This is my review and notes of Chapter 4 of “Implementing Cisco Switched Networks Foundation Learning Guide”.
Chapter 4 – Implementing Inter-VLAN Routing
Sorry if this chapter is a bit short on notes. I don’t find inter-vlan routing a hard topic to grasp, so don’t need many notes.
Probably said above a bit too soon. Found this chapter pretty boring when it got to how the CAM and TCAM work. I think it was just too detailed. Some may like it, and it will probably help them with their understanding, but for me it wasn’t presented in a way that I found easy to keep concentrated. Thing is, I think this is a pretty important concept to grasp. If you understand how a switch does its’ thing at each layer, it definitely helps with your troubleshooting of a device.
Whohoo! Chapter got a bit better at the end from page 230. Chapter finally had some examples and how to apply troubleshooting switching issues around CEF. I’m still not convinced this chapter did a fantastic explanation of CEF, but then again I’m a visual learner and would have probably benefited from a more graphical explanation.
In terms of the CCNP exam, probably need to know:
– Inter-VLAN routing using SVI.
– How to configure Routed Ports.
– Understand how a DHCP server works, and how to use DHCP Relay.
– Basic understanding of Cisco CEF and how to troubleshoot it.
– All of the above plus:
– Router on a stick
– Layer 3 EtherChannels
– Each different type of switching method (fast switching, process switching, CEF)
A switch is typically a layer 2 device. At layer 2, the switch is probably capable of creating VLANs and configuring each port to be in a different VLAN. Each created VLAN will typically have layer 3 devices configured in it such as hosts, and each vlan should only have 1 subnet in use within it.
This is all fine until you have devices that need communication between say two VLANs. This is what we call Inter-VLAN routing, and there are two methods capable of achieving this.
1. ROAST (Router on a Stick)
2. SVI (Switched Virtual Interface)
Router on a stick is where you configure a trunk port on your layer 2 switch with the VLANs you want routing to be achieved between. Connected to that port is a router capable of trunking, in which you configure sub-interfaces on the router port, with an IP address in each VLAN. Hosts on the switch then configure their default gateway to be the associated IP address to that VLAN on the router.
ROAST is the old way of doing it and I won’t go any further into it.
An SVI is simply a VLAN on a switch that has an IP address configured on it. Your switch needs to be layer 3 for routing to function on it.
An SVI is created when a user types ‘int vlan X’ in global config mode.
Different types of Layer 3 interfaces on a MLS (MultiLayer Switch)
– Routed Port: This is a purely layer 3 interface similar to a router port on an actual router.
– SVI: – As above
– Bridge Virtual interface (BVI): An L3 virtual bridging interface
– A routed port is a physical port that acts similarly to a port on a traditional router with a Layer 3 address configured.
– Unlike an access port, a routed port is not associated with a particular VLAN.
– Has all layer 2 switching functionality removed (Except EtherChannel which can function at L3).
– Used for Point to Point Links.
– To configure, under the interface issue the command “no switchport”.
When configuring SVIs:
Make sure to “no shut” the interface, and enable IP routing if you want to be able to communicate the VLANs subnets to other routers, otherwise this is not essential.
– Basically refers to the need of having at least port up in a vlan before the Layer 3 SVI is also up. In other words, if all ports in a VLAN are shutdown or unplugged, the SVI will also go down.
– You can ensure the SVI stays up, by manually configuring on the port “switchport autostate exclude”. If the port goes down, the SVI will still stay up. The concern of this is things like blackhole routing, and should not be enabled without some valid consideration.
Configuring a Layer 3 EtherChannel
So this is something that was actually new to me. To configure a Layer 3 EtherChannel, you make it like a routed port by removing the switchport functionality.
S1(config)#interface port-channel 1
S1(config-if)#ip add xxxxx xxxxx
S1(config)#interface range xx-xx
S1(config-if-range)#channel-group 1 mode __
Implementing DHCP in a Multilayer Switched Environment
– Know how DHCP works (DORA: Discover Offer Response Acknowledge)
ip dhcp excluded-address 10.1.10.1 10.1.10.20 ip dhcp pool XYZ
network 10.1.10.0 255.255.255.0
option 150 10.1.1.50 lease 0 8 0 int vlan10
ip add 10.1.10.1 255.255.255.0
Important point is Cisco switches can only offer a DHCP range that it actually has an IP address in.
Configure DHCP Relay
DHCP Relay is a feature needed when your DHCP server does not reside in the same subnet as your hosts. In the example above, the host currently does not have an IP address, but resides in the VLAN that has the 172.16.0.0 subnet. When the host boots up, it will broadcast a DHCP Discover frame. With DHCP Relay configured on the switch, the switch will see this broadcast frame, and unicast forward the request on to the DHCP server. The DHCP server will reply with an Offer frame and both will complete the rest of DORA.
To configure, on the VLAN interface, configure the command “ip helper-address address of dhcp server”
Verify DHCP operation: ‘show ip dhcp binding’, and ‘debug ip dhcp server packet’.
CEF-Based Multilayer Switching
I might be a bit brief on this area, but it’s an importance concept to understand. This area looks at the process a switch goes through in terms of the layers between hardware, and the high level application protocols running on the switch.
Explaining Layer 3 Switch Processing
A layer 3 switch performs 3 main functions:
– Packet switching
– Route processing
– Intelligent network services
CAM and TCAM Tables
Multilayer switches build routing, bridging, QoS, and ACL tables for centralized or distribution switching in hardware using high-speed memory tables. Switches perform lookups in these tables for result information, such as to determine whether a packet with a specific destination IP address is supposed to be dropped according to an ACL. These tables support high-performance lookups and search algorithms such that multilayer switches maintain line-rate performance.
Cam Table (Content Addressable Memory)
– The primary table used to make Layer 2 forwarding decisions.
– Table Lookups are performed with efficient search algorithms.
– CAM tables provide only two results: 0 (true), or 1 (false).
– The table is built by recording the source MAC address and inbound port of all incoming frames.
– When a frame arrives at the switch with a destination MAC address of an entry in the CAM table, the frame is forwarded out through only the port that is associated with that specific MAC address.
A key is created to compare the frame to the table content:
– E.g. DST MAC and Vlan ID of a frame would constitute the key for layer 2 table lookup.
– The key is input into a hashing algorithm, which produces, as the output, a pointer into the table.
– The system uses the pointer to access a specific entry in the table, thus eliminating the need to search the entire system.
TCAM (Ternary Content Addressable Memory)
– Stores ACLs, QoS, and other information generally associated with Layer 3 and up layer processing.
– TCAM provides 3 results: 0 (true) 1 (false), and “don’t care”.
– Portion of memory designed for rapid, hardware-based table lookups of layer 3 and 4 info.
– Single lookup provides all layer 2 and layer 3 forwarding info for frames, including CAM and ACL info.
– Memory structure is broken into a series of patterns and associated masks.
TCAM Method of matching entries in tables
Where the whole match needs to be exact e.g. IP next-hop info (MAC Address)
Book explanation was terrible. Basically this is the entry in hardware with the longest prefix that matches the lookup. Did that make sense? So with IP prefix or IP Multicast prefix, you might be looking up where to find host 172.16.1.58. You have two routes in hardware. One for 172.16.0.0/16 and one for 172.16.1.0/24. The longest match in this case is the latter.
Look up is stopped after first match on entry, e.g. ACL entries
Cisco Switching Methods
– Router strips off the layer 2 header for each incoming frame, looks up the Layer 3 destination network address in the routing table for each packet, and then sends the frame with the rewritten Layer 2 header, including CRC, to outgoing interface.
– Done by software (CPU), not hardware (ASIC).
– Most CPU intensive method.
– Does same as packet switching for first packet, then installs that info into fast switching cache.
– Frame is rewritten with corresponding link address and is sent over the outgoing interface.
CEF (Cisco Express Forwarding)
– Default switching method
– Less CPU intensive than other above methods
– Router builds Forwarding Information Base (FIB) and Adjacency table from other tables build by CPU such as routing and ARP tables.
– These tables are then used to make hardware based forwarding decisions.
At this point in the chapter I felt it had a lot of WAFFLE and could have explained it all a lot easier by using an example.
See the following image.
This shows the top down approach of what happens from the high layer routing protocol, in this case BGP, to the low level in hardware/ASIC.
Quick explanation from Cisco:
The Forwarding Information Base (FIB) table – CEF uses a FIB to make IP destination prefix-based switching decisions. The FIB is conceptually similar to a routing table or information base. It maintains a mirror image of the forwarding information contained in the IP routing table.
When routing or topology changes occur in the network, the IP routing table is updated, and these changes are reflected in the FIB. The FIB maintains next-hop address information based on the information in the IP routing table.
Because there is a one-to-one correlation between FIB entries and routing table entries, the FIB contains all known routes and eliminates the need for route cache maintenance that is associated with switching paths such as fast switching and optimum switching.
Adjacency table – Nodes in the network are said to be adjacent if they can reach each other with a single hop across a link layer. In addition to the FIB, CEF uses adjacency tables to prepend Layer 2 addressing information. The adjacency table maintains Layer 2 next-hop addresses for all FIB entries.
Not all packets can be processed in Hardware, e.g. Tunnel interface traffic, NAT.
– A glen adjacency is in the CEF adjacency table when multiple hosts are directly connected to the MLS through a single port or interface. Lol what? There’s more on glen adjacencies in the book, but I doubt there will be anything on this in the exam.
Okay, I gave up all hope on this chapter too early. Page 230 has a sample of CEF operation…Could be worth looking at if CEF isn’t making that much sense. Sorry I haven’t got more on it. I’d suggest doing a google on CEF operation for more info.
CEF-Based MLS Verification
Show interface __
Provides stats for hardware switching Layer 3 packets
Show ip cef [___]
Verifies the FIB
Show adjacency [___]
Verify adjacency table
Show cef drops
Packets being dropped by hardware.