MSFC Hybrid Mode Layer 3 Switching

The second phase of Layer 3 switching for the Catalyst 6000 family introduced the Hybrid Mode for the Multilayer Switch Feature Card (MSFC). This introduced the Multilayer Switching (MLS) style Layer 3 switching to the Catalyst 6000 platform.

This section discusses the hardware used by the MSFC Hybrid Mode as well as configuration concepts and syntax. This section also discusses the advantages and disadvantages of this approach.

MSFC Hybrid Mode Hardware

From a hardware perspective, the MSFC is extremely similar to the Route Switch Feature Card (RSFC) that is available for the Catalyst 5000s. The MSFC installs as a pair of daughter cards to the Catalyst 6000 Supervisor. After installation, the Supervisor consists of three components:

The Supervisor itself (also referred to as a Switch Processor [SP])
The PFC An MLS SP engine very similar to the Catalyst 5000 NetFlow Feature Card (NFFC).
The MSFC A Route Processor (RP) engine.

Figure 18-2 illustrates these three components.

Figure 18-2. MSFC Components

graphics/18fig02.gif

The Supervisor/SP contains a RISC CPU and the ASICs necessary to perform the duties of a Layer 2 switch. The PFC uses technology similar to the NFFC discussed in the "MLS" section of Chapter 11. Functioning as a flexible pattern matching and rewrite engine, it can be used to provide a wide range of high-speed features such as Layer 3 switching, Quality/Class of Service (QoS/CoS), multicast support, and security filtering. From a Layer 3 switching perspective, it provides the MLS-SE shortcut services discussed in Chapter 11. (Technically speaking, the PFC replaces the Layer 2 forwarding ASIC on the Supervisor and also assumes these duties.) The MSFC daughter card is derived from the NPE-200 used in the Cisco 7200 routers. Being a high-performance and feature-rich router, it handles the MLS-RP end of the MLS scheme and routes the first packet in every IP and IPX flow. It can also be used to provide software-based routing for other protocols such as AppleTalk and DECnet (expect forwarding rates of approximately 125,000 150,000 pps).

In short, the MSFC Hybrid Mode offers the equivalent of a souped up Catalyst 5000 Route Switch Module (RSM) and NFFC in a single-slot solution.

MSFC Hybrid Mode Configuration Concepts

Configuring the MSFC Hybrid Mode is virtually identical to RSM-based MLS configurations discussed in the "Configuring MLS" section of Chapter 11. It uses the same interface vlan vlan_number concepts for its configuration. Routing protocols and other features use the same RSM-like commands.

The MSFC RP is also similar to the RSM in that it uses a full IOS image, thereby creating the same split personality seen in the RSM sections of Chapter 11. When connected to the console port of the Catalyst Supervisor, you are presented with the usual set, clear, and show commands available in all Catalysts using the XDI/CatOS interface. However, by using the session command, you create a virtual connection to the MSFC RP. This instantly transforms you from the world of Catalyst XDI/CatOS to the realm of router IOS.

Recall from Chapter 11 that the session command requires a parameter consisting of the router's slot number. In the case of the RSM, this can easily be determined by visual inspection. In the case of the MSFC RP, which operates as a daughter card in Slot 1 and/or Slot 2, the numbering scheme is less obvious because it uses a virtual slot number. One way to determine the appropriate slot is to use the show module command as seen in Example 18-5.

Example 18-5 Using the show module Command to Determine the MSFC RP Virtual Slot Number

   Cat6000 (enable) show module   Mod Slot Ports Module-Type               Model               Status   --- ---- ----- ------------------------- ------------------- --------   1   1    2     1000BaseX Supervisor      WS-X6K-SUP1-2GE     ok   15  1    1     Multilayer Switch Feature WS-F6001-RSFC       ok   3   3    24    100BaseFX MM Ethernet     WS-X6224-100FX-MT   ok   4   4    24    100BaseFX MM Ethernet     WS-X6224-100FX-MT   ok   5   5    8     1000BaseX Ethernet        WS-X6408-GBIC       ok   6   6    48    10/100BaseTX (RJ-45)      WS-X6248-RJ-45      ok   Mod Module-Name         Serial-Num   --- ------------------- -----------   1                       SAD03070893   15                      3024158973   3                       SAD03080262   4                       SAD03080421   5                       SAD03040595   6                       SAD03142742   Mod MAC-Address(es)                        Hw     Fw         Sw   --- -------------------------------------- ------ ---------- -----------------   1   00-50-54-6c-a9-e6 to 00-50-54-6c-a9-e7 1.4    5.1(1)     4.2(0.24)DAY35       00-50-54-6c-a9-e4 to 00-50-54-6c-a9-e5       00-50-3e-05-58-00 to 00-50-3e-05-5b-ff   15  00-50-73-ff-ab-00 to 00-50-73-ff-ab-ff 0.305  12.0(2.6)T 12.0(2.6)TW6(0.14)   3   00-50-54-6c-a5-34 to 00-50-54-6c-a5-4b 1.2    4.2(0.24)V 4.2(0.24)DAY35   4   00-50-54-6c-a4-74 to 00-50-54-6c-a4-8b 1.2    4.2(0.24)V 4.2(0.24)DAY35   5   00-50-f0-a8-44-64 to 00-50-f0-a8-44-6b 1.4    4.2(0.24)V 4.2(0.24)DAY35   6   00-50-f0-aa-58-38 to 00-50-f0-aa-58-67 1.0    4.2(0.24)V 4.2(0.24)DAY35   Mod Sub-Type                Sub-Model           Sub-Serial  Sub-Hw   --- ----------------------- ------------------- ----------- ------   1   L3 Switching Engine     WS-F6K-PFC          SAD03152173 0.205   Cat6000 (enable)

Notice that the second line (marked in bold type) under the uppermost headers in Example 18-5 lists the MSFC RP as a Multilayer Switch Feature WS-F6001-RSFC in Slot 15.

Note

Example 18-5 shows the output of a 6009/6509 containing a single Supervisor in Slot 1. An MSFC physically located in Slot 2 uses a virtual slot number of 16. A 6006/6506 also uses Slots 15 and 16.

Therefore, by entering the command session 15, you are connected to the MSFC RP where you can enter router commands.

Tip

Although the numbering pattern is fairly simple, use the show module command to determine and remember the virtual slot numbers used by MSFC RP modules.

Configuring MLS with MSFC Hybrid Mode

As with the RSM and Catalyst 5000 Supervisor MLS configurations, the Layer 2 Catalyst Supervisor has MLS processing enabled by default (in fact, it currently cannot be disabled on a Catalyst 6000). Also similar to MLS on the 5000s, the MSFC RP is not configured to provide MLS service by default. To add MLS to an already functioning MSFC RP router configuration, complete the following four-step process:

Globally enable MLS on the RP with the mls rp ip command. (You can also use mls rp ipx for the IPX protocol.)
Configure a VLAN Trunking Protocol (VTP) domain for each VLAN interface using the mls rp vtp-domain domain_name command.
Enable MLS on each VLAN interface using the mls rp ip or mls rp ipx commands.
Select one or more router interfaces to send MLSP packets using the mls rp management-interface command.

Note

Chapter 11 presented this list as a five-step list because it included a step (Step 3) to configure non-trunk links on external routers. Because this is not necessary for integrated routers such as the MSFC RP, this step has been omitted here.

For example, the configuration displayed in Example 18-6 enables MLS for VLANs 1 through 3 on an MSFC RP (both IP and IPX are configured)

Example 18-6 A Complete MSFC RP Configuration for MLS

   no service pad   service timestamps debug uptime   service timestamps log uptime   no service password-encryption   !   hostname MSFC-RP   !   boot system flash bootflash:c6msfc-js-mz.120-2.6.TW6.0.14.bin   !   !   ip subnet-zero   !   ip cef   ipx routing 0000.2100.0000   mls rp ip   mls rp ipx   !   !    interface Vlan1    ip address 10.0.1.2 255.255.255.0    no ip redirects    no ip directed-broadcast    no ip route-cache cef    ipx network A000100    mls rp vtp-domain Skinner    mls rp management-interface    mls rp ip    mls rp ipx    standby 1 timers 1 3    standby 1 priority 200 preempt    standby 1 ip 10.0.1.1   !   interface Vlan2    ip address 10.0.2.2 255.255.255.0    no ip redirects    no ip directed-broadcast    no ip route-cache cef    ipx network A000200    mls rp vtp-domain Skinner    mls rp ip    mls rp ipx    standby 2 timers 1 3    standby 2 priority 100 preempt    standby 2 ip 10.0.2.1   !   interface Vlan3    ip address 10.0.3.1 255.255.255.0    no ip directed-broadcast    no ip route-cache cef    ipx network A000300    mls rp vtp-domain Skinner    mls rp ip    mls rp ipx   !   router eigrp 1    passive-interface Vlan1    passive-interface Vlan2    network 10.0.0.0   !   ip classless   no ip http server   !   !   line con 0    transport input none   line vty 0 4    login   !   end

Note that the configuration in Example 18-6 is functionally equivalent to the MSM configuration shown in Example 18-3.

Example 18-7 shows the results of show mls rp on the MSFC RP.

Example 18-7 Output of show mls rp on MSFC RP

   MSFC-RP# show mls rp   ip multilayer switching is globally enabled   ipx multilayer switching is globally enabled   ipx mls inbound acl overide is globally disabled   mls id is 0000.2100.0000   mls ip address 127.0.0.12   mls ip flow mask is destination   mls ipx flow mask is destination   number of domains configured for mls 1   vlan domain name: Skinner      current ip flow mask: destination      ip current/next global purge: false/false      ip current/next purge count: 0/0      current ipx flow mask: destination      ipx current/next global purge: false/false      ipx current/next purge count: 0/0      current sequence number: 1507018760      current/maximum retry count: 10/10      current domain state: change      domain uptime: 00:08:32      keepalive timer not running      retry timer expires in 1 seconds      change timer not running      fcp subblock count = 3      1 management interface(s) currently defined:         vlan 1 on Vlan1      2 mac-vlan(s) configured for multi-layer switching      2 mac-vlan(s) enabled for ip multi-layer switching:         mac 0050.73ff.ab38            vlan id(s)            1    2      2 mac-vlan(s) enabled for ipx multi-layer switching:         mac 0050.73ff.ab38            vlan id(s)            1    2      router currently aware of following 0 switch(es):         no switch id's currently exists in domain

The first section of Example 18-7 shows useful information such as whether IP and IPX MLS are enabled and the currently active flow masks. The next section documents aspects of the MultiLayer Switching Protocol (MLSP) such as the VTP domain name and MLSP sequence number.

Example 18-8 displays the output of show mls on the Catalyst SP.

Example 18-8 Output of show mls on the Catalyst 6000 Supervisor

   Cat6000 (enable) show mls   Total packets switched = 5683   Total Active MLS entries = 87   IP Multilayer switching aging time = 256 seconds   IP Multilayer switching fast aging time = 0 seconds, packet threshold = 0   IP Current flow mask is Destination flow   Active IP MLS entries = 55   Netflow Data Export version: 8   Netflow Data Export disabled   Netflow Data Export port/host is not configured.   Total packets exported = 0   IP MLS-RP IP    MLS-RP ID    XTAG MLS-RP MAC        Vlans   --------------- ------------ ---- ----------------- ----------------   127.0.0.12      15           1    00-50-73-ff-ab-38 1,2,3   IPX Multilayer switching aging time = 256 seconds   IPX flow mask is Destination flow   IPX max hop is 255   Active IPX MLS entries = 0   IPX MLS-RP IP   MLS-RP ID    XTAG MLS-RP MAC        Vlans   --------------- ------------ ---- ----------------- ----------------   127.0.0.12      15           1    00-50-73-ff-ab-38 1,2

Example 18-8 shows some of the statistics collected from the NFFC/PFC. For example, the total number of packets Layer 3 switched using MLS is shown on the first line. The second line displays the total number of active shortcut entries in the NFFC/PFC cache. The output also displays information on aging, flow masks, NetFlow Data Export, and IP/IPX MLS-RPs.

For more information on configuring MLS, see the "MLS" section of Chapter 11.

The Advantages and Disadvantages of MSFC Hybrid Mode

The MSFC Hybrid Mode is a very powerful feature because it combines the benefits of an RSM-like router with the Gigabit-speed Layer 3 switching of the NFFC/PFC.

Recall from Chapters 11, 14, and 15 that the RSM's most appealing feature is its very tight integration of Layer 2 and Layer 3 technology. As ports are assigned to Layer 2 VLANs on the Catalyst Supervisor, the RSM automatically places them in the appropriate Layer 3 virtual interface. This scheme is considerably more flexible and scalable than the IRB approach to Layer 2/3 integration used by router platforms such as the Catalyst 8500s (at least from a configuration and management standpoint). Because the MSFC RP functions under the same model as the RSM, it also inherits all of these benefits.

Although the tight Layer 2/3 integration of the RSM is extremely useful when creating large-scale campus networks, its software-based approach to routing can create significant bottlenecks for Gigabit-speed traffic. This is where the NFFC/PFC comes in. By providing standards-compliant, hardware-assisted Layer 3 switching capabilities, it can turbo charge the RSM or the MSFC RP. By doing so, you lose almost none of the RSM's benefits. The resulting collaboration of software and hardware creates an extremely fast yet scalable Layer 3 switching architecture.

Although many organizations have considered MLS to be nothing short of a revolution in Layer 3 switching technology, there is one downside: It requires two separate configurations using two separate user interfaces. The Layer 3 configuration must be maintained on the MSFC RP using the traditional Cisco IOS interface. On the other hand, the Layer 2 configuration must be maintained on the Catalyst Supervisor using the XDI/CatOS interface. In fact, it is the split personality nature of this approach that earns it the designation of Hybrid Mode.

Because the MSFC Hybrid Mode uses a potentially confusing mixture of two user interfaces, many organizations have asked for a way to capture the benefits of this approach to Layer 3 switching while having to deal with only a single user interface. Fortunately, this is where the MSFC Native IOS Mode comes in.