cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1592
Views
0
Helpful
7
Replies

Switching in layer 3

rakshitsrinivas
Level 1
Level 1

How does the packet flow in layer 3 switch

1 Accepted Solution

Accepted Solutions

Hello rakshitsrinivas,

you would like to see a practical example

>>user in one n/w 10.0.0.1 in vlan 10------------------>l3switch------------------> user in one n/w 20.0.0.1 in vlan 20 and packet flow needs to be discussesed in this scenario.

 

PC1: 10.0.0.1 in vlan 1,   Switch SVI interface Vlan 1 10.0.0.254 (subnet 255.255.255.0 -> /24)

 

PC2: 20.0.0.1 in vlan 2   Switch SVI interfacer Vlan 2 20.0.0.254 (subnet 255.255.255.0 -> /24)

 

Requirement: each PC needs to be configured with appropriate default gateway

PC1 must use 10.0.0.254

PC2 must use 20.0.0.254.

 

if PC1 wants to send  a packet to PC2 20.0.0.254:

a) PC1 makes an ARP request for 10.0.0.254. Switch answers providing the MAC address of interface SVI Vlan1

b) PC1 sends a packet with

source MAC addres = PC1 NIC MAC address

destination MAC address = switch Vlan1 MAC address

IP source = 10.0.0.1

IP destination = 20.0.0.1

TTL=255

 

c) switch receives packet on Vlan1 interface, checks L2 FCS, L3 IPv4 header checksum and TTL.

switch consults CEF table and discover that 20.0.0.0/24 is directly connected to SVI int Vlan2.

Switch sends out Vlan2 an ARP request to resolve 20.0.0.1 IP address. PC2 answers with its own MAC address

 

the packet is sent out of Vlan 2 with the following fields:

Destination MAC address = PC2 MAC address

Source MAC address = SVI Vlan2 MAC address

Source IP = 10.0.0.1

Dest IP = 20.0.0.1

TTL= 254

 

PC2 can answer to PC1 in the same manner using its default gateway because 10.0.0.1 is not in 20.0.0.0/24 subnet.

 

Hope to help

Giuseppe

 

View solution in original post

7 Replies 7

Joseph W. Doherty
Hall of Fame
Hall of Fame
Well packet arrives on an interface, and may egress on that interface or another or not egress at all. Much depends on the packet, configuration of the L3 switch and network topology. I.e. a packet flow diagram may show many branches (also since a L3 switch is L2 too, that creates another set of decision branches). Lastly, depending how technical you wish to get, different switches may process differently, or even on a single L3 switch, how the packet is processed may vary based on the actual physical ingress and egress port.

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Rakshitsrinivas,

your question is

>> " How does the packet flow in a layer 3 switch ?"

As already noted by Joseph this depends on what the packet is:

 

-  if it is user traffic without using any specific IP options the packet is processed in hardware using the most efficient method : multilayer switching based on already preparated tables. In the case of Cisco IOS tables these are built and mantained by CEF (Cisco Express Forwarding ). CEF uses multiple tables in particular it has an Adjacency Table that contains all known next-hops  that can be learned by any means (ARP for directly attached end user devices, from static routes configuration or from routing protocols like OSPF or EIGRP or BGP).

The adjacency table lists the known and alive neighbors /next-hops including information that can be used to send a frame to the next hop (what is the outgoing interface, what is the destination MAC addres to be used and what is the source MAC address to be used).

Then there is a topology table listing all known destinations/IP Prefixes with a pointer to the associated next-hop in the ADJ table.

So actually the act of multilayer switching by CEF of standard user traffic packets is simply a packet rewrite:

after having checked the frame FCS ( L2 check), having checked the IPv4 checksum ( L3 header only check) and having checked the IPv4 header field named TTL (Time To Live must be greater then 1 to be able to deliver the packet to next device on the path to destination) the packet rewrite action is performed:

the L2 header is changed accordingly to adjacency table using the exit interface, Vlan-id , Destination MAC address, Source MAC address. The IPv4 packet has two minor changes in IPv4 header only: the TTL is decremented by 1 and the IPv4 header checksum is updated ( actually incremented by one). At the end of the frame a new 4 byte FCS is computed and attached to the end of the frame.

The frame is sent out the outgoing interface.

 

-   Signalling protocols messages like STP BPDUs or OSPF hello messages needs to be relayed to the main CPU, these are not standard user traffic and need to be processed in software.

 

- User traffic with IP options or other reasons that make them to be punted = sent to main CPU for process switching ( Cisco term for SW processing the least efficient method).

 

A multilayer switch is very good on using hardware based CEF to process very fast normal user traffic.

Usually we need to take care to avoid to have too many routes that means so many prefixes that they cannot be placed in the TCAM ( the more hardware name for the topology table).

A switch is very strong in the forwarding plane, it has limitations on the control plane because it works in hardware,

 

Hope to help

Giuseppe

 

@Giuseppe Larosa -Thanks for detailed reply but however i am unable to explain if any question is asked based on scenario:

 

like example:user in one n/w 10.0.0.1 in vlan 10------------------>l3switch------------------> user in one n/w 20.0.0.1 in vlan 20 and packet flow needs to be discussesed in this scenario

Hello rakshitsrinivas,

you would like to see a practical example

>>user in one n/w 10.0.0.1 in vlan 10------------------>l3switch------------------> user in one n/w 20.0.0.1 in vlan 20 and packet flow needs to be discussesed in this scenario.

 

PC1: 10.0.0.1 in vlan 1,   Switch SVI interface Vlan 1 10.0.0.254 (subnet 255.255.255.0 -> /24)

 

PC2: 20.0.0.1 in vlan 2   Switch SVI interfacer Vlan 2 20.0.0.254 (subnet 255.255.255.0 -> /24)

 

Requirement: each PC needs to be configured with appropriate default gateway

PC1 must use 10.0.0.254

PC2 must use 20.0.0.254.

 

if PC1 wants to send  a packet to PC2 20.0.0.254:

a) PC1 makes an ARP request for 10.0.0.254. Switch answers providing the MAC address of interface SVI Vlan1

b) PC1 sends a packet with

source MAC addres = PC1 NIC MAC address

destination MAC address = switch Vlan1 MAC address

IP source = 10.0.0.1

IP destination = 20.0.0.1

TTL=255

 

c) switch receives packet on Vlan1 interface, checks L2 FCS, L3 IPv4 header checksum and TTL.

switch consults CEF table and discover that 20.0.0.0/24 is directly connected to SVI int Vlan2.

Switch sends out Vlan2 an ARP request to resolve 20.0.0.1 IP address. PC2 answers with its own MAC address

 

the packet is sent out of Vlan 2 with the following fields:

Destination MAC address = PC2 MAC address

Source MAC address = SVI Vlan2 MAC address

Source IP = 10.0.0.1

Dest IP = 20.0.0.1

TTL= 254

 

PC2 can answer to PC1 in the same manner using its default gateway because 10.0.0.1 is not in 20.0.0.0/24 subnet.

 

Hope to help

Giuseppe

 

Last query @Giuseppe Larosa thanks for a detailed response, perfectly what i was looking for 

 

What does this mean"destination MAC address = switch Vlan1 MAC address " and "Source MAC address = SVI Vlan2 MAC address" in the explanation because switch 1 has only one nic mac right does svi  have separate Mac address defined 

Hello rakshitsrinivas,

the multilayer switch can use a different MAC address in each SVI if manually configured with command mac-address in interface vlan X mode.

By default a switch would use the same MAC address for each SVI, but it is better to think of each of them as potentially having its own MAC address.

This is why I preferred to discriminate between interface Vlan 1 MAC address and interface Vlan 2 MAC address.

 

By the way, a switch has many NICs not only one: you consider all the physical ports each using their own MAC address plus all defined SVI addresses

 

Hope to help

Giuseppe

 

Review Cisco Networking for a $25 gift card