Switch Operation for the CCNP BCMSN Exam
By David Hucaby
Date: Oct 24, 2003
This chapter covers the following topics that you need to master for the CCNP BCMSN exam:
Layer 2 Switch Operation—This section describes the functionality of a switch that forwards Ethernet frames.
Multilayer Switch Operation—This section describes the mechanisms that forward packets at OSI Layers 3 and 4.
Tables Used in Switching—This section explains how tables of information and computation are used to make switching decisions. Coverage focuses on the Content Addressable Memory table, involved in Layer 2 forwarding, and the Ternary Content Addressable Memory, used in Layers 2 through 4 packet-handling decisions.
Troubleshooting Switching Tables—This section reviews the Catalyst commands that you can use to monitor the switching tables and memory. These commands can be useful when troubleshooting or tracing the sources of data or problems in a switched network.
To have a good understanding of the many features that you can configure on a Catalyst switch, you should first understand the fundamentals of the switching function itself.
This chapter serves as a primer, describing how an Ethernet switch works. It presents Layer 2 forwarding, along with the hardware functions that make forwarding possible. Multilayer switching is also explained. A considerable portion of the chapter deals with the memory architecture that performs switching at Layers 3 and 4 both flexibly and efficiently. This chapter also provides a brief overview of useful switching table management commands.
"Do I Know This Already?" Quiz
The purpose of the "Do I Know This Already?" quiz is to help you decide if you need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.
The 12-question quiz, derived from the major sections in the "Foundation Topics" portion of the chapter, helps you determine how to spend your limited study time.
Table 3-1 outlines the major topics discussed in this chapter and the "Do I Know This Already?" quiz questions that correspond to those topics.
Table 3-1 "Do I Know This Already?" Foundation Topics Section-to-Question Mapping
|
Foundation Topics Section |
Questions Covered in This Section |
|
Layer 2 Switch Operation |
1–5 |
|
Multilayer Switch Operation |
6–9 |
|
Switching Tables |
10–11 |
|
Troubleshooting Switching Tables |
12 |
CAUTION
The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.
Which of these performs transparent bridging?
Ethernet hub
Layer 2 switch
Layer 3 switch
Router
When a PC is connected to a Layer 2 switch port, how far does the collision domain spread?
No collision domain exists.
One switch port.
One VLAN.
All ports on the switch.
What information is used to forward frames in a Layer 2 switch?
Source MAC address
Destination MAC address
Source switch port
IP addresses
What does a switch do if a MAC address can't be found in the CAM table?
The frame is forwarded to the default port.
The switch generates an ARP request for the address.
The switch floods the frame out all ports (except the receiving port).
The switch drops the frame.
In the Catalyst 6500, frames can be filtered with access lists for security and QoS purposes. This filtering occurs according to which of the following?
Before a CAM table lookup
After a CAM table lookup
Simultaneously with a CAM table lookup
According to how the access lists are configured
Access list contents can be merged into which of the following?
A CAM table
A TCAM table
A FIB table
An ARP table
Multilayer switches using CEF are based on which of these techniques?
Route caching
Netflow switching
Topology-based switching
Demand-based switching
Which answer describes multilayer switching with CEF?
The first packet is routed, and then the flow is cached.
The switch supervisor CPU forwards each packet.
The switching hardware learns station addresses and builds a routing database.
A single database of routing information is built for the switching hardware.
In a switch, frames are placed in which buffer after forwarding decisions are made?
Ingress queues
Egress queues
CAM table
TCAM
What size are the mask and pattern fields in a TCAM entry?
64 bits
128 bits
134 bits
168 bits
Access list rules are compiled as TCAM entries. When a packet is matched against an access list, in what order are the TCAM entries evaluated?
Sequentially in the order of the original access list.
Numerically by the access list number.
Alphabetically by the access list name.
All entries are evaluated in parallel.
Which Catalyst 3550 command can you use to display the addresses in the CAM table?
show cam
show mac address-table
show mac
show cam address-table
You can find the answers to the quiz in Appendix A, "Answers to Chapter 'Do I Know This Already?' Quizzes and Q & A Sections." The suggested choices for your next step are as follows:
7 or less overall score—Read the entire chapter. This includes the "Foundation Topics," "Foundation Summary," and the "Q&A" section.
8–10 overall score—Begin with the "Foundation Summary" section and then follow up with the "Q&A" section at the end of the chapter.
11 or more overall score—If you want more review on these topics, skip to the "Foundation Summary" section and then go to the "Q&A" section at the end of the chapter. Otherwise, move on to Chapter 4, "Switch Configuration."
Foundation Topics
Layer 2 Switch Operation
Recall that with shared Ethernet networks using hubs, many hosts are connected to a single broadcast and collision domain. In other words, shared Ethernet media operates at OSI Layer 1.
Each host must share the available bandwidth with every other connected host. When more than one host tries to talk at one time, a collision occurs, and everyone must back off and wait to talk again. This forces every host to operate in half-duplex mode, by either talking or listening at any given time. In addition, when one host sends a frame, all connected hosts hear it. When one host generates a frame with errors, everyone hears that, too.
At its most basic level, an Ethernet switch provides isolation from other connected hosts in several ways:
The collision domain's scope is severely limited. On each switch port, the collision domain consists of the switch port itself and the devices directly connected to that port—either a single host or if a shared-media hub is connected, the set of hosts connected to the hub.
Host connections can operate in full-duplex mode because there is no contention on the media. Hosts can talk and listen at the same time.
Bandwidth is no longer shared. Instead, each switch port offers dedicated bandwidth across a switching fabric to another switch port. (These connections change dynamically.)
Errors in frames are not propagated. Each frame received on a switch port is checked for errors. Good frames are regenerated when they are forwarded or transmitted. This is known as store-and-forward switching technology, where packets are received, stored for inspection, and then forwarded.
You can limit broadcast traffic to a volume threshold.
n Other types of intelligent filtering or forwarding become possible.
Transparent Bridging
A switch is basically a multiport transparent bridge, where each switch port is its own Ethernet LAN segment, isolated from the others. Frame forwarding is based completely on the MAC addresses contained in each frame, such that the switch won't forward a frame unless it knows the destination's location. (In cases where the switch doesn't know where the destination is, it makes some safe assumptions.) Figure 3-1 shows the progression from a two-port to a multiport transparent bridge, and then to a switch.
Figure 3-1 A Comparison of Transparent Bridges and Switches
The entire process of forwarding Ethernet frames then becomes figuring out what MAC addresses connect to which switch ports. A switch must either be told explicitly where hosts are located, or it must learn this information for itself. You can configure MAC address locations through a switch's command-line interface, but this quickly gets out of control when there are many stations on the network or when stations move around.
To dynamically learn about station locations, a switch listens to incoming frames and keeps a table of address information. As a frame is received on a switch port, the switch inspects the source MAC address. If that address is not in the address table already, the MAC address, switch port, and Virtual LAN (VLAN) on which it arrived are recorded in the table. Learning the address locations of the incoming packets is easy and straightforward.
Incoming frames also include the destination MAC address. Again, the switch looks this address up in the address table, hoping to find the switch port and VLAN where the address is attached. If it is found, the frame can be forwarded on out that switch port. If the address is not found in the table, the switch must take more drastic action—the frame is forwarded in a "best effort" fashion by flooding it out all switch ports assigned to the source VLAN. This is known as unknown unicast flooding, where the unicast destination location is unknown. Figure 3-2 illustrates this process, using only a single VLAN for simplification.
A switch constantly listens to incoming frames on each of its ports, learning source MAC addresses. However, be aware that the learning process is allowed only when the Spanning Tree Protocol (STP) algorithm has decided a port is stable for normal use. STP is concerned only with maintaining a loop-free network, where frames will not be recursively forwarded. If a loop were to form, a flooded frame could follow the looped path, where it would be flooded again and again.
In a similar manner, frames containing a broadcast or multicast destination address are also flooded. These destination addresses are not unknown—the switch knows them well. They are destined for multiple locations, so they must be flooded by definition. In the case of multicast addresses, flooding is performed by default. Other more elegant means of determining the destination locations are available and are discussed in Chapter 15, "Multicast."
Follow That Frame!
You should have a basic understanding of the operations that a frame undergoes as it passes through a Layer 2 switch. This helps you get a firm grasp on how to configure the switch for complex functions. Figure 3-3 shows a typical Layer 2 Catalyst switch and the decision processes that take place to forward each frame.
Figure 3-2 Unknown Unicast Flooding
When a frame arrives at a switch port, it is placed into one of the port's ingress queues. The queues can each contain frames to be forwarded, each queue having a different priority or service level. The switch port can then be fine-tuned so that important frames get processed and forwarded before less-important frames. This can prevent time-critical data from being "lost in the shuffle" during a flurry of incoming traffic.
Figure 3-3 Operations Within a Layer 2 Catalyst Switch
As the ingress queues are serviced and a frame is pulled off, the switch must figure out not only where to forward the frame but also if it should be forwarded and how. There are three fundamental decisions to be made—one concerned with finding the egress switch port, and two concerned with forwarding policies. All of these decisions are made simultaneously by independent portions of switching hardware and can be described as follows:
L2 Forwarding Table—The frame's destination MAC address is used as an index, or key, into the Content Addressable Memory (CAM) or address table. If the address is found, the egress switch port and the appropriate VLAN ID are read from the table. (If the address is not found, the frame is marked for flooding so that it is forwarded out every switch port in the VLAN.)
Security ACLs—Access control lists (ACLs) can be used to identify frames according to their MAC addresses, protocol types (for non-IP frames), IP addresses, protocols, and Layer 4 port numbers. The Ternary Content Addressable Memory (TCAM) contains ACLs in a compiled form, such that a decision can be made on whether to forward a frame in a single table lookup.
QoS ACLs—Other ACLs can classify incoming frames according to quality of service (QoS) parameters, to police or control the rate of traffic flows, and to mark QoS parameters in outbound frames. The TCAM is also used to make these decisions in a single table lookup.
The CAM and TCAM tables are discussed in greater detail in the "CAM" and "TCAM" sections later in this chapter. After the CAM and TCAM table lookups have occurred, the frame is placed into the appropriate egress queue on the appropriate outbound switch port. The egress queue is determined by QoS values either contained in the frame or passed along with the frame. Like the ingress queues, the egress queues are serviced according to importance or time criticality; frames are sent out without being delayed by other outbound traffic.
Multilayer Switch Operation
Catalyst switches, such as the 3550 (with the appropriate Cisco IOS Software image), 4500, and 6500, can also forward frames based on Layer 3 and 4 information contained in packets. This is known as multilayer switching (MLS). Naturally, Layer 2 switching is performed at the same time, because even the higher layer encapsulations are still contained in Ethernet frames.
Types of Multilayer Switching
Catalyst switches have supported two basic generations or types of MLS—route caching (first generation MLS) and topology-based (second generation MLS). This section presents an overview of both, although only the second generation is supported in the Cisco IOS Software-based Catalyst 3550, 4500, and 6500 switch families. You should understand the two types, as well as the differences between them:
-
Route caching—The first generation of MLS, requiring a route processor (RP) and a switch engine (SE). The RP must process a traffic flow's first packet to determine the destination. The SE listens to the first packet and to the resulting destination, and sets up a "shortcut" entry in its MLS cache. The SE forwards subsequent packets in the same traffic flow based on shortcut entries in its cache.
Topology-based—The second generation of MLS, utilizing specialized hardware. Layer 3 routing information builds and prepopulates a single database of the entire network topology. This database, an efficient table lookup in hardware, is consulted so that packets can be forwarded at high rates. The longest match found in the database is used as the correct Layer 3 destination. As the routing topology changes over time, the database contained in the hardware can be updated dynamically with no performance penalty.
This type of MLS is also known by the names Netflow LAN switching, flow-based or demand-based switching, and "route once, switch many." Even if this isn't used to forward packets in IOS-based Catalyst switches, the technique still generates traffic flow information and statistics.
This type of MLS is known as Cisco Express Forwarding (CEF), where a routing process running on the switch downloads the current routing table database into the Forwarding Information Base (FIB) area of hardware. CEF is discussed in greater detail in Chapter 13, "Multilayer Switching."
Follow That Packet!
The path that a Layer 3 packet follows through a multilayer switch is similar to that of a Layer 2 switch. Obviously, some means of making a Layer 3 forwarding decision must be added. Beyond that, several sometimes-unexpected things can happen to packets as they are forwarded.
Figure 3-4 shows a typical multilayer switch and the decision processes that must occur. Packets arriving on a switch port are placed in the appropriate ingress queue, just as in a Layer 2 switch.
Each packet is pulled off an ingress queue and inspected for both Layer 2 and Layer 3 destination addresses. Now, the decision where to forward the packet is based on two address tables, whereas the decision how to forward the packet is still based on access list results. Like Layer 2 switching, all these multilayer decisions are performed simultaneously in hardware:
L2 Forwarding Table—The destination MAC address is used as an index to the CAM table. If the frame contains a Layer 3 packet to be forwarded, the destination MAC address is that of a Layer 3 port on the switch. In this case, the CAM table results are used only to decide that the frame should be processed at Layer 3.
L3 Forwarding Table—The FIB table is consulted, using the destination IP address as an index. The longest match in the table is found (both address and mask), and the resulting next-hop Layer 3 address is obtained. The FIB also contains each next-hop entry's Layer 2 MAC address and the egress switch port (and VLAN ID), so that further table lookups are not necessary.
Security ACLs—Inbound and outbound access lists are compiled into TCAM entries so that decisions whether to forward a packet can be determined as a single table lookup.
QoS ACLs—Packet classification, policing, and marking can all be performed as single table lookups in the QoS TCAM.
Figure 3-4 Operations Within a MultiLayer Catalyst Switch
As with Layer 2 switching, the packet must be finally placed in the appropriate egress queue on the appropriate egress switch port.
However, recall that during the multilayer switching process, the next-hop destination was obtained from the FIB table—just as a router would do. The Layer 3 address identified the next hop and found its Layer 2 address. Only the Layer 2 address would be used so that the Layer 2 frames could be sent on.
The next-hop Layer 2 address must be put into the frame in place of the original destination address (the multilayer switch). The frame's Layer 2 source address must also become that of the multilayer switch before it is sent on to the next hop. As any good router must do, the Time-To-Live (TTL) value in the Layer 3 packet must be decremented by one.
Because the contents of the Layer 3 packet (the TTL value) have changed, the Layer 3 header checksum must be recalculated. And because both Layer 2 and 3 contents have changed, the Layer 2 checksum must be recalculated. In other words, the entire Ethernet frame must be rewritten before it goes into the egress queue. This is also accomplished efficiently in hardware.
Multilayer Switching Exceptions
To forward packets using the simultaneous decision processes described in the preceding section, the packet must be "MLS-ready" and require no additional decisions. For example, CEF can directly forward most IP packets between hosts. This occurs when the source and destination addresses (both MAC and IP) are already known, and no other IP parameters must be manipulated.
Other packets cannot be directly forwarded by CEF and must be handled in more detail. This is done by a quick inspection during the forwarding decisions. If a packet meets criteria such as the following, it is flagged for further processing and sent to the switch CPU for process switching:
ARP requests and replies
IP packets requiring a response from a router (TTL has expired, MTU is exceeded, fragmentation is needed, and so on)
IP broadcasts that will be relayed as unicast (DHCP requests, IP helper-address functions)
Routing protocol updates
Cisco Discovery Protocol packets
IPX routing protocol and service advertisements
Packets needing encryption
Packets triggering Network Address Translation (NAT)
Other non-IP and non-IPX protocol packets (AppleTalk, DECnet, and so on)
NOTE
On the Catalyst 6500, both IP and IPX packets are CEF switched in hardware. All other protocols are handled by process switching on the MSFC module (the routing CPU). On the Catalyst 4500, only IP packets are CEF switched. All other routable protocols, including IPX, are flagged for process switching by the switch CPU.
With the Catalyst 3550, only IP is CEF switched in hardware. Other non-IP protocols are not routed at all. Instead, they are flagged for fallback bridging, where they are treated as transparently bridged (Layer 2 switched) packets. An external router or multilayer switch must handle any routing that is still needed during fallback bridging.
Tables Used in Switching
Catalyst switches maintain several types of tables to be used in the switching process. The tables are tailored for Layer 2 switching or MLS, and are kept in very fast memory so that many fields within a frame or packet can be compared in parallel.
Content Addressable Memory (CAM)
All Catalyst switch models use a Content Addressable Memory (CAM) table for Layer 2 switching. As frames arrive on switch ports, the source MAC addresses are learned and recorded in the CAM table. The port of arrival and the VLAN are both recorded in the table, along with a timestamp. If a MAC address learned on one switch port has moved to a different port, the MAC address and timestamp are recorded for the most recent arrival port. Then, the previous entry is deleted. If a MAC address is found already present in the table for the correct arrival port, only its timestamp is updated.
Switches generally have large CAM tables so that many addresses can be looked up for frame forwarding. However, there is not enough table space to hold every possible address on large networks. To manage the CAM table space, stale entries (addresses that have not been heard from for a period of time) are aged out. By default, idle CAM table entries are kept for 300 seconds before they are deleted. You can change the default setting using the following configuration command:
Switch(config)# mac address-table aging-time seconds
By default, MAC addresses are learned dynamically from incoming frames. You can also configure static CAM table entries that contain MAC addresses that might not otherwise be learned. To do this, use the following configuration command:
Switch(config)# mac address-table static mac-address vlan vlan-id interface type mod/num
Here, the MAC address (in dotted triplet hex format) is identified with the switch port and VLAN where it appears.
NOTE
Until Catalyst IOS version 12.1(11)EA1, the syntax for CAM table commands used the keywords mac-address-table. In more recent IOS versions, the syntax has changed to use the keywords mac address-table (first hyphen omitted).
What happens when a host's MAC address is learned on one switch port, and then the host moves so that it appears on a different switch port? Ordinarily, the host's original CAM table entry would have to age out after 300 seconds, while its address was learned on the new port. To avoid having duplicate CAM table entries, a switch purges any existing entries for a MAC address that has just been learned on a different switch port. This is a safe assumption because MAC addresses are unique, and a single host should never be seen on more than one switch port unless problems exist in the network. If a switch notices that a MAC address is being learned on alternating switch ports, it generates an error message that flags the MAC address as "flapping" between interfaces.
Ternary Content Addressable Memory (TCAM)
In traditional routing, ACLs can match, filter, or control specific traffic. Access lists are made up of one or more access control entities (ACEs) or matching statements that are evaluated in sequential order. Evaluating an access list can take up additional time, adding to the latency of forwarding packets.
In multilayer switches, however, all of the matching process that ACLs provide is implemented in hardware. TCAM allows a packet to be evaluated against an entire access list in a single table lookup. Most switches have multiple TCAMs so that both inbound and outbound security and QoS ACLs can be evaluated simultaneously, or entirely in parallel with a Layer 2 or Layer 3 forwarding decision.
The Catalyst IOS Software has two components that are part of the TCAM operation:
Feature Manager (FM)—After an access list has been created or configured, the Feature Manager software compiles, or merges, the ACEs into entries in the TCAM table. The TCAM can then be consulted at full frame forwarding speed.
Switching Database Manager (SDM)—You can partition the TCAM on Catalyst switches into areas for different functions. The SDM software configures or tunes the TCAM partitions, if needed.
TCAM Structure
The TCAM is an extension of the CAM table concept. Recall that a CAM table takes in an index or key value (usually a MAC address) and looks up the resulting value (usually a switch port or VLAN ID). Table lookup is fast and always based on an exact key match consisting of two input values: 0 and 1 bits.
TCAM also uses a table lookup operation but is greatly enhanced to allow a more abstract operation. For example, binary values (0s and 1s) make up a key into the table, but a mask value is also used to decide which bits of the key are actually relevant. This effectively makes a key consisting of three input values: 0, 1, and X (don't care) bit values—a three-fold or ternary combination.
TCAM entries are composed of Value, Mask, and Result (VMR) combinations. Fields from frame or packet headers are fed into the TCAM, where they are matched against the value and mask pairs to yield a result. As a quick reference, these can be described as follows:
Values are always 134-bit quantities, consisting of source and destination addresses and other relevant protocol information—all patterns to be matched. The information concatenated to form the value is dependent upon the type of access list, as shown in Table 3-2. Values in the TCAM come directly from any address, port, or other protocol information given in an ACE.
Masks are also 134-bit quantities, in exactly the same format, or bit order, as the values. Masks select only the value bits of interest; a mask bit is set to exactly match a value bit, or not set for value bits that don't matter. The masks used in the TCAM stem from address or bit masks in ACEs.
Results are numerical values that represent what action to take after the TCAM lookup occurrs. Where traditional access lists offer only a permit or deny result, TCAM lookups offer a number of possible results or actions. For example, the result can be a permit or deny decision, an index value to a QoS policer, a pointer to a next-hop routing table, and so on.
Table 3-2 TCAM Value Pattern Components
|
Access List Type |
Value and Mask Components, 134 Bits Wide (Number of Bits) |
|
Ethernet |
Source MAC (48), destination MAC (48), Ethertype (16) |
|
ICMP |
Source IP (32), destination IP (32), protocol (16), ICMP code (8), ICMP type (4), IP type of service (ToS) (8) |
|
Extended IP using TCP/UDP |
Source IP (32), destination IP (32), protocol (16), IP ToS (8), source port (16), source operator (4), destination port (16), destination operator (4) |
|
Other IP |
Source IP (32), destination IP (32), protocol (16), IP ToS (8) |
|
IGMP |
Source IP (32), destination IP (32), protocol (16), IP ToS (8), IGMP message type (8) |
|
IPX |
Source IPX network (32), destination IPX network (32), destination node (48), IPX packet type (16) |
The TCAM is always organized by masks, where each unique mask has eight value patterns associated with it. For example, the Catalyst 6500 TCAM (one for security ACLs and one for QoS ACLs) holds up to 4096 masks and 32,768 value patterns. The trick is that each of the mask-value pairs is evaluated simultaneously, or in parallel, revealing the best or longest match in a single table lookup.
TCAM Example
Figure 3-5 shows how the TCAM is built and used. This is a simple example, and might or might not be identical to the results that the Feature Manager produces. This is because the ACEs might need to be optimized or rewritten to achieve certain TCAM algorithm requirements.
Figure 3-5 How an Access List Is Merged into TCAM
The example access list 100 (extended IP) is configured and merged into TCAM entries. First, the mask values must be identified in the access list. When an address value and a corresponding address mask are specified in an ACE, those mask bits must be set for matching. All other mask bits can remain in the "don't care" state. The access list contains only three unique masks: one that matches all 32 bits of the source IP address (found with an address mask of 255.255.255.255 or the keyword host), one that matches 16 bits of the destination address (found with an address mask of 0.0.255.255), and one that matches only 24 bits of the destination address (found with an address mask of 0.0.0.255). The keyword any in the ACEs means match anything or "don't care."
The unique masks are placed into the TCAM. Then, for each mask, all possible value patterns are identified. For example, a 32-bit source IP mask (Mask 1) can be found only in ACEs with a source IP address of 192.168.199.14 and a destination of 10.41.0.0. (The rest of Mask 1 is the destination address mask 0.0.255.255.) Those address values are placed into the first value pattern slot associated with Mask 1. Mask 2 has three value patterns: destination addresses 192.168.100.0, 192.168.5.0, and 192.168.199.0. Each of these is placed in the three pattern positions of Mask 2. This process continues until all ACEs have been merged.
When a mask's eighth pattern position has been filled, the next pattern with the same mask must be placed under a new mask. A bit of a balancing act occurs to try and fit all ACEs into the available mask and pattern entries without an overflow.
Port Operations in TCAM
You might have noticed that matching strictly based on values and masks only covers ACE statements that involve exact matches (either the eq port operation keyword or no Layer 4 port operations). For example, ACEs like the following involve specific address values, address masks, and port numbers:
access-list test permit ip 192.168.254.0 0.0.0.255 any access-list test permit tcp any host 192.168.199.10 eq www
What about ACEs that use port operators, where a comparison must be made? Consider the following:
access-list test permit udp any host 192.168.199.50 gt 1024 access-list test permit tcp any any range 2000 2002
A simple logical operation between a mask and a pattern cannot generate the desired result. The TCAM also provides a mechanism for performing a Layer 4 operation or comparison, also done during the single table lookup. If an ACE has a port operator, such as gt, lt, neq, or range, the Feature Manager software compiles the TCAM entry to include the use of the operator and the operand in a Logical Operation Unit (LOU) register. Only a limited number of LOUs are available in the TCAM. If there are more ACEs with comparison operators than there are LOUs, the Feature Manager must break the ACEs up into multiple ACEs with only regular matching (using the eq operator).
In Figure 3-5, two ACEs require a Layer 4 operation:
One that checks for UDP destination ports greater than 1024
One that looks for the UDP destination port range 1024 to 2047
The Feature Manager checks all ACEs for Layer 4 operation, and places these into Logical Operation Unit (LOU) register pairs. These can be loaded with operations, independent of any other ACE parameters. The LOU contents can be reused if other ACEs need the same comparisons and values. After the LOUs are loaded, they are referenced in the TCAM entries that need them. This is shown by LOUs "A1" and the "B1:2" pair. A finite number (actually a rather small number) of LOUs are available in the TCAM, so the Feature Manager software must use them carefully.
Troubleshooting Switching Tables
If you see strange behavior in a Catalyst switch, it might be useful to examine the contents of the various switching tables. In any event, you might, at times, need to find out on which switch port a specific MAC address has been learned.
CAM Table Operation
To view the contents of the CAM table, you can use the following EXEC command:
Switch# show mac address-table dynamic [address mac-address | interface type mod/num | vlan vlan-id]
The entries that have been dynamically learned will be shown. You can add the address keyword to specify a single MAC address, or the interface or vlan keywords to see addresses that have been learned on a specific interface or VLAN.
For example, assume you need to find the learned location of the host with MAC address 0050.8b11.54da. The show mac address-table dynamic address 0050.8b11.54da command might produce the output in Example 3-1.
Example 3-1 Determining Host Location by MAC Address
Switch# show mac address-table dynamic address 0050.8b11.54da
Mac Address Table
------------------------------------------
Vlan Mac Address Type Ports
---- ----------- ---- -----
54 0050.8b11.54da DYNAMIC Fa0/1
Total Mac Addresses for this criterion: 1
Switch#
From this, you can see that the host is somehow connected to interface FastEthernet 0/1, on VLAN 54.
Suppose this same command produced no output for the interface and VLAN. What might that mean? Either the host has not sent a frame that the switch can use for learning its location, or something odd is going on. Perhaps, the host is using two network interface cards (NICs) to load balance traffic—one NIC is only receiving traffic while the other is only sending. Therefore, the switch never hears and learns the receiving-only NIC address.
To see the CAM table's size, use the show mac address-table count command. MAC address totals are shown for each active VLAN on the switch. This can give you a good idea about the size of the CAM table and how many hosts are using the network. Be aware that many MAC addresses can be learned on a switch's uplink ports.
CAM table entries can be manually cleared, if needed, by using the following EXEC command:
Switch# clear mac address-table dynamic [address mac-address | interface type mod/num | vlan vlan-id]
Frequently, you will need to know where a user with a certain MAC address is connected. In a large network, discerning at which switch and switch port a MAC address can be found might be difficult. Start out at the network's center, or core, and display the CAM table entry for the MAC address. Look at the switch port shown in the entry and move to the neighboring switch connected to that port. Then, repeat the CAM table process. Keep moving from switch to switch until you reach the edge of the network where the MAC address connects.
TCAM Operation
The TCAM in a switch is more or less self-sufficient. Access lists are automatically compiled or merged into the TCAM, so there is nothing to configure. The only concept you need to be aware of is how the TCAM resources are being used.
TCAMs have a limited number of usable mask, value pattern, and LOU entries. If access lists grow to be large, or many Layer 4 operations are needed, the TCAM tables and registers can overflow. To see the current TCAM resource usage, use the show tcam counts EXEC command. To see the current TCAM partitioning, you can use the show sdm prefer EXEC command. You can repartition the TCAM with some configuration commands, but that is beyond the scope of this book.
Foundation Summary
The Foundation Summary is a collection of tables, lists, and other information that provides a convenient review of many key concepts in this chapter. If you are already comfortable with the topics in this chapter, this summary might help you recall a few details. If you just read this chapter, this review should help solidify some key facts. If you are doing your final prep before the exam, the following information is a convenient way to review the day before the exam:
Layer 2 switches learn incoming MAC addresses and record their locations based on the inbound switch ports.
Layer 2 switching information is stored in the Content Addressable Memory (CAM) table. The CAM is consulted to find the outbound switch port when forwarding frames.
Multilayer switching looks at the Layer 2 addresses, along with Layer 3 and 4 address and port information, to forward packets.
Multilayer switching is performed in hardware using the Cisco Express Forwarding (CEF) method.
CEF builds Layer 3 destination information from routing tables and Layer 2 data. This information is stored in hardware as a Forwarding Information Base (FIB) table.
Multilayer switches can make many policy decisions in parallel, using the Ternary Content Addressable Memory (TCAM) contents.
TCAM combines a 134-bit Value, or pattern (made up of addresses, port numbers, or other appropriate fields) with a 134-bit Mask to yield a Result value. The Result instructs the switch hardware how to finish forwarding the packet.
Access lists for security (traditional router ACLs and VLAN ACLs) and QoS ACLs are compiled or merged into TCAM entries. These access lists can then be processed on each packet that passes through the switch, as a single table lookup.
As a packet exits a multilayer switch, it must be rewritten so that its header and checksum values are valid. The fields in the original packet that the switch updates are as follows:
— Source MAC address becomes the Layer 3 switch MAC address.
— Destination MAC address becomes the next-hop MAC address.
— IP TTL value is decremented by one.
— IP checksum is recomputed.
— Ethernet frame checksum is recomputed.
Table 3-3 Switching Table Commands
|
Task |
Command Syntax |
|
Set the CAM table aging time. |
mac address-table aging-time seconds |
|
Configure a static CAM entry. |
mac address-table static mac-address vlan vlan-id interface type mod/num |
|
Clear a CAM table entry. |
clear mac address-table dynamic [address mac-address | interface type mod/num | vlan vlan-id] |
|
Set privileged level password. |
enable password level 15 password |
|
View the CAM table. |
show mac address-table dynamic [address mac-address | interface type mod/num | vlan vlan-id] |
|
View the CAM table size. |
show mac address-table count |
|
View TCAM resource information. |
show tcam counts |
Q&A
The questions and scenarios in this book are more difficult than what you should experience on the actual exam. The questions do not attempt to cover more breadth or depth than the exam; however, they are designed to make sure that you know the answer. Rather than allowing you to derive the answers from clues hidden inside the questions themselves, the questions challenge your understanding and recall of the subject. Hopefully, these questions will help limit the number of exam questions on which you narrow your choices to two options and then guess.
You can find the answers to these questions in Appendix A.
By default, how long are CAM table entries kept before they are aged out?
A TCAM lookup involves which values?
How many table lookups are required to find a MAC address in the CAM table?
How many table lookups are required to match a packet against an access list that has been compiled into 10 TCAM entries?
How many value patterns can a TCAM store for each mask?
Can all packets be switched in hardware by a multilayer switch?
Multilayer switches must rewrite which portions of an Ethernet frame?
If a station only receives Ethernet frames and doesn't transmit anything, how will a switch learn of its location?
What is a TCAM's main purpose?
Why do the TCAM mask and pattern fields consist of so many bits?
In a multilayer switch with a TCAM, a longer access list (more ACEs or statements) takes longer to process for each frame. True or false?
A multilayer switch receives a packet with a certain destination IP address. Suppose the switch has that IP address in its Layer 3 forwarding table, but no corresponding Layer 2 address. What happens to the packet next?
If a multilayer switch can't support a protocol with CEF, it relies on fallback bridging. Can the switch still route that traffic?
To configure a static CAM table entry, the mac address-table static mac-address command is used. Which two other parameters must also be given?
As a network administrator, what aspects of a switch TCAM should you be concerned with?
What portion of the TCAM is used to evaluate port number comparisons in an access list?
Someone has asked you where the host with MAC address 00-10-20-30-40-50 is located. Assuming you already know the switch it is connected to, what command can you use to find it?
Complete this command to display the size of the CAM table: show mac .
What protocol is used to advertise CAM table entries among neighboring switches?
Suppose a host uses one MAC address to send frames and another to receive them. In other words, one address will always be the source address sent in frames, and the other is only used as a destination address in incoming frames. Is it possible for that host to communicate with others through a Layer 2 switch? If so, how?