IS-IS inter area
* - candidate default, U -
per-user static route, o - ODR
P - periodic downloaded
static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
C 10.10.1.0 is directly
connected, FastEthernet0/0.10
C 10.20.1.0 is directly
connected, FastEthernet0/0.20
Content 4.1
Describing Routing Between VLANs 4.1.4
Explaining Multilayer Switching Traditionally, a switch
makes forwarding decisions by looking at the Layer 2 header,
whereas a router makes forwarding decisions by looking at the
Layer 3 header. A multilayer switch combines the functionality
of a switch and a router into one device, therefore enabling
the device to switch traffic when the source and destination
are in the same VLAN and to route traffic when the source and
destination are in different VLANs (that is, different
subnets). In Figure , traffic between PC A and PC B are
switched at Layer 2, whereas traffic between PC B and PC C are
switched at Layer 3. Multilayer switches forward frames and
packets at wire speed by using application-specific integrated
circuit (ASIC) hardware. Specific Layer 2 and Layer 3
components, such as routing tables or access control lists
(ACLs), are cached into hardware. These tables are stored in
content-addressable memory (CAM) and ternary
content-addressable memory (TCAM). Layer 2 forwarding in
hardware is based on the destination MAC address. The Layer 2
switch learns and records the source MAC addresses from all
frames that it receives. The MAC address table lists MAC
addresses paired with the associated VLANs and interfaces. When
a frame is received on an interface, the switch determines
which VLAN the frame originated from, searches all interfaces
that belong to that VLAN for the destination MAC, and forwards
the frame out the appropriate interface. Figure describes how a
Layer 2 switch forwards packets. Layer 3 forwarding is based on
the destination IP address. Layer 3 forwarding occurs when a
packet is routed from a source in one subnet to a destination
in another subnet. When a multilayer switch (MLS) sees its own
MAC address in the Layer 2 header, it recognizes that the
packet is either destined for itself or is to be routed. If the
packet is not destined for the MLS, the destination IP address
is compared against the Layer 3 forwarding table for the
longest match. In addition, router ACL checks are performed. In
this case, the frame header needs to be rewritten with new
source and destination MAC addresses. Figures and describe how
a Layer 3 switch forwards packets.
Content 4.1
Describing Routing Between VLANs 4.1.5 Frame
Rewrite Figure shows how the frame and packet header would
be altered if CEF is used to forward frames. When frames are
received on an interface, the trailer checksum is first
calculated to verify accurate delivery of the frame. The frame
is discarded if the calculation is not accurate. Next the
payload is extracted. The IP header checksum is tested to
verify that it is an accurate IP header. Once the packet is
processed, IP unicast packets are rewritten on the output
interface as follows: - The source MAC address changes
from the sender MAC address to the router MAC address.
- The destination MAC address changes from the router MAC to
the next-hop MAC address.
- The TTL is decremented by
one and, as a result, the IP header checksum is
recalculated.
- The frame checksum is recalculated.
Routing, switching, ACL, and QoS tables are stored
in a high-speed table memory so that forwarding decisions and
restrictions can be made in high-speed hardware. Cisco Catalyst
switches create and use two primary table architectures:
- CAM table: Primary table used to make Layer 2
forwarding decisions. The table is built by recording the
source address and inbound port of all frames. When a frame
arrives at the switch with a destination MAC address of an
entry in the CAM table, the frame is forwarded out only through
the port associated with that specific MAC address.
-
TCAM table: Stores ACL, QoS, and other information
generally associated with upper-layer processing.
Table lookups are done with efficient search algorithms. A
“key” is created to compare the frame to the table content. For
example, the destination MAC address and VLAN ID (VID) of a
frame constitute the key for a Layer 2 table lookup. This key
is fed into a hashing algorithm, which produces a pointer into
the table. The system uses the pointer to access a smaller
specific area of the table without requiring searching the
entire table. In a Layer 2 table, all bits of all information
are significant for frame forwarding (for example, VLANs,
destination MAC addresses, and destination protocol types).
However, in more complicated tables associated with
upper-layer forwarding criteria, some bits of information may
be too inconsequential to analyze. For example, an ACL may
require a match on the first 24 bits of an IP address, but the
last 8 bits may be insignificant information. In specific
high-end switch platforms, the TCAM is a portion of memory
designed for rapid, hardware-based table lookups of Layer 3 and
Layer 4 information. In the TCAM, a single lookup provides all
Layer 2 and Layer 3 forwarding information for frames,
including CAM and ACL information. Figure displays the ACL
information stored in the TCAM table that would result in a
packet being permitted or denied. TCAM matching is based on
three values: 0, 1, or X (where X is either number), hence the
term “ternary.” The memory structure is broken into a series of
patterns and masks. Masks are shared among a specific number
of patterns and are used as wildcards in some content fields.
The following two ACL entries are referenced in Figure , which
shows how their values are stored in the TCAM: access-list 101
permit ip host 10.1.1.1 any
access-list 101 deny ip
10.1.1.0 0.0.0.255 any The TCAM table entries in Figure consist
of the following types of regions: - Longest match
region: Each longest match region consists of groups of
Layer 3 address entries (“buckets”) organized in decreasing
order by mask length. All entries within a bucket share the
same mask value and key size. The buckets can change their size
dynamically by borrowing address entries from neighboring
buckets. Although the size of the whole protocol region is
fixed, you can reconfigure it. The reconfigured size of the
protocol region takes effect only after the next system
reboot.
- First-match region: The first-match
region consists of ACL entries. Lookup stops after the first
match of the entry.
Content 4.2
Enabling Routing Between VLANs 4.2.1 Describing
Layer 3 SV An SVI is a virtual Layer 3 interface that can
be configured for any VLAN that exists on a Layer 3 switch. It
is virtual in that there is no physical interface for the VLAN,
and yet it can accept configuration parameters applied to Layer
3 router interfaces. The SVI for the VLAN provides Layer 3
processing for packets from all switch ports associated with
that VLAN. Only one SVI can be associated with a VLAN. You
configure an SVI for a VLAN for the following reasons:
- To provide a default gateway for a VLAN so that traffic can
be routed between VLANs
- To provide fallback bridging
if it is required for non-routable protocols
- To
provide Layer 3 IP connectivity to the switch
- To
support routing protocol and bridging configurations
By default, an SVI is created for the default VLAN
(VLAN1) to permit remote switch administration. Additional SVIs
must be explicitly created. SVIs are created the first time a
VLAN interface configuration mode is entered for a particular
VLAN SVI. The VLAN corresponds to the VLAN tag associated with
data frames on an Ethernet trunk or to the VLAN ID (VID)
configured for an access port. An IP address is assigned in
interface configuration mode to each VLAN SVI that is to route
traffic off of and on to the local VLAN.
Content