8-1. Multilayer Switching Multilayer switching (MLS) performs Layer 3 switching by combining separate routing and switching functions on different switch modules. MLS is supported on the Catalyst 6000 by the MSFC (route processor) and the PFC (Layer 3 switching engine). On the Catalyst 4000 and 5000 platforms, the route processor can be an external router. MLS can perform Layer 3 switching for IP, IP multicast (also known as IP Multicast MLS or MMLS), and IPX traffic. MLS operation consists of these steps: - The route processor (RP) routs the first packet in a traffic flow. - The switching engine (SE) sets up an MLS cache entry for the flow based on the first packet (a "candidate" packet). - When the SE sees the return packet from the RP, the MLS cache entry is completed with source and destination information. For the duration of the traffic flow, subsequent packets are switched at the SE. - When the SE switches flow packets, the SE also rewrites the source and destination MAC addresses, the IP time-to-live (TTL), and both Layer 2 and Layer 3 checksum values. This is done in hardware, as if a traditional router had forwarded the packets. - The MLS cache entry for a flow is deleted when the connection is closed or after an aging timer expires.
MLS builds its flow cache based on the following: - - IP Destination address, source and destination addresses, or source and destination address and port numbers ("full flow")
- - IP multicast Source address, source VLAN number, and destination multicast group
- - IPX Destination address
MLS can report on traffic flow statistics through the use of NDE. Refer to section "8-3: NetFlow Data Export" for more information.
Configuration 1. | (Optional) Tune MLS on the RP.
TIP This chapter covers MLS as it is integrated between SE and RP in the Catalyst 6000 with an MSFC and PFC. MLS is automatically enabled between the RP and SE modules, and Step 1a is not required. To configure the RP portion of MLS for a Catalyst 4000 (Supervisor I or II) or a Catalyst 5000, which require an external RP, begin with Step 1a. - a. (Optional; external RP only) Configure MLS.
- Enable MLS on the router: COS | N/A | IOS | (global) mls rp ip
|
- (Optional) Identify the VTP domain: COS | N/A | IOS | (interface) mls rp vtp-domain name
|
If the RP communicates with a switch in a VTP domain, that domain name must be identified. The RP can then learn VLAN configuration information from the VTP server. - (Optional) Identify the VLAN number for VLAN or non-ISL interfaces: COS | N/A | IOS | (interface) mls rp vlan-id vlan-id
|
- Enable this interface for MLS management: COS | N/A | IOS | (interface) mls rp management-interface
|
This interface is used to send and receive MLS management information (MLSP packets). You should use the VLAN interface that connects to the switches using MLS. Often, this will be the management VLAN.
- b. (Optional) Use unicast MLS on specific VLAN interfaces:
COS | N/A | IOS | (interface) [no] mls {ip | ipx}
|
By default, IP unicast MLS is enabled on all interfaces and IPX MLS is not. Use the no keyword to disable MLS on the interface.
- c. (Optional) Set the flow mask:
COS | N/A | IOS | [View full width] (global) mls flow ip {destination |  destination-source | full}
-OR- [View full width] (global) mls flow ipx {destination | destination-source}
|
The MLS flow mask can be set to use destination addresses (destination; the default), both source and destination addresses (destination-source), or source and destination addresses and port numbers (full).
- d. (Optional) Exclude specific protocols from MLS:
COS | N/A | IOS | [View full width] (global) mls exclude protocol {tcp | udp | both} [port port-number]
|
By default, all protocols and port numbers are used to generate MLS flow entries. Specific protocols can be excluded by identifying the protocol (tcp, udp, or both TCP and UDP) and the port-number (1 to 65535).
| 2. | (Optional) Tune MLS on the SE.
- a. (Optional; Catalyst 5000 only) Enable MLS for IP or IPX:
COS | set mls {enable | disable} {ip | ipx}
| IOS | N/A |
By default, IP MLS is enabled and IPX MLS is not.
- b. (Catalyst 5000 only) Identify the external MLS RPs:
COS | set mls include {ip | ipx} ip-addr1 [ip-addr2...]
| IOS | N/A |
External routers that work with the switch for MLS are located at IP address ip-addr1, ip-addr2, and so on. These routers must be connected to the switch over a single trunk port. Router modules such as the RSM and RSFC that are integrated in the Catalyst 5000 chassis are added as MLS RPs automatically.
- c. (Optional) Tune the MLS cache aging times:
COS | set mls agingtime [ip | ipx] agingtime set mls agingtime fast fastagingtime pkt-threshold set mls agingtime long-duration longagingtime
| IOS | N/A |
When created, an MLS entry is kept in the cache for an agingtime period (8 to 2024 seconds, multiple of 8, default 256 seconds) if no packets are being switched using that entry.
MLS entries can be aged out of the cache sooner for very short flows like DNS requests with the fast keyword. An entry is aged out if no more than pkt-threshold packets (0, 1, 3, 7, 15, 31, 63, or 127 packets, default 0 packets) are switched using that entry in a fastagingtime period (0 to 128 seconds, multiple of 8, default 0 or no fast aging).
MLS cache entries for active switched flows can also be aged out before they become idle, by using the long-duration keyword. After the MLS entry is created, it is removed when the longagingtime period (64 to 1920 seconds, multiples of 64, default 1920 seconds) expires.
TIP Cisco recommends that the number of entries in the MLS cache be kept below 32K. Flows that exceed the cache size are sent to the route processor for normal routing, rather than being switched through MLS. You can monitor the cache size with the show mls (COS) and show mls ip count (IOS) commands. If the number of cache entries is more than 32,768, you can begin to adjust the MLS timers. Begin by reducing the aging time by 8 seconds to affect normal flows. Periodically monitor the cache size again. If the cache size continues to exceed 32K, reduce the aging time in 64-second increments. If you suspect a large number of short duration flows, you can also tune the fast aging timer. By default, the fast aging timer is 0 or not used. Start with a fast aging time of 128 seconds. If the cache size grows to over 32K entries, decrease the fast aging time. - d. (Optional) Set the minimum MLS flow mask:
COS | set mls flow {destination | destination-source | full}
| IOS | N/A |
The flow mask used for MLS is actually negotiated between the RP and SE devices, as the most specific or longest mask needed. By default, the SE uses a destination mask at a minimum, as the RP also does. If the RP has been configured for a longer mask or has extended access lists applied to its interfaces, a longer mask is negotiated.
| 3. | (Optional) Tune IP Multicast MLS (MMLS) on the RP.
- a. Enable IP multicast routing.
- Start multicast routing on the RP: COS | N/A | IOS | (global) ip multicast-routing
|
- Enable IP Protocol Independent Multicast (PIM) on each multicast interface: COS | N/A | IOS | [View full width] (interface) ip pim {dense-mode | sparse-mode | sparse-dense-mode}
|
By default, multicast routing uses PIM sparse-dense-mode. Refer to Cisco Field Manual: Router Configuration, ISBN 1-58705-024-2, section "7-7: IP Multicast Routing", for complete configuration information.
- b. Enable IP MMLS on the RP:
COS | N/A | IOS | (global) mls ip multicast
|
By default IP MMLS is disabled, even if IP multicast is active. After MMLS is enabled, it is used only on the interfaces that have IP PIM multicast enabled.
- c. (Optional) Use a threshold to control the rate of MMLS cache entries:
COS | N/A | IOS | (global) mls ip multicast threshold pps
|
You can use a threshold to prevent the MMLS cache from becoming filled with short-lived flows. If the rate of new multicast packets exceeds the pps threshold (10 to 10000 packets per second, no default), the packets are switched via MMLS. If the rate is below the threshold, the multicast packets are sent to the RP for normal (non-MMLS) processing.
| 4. | (Optional) Tune IP MMLS on the SE.
|
TIP IP MMLS is automatically enabled on the SE side, if IP multicast has been configured and enabled. See Chapter 9, "Multicast," for complete configuration information.
MLS Example MLS is configured on a switch with integrated RP and SE modules (a Catalyst 6000 with a Supervisor 1, PFC, and MSFC, for example). Interfaces VLAN 100 and VLAN 200 are configured to use MLS to switch Layer 3 flows. A "full" MLS flow mask is to be used, as governed by the RP configuration. The SE portion is configured to use the standard 256-second MLS cache aging time. However, the fast aging time is adjusted so that cache entries are dropped if more than 31 packets are switched within an 8-second fast aging period. IP multicast is supported through IP MMLS on the RP. The SE portion is automatically configured to support multicast MLS: COS | set mls agingtime fast 8 31
| IOS | (global) interface vlan 100 (interface) mls ip (global) interface vlan 200 (interface) mls ip (global) mls flow ip full (global) ip multicast-routing (global) mls ip multicast
|
Displaying Information About MLS Table 8-2 lists RP commands with the "IOS" switch OS, and SE commands with the "COS" switch OS. Table 8-2. Commands to Display MLS InformationDisplay Function | Switch OS | Command |
|---|
IP MLS status | COS | show mls [ip | ipx] [module]
| IOS | [View full width] (exec) show mls rp [ip | ipx | interface interface interface-number | vtp-domain domain]
| IP MLS information | COS | show mls
| IOS | [View full width] (exec) show mls ip [any | destination {hostname | ip-address} | detail | flow {tcp | udp} | {interface {interface interface-number}} | {Vlan vlan} | {macd destination-mac-address} | {macs source-mac-address} |){module number} | source {hostname | ip-address}]
| MLS statistics | COS | [View full width] show mls statistics protocol show mls statistics entry [mod] show mls statistics entry ip [mod] [destination ip_addr_spec] [source ip_addr_spec] [protocol protocol [src-port src_port] [dst-port dst_port]]
| IOS | (exec) show mls statistics
| Protocols excluded from IP MLS | COS | show mls exclude protocol
| IOS | N/A | IP MLS cache entries | COS | [View full width] show mls entry ip [mod] [destination ip_addr_spec] [source ip_addr_spec] [protocol protocol] [src-port src_port] [dst-port dst_port] [short | long]
| IOS | N/A | IPX MLS information | COS | [View full width] show mls statistics entry ipx [mod] [destination ipx_addr_spec] [source ipx_addr_spec]
| IOS | [View full width] (exec) show mls ipx [{destination ipx-network} | {interface {interface interface-number}} | {Vlan vlan-id} | {macd destination-mac-address} | {macs source-mac-address} | {module number} |){source {hostname | ipx-network}}] [detail]
| IPX MLS cache entries | COS | [View full width] show mls entry ipx [mod] [destination ipx_addr_spec] [short | long]
| IOS | N/A | Size of MLS cache | COS | show mls
| IOS | (exec) show mls ip count (exec) show mls ipx count
| IP MMLS | COS | show mls multicast show mls multicast statistics {mod}
| IOS | [View full width] (exec) show mls ip multicast [{{connected | group} {hostname | ip-address} [ip-mask]} | {interface {interface interface-number}} |){module number} | {source {hostname | ip-address}} | statistics |)summary}]
| IP MMLS cache entries | COS | [View full width] show mls multicast entry {[all] [short | long]} show mls multicast entry {[mod] [vlan vlan_id] [group ip_addr]} [source ip_addr] [long | short]
| IOS | N/A |
|
