MLS versus 8500s
Which method of Layer 3 switching is better, switching routers (8500s) or routing switches (MLS)? Well, as you can imagine, the real answer is, it depends. Neither option is technically superior to the other. Neither option is newer. In fact, both were released in the same month (June, 1998). Neither option is inherently faster than the other option (although in the first several revisions of both products, the 8500s have had higher throughput). Many people have therefore come to the conclusion that MLS and 8500s are interchangeable options. However, the opposite view is much closer to the truth.
From a design perspective, MLS and 8500s approach the same problem (Layer 3 switching) from completely different angles. On one hand, MLS is a technique that adds Layer 3 capabilities into predominately Layer 2 Catalysts. Think of MLS as enabling Layer 2 Catalyst Supervisors to move up into Layer 3 processing. On the other hand, the 8500s function as a pure router that, like all Cisco routers, happens to also support bridging functionality. It is not an issue of which device can or cannot do Layer 3 processing—after all, both devices can do both Layer 2 and Layer 3. Instead, the issue is what layer a device is most comfortable with (or what the device does by default).
Routing switches and switching routers both support Layer 3 switching, but they approach it from opposite directions. Routing switches are predominately Layer 2 devices that have moved up into the Layer 3 arena. Conversely, switching routers are predominately Layer 3 devices that also happen to support Layer 2 bridging.
Routing Switch Applications
From the perspective discussed in the previous paragraphs, it becomes clear that MLS is most comfortable in a more Layer 2-oriented world. Although its Layer 3 performance is very respectable, this is not what sets MLS apart from the 8500s. What does differentiate MLS is its capability to very tightly integrate Layer 2 and Layer 3 processing.
For example, designs utilizing campus-wide VLANs can benefit greatly from MLS support. Although Chapter 14 argues that campus-wide VLANs are not the best approach for most networks, they can be very effective in certain situations (for example, when specific user mobility and security issues exist). Given the router-oriented nature of the 8500s, it can be tedious to mix Layer 2 and Layer 3 processing in more than the simplest configurations (this point is discussed in more detail in the section on Integrated Routing and Bridging [IRB] at the end of the chapter).
Designs utilizing a more hierarchical approach (such as the “multilayer model” discussed in Chapter 14) can also benefit from MLS. Not only can it be used to implement the Layer 3 switching component required by this design, it can do it with considerable flexibility. One case where this flexibility can be advantageous is where the user requirements are such that you would like to have VLANs (in other words, IP subnets and IPX networks) that traverse multiple MDF switches in order to reach multiple IDF switches. For example, both a user connected to IDF-1 and another user connected to IDF-2 could be placed in the “Marketing” VLAN and have IP addresses on the same subnet.
As will be discussed later in this section, it turns out that the 8500s make it fairly difficult to implement VLANs that span multiple IDF switches. Under the 8500 approach, the recommendation is to use different VLANs on every IDF. This design looks at things from the point of view “Why do they need to be in the same VLAN/subnet?” Simply put both users in different VLANs/subnets and let the wire-speed Layer 3 performance of the 8500 route all packets between these two nodes (after all, it essentially routes and bridges at the same speed). Also, DHCP can be used to handle user-mobility problems, further minimizing the need to place these two devices in the same subnet.
Another case where MLS’ strengths shine is in the wiring closet where port densities and cost are very important issues. Placing a switching router in the wiring closet is usually cost prohibitive. Instead, high-density and cost-effective Catalyst 5000s and 6000s can be used. Where local traffic can be shortcut switched, MLS can offload processing from the backbone routers. Furthermore, the NFFC’s additional capabilities such as Protocol Filtering, IGMP Snooping, and QoS classification can be extremely useful in wiring-closet applications (in fact, this is where they are most useful).
The primary advantage of a routing switch (MLS) is its unique capability to blend Layer 2 and Layer 3 technology.
On the other hand, MLS requires that you take specific actions to fully realize the scalability benefits of Layer 3 processing. For example, Chapter 7 discussed the importance of using Layer 3 processing to break large campus networks into smaller Spanning Tree domains. However, just blindly installing MLS-capable switches does not do this. Figure 11-23 illustrates a large network containing 50 MLS-capable switches with RSMs (for simplicity, not all are shown) and 50 VLANs.
Figure 11-23. A Large MLS Network
As you can see, the net effect is a huge, flat network with lots of routers sitting on the perimeter. The RSM and the MLS processing are not creating any Layer 3 barriers. The VLAN Trunking Protocol (VTP) discussed in Chapter 12, “VLAN Trunking Protocol,” automatically puts all 50 VLANs on all 50 switches by default (even if every switch only uses two or three VLANs). Every switch then starts running 50 instances of the Spanning-Tree Protocol. If a problem develops in a single VLAN on a single switch, the entire network can quickly collapse.
Creating Layer 3 partitions when using the MLS-style of Layer 3 switching requires careful design and planning of VLANs and trunk links. Figure 11-24 illustrates one approach.
Figure 11-24. Using MLS to Create Layer 3 Partitions
In this case, VLANs have not been allowed to spread throughout the campus. Assume that that the campus represents two buildings. VLANs 1–10 have been contained with Building 1. VLANs 11–20 have been placed in Building 2. A pair of links connects the two buildings. Rather than simply creating ISL links that trunk all VLANs across to the other building, non-trunk links have been used. By placing each of these links in a unique VLAN, you are forcing the traffic to utilize Layer 3 switching before it can exit a building. Also, because VTP advertisements are sent only on trunk links, this prevents VTP’s default tendency of spreading every VLAN to every switch.
Another strategy that helps create Layer 3 barriers in an MLS network is assigning a unique VTP domain to each building. VTP advertisements are only shared between Catalysts that have matching VTP domain names. If each building has a different VTP domain name, the VLANs are contained.
Switching Router Applications
Although it is certainly possible to create Layer 3 partitions using MLS technology with techniques like that shown in Figure 11-24, it is not the default behavior, and it can get tricky in certain topologies. This is where the switching router approach of the 8500s excels. Because 8500s are simply a faster version of the traditional Cisco router, they automatically create Layer 3 barriers that are the key to network stability and scalability. For example, 8500s do not run the Spanning-Tree Protocol unless bridging is specifically enabled. Similarly, the 8500s do not pass VLANs by default. Instead, they terminate VLANs and then route them into other VLANs. Therefore, you must take specific steps (such as enabling bridging) on an 8500 to not get the benefits of Layer 3 partitions. Figure 11-25 illustrates this point.
Figure 11-25. Using an 8500 to Link Layer 2 Catalysts
Without any special effort on the part of the Catalyst 5000s, the 8500s automatically isolate each building behind a Layer 3 barrier. This provides many benefits such as improved Spanning Tree stability and performance, easier configuration management, and improved multicast performance.
The primary advantage of switching routers (8500s) is simplicity. They allow a network to be as simple as the old router and hub design while also having the performance of modern-day switching.
Notice that the Catalyst 8500 is such a Layer 3-oriented box that it essentially has no concept of a VLAN. Yes, it does support bridge groups, an alternate means of creating multiple broadcast domains. However, it currently does not directly support VLANs and all of the VLAN-related features you find on more Layer 2-oriented platforms such as the Catalyst 5000 and 6000 (such as VTP and Dynamic VLANs). This essentially brings the discussion full circle to the opening point of this section: if you need a box with sophisticated Layer 2 features such as VLANs, VTP, and DISL/DTP, but you also need high-performance Layer 3 switching, go with MLS. If, on the other hand, you desire the simplicity of a traditional router-based network, 8500s are the solution of choice.
One implication of the discussion in this section is that 8500s virtually require a design that does not place the same VLAN/subnet on different IDF switches (it can be done through IRB, but, as discussed early, the use of IRB on a large scale should be avoided). On the other hand, the more Layer 2-oriented nature of MLS makes it fairly easy to have a single VLAN connect to multiple IDF switches.