Cisco - Deploying IP Switching Protocols 312

312 0986_05F9_c2 1 © 1999, Cisco Systems, Inc. Deploying IP Switching Solutions Session 312 312 0986_05F9_c2 © 1999...

36 downloads 821 Views 1MB Size Report

This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
Report copyright / DMCA form

DOWNLOAD PDF

312 0986_05F9_c2

1

© 1999, Cisco Systems, Inc.

Deploying IP Switching Solutions Session 312

312 0986_05F9_c2


Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 0986_05F9_c2.scr

2

1

Introduction/Agenda

• Many Switching Paths • Evolution • Benefits/Trade Offs • Some Switching Paths Deprecated

312 0986_05F9_c2


3

Switching Evolution

312 0986_05F9_c2



4

2

Process Switching

• Process context • Earliest Cisco IOS ™ switching mode • Least performance • Uses IP routing table

312 0986_05F9_c2


5

Deployment Information

• Available in all platforms • Available by default

312 0986_05F9_c2



6

3

Fast Switching

Frame Packet

Packet

IP Cache

Packet

Frame Packet

Layer 3 Switching Layer 2 Rewrite

• Interrupt level • IP cache lookup 312 0986_05F9_c2

7


Fast Switching Process Switching

Frame Packet

No IP Cache

Yes Frame Packet

• Cache on demand • Require process switching • Traffic driven 312 0986_05F9_c2



8

4

Fast Switching

• Recursion resolution at process level • Classfull • Per-destination load sharing • Cache entries aged to limit the cache size

312 0986_05F9_c2

9


Fast Switching • Overhead inherent to cache maintenance Route change Interface state change Configuration change

• Assumes finite number of active flows 312 0986_05F9_c2



10

5


• Available in all platforms • Enabled using the ‘ip route-cache’ interface command • Deprecated

312 0986_05F9_c2


11

Autonomous/SSE Switching • Hardware/microcode assist • Extension of fast switching cache • Increased performance/reduce functionality • Cache misses bubble up the packet • Same issues as fast switching • Now deprecated 312 0986_05F9_c2



12

6

Optimum Switching

• Extension of fast switching • Optimum cache • Optimized for higher performance • Same issues • Deprecated in Cisco IOS 12.0 312 0986_05F9_c2

13


Distributed Fast Switching RSP

• Available with intelligent IPs • Distributed cache

IP VIP First Packet Subsequent Packets

312 0986_05F9_c2



14

7


• Available in Cisco 7500/7200 • Enabled using the ‘ip route-cache optimum’ interface command • Deprecated

312 0986_05F9_c2

15


Evolution: SPD

• Selective Packet Discard • Major route change causes cache churn • Triggers large number of packets to process level • Overwhelms CPU and causes control packet drop • Causes prolonged instability 312 0986_05F9_c2

• SPD to differentiate control traffic • Precedence bit used to mark control packets (e.g. BGP updates) • Avoids dropping control packet • Increased system stability



16

8

Cisco Express Forwarding

• New topology driven architecture • Main components Forwarding Information Base (FIB) Adjacency table

• No process switching of packets 312 0986_05F9_c2

17



312 0986_05F9_c2

Routing Table

ARP/Map Table

FIB Table

Adjacency Table



18

9

Adjacency Table

• Maintains IP address to Mac-rewrite mapping • Populated by ARP table, Frame Relay map table and ATM map table, etc. • Mac-rewrite of the nexthop is all that’s required to switch packet 312 0986_05F9_c2

19


FIB Table • • • • • •

Shadow copy of the IP routing table Classless Routing protocol independent One for each route in IP routing table Each entry has one or more path Each path has nexthop IP address and nexthop interface • Each path points to an adjacency 312 0986_05F9_c2



20

10

CEF Operation • FIB entry created when routes are added to IP routing table • If connected, new FIB entry points to the corresponding adjacency • Ready to switch packets • Non-connected prefix requires more work 312 0986_05F9_c2

21


CEF Operation

• Recursion resolution • Done in the background • Recursive lookup for non-connected nexthop to find the connected nexthop • Once resolved, ready to switch

312 0986_05F9_c2



22

11

CEF Switching

Frame Packet

FIB

Packet

Packet

Frame Packet

Layer 3 Switching Layer 2 Rewrite

• Interrupt level • FIB entry look up 312 0986_05F9_c2

23


CEF Switching Routing Information Base

FIB

Frame Packet In

Adjacency Information

Frame Packet Out

• If FIB lookup fails, packets are dropped • Full knowledge at interrupt level 312 0986_05F9_c2



24

12

Distributed CEF FIB

RIB CEF Process

RP

ADJ

ARP

Inter-Process Communication (IPC)

CEF Process FIB

312 0986_05F9_c2

ADJ

CEF Process FIB

ADJ

CEF Process FIB

ADJ

25


CEF Load-Sharing Destination

Sources

• Per packet and enhanced per destination • Enhanced per destination is based on source and destination IP addresses • Each destination flow takes a single, separate path • Reduces need for per packet load-sharing 312 0986_05F9_c2



26

13


• Available in GSR, Cisco 7500, 7200, 4500, 4700, 3600, 2600 and 1600 • Enabled using the ‘ip cef [distributed]’ global command • Recommended method

312 0986_05F9_c2

27


NetFlow Switching • Many features require flow identification • NetFlow accelerates such features • Flow identifier includes source IP address, source port, destination IP address and destination port • Doesn’t hold switching decisions 312 0986_05F9_c2



28

14

NetFlow Switching • Relies upon fast cache or CEF to switch packets • Maintains accounting and additional information like source AS, destination AS per flow • Also contains feature specific information per flow 312 0986_05F9_c2

29


NetFlow Operation • First packet of a flow triggers flow-state creation • Flow-accelerated features informed about the new flow • Interested features register with the flow • Interested features act on subsequent packets of the flow 312 0986_05F9_c2



30

15

NetFlow Operation

Header • Sequence number • Record count • Version number

Flow Record

…

Flow Record

NetFlow Cache

• Flow cache manager expires flows No traffic/long life/TCP flags/cache full/etc.

• Intelligent cache aging ensures that cache entries are always available • Router exports groups of expired flows every second • Export uses UDP datagrams with sequence numbers 312 0986_05F9_c2


31

NetFlow—Onboard Aggregation

• Per flow data not always needed • Often only subset of the exported information is needed • Onboard aggregation before exporting the data • Reduced data to export—scalable 312 0986_05F9_c2



32

16

NetFlow Switching • Distributed NetFlow switching in intelligent linecards • Fast-cache based NetFlow has same problems as fast switching • CEF-based NetFlow leverages the benefits of CEF • CEF based NetFlow is scalable and stable 312 0986_05F9_c2


33


• Available in GSR, Cisco 7500, 7200, 4500, 4700, 3600, 2600 and 1600 • Enabled using ‘ip route-cache netflow’ interface command

312 0986_05F9_c2



34

17

Multiple Switching Paths

• Cascading switching paths • Optimum -> fast switching -> process switching • CEF replaces optimum switching • CEF -> fast switching -> process switching 312 0986_05F9_c2


35

Multiple Switching Paths

• CEF automatically bubbles packet for unsupported features • In some platforms packets bubbled to generate ICMP messages • DCEF -> CEF -> fast switching -> process switching 312 0986_05F9_c2



36

18

Tag Switching/MPLS • Integrates Layer 3 scalability and flexibility with Layer 2 performance and traffic management • Avoids complex overlay model • Reduces signaling overhead • Media independent • Foundation for many new services 312 0986_05F9_c2

37


Tag Switching/MPLS Components of Tag Switching

• TDP • TIB • CEF

312 0986_05F9_c2



38

19

Tag Switching/MPLS—Example Local Local Remote Remote Address Address Interface Interface Tag Tag Prefix Tag Tag Prefix

X X X X

11 22

128.89 128.89 171.69 171.69

... ...

... ...

... ...

11 22

Tag Tag Information Information Base Base

Local Local Remote Remote Address Address Interface Interface Tag Tag Prefix Tag Tag Prefix

11 22

77 55

128.89 128.89 171.69 171.69

00 44

33

... ...

... ...

128.89 0

I/f 1 171.69.12.1 171.69.12.1 Data Data

2 171.69.12.1 171.69.12.1 Data Data Untagged Untagged Data Data

I/f 4

171.69

5 171.69.12.1 171.69.12.1 Data Data 171.69.12.1 171.69.12.1 Data Data

• CEF forwarding table populated with routing topology information

Untagged Untagged Data Data

• Each route/prefix mapped to a tag value • Switching decision then only ‘label-swaps’ via the Tag Information Base (TIB) 312 0986_05F9_c2


39


• Available in GSR, Cisco 7500, 7200, 4500, and 4700

312 0986_05F9_c2



40

20

Features in Different Switching Paths

312 0986_05F9_c2

41


Selection Criteria

• Depends on the feature required • Depends on the platform required • Hybrid switching solutions

312 0986_05F9_c2



42

21

CEF Features

312 0986_05F9_c2

43


CEF—RPF Check • Source address spoofing denial-of-service attack • Unicast reverse path forwarding check with CEF • Per packet source address check to make sure source is reachable via the received interface • Failed packets counted and discarded 312 0986_05F9_c2



44

22

CEF Accounting C A

AS 100

DMZ Network

B

• Per prefix • Per adjacency • Per DMZ nexthop accounting 312 0986_05F9_c2

F AS 101 D

E AS 102

45


CEF and QoS—Example Layer 3 Committed Access Rate

Distributed WFQ and/or WRED

(Token Bucket)

IP Packet Arrives

312 0986_05F9_c2




IP Packet Departs

46

23

CEF and QoS

• CAR classifies packets into classes • Polices within each class as “in” and “out” of profile • Mark “in” with higher precedence than “out” • Can be used to drop “out” packets 312 0986_05F9_c2

47


CEF and QoS

• WRED can manage queues that develop in the routers Prioritizes “in” traffic over the rest

• WFQ can be used to allocate bandwidth to each CoS • Unused bandwidth from on CoS available for others 312 0986_05F9_c2



48

24

CEF—BGP4 QoS • BGP advertises prefixes with AS-Path and Community attribute • Can be used to convey IP precedence to be used in forwarding to specified destinations • Allows destination-based QoS • A scalable way to prioritize incoming traffic in ingress routers 312 0986_05F9_c2

49


CEF—BGP4 QoS

Service Provider ASs

Destination Source IP Precedence for this Routing Prefix

Packet Flow Data

IP

Precedence

Header

ToS Type of Service Field

312 0986_05F9_c2



50

25

NetFlow Features

312 0986_05F9_c2

51


NetFlow Applications— AS-Based Billing Global AS Customers Regional AS

Internal

312 0986_05F9_c2



Domestic AS

52

26

NetFlow Policy Routing (NPR) Premium ISP

E.g. ERP

Standard ISP

Application NPR

E.g.

E-Mail

NPR

FEC

Enterprise Backbone 312 0986_05F9_c2


53

NetFlow Policy Routing • NetFlow calls policy routing at flow creation time • Policy routing checks if the packet needs to be policy routed • If not convey that to NetFlow • Subsequent packets for the flow don’t go through policy routing, hence minimize forwarding overhead 312 0986_05F9_c2



54

27

NetFlow Policy Routing

• If it requires policy routing, policy route it and attach state to the flow • Subsequent packets for the flow are fast-policy routed using the attached state • Distributed version for increased performance 312 0986_05F9_c2


55

NetFlow Applications

• Many flow-based applications accelerated • Encryption • Access control lists • Reverse-path forwarding checks • Resource reservation 312 0986_05F9_c2



56

28

Tag Switching/MPLS Features

312 0986_05F9_c2

57


Tag/MPLS

• Tag decouples forwarding from addressing • Allows explicit forwarding • Dynamic tunneling

312 0986_05F9_c2



58

29

Traffic Engineering

• Increased bandwidth utilization • Useful when link not available • Handle unanticipated growth and shift in traffic • Class-of-service routing • Failure scenario 312 0986_05F9_c2

59


The Overlay Solution Physical L3

L3 L2

L3

Logical

L2

L2 L2

L3

L3

L2 L3

L2

L3

L3

L3 L3

L3

L3

• Layer 2 network used to manage the bandwidth • Layer 3 sees a complete mesh • Suboptional scaling 312 0986_05F9_c2



60

30

Traffic Engineering

• Traffic engineering requires explicit routing capability • Tag switching supports explicit routing • Tag switching along with enhanced IP routing for traffic engineering • Routing with Resource Reservation (R3) 312 0986_05F9_c2

61


Traffic Engineering • Create traffic trunks Flows that are forwarded on the same path Share a common class of service

• Determine how the traffic trunks should be routed with assistance from link state protocols • Use RSVP to setup traffic trunks 312 0986_05F9_c2



62

31

Traffic Engineering

• Maintain established routes for traffic trunks • Re-route in case of failure • Traffic assigned to trunk using IGP • Use tag learned during trunk setup to tag-switch the packets 312 0986_05F9_c2

63


Traffic Engineering R9

R8

R3 R4 R2

Pop 32

R1 49 17

R6

R5

R7 22

Setup: Path (R1->R2->R6->R7->R4->R9) Reply: Resv communicates Tags and reserves bandwidth on each link 312 0986_05F9_c2



64

32

VPN—Example VPN A/Site 2 VPN B/Site 1

10.2/16

VPN B/Site 2 10.2/16

10.1/16

VPN A/Site 3 10.3/16

10.1/16 10.4/16

VPN A/Site 1 312 0986_05F9_c2

VPN B/Site 3 65


BGP/TAG VPN

• Constraint routing knowledge • Forwarding based on constraint knowledge • Address uniqueness • Tunneling 312 0986_05F9_c2



66

33

BGP/TAG VPN • Constrained distribution of routing information provides control over connectivity among sites • BGP is used to carry the routing information within the backbone • BGP, RIP or static route used between site and the backbone 312 0986_05F9_c2

67


Routing Information Distribution VPN A/Site 2 VPN A/Site 1 11.2/16 11.1/16 BGP

PE1

Step 3 Step 1 CEA1

Step 4

Step 2 Static

Step 5 P3

PE2

RIP

CEA2

16.1/16

16.2/16

VPN B/Site 1

VPN B/Site 2

312 0986_05F9_c2



68

34

BGP/TAG VPN

• Along with constrained route advertisement, we need multiple forwarding table for VPN segregation • One forwarding table per VPN • Each customer port associated with a particular forwarding table 312 0986_05F9_c2

69


BGP/TAG VPN • Address uniqueness within backbone achieved by creating new address family (RFC 2283) • VPN-IP address = Route distinguished + IPv4 address • New address relevant only within the backbone 312 0986_05F9_c2



70

35

BGP/TAG VPN

• VPN identification available only in the edge • Per-hop forwarding not possible • Use tag/MPLS to forward packet using the constrained route information 312 0986_05F9_c2

71


BGP/TAG VPN

Enterprise A Enterprise B

Intranet VPN 10 Extranet VPN 20 Enterprise A

Enterprise B Enterprise C 312 0986_05F9_c2



72

36

Summary—Integrated Switching Services Layer 3 Backbones— Cisco Express Forwarding and NetFlow NetFlow Switching • Deployed at backbone periphery for network services: • Traffic accounting • QoS policy • Security

312 0986_05F9_c2

Cisco Express Forwarding • Deployed at network core for: • Forwarding performance • Scalability • Quality of Service

73


Summary—Integrated Switching Services Hybrid Layer 2 and Layer 3 Backbones— Tag and NetFlow Switching NetFlow Switching • Deployed at backbone periphery for network services: • Traffic accounting • QoS policy • Security

312 0986_05F9_c2



Tag Switching

• Deployed on backbone for: • Virtual Private Networks • Scalability • Traffic Engineering

74

37

Conclusion

• Different switching paths provide different benefits • Select solution based on need • Often requires hybrid switching solutions

312 0986_05F9_c2

75


Please Complete Your Evaluation Form Session 312

312 0986_05F9_c2



76

38

312 0986_05F9_c2



77

39

Cisco - Deploying IP Switching Protocols 312

Cisco - Deploying IP Multicast 314

IP Telephony - Deploying Voice-over-IP Protocols

Cisco - Introduction to New IP Switching Protocols 304

Deploying Cisco Voice over IP Solutions

Deploying Cisco Voice over IP Solutions

Cisco - Deploying Campus based Protocols 504

Cisco - Deploying xDSL 207

Cisco IP Routing Protocols: Trouble Shooting Techniques

Cisco Multiservice Switching Networks

Cisco® LAN Switching

Cisco LAN switching fundamentals

Cisco - Deploying Large Scale Voice Over IP 406

Cisco - Deploying Optical Infrastructure 605

Cisco - Deploying WAN Technologies 102

Cisco - Deploying Optical Infrastructure 605

IP Telephony: Deploying VoIP Protocols and IMS Infrastructure

IP Telephony: Deploying VoIP Protocols and IMS Infrastructure, Second Edition

Cisco Multicast Routing And Switching

Cisco Multicast Routing and Switching

Cisco IP Routing Protocols: Trouble Shooting Techniques (Networking Series)

Configuring Cisco Voice Over IP

IP Illustrated: The Protocols

Troubleshooting IP Routing Protocols

Troubleshooting IP Routing Protocols

Troubleshooting IP routing protocols

Cisco - Deploying OSPF, NLSP, IS-IS 308

Cisco - Deploying LANE and MPOA 503

Cisco - Deploying Traffic Management (QOS) Technology 309

Cisco - Deploying IP Switching Protocols 312

Cisco - Deploying IP Multicast 314

IP Telephony - Deploying Voice-over-IP Protocols

Cisco - Introduction to New IP Switching Protocols 304

Deploying Cisco Voice over IP Solutions

Deploying Cisco Voice over IP Solutions

Cisco - Deploying Campus based Protocols 504

Cisco - Deploying xDSL 207

Cisco IP Routing Protocols: Trouble Shooting Techniques

Cisco Multiservice Switching Networks

Cisco® LAN Switching

Cisco LAN switching fundamentals

Cisco - Deploying Large Scale Voice Over IP 406

Cisco - Deploying Optical Infrastructure 605

Cisco - Deploying WAN Technologies 102

Cisco - Deploying Optical Infrastructure 605

IP Telephony: Deploying VoIP Protocols and IMS Infrastructure

IP Telephony: Deploying VoIP Protocols and IMS Infrastructure, Second Edition

Cisco Multicast Routing And Switching

Cisco Multicast Routing and Switching

Cisco IP Routing Protocols: Trouble Shooting Techniques (Networking Series)

Configuring Cisco Voice Over IP

IP Illustrated: The Protocols

Troubleshooting IP Routing Protocols

Troubleshooting IP Routing Protocols

Troubleshooting IP routing protocols

Cisco - Deploying OSPF, NLSP, IS-IS 308

Cisco - Deploying LANE and MPOA 503

Cisco - Deploying Traffic Management (QOS) Technology 309

Recommend Documents