This document outlines basic steps to troubleshoot Multilayer Switching (MLS) for IP. This feature has become a highly desired method to accelerate routing performance through the use of dedicated application-specific integrated circuits (ASICs). Traditional routing occurs through a central CPU and software. MLS offloads a significant portion of routing (packet rewrite) to hardware, which is why MLS also bears the term "switching". MLS and Layer 3 switching are equivalent terms. The NetFlow feature of Cisco IOS® Software is distinct; this document does not cover NetFlow. MLS also includes support for Internetwork Packet Exchange (IPX) MLS (IPX MLS) and multicast MLS (MMLS). However, this document exclusively concentrates on basic MLS IP troubleshoot procedures.
For customers with Cisco Catalyst 6500/6000 series switches running Cisco IOS Software, refer to the MLS documentation for your Supervisor Engine:
Note: This document is not valid for the Catalyst 6500/6000 Supervisor Engine 2 or Supervisor Engine 720, as these Supervisor Engines do not use MLS. The Supervisor Engine 2 and Supervisor Engine 720 use Cisco Express Forwarding (CEF) as a hardware-based forward mechanism. For more information, refer to the document Troubleshoot Unicast IP Routing Involving CEF on Catalyst 6500/6000 Series Switches with a Supervisor Engine 2 and Running CatOS System Software.
There are no specific requirements for this document.
This document is not restricted to specific software and hardware versions.
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
As networks face greater demands, the need for greater performance increases. More and more PCs connect to LANs, WANs, and the Internet. The users require fast access to databases, files and web pages, applications through networks, other PCs, and video stream. To keep connections quick and reliable, networks must be able to rapidly adjust to changes and failures to find the best path. The networks must also remain as invisible as possible to end users. To determine the best path is the primary function of routing protocols, and this can be a CPU-intensive process. Thus, there is a significant performance increase with the offload of a portion of this function to switching hardware. This performance increase is the goal of the MLS feature.
Two of the three major components of MLS are the MLS route processor (MLS-RP) and the MLS switching engine (MLS-SE). The MLS-RP is the MLS-enabled router, which performs the traditional function of routing between subnets/VLANs. The MLS-SE is a MLS-enabled switch, which normally requires a router to route between subnets/VLANs. However, with special hardware and software, MLS-SE can handle the rewrite of the packet. When a packet transverses a routed interface, the change (rewrite) of non-data portions of the packet occurs as the packet heads to the destination, hop by hop. Confusion can arise here because a Layer 2 device appears to take on a Layer 3 task. Actually, the switch only rewrites Layer 3 information and "switches" between subnets/VLANs. The router is still responsible for standards-based route calculations and best-path determination. You can avoid much of this confusion if you mentally keep the routing and switching functions separate, especially when they are within the same chassis (as with an internal MLS-RP). Think of MLS as a much more advanced form of route cache, with a separation of the cache from the router on a switch. MLS requires both the MLS-RP and the MLS-SE, along with respective hardware and software minimums.
The MLS-RP can be internal (installation in a switch chassis) or external (connection via a cable to a trunk port on the switch). Examples of internal MLS-RPs are the Route Switch Module (RSM) and the Route Switch Feature Card (RSFC). You install the RSM or RSFC in a slot or Supervisor Engine of a Catalyst 5500/5000 series switch, respectively. The same applies to the Multilayer Switch Feature Card (MSFC) for the Catalyst 6500/6000 series. Examples of external MLS-RPs include any member of the Cisco 7500, 7200, 4700, 4500 or 3600 series routers. In general, to support the MLS IP feature, all MLS-RPs require a minimum Cisco IOS Software release in the 11.3WA or 12.0WA trains. Refer to Cisco IOS Software release documentation for specifics. Also, you must enable MLS for a router to be a MLS-RP.
The MLS-SE is a switch with special hardware. For a Catalyst 5500/5000 series switch, MLS requires the installation of a NetFlow Feature Card (NFFC) on the Supervisor Engine. The Supervisor Engine IIG and IIIG have a NFFC by default. In addition, a bare minimum of Catalyst OS (CatOS) 4.1.1 software is also a requirement.
Note: The CatOS 4.x train is now in General Deployment (GD). The software passed rigorous end-user criteria and field-experience targets for stability. Refer to Cisco.com for the latest releases.
The Catalyst 6500/6000 hardware and software with the MSFC/Policy Feature Card (PFC) supports and automatically enables IP MLS. (The default for MLS is disabled on other routers.)
Note: IPX MLS and MMLS may have different hardware and software (Cisco IOS Software and CatOS) requirements. More Cisco platforms support the MLS feature. Also, you must enable MLS for a switch to be a MLS-SE.
The third major component of MLS is the Multilayer Switching Protocol (MLSP). You must understand the basics of MLSP to get at the heart of MLS and perform effective MLS troubleshoot procedures. MLS-RP and MLS-SE use MLSP to communicate with one another. Tasks include:
The enable of MLS.
Installation of MLS flows (cache information).
Update or deletion of flows.
Management and export of flow statistics.
Note: Other documents cover NetFlow Data Export.
MLSP also allows the MLS-SE to:
Learn the Layer 2 MAC addresses of the MLS-enabled router interfaces.
Check the flowmask of the MLS-RP.
Note: The Troubleshoot IP MLS Technology section of this document covers this procedure.
Confirm that the MLS-RP is operational.
The MLS-RP sends out multicast "hello" packets every 15 seconds with use of MLSP. If the MLS-SE misses three of these intervals, the MLS-SE recognizes that the MLS-RP has failed or that connectivity to the MLS-RP is lost.
This diagram illustrates three essentials that you must complete (with use of MLSP) to create a shortcut: the candidate, enable, and cache steps. The MLS-SE checks for the cache MLS entry. If the MLS cache entry and packet information match (a "hit"), the packet header rewrite occurs locally on the switch. This rewrite is a shortcut or bypass of the router. The packet does not forward to the router as normally occurs. Packets that do not match are forwarded to the MLS-RP as candidate packets. A local switch may occur for these packets. After the pass of the candidate packet through the MLS flowmask (which Step 7 of the section Troubleshoot IP MLS Technology explains) and the rewrite of the information in the packet header (without contact with the data portion), the router sends the packet toward the next hop along the destination path. The packet is now an enabler packet. If the packet returns to the same MLS-SE from which the packet left, a MLS shortcut is created and placed into the MLS cache. Now, instead of the router software, the switch hardware locally rewrites that packet and all similar packets that follow (a "flow").
The same MLS-SE must see both the candidate and enabler packets for a particular flow for the creation of a MLS shortcut. (This requirement is why network topology is important to MLS.) Remember, the purpose of MLS is to allow the communication path between two devices in different VLANs, with connection off the same switch, to bypass the router. This action enhances network performance.
With use of the flowmask, which is essentially an access list, the administrator can adjust the degree of similarity of these packets. The administrator can adjust the scope of these flows:
Destination and source addresses.
Destination, source, and Layer 4 information.
Note: The first packet of a flow always passes through the router. From then on, the flow is locally switched. Each flow is unidirectional. Communication between PCs, for example, requires the setup and use of two shortcuts. The main purpose of MLSP is to set up, create, and maintain these shortcuts.
These three components (the MLS-RP, the MLS-SE, and MLSP) free up vital router resources through the allowance of other network components to take on some of the router functions. For certain topologies and configurations, MLS provides a simple and highly effective method to increase network performance in the LAN.
This section includes a flow diagram for basic IP MLS troubleshooting. The diagram derives from the most common types of MLS-IP service requests that customers make with Cisco Technical Support. MLS is a robust feature with which you should have no problems. However, if an issue does arise, this section should help you resolve the problem. To troubleshoot, these items must be true: