1 / 61

Chapter 7 Improving IP Routing Performance with Multilayer Switching

Chapter 7 Improving IP Routing Performance with Multilayer Switching. Objectives. Upon completion of this chapter, you will be able to perform the following tasks: Identify network devices necessary to effect MLS Configure the distribution layer devices to participate in multilayer switching

afram
Download Presentation

Chapter 7 Improving IP Routing Performance with Multilayer Switching

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 7 Improving IP Routing Performance with Multilayer Switching

  2. Objectives • Upon completion of this chapter, you will be able to perform the following tasks: • Identify network devices necessary to effect MLS • Configure the distribution layer devices to participate in multilayer switching • Verify existing flow information in the MLS cache • Apply flow masks to influence the type of MLS cache entry

  3. Improving IP Routing Performance with MLS • In this chapter, we discuss the following topics: • Multilayer switching fundamentals • Configuring the multilayer switch route processor • Applying flow masks • Configuring the Multilayer Switch Switching Engine • MLS topology examples

  4. Improving IP Routing Performance with MLS (cont.) • In this section we discuss the following topics: • Multilayer Switching Fundamentals • What is MLS • Hardware/Software Requirements • MLS Components • How MLS works • Commands that Disable MLS • Configuring the Multilayer Switch Route Processor • Applying Flow Masks • Configuring the Multilayer Switch Switching Engine

  5. 1 2 Defining Flows Multilayer Switched Environment p2 p3 p1 Host A Host B Conventional Environment First Packet Host A Host B Subsequent Packets • Each packet of a traditional flow must be processed by the router • The first packet of an MLS flow is processed by the router; all subsequent packets are switched

  6. Internal Router ProcessorSoftware/Hardware Requirements Route Switch Module (RSM) Cisco IOS™ Release 11.3(2)WA4(4) or Later Catalyst 2926G, 5000, or 6000 Series Switch Supervisor Engine III, FSX, III FLX, IIG, or IIIG Module Supervisor Engine Software Release 4.1(1) or Later NetFlow Feature Card (NFFC), NFFC II

  7. Cisco High-End Routers, such as Cisco 3620, 3640, 7500, 7200, 4500, or 4700 Series Cisco IOS Release 11.3(2)WA4(4) or Later Catalyst 2926G, 5000, or 6000 Series Switch Supervisor Engine III, FSX, III FLX, IIG, or IIIG Module Supervisor Engine Software Release 4.1(1) or Later NetFlow Feature Card (NFFC), NFFC II External Router ProcessorSoftware/Hardware Requirements

  8. RSM MLS Components MLS-RP—Multilayer Switching Route Processor MLS-SE—MultilayerSwitching Switch Engine Cisco85xx 75XX 72XX 4XXX OR MLSP—Multilayer Switching Protocol • Multicast Hello Messages sent to MLS-SE by MLS-RP to Inform: • MAC addresses used on different VLANs • Routing/access—lists changes occurring on MLS-RP

  9. MLS-RP Advertisement Hello Message • MLS-RP sends out multicast hello messages • Messages contain MAC, VLAN, and route information • Messages use the CGMP multicast well-known address

  10. Receiving MLSP Hello Messages I am not a Layer 3 Switch but I will still pass on the message. Hello Message Hello Message • All switches receive the hello message • Layer 3 switches process the hello message • IP multicast passes transparently through non-Cisco switches

  11. Assigning XTAGs MLS-RP A MLS-RP B MLS-RP C MLS-RP A = XTAG34 MLS-RP B = XTAG11 MLS-RP C = XTAG28 • The MLS-SE assigns a unique identifier to each MSL-RP • XTAG value is a one-byte value that the MLS-SE attaches to the MAC address • Used to delete a specific Layer 3 entries when then MLS-RP fails or exitsthe network

  12. Candidate Packet L3 Information Source MAC = 0010.f663.d000 Destination MAC = 0010.0679.5800 Source IP = 172.16.10.123 Destination IP = 172.16.22.57 4 1 4 2 1 2 3 3 L2 Information A 0010.f663.d000 172.16.10.123 Establishing an MLS Cache Entry 0010.0679.5800 172.16.68.13 Cache Entry? 0090.b133.7000 172.16.22.57 B • The MLS-SE receives initial frame • The MLS-SE reads and recognizes the destination MAC Address • The MLS-SE checks the MLS cache for like entries • The MLS-SE forwards the frame to the MLS-RP

  13. Enable Packet L3 Information Source MAC = 0010.0679.5800 Destination MAC = 0090.b133.7000 5 8 7 6 5 6 7 8 Source IP = 172.16.10.123 Destination IP = 172.16.22.57 L2 Information A 0010.f663.d000 172.16.10.123 Establishing an MLS Cache Entry (cont.) 0010.0679.5800 172.16.68.13 0090.b133.7000 172.16.22.57 B • The MLS-RP receives the frame and consults the routing table • The MLS-RP rewrites the header with the new destination MAC address • The MLS-RP enters its own MAC address for the source address • The MLS-RP forwards the frame to the MLS-SE

  14. Enable Packet XTAG = 28 Candidate Packet XTAG = 28 9 12 10 9 12 11 10 11 MLS Cache Entry Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port 172.16.22.57 172.16.10.123 UDP 1238 60224 00-90-b1-33-70-00 45 2/9 Establishing an MLS Cache Entry (cont.) 0010.0679.5800 172.16.68.13 MLS Cache MLS-RP IP MLS-RP ID XTAG MLS-RP MAC-Vlans 172.16.68.13 001006795800 28 00-10-67-95-80-00 1,41,42 0010.f663.d000 172.16.10.123 0090.b133.7000 172.16.22.57 A B • The MLS-SE receives the frame • The MLS-SE compares the XTAGs of the candidate and enable packets • The MLS-SE records the enable packet information in the MLS cache • The MLS-SE forwards the frame to the destination

  15. 16 14 13 14 15 16 13 15 Rewritten Frame L3 Information Source IP = 172.16.10.123 Destination IP = 172.16.22.57 Source MAC = 0010.0679.5800 Destination MAC = 0090.b133.7000 L2 Information Switching Subsequent Frames in a Flow Incoming Frame L3 Information Source IP = 172.16.10.123 Destination IP = 172.16.22.57 L2 Information Source MAC = 0010.f663.d000 Destination MAC = 0010.0679.5800 B A 0090.b133.7000 172.16.22.57 0010.f663.d000 172.16.10.123 Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port 172.16.22.57 172.16.10.123 UDP 1238 60224 00-90-b1-33-70-00 45 2/9 MLS Cache Entry • The MLS-SE receives subsequent frames in the flow • The MLS-SE compares the incoming frame with the MLS cache entry • The MLS-SE rewrites the frame header • The MLS-SE forwards the frame to the destination

  16. A B Commands that Disable MLS • no ip routing • ip security (all forms of this command) • ip tcp compression-connections • ip tcp header-compression All MLS Cache Entries Purged • Any command that requires the router to process the packet will disable MLS

  17. Improving IP Routing Performance with MLS • In this section we discuss the following topics: • Multilayer Switching Fundamentals • Configuring the Multilayer Switch Route Processor • Enabling MLS on a route processor • Configuring an External Interface • Configuring an Internal Interface • Verifying the Configuration • Applying Flow Masks • Configuring the Multilayer Switch Switching Engine • MLS Topology Examples

  18. Enabling MLS on the MLS-RP Router#show mls rp multilayer switching is globally enabled mls id is 0010.f6b3.d000 mls ip address 172.16.31.113 Router(config)#mls rp ip • Globally enabling MLS on a router activates the MLSP protocol for that route processor

  19. Assigning a VLAN ID to an Interface on an External Router Router(config)#int ethernet 0 Router (config-if)#mls rp vlan-id 41 E0 VLAN41 • This command is required on external routers with a non-ISL interface only

  20. Assigning an MLS Interface to a VTP Domain Router#show mls rp multilayer switching is globally disabled mls id is 0010.f6b3.d000 mls ip address 172.16.1.141 mls flow mask is destination-ip number of domains configured for mls 1 vlan domain name: bcmsn Router(config)#int vlan41 Router(config-if)#mls rp vtp-domain bcmsn bcmsn VTP Domain • The RSM automatically maps a VLAN to an internal interface

  21. Verifying the MLS VTP Domain Router#show mls rp vtp-domain bcmsn vlan domain name: bcmsn vlan domain name: bcmsn current flow mask: destination-ip current sequence number: 779898042 current/maximum retry count: 0/10 current domain state: no-change current/next global purge: false/false current/next purge count: 0/0 domain uptime: 6d05h keepalive timer expires in 6 seconds retry timer not running change timer not running • The show mls rp vtp-domain command displays information about a specific VTP domain • Each interface belongs to only one VTP domain

  22. Enabling MLS on an Interface Router#show mls rp (text deleted) 2 mac-vlan(s) configured for multi-layer switching: mac 0010.f6b3.d000 vlan id(s) 1 41 Router(config)#int vlan41 Router(config-if)#mls rp vtp-domain bcmsn Router(config-if)#mls rp ip • MLS must be explicitly entered on the interface

  23. Problem: Creating a Null Domain Router#show mls rp multilayer switching is globally enabled (text deleted) number of domains configured for mls 2 vlan domain name: -null- (text deleted) vlan domain name: bcmsn Router(config)#int vlan41 Router(config-if)#mls rp ip -null- Domain bcmsn VTP Domain • Enabling MLS on an interface before assigning the interface in a VTP domain places the interface in a null domain • When in a null domain, the interface cannot interact with any switches

  24. Solution: Removing an Interface from a Null VTP Domain Router#show mls rp multilayer switching is globally enabled (text deleted) number of domains configured for mls 1 vlan domain name: bcmsn Router(config)#int vlan41 Router(config-if)#no mls rp ip bcmsn VTP Domain • Disabling MLS on an interface removes the interface from a null domain

  25. Assigning an MLS Management Interface Router#show mls rp (text deleted) 1 management interface(s) currently defined: vlan 1 on Vlan1 Router(config)#int vlan1 Router(config-if)#mls rp ip management-interface • At least one interface on the MSL-RP must be configured as the management interface

  26. Verifying the MLS-RP Configuration • Router#show mls rp • Multilayer switching is globally enabled • mls id is 0010.f6b3.d000 • mls ip address 172.16.1.142 • mls flow mask is destination-ip • number of domains configured for mls 1 • vlan domain name: bcmsn • current flow mask: destination-ip • current sequence number: 779898001 • current/maximum retry count: 0/10 • current domain state: no-change • current/next global purge: false/false • current/next purge count: 0/0 • domain uptime: 00:21:40 • keepalive timer expires in 6 seconds • retry timer not running • change timer not running • 1 management interface(s) currently defined: • vlan 1 on Vlan1 • 2 mac-vlan(s) configured for multi-layer switching: • mac 0010.f6b3.d000 • vlan id(s) • 1 41 42 • router currently aware of following 0 switch(es): This MAC address appears in the MLS Cache The IP Address given to the MLS-SE The domain name must match with the MLS-SE The interface sending MLSP messages The number of switches for which the MLS-RP is routing

  27. Verifying the MLSP-RP Interface Configuration RSM#show mls rp interface vlan1 mls active on Vlan1, domain bcmsn interface Vlan1 is a management interface

  28. Improving IP Routing Performance with MLS • In this section we discuss the following topics: • Multilayer Switching Fundamentals • Configuring the Multilayer Switch Route Processor • Applying Flow Masks • What is a Flow Mask? • Types of Flow Masks • Output Access Lists and MLS • Input Access lists and MLS • Configuring the Multilayer Switch Switching Engine

  29. MLS Flow Masks MLS-RP A MLS-RP C No Access List Extended Access List MLS-RP B Standard Access List Flows from MLS-RP A, MLS-RP B, and MLS-RP C Are Based on Criteria from MLS-RP C

  30. Flow Mask: Destination-IP interface Vlan41 ip address 172.16.41.168 255.255.255.0 mls rp vtp-domain bcmsn mls rp management-interface mls rp ip MLS-RP A No Access List multilayer switching is globally enabled mls id is 0010.f6b3.d000 mls ip address 172.16.41.168 mls flow mask is destination-ip number of domains configured for mls 1 vlan domain name: bcmsn current flow mask: destination-ip Flow Mask

  31. Flow Mask: Source-Destination-IP interface Vlan11 ip address 172.16.11.113 255.255.255.0 ip access-group 2 out mls rp vtp-domain bcmsn mls rp management-interface mls rp ip MLS-RP B Standard Access List Router#show mls rp multilayer switching is globally enabled mls id is 0010.f6b3.d000 mls ip address 172.16.31.113 mls flow mask is source-destination-ip number of domains configured for mls 1 vlan domain name: Engineering current flow mask: source-destination-ip Flow Mask

  32. Flow Mask: IP-Flow interface Vlan11 ip address 172.16.11.113 255.255.255.0 ip access-group 101 out mls rp vtp-domain bcmsn mls rp management-interface mls rp ip MLS-RP C Extended Access List multilayer switching is globally enabled mls id is 0010.f6b3.d000 mls ip address 172.16.31.113 mls flow mask is ip-flow number of domains configured for mls 1 vlan domain name: Engineering current flow mask: ip-flow Flow Mask

  33. Output Access Lists and MLS 0010.0679.5800 172.16.68.13 ip access-group 101 out 0010.f663.d000 172.16.10.123 0090.b133.7000 172.16.22.57 A B MLS Cache Entries for Flow AB Are Purged

  34. Source MAC = 0010.f663.d000 Destination MAC = 0010.0679.5800 Source MAC = 0010.0679.5800 Destination MAC = 0090.b133.7000 Source IP = 172.16.10.123 Destination IP = 172.16.22.57 Output Access Lists and MLS (cont) Candidate Packet Enable Packet L3 Information L3 Information Source IP = 172.16.10.123 Destination IP = 172.16.22.57 0010.0679.5800 172.16.68.13 L2 Information L2 Information ip access-group 101 out 0010.f663.d000 172.16.10.123 0090.b133.7000 172.16.22.57 A B New MLS Cache Entry for Flow AB Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port 172.16.22.57 172.16.10.123 TCP 7001 7004 00-90-b1-33-70-00 68 2/9

  35. Input Access Lists and MLS 0010.0679.5800 172.16.68.13 ip access-group 101 in 0010.f663.d000 172.16.10.123 0090.b133.7000 172.16.22.57 A B MLS Cache Entries for Flow AB Are Purged • All subsequent packets between A and B on that interface are routed

  36. Supporting Input Access Lists • Router#sho run • Building configuration... • Current configuration: • ! • version 11.3 • (Text Deleted) • mls rp nde-address 172.16.31.113 • mls rp ip input-acl • mls rp ip Router(config)#mls rp ip input-acl ip access-group 101 in A B L3 Switched for Flow AB

  37. Improving IP Routing Performance with MLS • In this section we discuss the following topics: • Multilayer Switching Fundamentals • Configuring the Multilayer Switch Route Processor • Applying Flow Masks • Configuring the Multilayer Switch Switching Engine • Enabling MLS on the Switch • Aging out Cache Entries • Managing Short-Lived Flows • Adding External Router MLS Ids • Verifying the Configuration • MLS Topology Examples

  38. Enabling MLS on the MLS-SE • Switch (enable)#show config • (Text Deleted) • #mls • set mls enable Switch(enable)#set mls enable • Must be enabled before a switch can participate in MLS • Automatically enabled on MLS-capable switches

  39. A B Aging Out Cache Entries I haven’t seen any packets for this entry within 256 seconds. I will delete this entry from the cache 0010.0679.5800 0010.f663.d000 172.16.10.123 0090.b133.7000 172.16.22.57 MLS Cache Entry for Flow AB Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port 172.16.46.122 172.16.10.123 00-90-b1-33-70-00 3 2/8

  40. Modifying the Cache Aging Time • Switch (enable)#set mls agingtime 297 • Multilayer switching agingtime set to 304 • Switch(enable)show config • (Text Deleted) • #mls • set mls enable • set mls agingtime 304 • MLS-SE automatically “rounds up” in 8-second increments

  41. A Managing Short-Lived Flows I haven’t seen any packets for this entry for over 10 seconds but I still must keep these entries in the cache for the default aging time. 0010.0679.5800 DNS Response 0010.7bee.9501 172.16.46.122 0010.f663.d000 172.16.10.123 DNS Request DNS Server Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port 172.16.46.122 172.16.10.123 TCP DNS DNS 00-10-7b-ee-95-01 3 2/8 172.16.10.123 182.16.46.122 TCP DNS DNS 00-10-16-63-d0-00 3 2/6 • Short-lived flows entries take up MLS cache space even though there is no flow activity

  42. Modifying agingtime fast • Switch (enable)#set mls agingtime fast 64 7 • Switch (enable)show config • (Text Deleted) • #mls • set mls enable • set mls agingtime 304 • set mls agingtime fast 64 7 • agingtime fast sets a threshold for cache entries • agingtime fast removes entries from the cache if the threshold has been crossed.

  43. Verifying the Configuration Switch (enable) show mls Multilayer switching enabled Multilayer switching aging time = 304 seconds Multilayer switching fast aging time = 64 seconds, packet threshold = 7 Full flow Total packets switched = 101892 Active shortcuts = 2138 Netflow Data Export disabled Netflow Data Export port/host is not configured. Total packets exported = 0 MLS-RP IP MLS-RP ID XTAG MLS-RP MAC-Vlans --------- ----------- ---- ------------------------ 172.16.41.168 0010f6b3d000 28 00-10-f6-b3-d0-00 1,41-42

  44. Including an External Router MLS IP Address Interface FE 0 172.16.41.168 Switch (enable) set mls include 172.16.41.168 Multilayer switching enabled for router 172.16.41.168 • Required for external routers

  45. Displaying the Switch Inclusion List 17.16.1.142 17.16.41.168 Automatically Added Internal Route Processor Switch (enable) show mls include Included MLS-RP ---------------------- 172.16.1.142 172.16.41.168 Manually Added External Route Processor

  46. Display MLS Cache Entries Switch (enable) show mls entry Destination IP Source IP Prot DstPrt SrcPrt Destination Mac Vlan Port --------------- --------------- ---- ------ ------ ----------------- ---- ----- MLS-RP 172.16.1.142: 172.16.53.1 172.16.87.3 UDP 1238 60224 00-10-7b-ee-94-70 1 2/9 172.16.53.1 172.16.87.3 UDP 69 60224 00-10-7b-ee-94-70 1 2/9 172.16.53.1 172.16.87.3 UDP 69 36776 00-10-7b-ee-94-70 1 2/9 MLS-RP 172.16.41.168: 172.16.41.17 172.16.53.1 UDP 60224 1238 00-00-0c-06-5b-1e 41 2/1 172.16.41.17 172.16.53.1 UDP 36776 69 00-00-0c-06-5b-1e 41 2/1

  47. Removing MLS Cache Entries Switch (enable) clear mls entry destination 172.16.1.142 Switch (enable) show mls entry Destination IP Source IP Prot DstPrt SrcPrt Destination Mac Vlan Port --------------- --------------- ---- ------ ------ ----------------- ---- ----- MLS-RP 172.16.41.168: 172.16.41.17 172.16.53.1 UDP 60224 1238 00-00-0c-06-5b-1e 41 2/1 172.16.41.17 172.16.53.1 UDP 36776 69 00-00-0c-06-5b-1e 41 2/1

  48. Improving IP Routing Performance with MLS • In this section we discuss the following topics: • Multilayer Switching Fundamentals • Configuring the Multilayer Switch Route Processor • Applying Flow Masks • Configuring the Multilayer Switch Switching Engine • MLS Topologies • Topology Examples • Topology Quiz • Unsupported Topology • Topology Changes and Routing Impacts

  49. 2 1 5 3 4 5 6 2 3 4 6 1 A B MLS Topology Example 1 MLS-RP R2 R2 R1 MLS-SE • Host A sends a packet to the default gateway • R1 rewrites the frame header to reflect the destination as the next-hop router (R2) • MLS-SE forwards the frame to R2 • R2 rewrites the frame header to reflect the destination as Host B • MLS-SE forwards the frame to Host B • All subsequent frames are switched

  50. 7 6 1 2 3 4 5 10 8 9 10 1 9 10 7 6 8 4 3 2 5 A B MLS Topology Example 2 MLS-RP • Host A sends a packet to the default gateway • MLS-SE1 forwards the frame to MLS-SE2 • MLS-SE2 forwards the frame to MLS-SE3 • MLS-SE3 forwards the frame to MLS-RP1 • MLS-RP1 rewrites the frame header and forwards the frame to MLS-SE3 • MLS-SE3 forwards the frame to MLS-SE2 • MLS-SE2 forwards the frame to MLS-SE1 • MLS-SE1 forwards the frame to Host B • All subsequent frames are switched through MLS-SE1 • Entries in MLS-SE2 and 3 time out MLS-SE3 MLS-SE2 MLS-SE1

More Related