Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
IEEE 802.1aq wikipedia , lookup
Internet protocol suite wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Deep packet inspection wikipedia , lookup
Network tap wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Telephone exchange wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Parallel port wikipedia , lookup
Spanning Tree Protocol Inter-VLAN Routing Malin Bornhager Halmstad University Session Number Version 2002-1 © 2002, Svenska-CNAP Halmstad University 1 Objectives • Fundamentals of Spanning Tree Protocol • RSTP • MSTP • EtherChannel • Routing between VLANs –External route processors • CEF-based multilayer switching –Internal route processors Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 2 Transparent Bridges • Do not modify frames that are forwarded • Learns addresses by listening on a port • Forwards broadcasts and unknown unicasts on all ports Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 3 Redundant Topologies • • • • Layer 2 redundancy improves the availability Implementing alternate paths by adding equipment and cabling Goal to eliminate network outages caused by a single point of failure All networks need redundancy for enhanced reliability Simple Redundant Switched Topology Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 4 Issues with Redundancy • Layer 2 loops • Broadcast storms • Duplicate unicast frames • MAC database instability Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 5 Redundant Topologies • Layer 2 loops • Broadcast storm Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 6 Redundant Topologies • Duplicate unicast frames • MAC Database Instability Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 7 Explaining a Loop Free Network • Loop free network can be achieved manually by shutting down or disconnect redundant links • STP runs a Spanning Tree Algorithm (STA) to find and block redundant links Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 8 Implementing Spanning Tree • With STP, a transparent bridge environment can be redundant • STP protect the network against accidental miscabling Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 9 Implementing Spanning Tree STP executes an algorithm called STA. STA chooses a reference point, called a root bridge, and then determines the available paths to that reference point. If more than two paths exists, STA picks the best path and blocks the rest Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 10 Port Roles • Root port – • Designated port – • Switch port closest to the root bridge All non-root ports that are still permitted to forward traffic Non-designated port – Version 2002-1 All ports configured to be in blocking state to prevent loops © 2002, Svenska-CNAP / Halmstad University. 11 Spanning-Tree Operation • Electing a root bridge • Selecting the root port on the non-root bridges • Selecting the designated port on each segment How do the switches do this election? Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 12 BPDU • Bridge Protocol Data Unit (BPDU) is sent between switches to establish and maintain a loop free topology • Root ID – The lowest BID in the topology • Cost of Path – Cost of all links from the transmitting switch to the root bridge • Bridge ID – (BID) of the transmitting switch • Port ID – Transmitting switch port ID • STP timer values – Max_Age, Hello Time, Forward Delay Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 13 Bridge PDU (Protocol Data Unit) Each switch in the broadcast domain initially assumes that it is the root bridge Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 14 Bridge ID • Lower BID values are preferred • Default priority = 32768 Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 15 BPDU Process • • • Electing a root bridge – BPDUs are sent in the broadcast domain – Compare Bridge IDs One root port is elected on each switch – Compares the path costs on all switch ports – Lowest overall path cost to the root is automatically assigned the root port role Assign designated and non-designated ports – All switch ports in the root bridge will be designated – Two switches connected to the same segment sends BPDUs, and the lowest will become designated Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 16 Spanning-Tree Operation Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 17 Spanning Tree Operation • One root bridge per network • One root port per nonroot bridge • One designated port per segment • Nondesignated ports are blocking Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 18 Spanning Tree Operation • Port states (forward or block) based on: –Lowest path cost –Lowest sender BID –Lowest sender port ID Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 19 Port States Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 20 STP Timers Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 21 STP Port States Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 22 Spanning Tree Enhancements • Implementation of : –Portfast –Rapid Spanning Tree Protocol 802.1w (RSTP) –Per VLAN Spanning Tree 802.1q (PVST +) –Multiple Spanning Tree 802.1s (MST) –Load balancing across links Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 23 PortFast • Causes an interface to transition from blocking to forwarding state immediately • Do not go through the listening and learning states • Configure PortFast on access ports connected to a single server or workstation (or globally on all nontrunking interfaces) • Prevents DHCP timeouts Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 24 Rapid Spanning Tree - RSTP • STP convergence time = 30-50 seconds • RSTP offers better recovery at layer 2 • RSTP requires full-duplex point-to-point connection • Alternate and Backup Ports • Edge Ports do not participate in STP Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 25 RSTP Port Roles • • Alternate port – Offers an alternate path toward the root bridge Backup port – Additional port with a redundant link to the segment Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 26 RSTP Port Roles • Edge port • A switch port never intended to connect to another switch device • Transition to forwarding state immediately • If BPDU is received, it becomes a normal spanning-tree port Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 27 RSTP Port States • Discarding – • Learning – • Prevents the forwarding of data frames Accepts data frames to populate the MAC table, to limit flooding of unknown unicast frames Forwarding – Version 2002-1 Forwarding of data frames in stable active topologies © 2002, Svenska-CNAP / Halmstad University. 28 Configuring Access Port Macro • Use the switchport host macro command on an interface connecting to an end station. Switch(config-if)# switchport host switchport mode will be set to access spanning-tree portfast will be enabled channel group will be disabled Switch(config-if)# end Switch# Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 29 Multiple Spanning Tree - MSTP • MST (IEEE 802.1s) extends the IEEE 802.1w Rapid Spanning Tree (RSTP) algorithm to multiple spanning-trees • Main purpose is to reduce the total number of spanning tree instances to match the physical topology • Grouping VLANs and associate with spanning tree instances Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 30 MST Use of Extended System ID • MST carries the instance number in the 12-bit Extended System ID field of the Bridge ID. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 31 MST Configuration Example SwitchA(config)# spanning-tree mode mst SwitchA(config)# spanning-tree mst configuration SwitchA(config-mst)# name XYZ SwitchA(config-mst)# revision 1 SwitchA(config-mst)# instance 1 vlan 11, 21, 31 SwitchA(config-mst)# instance 2 vlan 12, 22, 32 SwitchA(config)# spanning-tree mst 1 root primary SwitchB(config)# spanning-tree mode mst SwitchB(config)# spanning-tree mst configuration SwitchB(config-mst)# name XYZ SwitchB(config-mst)# revision 1 SwitchB(config-mst)# instance 1 vlan 11, 21, 31 SwitchB(config-mst)# instance 2 vlan 12, 22, 32 SwitchB(config)# spanning-tree mst 2 root primary Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 32 Spanning Tree Enhancements • BPDU guard: Prevents accidental connection of switching devices to PortFast-enabled ports. Connecting switches to PortFast-enabled ports can cause Layer 2 loops or topology changes. • BPDU filtering: Restricts the switch from sending unnecessary BPDUs out access ports. • Root guard: Prevents switches connected on ports configured as access ports from becoming the root switch. • Loop guard: Prevents root ports and alternate ports from moving to forwarding state when they stop receiving BPDUs. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 33 BPDU Guard • BPDU Guard puts an interface configured for STP PortFast in the errdisable state upon receipt of a BPDU. BPDU guard disables interfaces as a preventive step to avoid potential bridging loops. • BPDU guard shuts down PortFast-configured interfaces that receive BPDUs, rather than putting them into the STP blocking state (the default behavior). In a valid configuration, PortFast-configured interfaces should not receive BPDUs. Reception of a BPDU by a PortFast-configured interface signals an invalid configuration, such as connection of an unauthorized device. • BPDU guard provides a secure response to invalid configurations, because the administrator must manually re-enable the err-disabled interface after fixing the invalid configuration. It is also possible to set up a time-out interval after which the switch automatically tries to reenable the interface. However, if the invalid configuration still exists, the switch err-disables the interface again. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 34 BPDU Filtering • BPDU filtering prevents a Cisco switch from sending BPDUs on PortFastenabled interfaces, preventing unnecessary BPDUs from being transmitted to host devices. • BPDU guard has no effect on an interface if BPDU filtering is enabled. • When enabled globally, BPDU filtering has these attributes: • – It affects all operational PortFast ports on switches that do not have BPDU filtering configured on the individual ports. – If BPDUs are seen, the port loses its PortFast status, BPDU filtering is disabled, and STP sends and receives BPDUs on the port as it would with any other STP port on the switch. – Upon startup, the port transmits ten BPDUs. If this port receives any BPDUs during that time, PortFast and PortFast BPDU filtering are disabled. When enabled on an interface, BPDU filtering has these attributes: – It ignores all BPDUs received. – It sends no BPDUs. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 35 Root Guard • Root guard is useful in avoiding Layer 2 loops during network anomalies. The Root guard feature forces an interface to become a designated port to prevent surrounding switches from becoming root bridges. • Root guard-enabled ports are forced to be designated ports. If the bridge receives superior STP BPDUs on a Root guard-enabled port, the port moves to a root-inconsistent STP state, which is effectively equivalent to the STP listening state, and the switch does not forward traffic out of that port. As a result, this feature enforces the position of the root bridge. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 36 Root Guard Motivation • Switches A and B comprise the core of the network. Switch A is the root bridge. • Switch C is an access layer switch. When Switch D is connected to Switch C, it begins to participate in STP. If the priority of Switch D is 0 or any value lower than that of the current root bridge, Switch D becomes the root bridge. • Having Switch D as the root causes the Gigabit Ethernet link connecting the two core switches to block, thus causing all the data to flow via a 100-Mbps link across the access layer. This is obviously a terrible outcome. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 37 Root Guard Operation • After the root guard feature is enabled on a port, the switch does not enable that port to become an STP root port. • Cisco switches log the following message when a root guard– enabled port receives a superior BPDU: %SPANTREE-2-ROOTGUARDBLOCK: Port 1/1 tried to become nondesignated in VLAN 77. Moved to root-inconsistent state. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 38 Root Guard Operation • The current design recommendation is to enable root guard on all access ports so that a root bridge is not established through these ports. • In this configuration, Switch C blocks the port connecting to Switch D when it receives a superior BPDU. The port transitions to the root-inconsistent STP state. No traffic passes through the port while it is in root-inconsistent state. • When Switch D stops sending superior BPDUs, the port unblocks again and goes through regular STP transition of listening and learning, and eventually to the forwarding state. Recovery is automatic; no intervention is required. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 39 Loop Guard • The Loop Guard STP feature improves the stability of Layer 2 networks by preventing bridging loops. • In STP, switches rely on continuous reception or transmission of BPDUs, depending on the port role. A designated port transmits BPDUs whereas a nondesignated port receives BPDUs. • Bridging loops occur when a port erroneously transitions to forwarding state because it has stopped receiving BPDUs. • Ports with loop guard enabled do an additional check before transitioning to forwarding state. If a nondesignated port stops receiving BPDUs, the switch places the port into the STP loop-inconsistent blocking state. • If a switch receives a BPDU on a port in the loop-inconsistent STP state, the port transitions through STP states according to the received BPDU. As a result, recovery is automatic, and no manual intervention is necessary. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 40 Loop Guard Messages • When the Loop Guard feature places a port into the loop-inconsistent blocking state, the switch logs the following message: SPANTREE-2-LOOPGUARDBLOCK: No BPDUs were received on port 3/2 in vlan 3. Moved to loop-inconsistent state. • After recovery, the switch logs the following message: SPANTREE-2-LOOPGUARDUNBLOCK: port 3/2 restored in vlan 3. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 41 Loop Guard Operation Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 42 Loop Guard Configuration Considerations • Configure Loop Guard on a per-port basis, although the feature blocks inconsistent ports on a per-VLAN basis; for example, on a trunk port, if BPDUs are not received for only one particular VLAN, the switch blocks only that VLAN (that is, moves the port for that VLAN to the loop-inconsistent STP state). In the case of an EtherChannel interface, the channel status goes into the inconsistent state for all the ports belonging to the channel group for the particular VLAN not receiving BPDUs. • Enable Loop Guard on all nondesignated ports. Loop guard should be enabled on root and alternate ports for all possible combinations of active topologies. • Loop Guard is disabled by default on Cisco switches. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 43 Unidirectional Link Detection (UDLD) • The link between Switches B and C becomes unidirectional. Switch B can receive traffic from Switch C, but Switch C cannot receive traffic from Switch B. • On the segment between Switches B and C, Switch B is the designated bridge sending the root BPDUs and Switch C expects to receive the BPDUs. • Switch C waits until the max-age timer (20 seconds) expires before it takes action. When this timer expires, Switch C moves through the listening and learning states and then to the forwarding state. At this moment, both Switch B and Switch C are forwarding to each other and there is no blocking port in the network. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 44 UDLD Modes • Normal Mode –UDLD detects unidirectional links due to misconnected interfaces on fiber-optic connections. UDLD changes the UDLDenabled port to an undetermined state if it stops receiving UDLD messages from its directly connected neighbor. • Aggressive Mode – (Preferred) When a port stops receiving UDLD packets, UDLD tries to reestablish the connection with the neighbor. After eight failed retries, the port state changes to the err-disable state. Aggressive mode UDLD detects unidirectional links due to oneway traffic on fiber-optic and twisted-pair links and due to misconnected interfaces on fiber-optic links. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 45 Flex Links Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. • Flex Links is a Layer 2 availability feature that provides an alternative solution to STP and allows users to turn off STP and still provide basic link redundancy. • Flex Links can coexist with spanning tree on the distribution layer switches; however, the distribution layer switches are unaware of the Flex Links feature. • Flex Links enables a convergence time of less than 50 milliseconds. In addition, this convergence time remains consistent regardless of the number of VLANs or MAC addresses configured on switch uplink ports. • Flex Links is based on defining an active/standby link pair on a common access switch. Flex Links are a pair of Layer 2 interfaces, either switchports or port channels, that are configured to act as backup to other Layer 2 interfaces. 46 EtherChannel • Bundles individual Ethernet links into a single logical link • Up to 8 physical links can be bundle together • Usually used for trunk links • Provides high bandwidth • Load balancing • Automatic failover • Simplifies subsequent logical configuration (does not need to configure each physical link) Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 47 EtherChannel - Protocols • • PAgP – Port Aggregation Protocol – Cisco proprietary – PAgP packets sent between ports to negotiate the forming of a channel – Ensures that all ports have the same type of configuration LACP – Link Aggregation Protocol – IEEE 802.3ad standard – Allows several physical ports to be bundled together to form a single logical channel Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 48 PAgP Modes Mode Purpose Auto Places an interface in a passive negotiating state in which the interface responds to the PAgP packets that it receives but does not initiate PAgP negotiation (default). Desirable Places an interface in an active negotiating state in which the interface initiates negotiations with other interfaces by sending PAgP packets. Interfaces configured in the “on” mode do not exchange PAgP packets. On Forces the interface to channel without PAgP. Nonsilent If a switch is connected to a partner that is PAgP-capable, configure the switch interface for non-silent operation. The non-silent keyword is always used with the auto or desirable mode. If you do not specify non-silent with the auto or desirable mode, silent is assumed. The silent setting is for connections to file servers or packet analyzers; this setting enables PAgP to operate, to attach the interface to a channel group, and to use the interface for transmission. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 49 LACP Modes Mode Purpose Passive Places a port in a passive negotiating state. In this state, the port responds to the LACP packets that it receives but does not initiate LACP packet negotiation (default). Active Places a port in an active negotiating state. In this state, the port initiates negotiations with other ports by sending LACP packets. On Forces the interface to the channel without PAgP or LACP. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 50 Inter-VLAN Routing Options • External router with a separate interface for each VLAN. • External router trunked to Layer 2 switch (router-on-a-stick). • Multilayer switch (pictured). Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 51 Inter-VLAN routing with external router • L3 capability is needed to communicate between VLANs • Trunk between switch and router • Sub-interfaces configured on the router for all VLANs Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 52 Inter-VLAN routing with external router • • Advantages: – Implementation is simple – Layer 3 services not required on the switch – Router provides communication between VLANs Disadvantages: – The router is a single point of failure – Traffic path between switch and router may become congested – Latency is higher than on Layer 3 switch Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 53 Multilayer switching - MLS • Combines the functionality of a switch and a router into one device • Software based routing process (packet re-writing) to specialized ASIC hardware • Optimized for campus LAN • When MLS’s own MAC address is in Layer 2 header – Destined for the MLS or – Destination IP address is compared against Layer 3 forwarding table Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 54 High-Speed Memory Tables • Multilayer switches build routing, bridging, QoS, and ACL tables for centralized or distributed switching. • Switches perform lookups in these tables to make decisions, such as to determine whether a packet with a specific destination IP address is supposed to be dropped according to an ACL. • These tables support high-performance lookups and search algorithms to maintain line-rate performance. • Multilayer switches deploy these memory tables using specialized memory architectures, referred to as content addressable memory (CAM), and ternary content addressable memory (TCAM). Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 55 Tables • CAM table: Primary table used to make Layer 2 forwarding decisions. The table is built by recording the source address and inbound port of all frames. When a frame arrives at the switch with a destination MAC address of an entry in the CAM table, the frame is forwarded out only through the port associated with that specific MAC address. • TCAM table: Stores ACL, QoS, and other information generally associated with upper-layer processing. TCAM is most useful for building tables for searching on the longest match, such as IP routing tables organized by IP prefixes. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 56 Switch Virtual Interface - SVI • Virtual Layer 3 interface configured for any VLAN • Acts as a default gateway for a VLAN and traffic can be routed between VLANs • Provide Layer 3 IP connectivity to the switch • Support routing protocols Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 57 Routed ports on a multilayer switch • Physical switch port capable of Layer 3 packet processing • Not associated with a particular VLAN • Switch port functionality is removed • Behaves like a regular router interface, but does not support subinterfaces Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 58 Routed ports on a multilayer switch Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 59 Distributed Hardware Forwarding Layer 3 switching software employs a distributed architecture in which the control path and data path are relatively independent. The control path code, such as routing protocols, runs on the route processor. Each interface module includes a microcoded processor that handles all packet forwarding. The Ethernet interface module and the switching fabric forward most of the data packets. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 60 Cisco Switching Methods • Process Switching • Fast Switching • Cisco Express Forwarding (CEF) Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 61 Cisco Switching Methods – Process Switching • Router strips off the Layer 2 header for each incoming frame • Looks up the Layer 3 destination network address in the routing table for each packet, and then sends the frame with rewritten Layer 2 header, including computed cyclic redundancy check (CRC), to the outgoing interface. • All these operations are done by software running on the CPU for each individual frame. • Process switching is the most CPU-intensive method available in Cisco routers. • It can greatly degrade performance and is generally used only as a last resort or during troubleshooting. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 62 Cisco Switching Methods – Fast Switching • After the lookup of the first packet destined for a particular IP network, the router initializes the fast-switching cache used by the fast switching mode. • When subsequent frames arrive, the destination is found in this fastswitching cache. • The frame is rewritten with corresponding link addresses and is sent over the outgoing interface. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 63 Cisco Switching Methods - CEF • The default-switching mode. • CEF is less CPU-intensive than fast switching or process switching. • A router with CEF enabled uses information from tables built by the CPU, such as the routing table and ARP table, to build hardware-based tables known as the Forwarding Information Base (FIB) and adjacency tables. • These tables are then used to make hardware-based forwarding decisions for all frames in a data flow • Although CEF is the fastest switching mode, there are limitations, such as other features that are not compatible with CEF or rare instances in which CEF functions can actually degrade performance, such as CEF polarization in a topology using load-balanced Layer 3 paths. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 64 Cisco Forwarding Decision Methods • Route caching: Also known as flow-based or demand-based switching, a Layer 3 route cache is built within hardware functions as the switch sees traffic flow into the switch. This is functionally equivalent to Fast Switching in the Cisco router IOS. • Topology-based switching: Information from the routing table is used to populate the route cache, regardless of traffic flow. The populated route cache is called the FIB. CEF is the facility that builds the FIB. This is functionally equivalent to CEF in the Cisco router IOS. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 65 Route Caching • First packet in a stream is switched in software by the route processor. • Information is stored in cache table as a flow. • All subsequent packets are switched in hardware. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 66 Topology-Based Switching • Faster than route caching. Even first packet forwarded by hardware. • CEF populates FIB with information from routing table. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 67 CEF Processing CEF uses special strategies to switch data packets to their destinations expediently. It caches the information generated by the Layer 3 routing engine even before the switch encounters any data flows. CEF caches routing information in one table (FIB) and caches Layer 2 next-hop addresses and frame header rewrite information for all FIB entries in another table, called the adjacency table (AT). Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 68 Forwarding Information Base (FIB) • Derived from the IP routing table. • Arranged for maximum lookup throughput. • IP destination prefixes stored in TCAM, from most-specific to leastspecific entry. • FIB lookup based on Layer 3 destination address prefix (longest match) – matches structure of CEF entries within the TCAM. • When TCAM full, wildcard entry redirects frames to the Layer 3 engine. • Updated after each network change but only once. Each change in the IP routing table triggers a similar change in the FIB. • Contains all known routes. Contains all next-hop addresses associated with all destination networks. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 69 Adjacency Table (AT) • Derived from ARP table and contains Layer 2 header rewrite (MAC) information for each next hop contained in the FIB. Nodes in network are said to be adjacent if they are within a single hop from each other. • Maintains Layer 2 next-hop addresses and link-layer header information for all FIB entries. • Populated as adjacencies are discovered. • Each time adjacency entry created (such as via ARP), a Layer 2 header for that adjacent node is pre-computed and stored in the adjacency table. • When the adjacency table is full, a CEF TCAM entry points to the Layer 3 engine to redirect the adjacency. Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 70 CEF-based multilayer switches Packets not processed in hardware: • IP packets that use IP header options • Packets forwarded to a tunnel interface • Packets with non-supported encapsulation types • Packet that exceed the maximum transmission unit (MTU) Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 71 CEF-based MLS Operation • Step 1: Host A sends a packet to Host B. The switch recognizes the frame as a Layer 3 packet because the destination MAC (MAC-M) matches the Layer 3 engine MAC Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 72 CEF-based MLS Operation • Step 2: The switch performs a CEF lookup based on the destination IP address (IP-B). The packets hits the CEF entry for the connected network (VLAN20) and is redirected to the Layer 3 engine Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 73 CEF-based MLS Operation • Step 3: The Layer 3 engine installs an ARP adjacency in the switch for Host B IP address • Step 4: The Layer 3 engine sends ARP requests for Host B on VLAN20 Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 74 CEF-based MLS Operation • Step 5: Host B sends an ARP response to the Layer 3 engine • Step 6: The Layer 3 engine installs the resolved adjacency in the switch Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 75 CEF-based MLS Operation • Step 7: The switch forwards the packet to Host B • Step 8: The switch receives a subsequent packet for Host B (IP-B) Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 76 CEF-based MLS Operation • Step 9: The switch performs a Layer 3 lookup and finds a CEF entry for Host B. The entry points to the adjacency with rewrite information for Host B Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 77 CEF-based MLS Operation • Step 10: The switch rewrites packet per the adjacency information and forwards the packet to Host B on VLAN20 Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 78 Summary • STP protects the network from loops • RSTP quickly adapts to network topology transitions • MSTP reduces the burden of STP traffic and CPU processing • EtherChannel adds redundancy and creates high-bandwidth connections between switches Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 79 Summary • An external router can be configured to route packets between the VLANs on a Layer 2 switch • Multilayer switches allow routing and the configuration of interfaces to pass packets between VLANs • CEF-based multilayer switching facilitates packet switching in hardware Version 2002-1 © 2002, Svenska-CNAP / Halmstad University. 80