tricks l3 switch

8/13/2019 Tricks L3 Switch

1/4

I received a rather thoughtful question about the NMNET configuration in Snoqualmie, andthough I would take this opportunity to pass along some information that most people may not becompletely aware of (or perhaps care about) related to the 6500 specifically, but generally moreor less applies to all L3 switches in some way.

Whats an L3 Switch?Pardon the history here, but I think it will help you understand why things are the way they aretoday

As much as 10 years ago, the term L3 Switch was quite the buzzword, causing a mix ofemotions across sales and engineering groups, depending on the experiences with the systems.Originally, an L3 switch was one that had some level of routing capability within the chassis, andcould not only switch at layer 2, but could also handle the cross-VLAN traffic very cool indeed

Originally, long before the idea of VLANs, there would be a routing connecting between switchingdomains with individual interfaces. Then, when the concept of VLANs could allow logicalsegmentation within the switch, and more importantly, VLANs could be tagged (or trunked)across a single cable, there would be one big router at the heart of the network, which wasresponsible for switching all traffic between VLANs. It typically was called a one-armed routerbecause all traffic came and left on the same physical interface, but different logical VLANs within

that physical path.

This was no different for the 6500. Originally, there was the supervisor module, which had norouting capability at all It was a very fast switch. Then Cisco created a module called a RSM(Routing Switch Module), and later the MSM which actually took a slot in the chassis. It had fourvirtual Gigabit interfaces, which could be configured as trunks on the switching platform. TheMSM had to be configured separately, even though it was within the chassis. It had its ownconsole port, and would be configured with its own IP address to be reached inband. It wasliterally just a router which used the backplane power, and connected via the backplane to theswitching fabric. It was pretty cool, but had some serious limitations and configuration announce.For example, the interfaces actually had to be configured as sub-interfaces, including the Dot1Qcommands, to use trunks. If you wanted to use all four Gig ports as a single 4G channel, you hadto create a etherchannel/portchannel configuration between the backplane and the MSM. It was

VERY cumbersome and difficult to support, but was better than the one-armed router.

Next, came the MSFC, which was a very expensive option. It was an integrated RSM/MSM builtas a daughter card on the Supervisor card, so you didnt waste a slot. It still was a separateprocessing unit, but shared the backplane with the supervisor, and therefore had much morebandwidth available to it. There were also some significant improvements to the configuration.For example, the MSFC understood the concept of the VLAN, and was logically separated fromthe connection with the backplane, since much of that was done in the background. However,much of the same functionality was retained.

Today, although you COULD purchase a supervisor without an MSFC, there would be no costadvantage to doing so.

Code and Features?When the MSFC first came out, it ran an independent version of code, separate and distinct fromthe switching supervisor. The two units shared (and still do, actually) the console port, and someof the flash memory. Essentially, if you wanted to configure ports, you configured them on theswitch. If you wanted to manipulate routing, it was done on the MSFC, which again, is nothingmore than an integrated router with some VLAN intelligence. This original configuration wascalled a hybrid. When Cisco ships out supervisors, this is the configuration they still come in.For better or worse, this configuration was by far the most simple to support, and has historicallybeen the most reliable in fail-over scenarios. Not until recently has any other configuration beenas stable.


2/4

Recently (within the last 5 or so years) Cisco decided that supporting CatOS and IOS at the sametime on the same device was costing too much, so they chose to move everything to a singlecode look and feel. So, how do you do that when there are two separate modules runningdifferent code? The same way we make any two things talk in the network they shareinformation between themselves behind the scenes.

In what is now called Native IOS configurations, the supervisor and MSFC appear to run thesame code, and indeed the same file is loaded by both. However, each device runs a verydifferent portion of the code. Both physical modules communicate with each other using thebackplane, and running their independent sections of code. Most of this is behind the scenesexcept when it breaks. 8-D

So what is actually happening when you configure things on a Native IOS system?

How does an IP Interface work then?One thing that seems to make people very excited about Native IOS on Catalyst systems is thatyou can have so many routed interfaces. Well, you could have just as many on the Hybridversion, but it actually did require a bit more work, which is now all done behind the scenes. Inthe Hybrid, you would create a VLAN for each network you wish to have as a routing domain,

map a port to it, and assign an IP on the MSFC to that VLAN. The same thing occurs in NativeIOS, but most people are not aware of this. To demonstrate this, look at this output, which youmay not have seen before.

DRCATL01#show vl an i nt er nal usage

VLAN Usage- - - - - - - - - - - - - - - - - - - - - - - -1006 onl i ne di ag vl an01007 onl i ne di ag vl an11008 onl i ne di ag vl an21009 onl i ne di ag vl an31010 onl i ne di ag vl an4

1011 onl i ne di ag vl an51012 PM vl an pr ocess ( t r unk taggi ng)1013 L3 mul t i cast par t i al shor t cut s1014 L3 mul t i cast r out ed port aggr egat i on1015 Gi gabi t Et her net8/ 11016 Gi gabi t Et her net8/ 21017 Gi gabi t Et hernet8/ 141018 Gi gabi t Et hernet8/ 151019 ATM6/ 0/ 01020 Gi gabi t Et her net8/ 31021 Gi gabi t Et her net8/ 41022 Ser i al 11/ 1/ 01023 ATM6/ 0/ 0. 4201024 ATM11/ 0/ 0

1030 ATM11/ 0/ 0. 3091032 ATM11/ 0/ 0. 4011034 ATM11/ 0/ 0. 4041035 Fast Et hernet3/ 11036 Fast Et hernet3/ 31037 Fast Et hernet3/ 171038 Fast Et hernet3/ 20

Now, lets look at which ports are up and routed:


3/4

DRCATL01# show i nt erf aces st atus | i n connect ed. *r out edFa3/ 1 NET MGMT I SMATL01 connect ed r out ed f ul l 10010/ 100BaseTXFa3/ 3 To ATSSG001 GI G_ET connect ed r outed f ul l 10010/ 100BaseTXFa3/ 17 104. 23_ATSSG02_GE- connect ed r out ed f ul l 10010/ 100BaseTXFa3/ 20 06. 05 ATPRAMS1 connect ed r out ed a- f ul l a- 10010/ 100BaseTXGi 8/ 1 NET To NRCATL01 G0 connect ed r outed f ul l 10001000BaseSXGi 8/ 2 NET To NRCATL02 G0 connect ed r outed f ul l 10001000BaseSXGi 8/ 3 NET 05. 1 CRCATL01_ connect ed r out ed f ul l 1000Gi 8/ 4 NET 05. 2 CRCATL02_ connect ed r out ed f ul l 1000Gi 8/ 14 NET 121. 07_ORCATL0 connect ed r outed f ul l 10001000BaseSXGi 8/ 15 NET 121. 08_ORCATL0 connect ed r outed f ul l 10001000Base

All of the above interfaces (and some others not listed by this command, such as WANinterfaces) appear in the list of VLANs. In other words, the switch has assigned VLANs to theseports, and mapped it to a logical (hidden) port, and tied that to a physical port. It is significantlymore complex on the backside, but appears simpler to the user.

So when you really look under the covers, there is little or no difference in operation between theNative IOS and Hybrid switching functions with regards to routed ports The difference is that inone system, the MSFC is simply a router with only VLAN intelligence, while the other actuallyuses software to build some of the backend configuration without the user being aware of it.

How does this apply to the MSFC trick I did in Snoqualmie? Well, I used the router in the MSFCto route between the VLANs, rather than send the traffic to the FWM. You can get to them by

one of several ways

1) SSH to either ISMSNQ01 or ISMSNQ02, then issue session 15 to change VTY consolecontrol to the MSFC. Give the ops password, then the standard CORENET Enablepassword, and you are in.

2) Telnet to any of the IP addresses on any of the VLANs, with the lower address being the*02, and the higher being the *03, and give the same passwords as above.

3) Go through the console port, authenticate using TACACS, then execute switch consoleto switch the control of the physical console. Switch it back by executing three times.

There may be other ways, but I cant think of them at this time

One very important note The most direct route to the MSFC in Snoqualmie from Atlanta is viathe CRMSNQ, which will connect to VLAN321, using either IP 5.196.0.34 (ISMSNQ01) or5.196.0.35 (ISMSNQ02). If there are other problems on the NMNET network, this is the best wayto access the network in Snoqualmie, because it cuts out several hops and routes.

Whats the advantage of an L3 switch?Well, there are some advantages Here are a few:

1) The bandwidth between switching planes is much more available2) There is a lower latency, because fewer physical systems touch the packet


4/4

3) The packet can be L2.5 switched, by the PFC (Policy Feature Card) or some other suchthing, by building a forwarding cache which will not require examining by the MSFC.

4) Physical Advantagesa. Fewer devicesb. Less power requirementsc. Lower maintenance costs since maintenance is typically by chassisd. Less rack space

Other things about the 6500s that you may not knowOther cards such as the Flexwan card use the same VLAN features and tricks with VLANcommunication across the backplane. In fact, a Flexwan is really nothing more than a pair of7206 routers with a single processor for each slot. The Flexwan card is a completely separateentity, running independent code. Recall the ATM entries above. Here is some other outputyou may not have seen or realized.

DRCATL01#i pc- conEnt er i nt er f ace sl ot t o connect t o: 11Ent er i nt er f ace cpu t o connect t o: 0Ent er i ng CONSOLE f or sl ot 11Type " C C C" t o end t hi s sessi on

CWPA- Sl ot 11/ 0>enCWPA- Sl ot 11/ 0#show cwan vl anHi dden VLAN Dr acoMacAddr I nter f ace- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1022 ( 3FE ) 000b. 4568. 084a Seri al 11/ 1/ 01024 ( 400 ) 000b. 4568. 084a ATM11/ 0/ 01030 ( 406 ) 000b. 4568. 084a ATM11/ 0/ 0. 3091032 ( 408 ) 000b. 4568. 084a ATM11/ 0/ 0. 4011034 ( 40A ) 000b. 4568. 084a ATM11/ 0/ 0. 404- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Def er r ed VLAN Dr acoMacAddr I nter f ace

CWPA- Sl ot 11/ 0#di rDi r ector y of boot f l ash: /

1 - r w- 1988122 Nov 26 2002 05: 48: 53 +00: 00 cwpa. bundl ed

7602176 byt es t otal ( 5613924 byt es f r ee)

This card runs independent code, which is pushed down by the MSFC during the boot process, ifneeded. The interfaces communicate with the MSFC via these hidden VLANs. The Flexwanswitches switch traffic off the VLAN to the interface, and vice versa. They even have anassigned MAC which appears in the MAC list on the supervisor/MSFC.

So, when you look at it based on what is actually going on behind the scenes, it really isnt so

complicated And, ultimately it is many pieces bolted onto the original switching fabric of the oldCatOS 6500s.

So, whether we like it or not, Native IOS is here to stay, along with all the features and problemsthat come along with it because of all the under the covers tricks it must do to make things easyto configure 8-D

tricks l3 switch

Documents