Layer 3-Switched Packet Rewrite - Cisco 7609 Configuration Manual

Understanding How IP MLS Works
•
•
•
•
•
•
•
•
•
•

Layer 3-Switched Packet Rewrite

When a packet is Layer 3 switched from a source host to a destination host, the PFC performs a packet
rewrite based on information learned from the MSFC and stored in the MLS cache.
If Host A and Host B are on different VLANs and Host A sends a packet to the MSFC to be routed to
Host B, the PFC recognizes that the packet was sent to the MAC address of the MSFC. The PFC checks
the MLS cache and finds the entry matching the flow in question.
When the PFC receives the packet, it is formatted (conceptually) as follows:
Frame Header
Destination
MSFC MAC
The PFC rewrites the Layer 2 frame header, changing the destination MAC address to the MAC address
of Host B and the source MAC address to the MAC address of the MSFC (these MAC addresses are
stored in the MLS cache entry for this flow). The Layer 3 IP addresses remain the same, but the IP header
Time to Live (TTL) is decremented and the checksum is recomputed. The PFC rewrites the switched
Layer 3 packets so that they appear to have been routed by a router.
The PFC forwards the rewritten packet to Host B's VLAN (the destination VLAN is stored in the MLS
cache entry) and Host B receives the packet.
Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E
19-4
Security ACLs—Does not affect flow mask.
Reflexive ACLs—Does not affect flow mask.
TCP intercept—Does not affect flow mask.
Policy Based Routing (PBR)—Does not affect flow mask.
ISLB (IOS Server Load Balancing)—When packets are processed by the ISLB process, a
full-flow-ip mask is used.
WCCP (Web Cache Control Protocol)—When packets are processed by WCCP, a full-flow-ip mask
is used.
A full-flow-ip mask is used if the if the Web Cache engines are Layer-2 adjacent to the
Note
switch. If the Web Cache engines are not Layer-2 adjacent, then GRE encapsulation needs
to be configured to send packets to the Web Cache engines and in that the flow mask is not
affected because the packets are processed in software.
CBAC (Context-Based Access Control)—Does not affect flow mask.
Unicast RPF—When unicast RPF is configured with the ip verify unicast command, the flow mask
is changed by the Layer 3 manager to source-destination-ip mask.
Netflow Data export (NDE)—The flow mask used is determined by the mls flow ip command.
QoS Microflow policing—When packets are processed by microflow policing, a full-flow-ip mask
is used.
IP Header
Source Destination
Host A Host B IP
MAC
Chapter 19 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1
Source TTL Checksum
Host A IP n calculation1
Payload
Data Checksum
78-14064-04