RE: Layer3 switch vs Router [7:7406]

Wed, 06 Jun 2001 21:31:05 -0700 

So layer three switches are faster, 'eh? By orders of magnitude, 'eh? This
calls for a bit of research on CCO.

Hhhmmmmmmm................

Catalyst 8500 = 24 million PPS
http://www.cisco.com/univercd/cc/td/doc/pcat/ca8500c.htm#CJAEJHDF

Catalyst 6509 = 170 million PPS
http://www.cisco.com/univercd/cc/td/doc/pcat/ca6000.htm

Cisco 12000 = 375 million PPS
http://www.cisco.com/univercd/cc/td/doc/pcat/12000.htm

Cisco 7600 - 30 million PPS
http://www.cisco.com/univercd/cc/td/doc/pcat/7600.htm


so it would appear, based on Cisco's own product literature, that high end
router versus high end switch, the edge most definitely goes to the product
Cisco calls a router. and numbers are all over the place, to judge from the
example I have looked at.

Look, my point remains that any trickery, hardware or otherwise, can be
applied to "routers"  as well as "switches".

It most definitely is NOT enough to say that there is a difference and it is
because of the hardware construction of a "switch" versus that of a "router"

Chuck

-----Original Message-----
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Michael L. Williams
Sent:   Wednesday, June 06, 2001 8:52 PM
To:     [EMAIL PROTECTED]
Subject:        Re: Layer3 switch vs Router [7:7406]

"Sergei Gearasimtchouk"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I am sorry, should have said some thing meaningful. :(
> hypothetically speaking, if the ACLs are in place, wire speed is gone.
> The concept route one switch many is no longer holds its value.

That's what I thought you meant.  I'm glad you clarified your position.

But it's incorrect.  Multilayer switching (& therefore wire speed "routing")
are out the door only when you have an ACL applied to the MLS-RP interface
as an incoming ACL.  That's it.  This is where flow masks come into play.
There are 4 situations that need to be considered when using ACLs and
Multilayer switching:

1) Where there is an incoming ACL on the MLS-RP interface, Multilayer
switching is out the window because every incoming packet must be examined
by the router.

2) If there is no access list, you can use a Destination IP flow mask, the
simplest of the flow masks, where only the destination IP address is looked
for in the MLS cache.

3) When there is a outgoing standard IP ACL applied to the MLS-RP interface,
a Source-Destination IP flow mask needs to be used.  This forces the MLS-SE
to look for an entry with both the source and destination IP addresses in
the MLS cache.  Here's the reason why:

If a packet has been sent from the MLS-SE to the MLS-RP, the packet gets
routed, then the outgoing ACL is applied.  If the packet makes it back to
the MLS-SE, then the MLS-SE knows that the packet was allowed (not denied by
the ACL) and it makes a MLS cache entry.  Since a standard IP ACL uses
source IP to permit/deny, the MLS-SE needs to look for the source IP as well
as the destination IP in the MLS cache.  Any subsequent packets from/to the
same source/destination need not be compared to the ACL again as the
criteria for the ACL on the original packet was satisfied.

4) When there is an outgoing extended IP ACL applied to the MLS-RP
interface, an IP Flow mask needs to be used.  An IP Flow masks instructs the
MLS-SE to look for an entry that contains the source IP and port AND
destination IP and port (basically Layers 3 AND 4).  The MLS-SE must look
for all of that information in the MLS cache because extended IP ACLs
permit/deny using all of those criteria.  Again, the same reasoning applies
as far as the ACL goes, which is:  if the first packet sent to the MLS-RP
comes back to the MLS-SE, then the MLS-SE knows that the packet was allowed
(not denied) by the ACL, and therefore it doesn't need to check the ACL for
subsequent packet and Multilayer switching continues as normal.

Most of the time an incoming ACL can be re-written as an outgoing ACL on
other interfaces.  Although it is usually recommended to use incoming ACLs
over outgoing ACLs (so that traffic unwanted traffic doesn't get into the
router's fabric just to be denied going out of another interface), in the
case of Multilayer switching, the disadvantages caused by using outgoing
ACLs are completely outweighed by the advantage of being able to use
Multilayer switching.

So, even with an ACL active, as long as it's an outgoing ACL on the MLS-RP
interface, "wire speed routing" is still in tact.

> Anyhow, let routers do what they do best, and allow switches do their
> layer 2 stuff...

Multilayer switching is an ingenious idea that allows a switch to take an
incredible load off of the routers while not only providing the same
performance, but providing better, faster performance.  As another post
mentioned, sure a router can do 100,000 packets/sec, but multilayer switches
can handle an order of magnitude more traffic (in the millions of
packets/sec)

Mike W.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=7486&t=7406
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to