Multilayer Switch Operation

Multilayer Switch Operation

Many Cisco Catalyst switches can also forward frames based on Layers 3 and 4 information contained in packets. This is known as multilayer switching (MLS). Naturally, Layer 2 switching is performed at the same time because even the higher-layer encapsulations still are contained in Ethernet frames.

Types of Multilayer Switching

Catalyst switches have supported two basic generations or types of MLS: route caching (first-generation MLS) and topology based (second-generation MLS). This section presents an overview of both, although only the second generation is supported in the Cisco IOS Software-based switch families, such as the Catalyst 2960, 3750, 4500, and 6500. You should understand the two types and the differences between them:

■ Route caching: The first generation of MLS, requiring a route processor (RP) and a switch engine (SE). The RP must process a traffic flow’s first packet to determine the destination. The SE listens to the first packet and to the resulting destination, and then sets up a “shortcut” entry in its MLS cache. The SE forwards subsequent packets belonging to the same traffic flow based on shortcut entries in its cache.

This type of MLS also is known by the names NetFlow LAN switching , flow-based or demand-based switching , and route once, switch many . The RP must examine each new traffic flow and set up shortcut entries for the SE. Even if this method isn’t used to forward packets in Cisco IOS–based Catalyst switches, the technique can still be used to generate traffic flow information and statistics.

■ Topology based: The second generation of MLS, utilizing specialized hardware, is also organized with distinct RP and SE functions. The RP uses Layer 3 routing information to build and prepopulate a single database of the entire known network topology. This database becomes an efficient table lookup in hardware, and is consulted so that packets can be forwarded at high rates by the SE. The longest match found in the database is used as the correct Layer 3 destination. As the routing topology changes over time, the database contained in the hardware can be updated dynamically with no performance penalty.

This type of MLS is known as Cisco Express Forwarding (CEF). A routing process running on the switch downloads the current routing table database into the Forwarding Information Base (FIB) area of hardware.

Tip Although the RP and SE functions within a multilayer switch do interact, they can operate independently, as if they are on different “planes.” The control plane of a switch includes the RP and any process that runs to control or manage the switch, whereas the data plane exists in the SE, where data is forwarded.

Follow That Packet!

The path that a Layer 3 packet follows through a multilayer switch is similar to that of a Layer 2 switch. Obviously, some means of making a Layer 3 forwarding decision must be added. Beyond that, several, sometimes unexpected, things can happen to packets as they are forwarded. Below figure shows a typical multilayer switch and the decision processes that must occur. Packets arriving on a switch port are placed in the appropriate ingress queue, just as in a Layer 2 switch.

Operations Within a Multilayer Catalyst Switch

Each packet is pulled off an ingress queue and inspected for both Layer 2 and Layer 3 destination addresses. Now, the decision of where to forward the packet is based on two address tables, whereas the decision of how to forward the packet still is based on access list results.

All the multilayer switching decisions are performed simultaneously in hardware, using the following functions:

■ L2 forwarding table: The destination MAC address is used as an index into the CAM table. If the frame contains a Layer 3 packet that needs to be forwarded from one subnet to another, the destination MAC address will contain the address of a Layer 3 port on the switch itself. In this case, the CAM table results are used only to decide that the frame should be processed at Layer 3.

■ L3 forwarding table: The FIB table is consulted, using the destination IP address as an index. The longest match in the table is found (both address and mask), and the resulting next-hop Layer 3 address is obtained. The FIB also contains each next-hop router’s Layer 2 MAC address and the egress switch port (and VLAN ID) so that further table lookups are not necessary.

■ Security ACLs: Inbound and outbound access lists are compiled into TCAM entries so that decisions of whether to forward a packet can be determined as a single table lookup.

■ QoS ACLs: Packet classification, policing, and marking all can be performed as single table lookups in the QoS TCAM.

As with Layer 2 switching, the packet finally must be placed in the appropriate egress queue on the appropriate egress switch port.

During the multilayer switching process, some portions of the frame must be modified or rewritten, just as any router would do. For example, the destination MAC address in the inbound frame contains the address of the next-hop destination, which is the ingress Layer 3 interface on the multilayer switch. Once the FIB table is consulted, the next-hop router IP and MAC addresses are found.

The next-hop Layer 2 address must be put into the frame in place of the original destination address (the multilayer switch). The frame’s Layer 2 source address also must become that of the multilayer switch’s egress interface before the frame is sent on to the next hop. As any good router must do, the time-to-live (TTL) value in the Layer 3 packet must be decremented by one.

Because the contents of the Layer 3 packet (the TTL value) have changed, the Layer 3 header checksum must be recalculated. And because both Layers 2 and 3 contents have changed, the Layer 2 checksum must be recalculated. In other words, the entire Ethernet frame must be rewritten before it goes into the egress queue. This also is accomplished efficiently in hardware.

Multilayer Switching Exceptions

To forward packets using the simultaneous decision processes, the packet must be “MLS ready” and must require no additional decisions. For example, CEF can directly forward most IP and IPv6 packets between hosts. This occurs when the source and destination addresses (both MAC and IP) are already known and no other IP parameters must be manipulated.

Other packets cannot be directly forwarded by CEF and must be handled in more detail. This is done by a quick inspection during the forwarding decisions. If a packet meets criteria such as the following, it is flagged for further processing and sent or “punted” to the switch CPU for process switching :

■ ARP requests and replies

■ IP packets requiring a response from a router (TTL has expired, maximum transmission unit [MTU] is    exceeded, fragmentation is needed, and so on)

■ IP broadcasts that will be relayed as unicast (Dynamic Host Configuration Protocol [DHCP] requests, IP helper-address functions)

■ Routing protocol updates

■ Cisco Discovery Protocol (CDP) packets

■ Packets needing encryption

■ Packets triggering Network Address Translation (NAT)

■ Legacy multiprotocol packets (IPX, AppleTalk, and so on)

Packets that are punted to the CPU cannot be forwarded as efficiently as ones that can be forwarded in hardware directly. The additional processing takes additional time and consumes CPU resources. Ideally, all packets should be forwarded in hardware, but that is not always possible.

Please press the FOLLOW button to get all the notifications :)