Cisco Systems EA6500 Manual De Usuario
19-4
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E
78-14099-04
Chapter 19 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1
Understanding How IP MLS Works
•
Security ACLs—Does not affect flow mask.
•
Reflexive ACLs—Does not affect flow mask.
•
TCP intercept—Does not affect flow mask.
•
Policy Based Routing (PBR)—Does not affect flow mask.
•
ISLB (IOS Server Load Balancing)—When packets are processed by the ISLB process, a
full-flow-ip mask is used.
full-flow-ip mask is used.
•
WCCP (Web Cache Control Protocol)—When packets are processed by WCCP, a full-flow-ip mask
is used.
is used.
Note
A full-flow-ip mask is used if the if the Web Cache engines are Layer-2 adjacent to the
switch. If the Web Cache engines are not Layer-2 adjacent, then GRE encapsulation needs
to be configured to send packets to the Web Cache engines and in that the flow mask is not
affected because the packets are processed in software.
switch. If the Web Cache engines are not Layer-2 adjacent, then GRE encapsulation needs
to be configured to send packets to the Web Cache engines and in that the flow mask is not
affected because the packets are processed in software.
•
CBAC (Context-Based Access Control)—Does not affect flow mask.
•
Unicast RPF—When unicast RPF is configured with the ip verify unicast command, the flow mask
is changed by the Layer 3 manager to source-destination-ip mask.
is changed by the Layer 3 manager to source-destination-ip mask.
•
Netflow Data export (NDE)—The flow mask used is determined by the mls flow ip command.
•
QoS Microflow policing—When packets are processed by microflow policing, a full-flow-ip mask
is used.
is used.
Layer 3-Switched Packet Rewrite
When a packet is Layer 3 switched from a source host to a destination host, the PFC performs a packet
rewrite based on information learned from the MSFC and stored in the MLS cache.
rewrite based on information learned from the MSFC and stored in the MLS cache.
If Host A and Host B are on different VLANs and Host A sends a packet to the MSFC to be routed to
Host B, the PFC recognizes that the packet was sent to the MAC address of the MSFC. The PFC checks
the MLS cache and finds the entry matching the flow in question.
Host B, the PFC recognizes that the packet was sent to the MAC address of the MSFC. The PFC checks
the MLS cache and finds the entry matching the flow in question.
When the PFC receives the packet, it is formatted (conceptually) as follows:
The PFC rewrites the Layer 2 frame header, changing the destination MAC address to the MAC address
of Host B and the source MAC address to the MAC address of the MSFC (these MAC addresses are
stored in the MLS cache entry for this flow). The Layer 3 IP addresses remain the same, but the IP header
Time to Live (TTL) is decremented and the checksum is recomputed. The PFC rewrites the switched
Layer 3 packets so that they appear to have been routed by a router.
of Host B and the source MAC address to the MAC address of the MSFC (these MAC addresses are
stored in the MLS cache entry for this flow). The Layer 3 IP addresses remain the same, but the IP header
Time to Live (TTL) is decremented and the checksum is recomputed. The PFC rewrites the switched
Layer 3 packets so that they appear to have been routed by a router.
The PFC forwards the rewritten packet to Host B’s VLAN (the destination VLAN is stored in the MLS
cache entry) and Host B receives the packet.
cache entry) and Host B receives the packet.
Frame Header
IP Header
Payload
Destination
Source
Destination
Source
TTL
Checksum
Data
Checksum
MSFC MAC
Host A
MAC
MAC
Host B IP
Host A IP n
calculation1