MSFC Hybrid Mode Layer 3 Switching
The second phase of Layer 3 switching for the Catalyst 6000 family introduced the Hybrid Mode for the Multilayer Switch Feature Card (MSFC). This introduced the Multilayer Switching (MLS) style Layer 3 switching to the Catalyst 6000 platform.
This section discusses the hardware used by the MSFC Hybrid Mode as well as configuration concepts and syntax. This section also discusses the advantages and disadvantages of this approach.
MSFC Hybrid Mode Hardware
From a hardware perspective, the MSFC is extremely similar to the Route Switch Feature Card (RSFC) that is available for the Catalyst 5000s. The MSFC installs as a pair of daughter cards to the Catalyst 6000 Supervisor. After installation, the Supervisor consists of three components:
- The Supervisor itself (also referred to as a Switch Processor [SP])
- The PFC—An MLS SP engine very similar to the Catalyst 5000 NetFlow Feature Card (NFFC).
- The MSFC—A Route Processor (RP) engine.
Figure 18-2 illustrates these three components.
Figure 18-2. MSFC Components
The Supervisor/SP contains a RISC CPU and the ASICs necessary to perform the duties of a Layer 2 switch. The PFC uses technology similar to the NFFC discussed in the “MLS” section of Chapter 11. Functioning as a flexible pattern matching and rewrite engine, it can be used to provide a wide range of high-speed features such as Layer 3 switching, Quality/Class of Service (QoS/CoS), multicast support, and security filtering. From a Layer 3 switching perspective, it provides the MLS-SE shortcut services discussed in Chapter 11. (Technically speaking, the PFC replaces the Layer 2 forwarding ASIC on the Supervisor and also assumes these duties.)
The MSFC daughter card is derived from the NPE-200 used in the Cisco 7200 routers. Being a high-performance and feature-rich router, it handles the MLS-RP end of the MLS scheme and routes the first packet in every IP and IPX flow. It can also be used to provide software-based routing for other protocols such as AppleTalk and DECnet (expect forwarding rates of approximately 125,000 –150,000 pps).
In short, the MSFC Hybrid Mode offers the equivalent of a souped up Catalyst 5000 Route Switch Module (RSM) and NFFC in a single-slot solution.
MSFC Hybrid Mode Configuration Concepts
Configuring the MSFC Hybrid Mode is virtually identical to RSM-based MLS configurations discussed in the “Configuring MLS” section of Chapter 11. It uses the same interface vlan vlan_number concepts for its configuration. Routing protocols and other features use the same RSM-like commands.
The MSFC RP is also similar to the RSM in that it uses a full IOS image, thereby creating the same split personality seen in the RSM sections of Chapter 11. When connected to the console port of the Catalyst Supervisor, you are presented with the usual set, clear, and show commands available in all Catalysts using the XDI/CatOS interface. However, by using the session command, you create a virtual connection to the MSFC RP. This instantly transforms you from the world of Catalyst XDI/CatOS to the realm of router IOS.
Recall from Chapter 11 that the session command requires a parameter consisting of the router’s slot number. In the case of the RSM, this can easily be determined by visual inspection. In the case of the MSFC RP, which operates as a daughter card in Slot 1 and/or Slot 2, the numbering scheme is less obvious because it uses a virtual slot number. One way to determine the appropriate slot is to use the show module command as seen in Example 18-5.
Example 18-5 Using the show module Command to Determine the MSFC RP Virtual Slot Number
Cat6000 (enable) show module Mod Slot Ports Module-Type Model Status --- ---- ----- ------------------------- ------------------- -------- 1 1 2 1000BaseX Supervisor WS-X6K-SUP1-2GE ok 15 1 1 Multilayer Switch Feature WS-F6001-RSFC ok 3 3 24 100BaseFX MM Ethernet WS-X6224-100FX-MT ok 4 4 24 100BaseFX MM Ethernet WS-X6224-100FX-MT ok 5 5 8 1000BaseX Ethernet WS-X6408-GBIC ok 6 6 48 10/100BaseTX (RJ-45) WS-X6248-RJ-45 ok Mod Module-Name Serial-Num --- ------------------- ----------- 1 SAD03070893 15 3024158973 3 SAD03080262 4 SAD03080421 5 SAD03040595 6 SAD03142742 Mod MAC-Address(es) Hw Fw Sw --- -------------------------------------- ------ ---------- ----------------- 1 00-50-54-6c-a9-e6 to 00-50-54-6c-a9-e7 1.4 5.1(1) 4.2(0.24)DAY35 00-50-54-6c-a9-e4 to 00-50-54-6c-a9-e5 00-50-3e-05-58-00 to 00-50-3e-05-5b-ff 15 00-50-73-ff-ab-00 to 00-50-73-ff-ab-ff 0.305 12.0(2.6)T 12.0(2.6)TW6(0.14) 3 00-50-54-6c-a5-34 to 00-50-54-6c-a5-4b 1.2 4.2(0.24)V 4.2(0.24)DAY35 4 00-50-54-6c-a4-74 to 00-50-54-6c-a4-8b 1.2 4.2(0.24)V 4.2(0.24)DAY35 5 00-50-f0-a8-44-64 to 00-50-f0-a8-44-6b 1.4 4.2(0.24)V 4.2(0.24)DAY35 6 00-50-f0-aa-58-38 to 00-50-f0-aa-58-67 1.0 4.2(0.24)V 4.2(0.24)DAY35 Mod Sub-Type Sub-Model Sub-Serial Sub-Hw --- ----------------------- ------------------- ----------- ------ 1 L3 Switching Engine WS-F6K-PFC SAD03152173 0.205 Cat6000 (enable)
Notice that the second line (marked in bold type) under the uppermost headers in Example 18-5 lists the MSFC RP as a Multilayer Switch Feature WS-F6001-RSFC in Slot 15.
Note
Example 18-5 shows the output of a 6009/6509 containing a single Supervisor in Slot 1. An MSFC physically located in Slot 2 uses a virtual slot number of 16. A 6006/6506 also uses Slots 15 and 16.
Therefore, by entering the command session 15, you are connected to the MSFC RP where you can enter router commands.
- Tip
Although the numbering pattern is fairly simple, use the show module command to determine and remember the virtual slot numbers used by MSFC RP modules.
Configuring MLS with MSFC Hybrid Mode
As with the RSM and Catalyst 5000 Supervisor MLS configurations, the Layer 2 Catalyst Supervisor has MLS processing enabled by default (in fact, it currently cannot be disabled on a Catalyst 6000). Also similar to MLS on the 5000s, the MSFC RP is not configured to provide MLS service by default. To add MLS to an already functioning MSFC RP router configuration, complete the following four-step process:
- Globally enable MLS on the RP with the mls rp ip command. (You can also use mls rp ipx for the IPX protocol.)
- Configure a VLAN Trunking Protocol (VTP) domain for each VLAN interface using the mls rp vtp-domain domain_name command.
- Enable MLS on each VLAN interface using the mls rp ip or mls rp ipx commands.
- Select one or more router interfaces to send MLSP packets using the mls rp management-interface command.
Note
Chapter 11 presented this list as a five-step list because it included a step (Step 3) to configure non-trunk links on external routers. Because this is not necessary for integrated routers such as the MSFC RP, this step has been omitted here.
For example, the configuration displayed in Example 18-6 enables MLS for VLANs 1 through 3 on an MSFC RP (both IP and IPX are configured)
Example 18-6 A Complete MSFC RP Configuration for MLS
no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname MSFC-RP ! boot system flash bootflash:c6msfc-js-mz.120-2.6.TW6.0.14.bin ! ! ip subnet-zero ! ip cef ipx routing 0000.2100.0000 mls rp ip mls rp ipx ! ! interface Vlan1 ip address 10.0.1.2 255.255.255.0 no ip redirects no ip directed-broadcast no ip route-cache cef ipx network A000100 mls rp vtp-domain Skinner mls rp management-interface mls rp ip mls rp ipx standby 1 timers 1 3 standby 1 priority 200 preempt standby 1 ip 10.0.1.1 ! interface Vlan2 ip address 10.0.2.2 255.255.255.0 no ip redirects no ip directed-broadcast no ip route-cache cef ipx network A000200 mls rp vtp-domain Skinner mls rp ip mls rp ipx standby 2 timers 1 3 standby 2 priority 100 preempt standby 2 ip 10.0.2.1 ! interface Vlan3 ip address 10.0.3.1 255.255.255.0 no ip directed-broadcast no ip route-cache cef ipx network A000300 mls rp vtp-domain Skinner mls rp ip mls rp ipx ! router eigrp 1 passive-interface Vlan1 passive-interface Vlan2 network 10.0.0.0 ! ip classless no ip http server ! ! line con 0 transport input none line vty 0 4 login ! end
Note that the configuration in Example 18-6 is functionally equivalent to the MSM configuration shown in Example 18-3.
Example 18-7 shows the results of show mls rp on the MSFC RP.
Example 18-7 Output of show mls rp on MSFC RP
MSFC-RP# show mls rp ip multilayer switching is globally enabled ipx multilayer switching is globally enabled ipx mls inbound acl overide is globally disabled mls id is 0000.2100.0000 mls ip address 127.0.0.12 mls ip flow mask is destination mls ipx flow mask is destination number of domains configured for mls 1 vlan domain name: Skinner current ip flow mask: destination ip current/next global purge: false/false ip current/next purge count: 0/0 current ipx flow mask: destination ipx current/next global purge: false/false ipx current/next purge count: 0/0 current sequence number: 1507018760 current/maximum retry count: 10/10 current domain state: change domain uptime: 00:08:32 keepalive timer not running retry timer expires in 1 seconds change timer not running fcp subblock count = 3 1 management interface(s) currently defined: vlan 1 on Vlan1 2 mac-vlan(s) configured for multi-layer switching 2 mac-vlan(s) enabled for ip multi-layer switching: mac 0050.73ff.ab38 vlan id(s) 1 2 2 mac-vlan(s) enabled for ipx multi-layer switching: mac 0050.73ff.ab38 vlan id(s) 1 2 router currently aware of following 0 switch(es): no switch id's currently exists in domain
The first section of Example 18-7 shows useful information such as whether IP and IPX MLS are enabled and the currently active flow masks. The next section documents aspects of the MultiLayer Switching Protocol (MLSP) such as the VTP domain name and MLSP sequence number.
Example 18-8 displays the output of show mls on the Catalyst SP.
Example 18-8 Output of show mls on the Catalyst 6000 Supervisor
Cat6000 (enable) show mls Total packets switched = 5683 Total Active MLS entries = 87 IP Multilayer switching aging time = 256 seconds IP Multilayer switching fast aging time = 0 seconds, packet threshold = 0 IP Current flow mask is Destination flow Active IP MLS entries = 55 Netflow Data Export version: 8 Netflow Data Export disabled Netflow Data Export port/host is not configured. Total packets exported = 0 IP MLS-RP IP MLS-RP ID XTAG MLS-RP MAC Vlans --------------- ------------ ---- ----------------- ---------------- 127.0.0.12 15 1 00-50-73-ff-ab-38 1,2,3 IPX Multilayer switching aging time = 256 seconds IPX flow mask is Destination flow IPX max hop is 255 Active IPX MLS entries = 0 IPX MLS-RP IP MLS-RP ID XTAG MLS-RP MAC Vlans --------------- ------------ ---- ----------------- ---------------- 127.0.0.12 15 1 00-50-73-ff-ab-38 1,2
Example 18-8 shows some of the statistics collected from the NFFC/PFC. For example, the total number of packets Layer 3 switched using MLS is shown on the first line. The second line displays the total number of active shortcut entries in the NFFC/PFC cache. The output also displays information on aging, flow masks, NetFlow Data Export, and IP/IPX MLS-RPs.
For more information on configuring MLS, see the “MLS” section of Chapter 11.
The Advantages and Disadvantages of MSFC Hybrid Mode
The MSFC Hybrid Mode is a very powerful feature because it combines the benefits of an RSM-like router with the Gigabit-speed Layer 3 switching of the NFFC/PFC.
Recall from Chapters 11, 14, and 15 that the RSM’s most appealing feature is its very tight integration of Layer 2 and Layer 3 technology. As ports are assigned to Layer 2 VLANs on the Catalyst Supervisor, the RSM automatically places them in the appropriate Layer 3 virtual interface. This scheme is considerably more flexible and scalable than the IRB approach to Layer 2/3 integration used by router platforms such as the Catalyst 8500s (at least from a configuration and management standpoint). Because the MSFC RP functions under the same model as the RSM, it also inherits all of these benefits.
Although the tight Layer 2/3 integration of the RSM is extremely useful when creating large-scale campus networks, its software-based approach to routing can create significant bottlenecks for Gigabit-speed traffic. This is where the NFFC/PFC comes in. By providing standards-compliant, hardware-assisted Layer 3 switching capabilities, it can turbo charge the RSM or the MSFC RP. By doing so, you lose almost none of the RSM’s benefits. The resulting collaboration of software and hardware creates an extremely fast yet scalable Layer 3 switching architecture.
Although many organizations have considered MLS to be nothing short of a revolution in Layer 3 switching technology, there is one downside: It requires two separate configurations using two separate user interfaces. The Layer 3 configuration must be maintained on the MSFC RP using the traditional Cisco IOS interface. On the other hand, the Layer 2 configuration must be maintained on the Catalyst Supervisor using the XDI/CatOS interface. In fact, it is the split personality nature of this approach that earns it the designation of Hybrid Mode.
Because the MSFC Hybrid Mode uses a potentially confusing mixture of two user interfaces, many organizations have asked for a way to capture the benefits of this approach to Layer 3 switching while having to deal with only a single user interface. Fortunately, this is where the MSFC Native IOS Mode comes in.