Solved: Intervlan routing and ARP process

tschafferx · ‎01-10-2018

I do have a question regarding the following scenario.

A packet arrives at a Layer 3 switch with a destination IP-Address that the router finds in its routing table.

It strips off the Layer 2 header and reads the L3 destination IP-Address. It finds out, that the destination address can be reached over an IP-Address which is part of lets say VLAN200. VLAN200 is a SVI on the router.

Here comes my question:

We assume that the router does not yet have a MAC-Address entry for the next hop address. On which interfaces does the router forward the ARP-request?

Does he check any of his interfaces for a membership for that VLAN200 and forwards the ARP-request out of these interfaces?

Any help is appreciated.

nixpengu1n · ‎01-11-2018

Hello,

I am not quite sure did I understand your question correctly, but I will try to briefly answer it:

If we are talking about L3 switch with routing option, routing is done by CEF which in a nutshell is a technology to populate CAM and TCAM tables with MAC, Next-hop IP addresses, interfaces ans so on.

If records associated with destination IP address could not be found in CAM / TCAM tables, routing processor is kicked in and ARP requests are issued (or other appropriate actions). This is done by switch CPU, so routing for this particular packet is slowed down. In particular ARP requests are issued through all interfaces to which destination ip subnet is mapped (thus all interfaces in VLAN 200 in your case + trunk interfaces where VLAN 200 is allowed).

More information could be found here:

https://www.cisco.com/c/en/us/support/docs/routers/12000-series-routers/47321-ciscoef.html

https://supportforums.cisco.com/t5/network-infrastructure-documents/cam-content-addressable-memory-vs-tcam-ternary-content/ta-p/3107938

View solution in original post

nixpengu1n · ‎01-11-2018

Hello,

As you mentioned VLAN pruning, I assume you are using VTP protocol to manage VLANs database on switches. Pruning basically means that VLAN is not allowed on trunk and no broadcast traffic for it will be sent through a trunk port where this VLAN has been pruned.

More information could be found here:

https://www.cisco.com/c/en/us/support/docs/lan-switching/vtp/10558-21.html#vtp_pruning

View solution in original post

nixpengu1n · ‎01-11-2018

Hello,

I am not quite sure did I understand your question correctly, but I will try to briefly answer it:

If we are talking about L3 switch with routing option, routing is done by CEF which in a nutshell is a technology to populate CAM and TCAM tables with MAC, Next-hop IP addresses, interfaces ans so on.

If records associated with destination IP address could not be found in CAM / TCAM tables, routing processor is kicked in and ARP requests are issued (or other appropriate actions). This is done by switch CPU, so routing for this particular packet is slowed down. In particular ARP requests are issued through all interfaces to which destination ip subnet is mapped (thus all interfaces in VLAN 200 in your case + trunk interfaces where VLAN 200 is allowed).

More information could be found here:

https://www.cisco.com/c/en/us/support/docs/routers/12000-series-routers/47321-ciscoef.html

https://supportforums.cisco.com/t5/network-infrastructure-documents/cam-content-addressable-memory-vs-tcam-ternary-content/ta-p/3107938

tschafferx · ‎01-11-2018

Thank you for your reply.

You said "+ trunk interfaces where VLAN 200 is allowed" does this also include interfaces where the VLAN is allowed but pruned due to the fact, that it's not used on that particular trunk?

Thanks.

nixpengu1n · ‎01-11-2018

Hello,

As you mentioned VLAN pruning, I assume you are using VTP protocol to manage VLANs database on switches. Pruning basically means that VLAN is not allowed on trunk and no broadcast traffic for it will be sent through a trunk port where this VLAN has been pruned.

More information could be found here:

https://www.cisco.com/c/en/us/support/docs/lan-switching/vtp/10558-21.html#vtp_pruning

tschafferx · ‎01-11-2018

Thank you very much!

Joseph W. Doherty · ‎01-11-2018

"We assume that the router does not yet have a MAC-Address entry for the next hop address. On which interfaces does the router forward the ARP-request?"

Actually, from what you described, i.e. the L3 switch has an SVI for the destination network, the device looks to see if it has a MAC for the destination host IP in its ARP cache. If not, then the ARP is sent out the SVI.

"Does he check any of his interfaces for a membership for that VLAN200 and forwards the ARP-request out of these interfaces?"

The ARP-request being sent out the SVI is treated as any other broadcast transmitted out the SVI. I.e. the L2 features of the L3 switch would replicate the packet/frame to all the ports that belong to the SVI's corresponding VLAN.

BTW, if you had a router connected to a L2 switch, with the router having a physical interface connected to the switch, and that interface having the destination network's prefix, basically the same thing happens. I.e. if destination host MAC not in router's ARP cache, router transmits an ARP broadcast frame/packet out its physical interface, which the switch will replicate to all ports within the ingress port's broadcast domain.

Also BTW, this what happens with any host attempting to send a packet to another host on a shared network. If this case, the router or L3 switch L3 host is just like any other host.