--

55
ADJ Example ①

! List of all next hop routers and connected end stations


sw-vd-FRI# show adjacency
Protocol Interface Address
...
...
IP Vlan139 158.193.139.189(8)
IP Vlan139 158.193.139.190(8)
IP Vlan139 158.193.139.191(8)
IP Vlan139 158.193.139.192(8)
IP Vlan139 158.193.139.198(8)
IP Vlan139 158.193.139.199(8)
IP Vlan139 158.193.139.219(8)
IP Vlan139 158.193.139.247(8)
IPV6 Vlan139 2001:4118:300:122:20A:5EFF:FE64:90CA(8)
IPV6 Vlan139 2001:4118:300:122:20C:29FF:FE59:1C48(8)
IPV6 Vlan139 2001:4118:300:122:214:85FF:FEC8:ADE5(8)
IPV6 Vlan139 2001:4118:300:122:250:4FF:FE2A:475F(8)
IPV6 Vlan139 FE80::20A:5EFF:FE64:90CA(3)
...
...

56
ADJ Example ②
! Info about all next hops known in VLAN 26
sw-vd-FRI# show adjacency vlan 26 detail
Protocol Interface Address
IP Vlan26 158.193.26.1(13)
2 packets, 116 bytes
epoch 0
sourced in sev-epoch 0
Encap length 14
0011D81BBE8F001B8F8FDE410800
L2 destination address byte offset 0
L2 destination address byte length 6
Link-type after encap: ip
ARP
IP Vlan26 158.193.26.20(8)
0 packets, 0 bytes
epoch 0
sourced in sev-epoch 0
Encap length 14
001B549640AE001B8F8FDE410800
L2 destination address byte offset 0
L2 destination address byte length 6
Link-type after encap: ip
ARP

57
CEF Entries Flags
 Attached
 Entry for destination with /32 network mask. Destination is directly connected to MLS
(usually the result after glean adjacency lookup)
 Next hop points to switch interface
 Connected
 Entry for a destination network from which the MLS has assigned IP address
 Entry is also attached
 Receive
 Entry for own address
 Packets whose final destinations include the router itself
 packets destined to the router itself
 broadcast and multicasts packets
 MLS MUST receive and process this packet
 Recursive
 Recursive lookup
 Default Route Handler
 Default routing entry

58
Generic CEF Entries
 Always present in CEF

 0.0.0.0/32 receive
 Process packets sent to 0.0.0.0 broadcast address

 224.0.0.0/4 drop
 Discard multicast packets

 224.0.0.0/24 receive
 Process packets from link-local scope 224.0.0.0 – 224.0.0.255
 Used by e.g. routing protocols

 255.255.255.255/32 receive
 Process packets sent to link-local broadcast address

59
Types of CEF Adjacencies
 Auto  Discard
 Packets should be discarded without
 Ordinary entries sending the ICMP message
 Punt  Used for Loopback’s IP addresses

 Packets cannot be processed in CEF  Null


 Packets are process by next best  Packets should be forwarded to the
Null0 interface, i.e. discard
method (Fast / Process Switching)
 No route
 Glean  In the case of missing default route
 Represents unknown end-stations on  ICMP message is sent
locally connected network (switch still
does not know the MAC address)  Cached and uncached
 Prefix has Glean adjacency  Unresolved
 ARP throttling  Adjacency for a next hop is missing

 Drop
 Packets should be discarded, ICMP
message can be sent

60
Glean Adjacency
 Glean adjacency represents all end stations directly
connected to the switch, with L2 rewriting information
missing
 Typically missing IP/MAC mapping in ARP table

 Incoming packet is processed as follows


1. CEF lookup return Glean type
2. MLS sends an ARP request and installs the drop adjacency (ARP
throttling) for searched address
3. MLS installs adjacency for the address and removes the drop
adjacency with attached entry

61
CEF Operation

62
ADJ Example ③

sw-vd-FRI# show ip cef adjacency ?


adj-null Null Adjacency
discard Discard Adjacency
drop Drop Adjacency
fcpa Fiber Channel
glean Glean Adjacency
punt Punt Adjacency

sw-vd-FRI# show ip cef adjacency glean


Prefix Next Hop Interface
158.193.7.152/29 attached Vlan709
158.193.26.0/24 attached Vlan26
158.193.128.0/24 attached Vlan128

63
Packet Types Forcing Software Processing

 CEF DOES NOT support following


 Packets without valid CEF entry
 Packets destined to the switch itself
 Broadcast, multicast
 Use of IP header options (packets that use TCP header options are
switched in hardware because they do not affect the forwarding
decision)
 Fragmented IP packets (exceeded the outbound interface MTU)
 Packets that have an expiring IP TTL counter
 Network Address Translation
 Encrypted packets
 IF the TCAM table is full THEN wildcard entry pointing to
software process is inserted
 May overload the CPU

64
Distributed CEF (dCEF)
 Central mode: FIB and adjacency tables reside on the route
processor
 Distributed CEF can be enabled on selected platforms
 Line cards maintain identical copies of the FIB and adjacency tables
 Line cards can perform the forwarding by themselves

65
Switch Database
Management

66
SDM Templates ①
 TCAM is the essential component for L3 switch
 Used by several applications
 Expensive thus small
 TCAM can be tuned according to MLS role
 SDM Templates
 Predefined, depends on platform
 E.g. SDM templates for 3560:
 Access – maximizes space for ACLs
 Default – balanced distribution
 Routing – maximizes space for routing entries
 VLANs – maximizes space for L2 switching
 Dual-IPv4-and-IPv6 Default, Routing, VLAN

67
SDM Templates ②
 Some features are not supported when the TCAM is not properly
initialized
 E.g. IPv6 or Policy Based Routing
Switch# show sdm prefer
The current template is "desktop default" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

number of unicast mac addresses: 6K


number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 8K
number of directly-connected IPv4 hosts: 6K
number of indirect IPv4 routes: 2K
number of IPv4 policy based routing aces: 0
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 1K

68
SDM Templates ③
Switch# show sdm prefer ?
access Access bias
default Default bias
dual-ipv4-and-ipv6 Support both IPv4 and IPv6
routing Unicast bias
vlan VLAN bias
<cr>

Switch# show sdm prefer routing


"desktop routing" template:
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

number of unicast mac addresses: 3K


number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv4 policy based routing aces: 0.5K
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 1K

69
Change SDM Template
 Global config mode
Switch(config)# sdm prefer ?
access Access bias
default Default bias
dual-ipv4-and-ipv6 Support both IPv4 and IPv6
ipe IPe bias
routing Unicast bias
vlan VLAN bias

Switch(config)# sdm prefer routing


Changes to the running SDM preferences have been stored, but
cannot take effect until the next reload.
Use 'show sdm prefer' to see what SDM preference is currently
active.
Switch(config)# exit
Switch# write
Switch# reload

70
DHCPv6

71
Stateless Address Autoconfiguration
Stateless Address Autoconfiguration (SLAAC) is a method in which a
device can obtain an IPv6 global unicast address without the services of a
DHCPv6 server.

72
SLAAC Operation

73
SLAAC and DHCPv6

74
SLAAC Option

75
Stateless DHCP Option

76
Stateful DHCP Option

77
DHCPv6 Operations

78
Configuring a Stateless DHCPv6 Server
 a.k.a. DHCPv6 Lite

79
Configuring a Router as a Stateless DHCPv6
Client

80
Verifying Stateless DHCPv6

Verify the stateless DHCP client using the following commands:


 show ipv6 interface
 debug ipv6 dhcp detail

81
Configuring a Router as a Stateful DHCPv6 Server

82
Verifying Stateful DHCPv6
 Verify the stateful DHCPv6 server using the following commands:
show ipv6 dhcp pool
show ipv6 dhcp binding
 Verify the stateful DHCPv6 client using the show ipv6 interface
command.

83
Configuring a Stateful DHCPv6 Relay Agent

84
Verifying the Router DHCPv6 Configuration

85
Debugging DHCPv6

86
Where to go next?
 www.cisco.com/en/US/docs/switches/lan/catalyst3560/softw
are/release/12.2_52_se/command/reference/3560cr.html
Configuring IP Unicast Routing Configuration Guide:
 www.cisco.com/en/US/docs/switches/lan/catalyst3560/softw
are/release/12.2_52_se/configuration/guide/swi
Configuring EtherChannels:
 www.cisco.com/en/US/docs/switches/lan/catalyst3560/softw
are/release/12.2_52_se/configuration/guide/swethchl.htmlpr
out.html
Configuring DHCP:
 www.cisco.com/en/US/docs/switches/lan/catalyst3560/softw
are/release/12.2_52_se/configuration/guide/swdhcp82.html
87
Slides adapted by Vladimír Veselý partially from official course materials
but most of credit goes to CCIE#23527 Ing. Peter Palúch, Ph.D.

The last update: 2016-10-20

88

You might also like