S7C7 – Multilayer Switching

Design and Configuration

Multilayer Switching Overview

• Higher performance level– First packet though is routed– Rest of packet stream is switched

• Frame forwarding and rewrite function is moved to hardware and layer 3 switching takes over task formerly done by routers

– MLS uses RSM and the engine• Any switching path on the RSM will work

• NetFlow switching is different

What MLS NEEDS – We don’t have

• 2926G, 5000, 6000 with supervisor engine software >=4.1(1)

• Cisco IOS >=11.3

• Supervisor Engine III or G

• Route Switch Feature Card (RSFC)

MLS Components

• Multilayer Switching Switch Engine (MLS-SE)– An NFFC residing on a Supervisor Engine III card

• Multilayer Switching Route Processor (MLS-RP)– An RSM, RSFC, MSFC, or external router

• Multilayer Switching Protocol (MLSP)– Operates between MLS-SE and MLS-RP – Advertises routing changes, VLANS, and MAC

addresses

MLS-RP Advertisements

• Hello messages sent every 15 seconds to all switches in network– MAC addresses used by MLS-RP on all interfaces

participating in MLS– Access List information– Route additions and deletions

• Processed only by layer 3 switches; others pass messages downstream

• Uses Cisco Group Management Protocol (CGMP) multicast address

MLS Caching

• Switch receives frame - looks at destination MAC • Recognizes address as MLS-RP address because of hello

message information• Checks MLS cache to determine is MLS flow is already

established• For initial packet, forwards frame to route processor –

creates candidate entry in cache• Route processor consults routing table• If it finds entry, constructs a new Layer 3 header & enters

MAC address of destination host or next-hope route processor as destination MAC address

• Route processor forwards frame back to MLS-SE

MLS Cache Explanation

• Xtags enable switch to know frame came from same route processor for same flow

• Subsequent frames follow first• MLS-SE must see both sides of flow from source to

destination to perform layer 3 switching• Switch will then rewrite layer 3 frame header and rewrite

switches layer 3 packets so they appear to have been routed by route processor

• Switch forwards rewritten frame to destination MAC address

• When traffic for flow ceases, the entry ages out (remains in cache for only 5 seconds)

Stopping MLS

• Any command that forces router to examine packet disables MLS– IP tcp header-compression– No IP routing– IP security

Steps to Configure MLS

• Enable MLSP• Assign VLAN ID to route processor

interface• Add interfaces to same VLAN Trunking

protocol (VTP) domain as switch• Enable MLS on every interface• Configure MLS Management interface• Verify MLS on MLS-RP

Displaying VTP Domain Information

• Show mls rp vtp-domain DOMAINNAME– Name of vtp domain– Statistical information for each vtp domain– Number of management interfaces defined for

MLS-RP– Number of VLANS in domain and ID of each– MLS-Ses which router or RSM knows– MAC address of each switch in domain

Verifying MLS-RP

• Show mls rp– Globally enabled or disabled– MLS ID for MLS-RP– MLS IP address for MLS-RP– MLS flow mask– Name of VTP domain– Statistical information for VTP domain– Management interfaces defined for MLS-RP– VLANs configured for MLS– VLAN ID for MAC address– MLS-Ses to which RSM or router is connected– MAC address of each switch

Flow Masks

• Used by MLS-SE to determine how packets are compared to MLS entries in the MLS cache– Based on access lists configured on MLS router– Learned through MLSP messages– Supports only one flow mask

• Destination IP• Source-Destination IP• IP flow – includes protocol and protocol ports

• Set mls flow [destination|destination-source|full]– Does not require an access list on route processor– Log, reflexive, and established options not allowed

MLS-SE Configuration and Caching

• MLS Caching– Candidate entries remain in cache for 5 seconds– MLS entry deleted after aging time(default 256

seconds)– MLS entries can be purged by other events

• Applying access lists, routing changes, disabling MLS

• Configuration– Set mls enable– Set mls agingtime 200– Set mls agingtime fast 32 pkt_threshold 3– Set mls include n.n.n.n– Clear mls include all

Verifying MLS Configuration

• Show mls– Status of mls– Aging time for cache entries– Fast aging time and packet threshold– Flow mask– Total packets switched– Active MLS entries in cache– Netflow enabled ports and hosts– MLS-RP IP address, MAC accress, XTAG, & VLANs