Siemens RUGGEDCOM ROX II User Manual page 364

Chapter 9
Layer 3
example, a 256 Mbps multicast stream ingressing VLAN 1 and egressing VLANs 2 and 3 requires 768 Mbps (256
Mbps × 3) of ASIC bandwidth.
• If a multicast packet should be forwarded to multiple egress VLANs, it egresses those VLANs sequentially rather
than concurrently. This means the packet will experience different latency for each egress VLAN.
Section 9.1.6
Size of the Layer 3 Switch Forwarding Table
The routing table in a software router is limited only by the amount of available memory; its size can be virtually
unlimited. However, the size of the TCAM in Layer 3 switching ASICs is significantly limited and may not be
sufficient to accommodate all Layer 3 switching rules. If the TCAM is full and a new static rule is created, the new
rule replaces some dynamically learned rule. If all of the rules in the TCAM are static, then the new static rule is
rejected.
Section 9.1.7
Interaction with the Firewall
If security is a concern and you use a firewall in a Layer 3 Switch, it is important to understand how the Layer 3
switch interacts with the firewall.
A software router always works in agreement with a firewall so that firewall rules are always applied. However, in
a Layer 3 Switch, if a switching rule is set in the switching ASIC (for example, due to a statically configured route),
the ASIC switches all the traffic matching the rule before the firewall inspects the traffic.
Layer 3 switch ASICs are somewhat limited in how switching rules can be defined. These limitations do not allow
configuring arbitrary firewall rules directly in the Layer 3 switch hardware. For sophisticated firewall rules, the
firewall has to be implemented in software and the Layer 3 Switch must not switch traffic that is subject to firewall
processing.
Whenever a change is made to the firewall configuration, some of the dynamically learned Layer 3 switching
rules might conflict with the new firewall configuration. To resolve potential conflicts, dynamically learned Layer
3 switching rules are flushed upon any changes to the firewall configuration. The dynamically learned Layer 3
switching rules then have to be re-learned while the new firewall rules are applied.
For statically configured Layer 3 switching rules, take care to avoid conflicts between Layer 3 switching and the
firewall. It should be understood that static Layer 3 switching rules always take precedence. Therefore, you must
thoroughly examine the switch configuration for potential conflicts with the firewall. For more information about
firewalls, refer to Section 6.9, "Managing Firewalls"
Section 9.2
Configuring Layer 3 Switching
To configure Layer 3 switching, do the following:
NOTE
When hardware acceleration is used, and learning mode is set to flow-oriented, fragmented IP packets
cannot be forwarded. To overcome this limitation, if it is known there will be a significant amount of
fragmented packets, set learning mode to host-oriented.
318 Size of the Layer 3 Switch Forwarding Table
RUGGEDCOM ROX II
CLI User Guide