Академический Документы
Профессиональный Документы
Культура Документы
Kedar Karmarkar
Technical Leader
Abstract
Cisco Catalyst 4500E Series modular switches enable a high performance, mobile, and secure user experience by optimizing application performance through deep visibility, unifying policy and enabling pervasive confidentiality, and driving network and service virtualization.
The Catalyst 4500E lowers total cost of ownership through maximum resiliency, In Service Software Upgrades, automation, and unparalleled investment protection.
This section will cover in depth look at the architecture and positioning of Catalyst 4500E platform and shows how Catalyst 4500E can be deployed in campus access and aggregation.
BRKARC-3445
Cisco Public
Agenda
Catalyst 4500E overview IOS XE and Wireshark Overview System Architecture and packet walk Flexible NetFlow Secure via MACSec ACL/QoS TCAM Forwarding TCAM High Availability Summary
BRKARC-3445
Cisco Public
4507R+E
2 Supervisors 5 Line Cards
4510R+E
2 Supervisor 8 Line Cards
4503-E
1 Supervisor 2 Line Cards
4506-E
1 Supervisor 5 Line Cards
WS-C4510R-E
24G 24G Supervisor 6/6L-E Supervisor 6/6L-E 24G 24G 24G
WS-C4510R-E
24G 24G Supervisor 7-E Supervisor 7-E 24G 24G 24G
WS-C4510R+E
48G 48G Supervisor 7-E Supervisor 7-E 48G 48G 48G
WS-C4507R-E
BRKARC-3445
WS-C4507R-E
Cisco Public
WS-C4507R+E
Voltage
110 V
Inputs
Single Dual
Redundancy Mode
Redundant Combined Redundant
Combined
220 V Single Dual Redundant Combined Redundant Combined
TECCRS-2045 2011 Cisco and/or its affiliates. All rights reserved.
198
109 198 218 384
Cisco Public
102
56 102 112 204
7
Voltage
110 V
Input s
Single Dual
Redundancy Mode
Redundant Combined Redundant
Combined
220 V Single Dual Redundant Combined Redundant Combined
TECCRS-2045 2011 Cisco and/or its affiliates. All rights reserved.
198
141 257 283 384
Cisco Public
102
72 132 145 262
8
http://tools.cisco.com/cpc
BRKARC-3445
Cisco Public
4 Uplinks
11
Performance
Bandwidth: 280 Gbps Uplinks: 2x10G/4x1G CPU: 1 GHz DRAM: 512 MB Max Routes: 57K
Bandwidth: 320 Gbps Uplinks: 2x10G/4x1G CPU: 1.3 GHz DRAM: 512 MB Max Routes: 256 K
Bandwidth: 848 Gbps Uplinks: 4x10G/4x1G CPU: Dual Core 1.5 GHz DRAM: 2 GB Max Routes: 256 K
Supervisor 6L-E
BRKARC-3445
Supervisor 6-E
Cisco Public
Supervisor 7-E
12
E-Series (24G/slot) 48p 10/100/1000 RJ45 30W/ port (IEEE802.3at standard PoEP) on upto 24 ports Re-use existing chassis, power supplies PoE policing and monitoring EnergyWise Jumbo frame support
E-Series (48G/ slot) 48p 10/100/1000 RJ45 30W/ port (IEEE802.3at standard PoE-P) on 48 ports IEEE 802.1AE MACSec on all ports Re-use existing chassis, power supplies EnergyWise Jumbo frame support
WS-X4648-RJ45-E
WS-X4748-RJ45V-E
Data
E-Series (24G/slot) 48p 10/100/1000 RJ45 E-series Supervisors only Jumbo frame support
E-Series (48G/ slot) 48p 10/100/1000 RJ45 Energy Efficient Ethernet (EEE) 802.3az IEEE 802.1AE MACSec on all ports Jumbo Frame support
24G (E-Series)
BRKARC-3445 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
48G (E-Series)
14
UPOE
WS-X4748-UPOE+E
UPOE
60W PoE with max. line card budget of 1500W Estimate Cable loss with intelligent diagnostics LLDP enhancement to negotiate beyond 30W Power X-Generation applications IP Turrets in financial trading floors Integrated Virtual Desktop Clients
BRKARC-3445
Cisco Public
15
Switch
OS
Controller SW
Burst
Burst
OS
Controller SW
Controller
Controller
Time
EEE
PHY
EEE 0.47W
Cisco Public
16
Configure EEE
Verify EEE
17
Density
12 ports 2.5: 1, 10GE Mix and match 10G/ 1GE with SFP+ IEEE 802.1AE MacSec on all ports GLC-T, LR, ER, SR, CX1 and LRM SFP+ Optics WS-X4606-X2-E
WS-X4612-SFP-E
Density
6 ports, 2.5:1 10G Mix and match 10G/1GE with X2 (Twin-gig) LR, ER, SR, LX4 and LRM X2 optics
GE Fiber
BRKARC-3445 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
10G Fiber
18
Agenda
Catalyst 4500E overview IOS XE and Wireshark Overview System Architecture and packet walk Flexible NetFlow Secure via MACSec ACL/QoS TCAM Forwarding TCAM High Availability Summary
BRKARC-3445
Cisco Public
19
IOS XE Architecture
IOS-XE
Modern IOS to enable multi-core CPU Easy customer migration while maintaining IOS functionality and look and feel Allow hosted applications like Wireshark
Features
Hosted Apps
Infra
Drivers Kernels
Mgmt
BRKARC-3445
Cisco Public
20
IOS XE Architecture
API
Common Management
Connected Apps
Operational Infrastructure
Linux Kernel Learn more about IOS XE in BRKARC-2007 - IOS Strategy and Evolution
BRKARC-3445 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
21
Containerization
Wireshark Freeware Supports wide variety of protocols Bundled with switch Operating System Onboard Capture and decode tool Quick Analysis
BRKARC-3445
Cisco Public
22
Wireshark Capabilities
IOS XE on SUP7-E can host third-party apps.
Wireshark is a software process Capture filters Display filters Store packets in PCAP file that user can manually TFTP/SSH to remote server. Support for multiple active capture points
BRKARC-3445
Cisco Public
23
How is it done?
Local Display
View PCAP from Remote Server
BRKARC-3445
Cisco Public
24
0.000000
BRKARC-3445
Cisco Public
25
BRKARC-3445
Cisco Public
26
27
Agenda
Catalyst 4500E overview IOS XE and Wireshark Overview System Architecture and Packet walk Flexible NetFlow Secure via MACSec ACL/QoS TCAM Forwarding TCAM High Availability Summary
BRKARC-3445
Cisco Public
28
CPU / SDRAM
All forwarding, queuing, security is implemented on the Supervisor The individual line cards are considered to be transparent and contain stub ASICs and the PHYs Upgrade advantages
Forwarding Engine
Packet Processing Engine
Each 47XX-Series line card has 48 Gbps full- duplex connections to the central forwarding engine
IOS XE that can leverage multi-core CPU, and ability to host applications separately outside IOS context
Line Card Line Card Line Card Line Card Line Card
BRKARC-3445
Cisco Public
29
E-Series ChassisBandwidth per Slot with 46XX series line card: 8 dedicated lanes to Supervisor
3Gbps
3Gbps
Switch Backplane
6Gbps 6Gbps 6Gbps 6Gbps 6Gbps 6Gbps
E-Series ChassisBandwidth per Slot with 47xx series line cards 8 dedicated lanes to Supervisor Each lane runs at 6Gbps
6Gbps
6Gbps
31
2x3G
2x3G
2x3G
2x3G
Management FPGA
Traffic Sub-System
PoEP Sub-System
Stub ASIC
Stub ASIC
Stub ASIC
Stub ASIC
Power Brick
Power Brick
Power Brick
PoEP Module
PoEP Module
Octal PHY Octal PHY Octal PHY Octal PHY Octal PHY Octal PHY
15.4W/30W
RJ45 Ports 37-42 43-48
Cisco Public
32
2x6G
2x6G
2x6G
2x6G
Management FPGA
Traffic Sub-System Stub ASIC MACSec Stub ASIC MACSec Stub ASIC MACSec Stub ASIC MACSec
PoEP Sub-System
Power Brick
Power Brick
Power Brick
PoEP Module
PoEP Module
Octal PHY Octal PHY Octal PHY Octal PHY Octal PHY Octal PHY
15.4W/30W
All ports are non-blocking at packet size over 200 bytes
Cisco Public
BRKARC-3445
33
2x6G
2x6G
2x6G
2x6G
Management FPGA
SFP/SFP+ 1-3
BRKARC-3445
SFP/SFP+ 4-6
SFP/SFP+ 7-9
SFP/SFP+ 10-12
Cisco Public
1x10G + 2x1G For non-blocking performance for packets over 200 bytes
34
Packet Processor
10G
FPGA
1.5GHz CPU
Forwarding Engine
FPGA
SDRAM
2x12G 2x12G
Stub ASIC
Stub ASIC
NetFlow ASIC
BRKARC-3445
SFP SFP+
SFP SFP+
SFP SFP+
SFP SFP+
Cisco Public
SD
USB
Console Mgmt
36
S W I T C H B A C K P L A N E
Packet Memory
PLD
NLD
Packet Processor
PTD
Forwarding Engine
NetFlow ASIC
NRD
Queue Memory
DHM
Replication Table
BRKARC-3445
Cisco Public
37
Supervisor 7-E
S W I T C H B A C K P L A N E
STP Lookup
Packet Memory
PLD
NLD
Packet Processor
PTD
Forwarding Engine
NetFlow ASIC
NRD
Queue Memory
DHM
Replication Table
BRKARC-3445
Cisco Public
38
Supervisor 7-E
Q Entry 2
Q Entry 3 Q Entry 4 Q Entry 1 Q Entry 2
Q Entry N
BRKARC-3445
Cisco Public
39
Queue Memory
1 1 2 2 3 3 4 4
CPU/DROP 8K/8K Q Entries Line Card 1 Line Card 2 Line Card 3 Line Card 4 Line Card 5
*
Queue 1
Queue 2 ...
Queue 8
Port 3
Port x
40
Supervisor Engines
WS-X4516-10GE
1p3q1t
16MB
256K
WS-X45-SUP6-E
1p7q1t
17.5MB
512 K
WS-X45-SUP7-E
1p7q1t
32MB
1 Million
2079
41
STP Lookup
NLD
Packet Processor
PTD
Forwarding Engine
NetFlow ASIC
NRD
Queue Memory
DHM
Replication Table
BRKARC-3445
Cisco Public
STP Lookup
Header
NLD
Packet Processor
PTD
Forwarding Engine
NetFlow ASIC
NRD
Queue Memory
DHM
Replication Table
BRKARC-3445
Cisco Public
Payload
PLD
Header
NLD
Packet Processor
PTD
Forwarding Engine
NetFlow ASIC
NRD
Queue Memory
DHM
Replication Table
BRKARC-3445
Cisco Public
Input ACL/Marking
STP Lookup
PLD
Header
NLD
Packet Processor
PTD
Forwarding Engine
NetFlow ASIC
NRD
Queue Memory
DHM
Replication Table
BRKARC-3445
Cisco Public
S W I T C H B A C K P L A N E
Payload
PLD
NLD
Packet Processor
Header
PTD
Forwarding Engine
NetFlow ASIC
NRD
Queue Memory
DHM
Replication Table
BRKARC-3445
Cisco Public
Payload
PLD
NLD
Packet Processor
Header
PTD
Forwarding Engine
NetFlow ASIC
NRD
Queue Memory
DHM
Replication Table
BRKARC-3445
Cisco Public
S W I T C H B A C K P L A N E
Payload
PLD
Header
NLD
Packet Processor
PTD
Forwarding Engine
NetFlow ASIC
NRD
Queue Memory
DHM
Replication Table
BRKARC-3445
Cisco Public
Payload
PLD
NLD
Packet Processor
PTD
Forwarding Engine
Header
NetFlow ASIC
NRD
Queue Memory
DHM
Replication Table
BRKARC-3445
Cisco Public
Output Policing
STP Lookup
NLD
Packet Processor
PTD
Forwarding Engine
Header
NetFlow ASIC
NRD
Queue Memory
DHM
Replication Table
BRKARC-3445
Cisco Public
Active Queue Mgmt avoids Congestion on Tx Qs, while protecting lo-bandwidth flows
STP Lookup
NLD
Packet Processor
PTD
Forwarding Engine
Header
NetFlow ASIC
NRD
Queue Memory
DHM
Replication Table
BRKARC-3445
Cisco Public
NLD
Packet Processor
PTD
Forwarding Engine
Header
NetFlow ASIC
NRD
Queue Memory
DHM
Replication Table
BRKARC-3445
Cisco Public
STP Lookup
NUD
Packet Processor
PTD
Forwarding Engine
NetFlow ASIC
NRD
Header
Queue Memory
DHM
Replication Table
BRKARC-3445
Cisco Public
PLD
NLD
Packet Processor
Header
PTD
Forwarding Engine
NetFlow ASIC
NRD
Queue Memory
DHM
Replication Table
BRKARC-3445
Cisco Public
STP Lookup
NLD
Packet Processor
Header Payload
PTD
Forwarding Engine
NetFlow ASIC
NRD
Queue Memory
DHM
Replication Table
BRKARC-3445
Cisco Public
STP Lookup 1 2
4
PLD 3
8
NLD
Packet Memory
Packet Processor
14
PTD 13
Forwarding Engine
10 11 7
NetFlow ASIC
NRD
Queue Memory
12
DHM
Replication Table
BRKARC-3445
Cisco Public
57
3.
4.
The stripped header is used to construct a Packet Lookup Descriptor (PLD) and forwarded to the Forwarding Engine ASIC
The packet goes through L2 lookup. Spanning tree state is checked. Packet MAC source and MAC destination together with receive vlan ID are looked up in the L2 Hash Table. L2 lookup also determines whether the packet is destined for router functionality.
5.
6.
Input Classification is used to classify the packet via rules loaded into the Input Classification TCAM. ICC stores input ACL and QoS rules in TCAM4
A NLD (Netflow Lookup Descriptor) is created by the Forwarding Engine and fed into the NetFlow ASIC. Here new flow is created or updated; also microflow policing is done here.
7.
NRD (Netflow Result Descriptor) is created by NetFlow ASIC and passed to the Forwarding Engine ASIC. Input Aggregate policing result from VFE and Ingress Microflow policing result from NetFlow ASIC are merged, and packet policed accordingly.
Header is looked up in the FLC for L3 Lookup. FLC stores L3 (or L2 lookup) forwarding and unicast RPF check rules. Contains mainly IPv4 and IPv6 FIB entries.
BRKARC-3445 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
8.
58
9.
10. Output policing is done at this stage. 11. DBL Hashing Memory is algorithm for avoiding congestion in the ASIC. 12. The transmit descriptor is enqueued in the queue memory 13. Packet Transmit Descriptor (PTD) is sent to the Packet Processor. A NetFlow Update Descriptor (NUD) is sent by the Forwarding Engine to the NetFlow ASIC to update Transmit Statistics for that flow.
14. Packet Processor transmits the packet across the backplane to the correct egress line card.
BRKARC-3445
Cisco Public
59
STP Lookup
Packet Memory
PLD
Replication Queue
NLD
Packet Processor
PTD
Forwarding Engine
Replication Module
NetFlow ASIC
NRD
Queue Memory
DHM
Replication Table
BRKARC-3445
Cisco Public
60
STP Lookup 1
2 NLD 5
Packet Memory
PLD
Replication Queue
Packet Processor
PTD
Forwarding Engine
Replication Module
NetFlow ASIC
NRD
Queue Memory
7
DHM
Replication Table
BRKARC-3445
Cisco Public
61
3.
At some point, during the Forwarding Lookup, the destination Multicast Group address will be looked up. This will point to an Adjacency Entry in the FLC, which points to a RET Entry, in the Replication Table.
The REM consults the RET Table, it stores the information as to how many copies of this Descriptor need to be created and what are the forwarding interfaces for each copy of the Descriptor. The REM creates the Header Copies and enqueues them in the Replication Request Queue. This Descriptor traverses through the Forwarding Engine like before, but none of the Ingress Processing including Forwarding Lookups are done. It proceeds straight to OCC for applying egress features on each of those OIFs. Once the features are applied and the packets are permitted out the OIF they are enqueued into the Queue Memory. The copies are then forwarded to their respective OIFs.
4.
5. 6.
7. 8.
BRKARC-3445
Cisco Public
62
Agenda
Catalyst 4500E overview IOS XE and Wireshark Overview System Architecture and Packet walk Flexible NetFlow Secure via MACSec ACL/QoS TCAM Forwarding TCAM High Availability Summary
BRKARC-3445
Cisco Public
63
Why NetFlow?
Bandwidth/Capacity Reports
What is eating up my network resources? When do I need a capacity upgrade? What is causing congestion?
What percentage is using P2P/gaming application? What are the usage patterns of different subscriber groups? What is the cost impact of my top subscribers?
Server Activity
What are the popular Web hosts used? What are the popular streaming sites?
Security Reports
Which subscribers are infected and attacking others? Which subscribers are spamming? Which subscriber is attacking network resources?
BRKARC-3445
Cisco Public
64
STP Lookup
Packet Memory
PLD
NLD
Packet Processor
PTD
Forwarding Engine
NetFlow ASIC
NRD
Queue Memory
DHM
Replication Table
BRKARC-3445
Cisco Public
65
NetFlow ASIC
Mask Mask Actions Actions
BRKARC-3445
Cisco Public
66
1 Entry
8K Buckets
Flow Entry and Statistics Flow Entry and Statistics Flow Entry and Statistics Flow Entry and Statistics Flow Entry and Statistics
.. .. .. .. .. .. .. ..
Cisco Public
15
Flow Entry and Statistics Flow Entry and Statistics
BRKARC-3445
67
Fixed 7 keys
Export
NetFlow Cache
Flow cache 1
Flow cache 2
Protocol 11 6 11 6 SrcIf Fa1/0 Fa1/0 Fa1/0 Fa1/0
Protocol 11 6 11 6
TOS 80 40 80 40
Export
Destination 1
Flow Monitor 2
Flow cache 3
TOS 80 40 80 40
Export
Destination 2
Flow Monitor 3
Export
Destination 3
Bridged NetFlow. Capability of creating and tracking TCP Flags are now exported as part of the flow information.
Very useful to understand TCP flow directions and to detect denial of service attacks
(legacy)supported
BRKARC-3445
Cisco Public
69
Interface
Input
IPv4
Source IP address Destination IP address
IPv6
Source IP address
Transport
ICMP Code ICMP Type IGMP Type TCP Source Port TCP Destination Port UDP Source Port UDP Destination Port
Destination IP address
Protocol Traffic Class Flow Label Total Length Extension Headers** DSCP Next-header* Hop-Limit
Layer 2
Dot1q priority Dot1q Vlan ID Source MAC address Destination MAC address
Protocol Precedence
DSCP
TTL Total Length
Is-multicast
Cisco Public
70
Counters
Bytes
IPv4
TTL Minimum TTL Maximum
IPv6
Total Length Minimum Total Length Maximum
Option Header
Hop-limit minimum Hop-limit maximum
Transport
TCP Flags: ACK, FIN, PSH, RST, SYN, URG
Routing
Forwarding Status
Interface
Output
Timestamp
First Seen Last Seen
Is-multicast
--- New Non-Key Fields in FnF
*more fragment fields
BRKARC-3445
Cisco Public
71
interface
BRKARC-3445
Cisco Public
72
flow record my-app-traffic match transport tcp source-port match transport tcp destination-port match ipv4 source address match ipv4 destination address collect counter bytes collect counter packets
BRKARC-3445
Cisco Public
73
Top Talkers
Top ten IP addresses that are sending the most packets
Switch# show flow monitor <monitor> cache aggregate ipv4 source address sort highest counter bytes top 10 format table
Top five destination addresses to which were routing most traffic from the 10.10.10.0/24 prefix
Switch# show flow monitor <monitor> cache filter ipv4 source address 10.10.10.0/24 aggregate ipv4 destination address sort highest counter bytes top 5
BRKARC-3445
Cisco Public
74
BRKARC-3445
Cisco Public
75
BRKARC-3445
Cisco Public
76
BRKARC-3445
Cisco Public
77
Agenda
Catalyst 4500E overview IOS XE and Wireshark Overview System Architecture and Packet walk Flexible NetFlow Secure via MACSec ACL/QoS TCAM Forwarding TCAM High Availability Summary
BRKARC-3445
Cisco Public
78
What is MACSec?
Encrypt
MACSec
Encrypt
MACSec Uplink
Encrypt
MACSec
Downlink Decrypt
Downlink
Decrypt
Decrypt
Encryption mitigates packet eavesdropping, tampering, and injection Supports 802.1AE-based strong encryption technology
128-bit AES-GCM, NIST-approved, 10Gb line-rate encryption
Hop-by-hop encryption supports data and packet inspection Works in shared media environments (IP Phones, Desktops)
BRKARC-3445
Cisco Public
79
MACSec Frame
Layer 2 SGT Frame and Cisco Meta Data Format
Authenticated Encrypted
DMAC
SMAC 802.1AE Header 802.1Q CMD ETYPE PAYLOAD ICV CRC
CMD EtherType
Version Length
SGT Value
Tagging process prior to other L2 service such as QoS SGT namespace is managed on central policy server (ACS 5.x) No impact IP MTU/Fragmentation. Normal Ethernet Frame
BRKARC-3445 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
80
BRKARC-3445
Cisco Public
81
CTS Tx
802.3 Serial
SFP/SFP+ Port 1
XAUI Serial
SFP/SFP+ Port 2 SFP/SFP+ Port 3
10
11
12
Cisco Public
BRKARC-3445
82
aaa new-model ! ! aaa authentication dot1x default group radius aaa authorization network default group radius aaa accounting dot1x default start-stop group radius ! aaa session-id common ! dot1x system-auth-control ! radius-server host 10.3.1.21 key XxXxXxXxXx radius-server vsa send authentication
BRKARC-3445
Cisco Public
83
interface GigabitEthernet4/1 description AnyConnect Interface to MACSEC XP 1 switchport access vlan 903 switchport mode access mtu 9198 logging event link-status authentication priority dot1x authentication port-control auto macsec Default is should-secure, other options are must-notdot1x pae authenticator secure and must-secure mka default-policy spanning-tree portfast authentication linksec policy should-secure
BRKARC-3445
Cisco Public
84
BRKARC-3445
Cisco Public
85
BRKARC-3445
Cisco Public
86
BRKARC-3445
Cisco Public
87
Agenda
Catalyst 4500E overview IOS XE and Wireshark Overview System Architecture and Packet walk Flexible NetFlow Secure via MACSec ACL/QoS TCAM Forwarding TCAM High Availability Summary
BRKARC-3445
Cisco Public
88
TCAM Overview
BRKARC-3445
Cisco Public
89
Packet Types
IPv4
Classification TCAM
IPv6 Layer-2
OtherL3
BRKARC-3445
Cisco Public
90
Lookup Types
ACL QoS
Fwd Override
BRKARC-3445
Cisco Public
91
TCAM Blocks
Each Classification TCAM4 has 32 Blocks
....
2048
32
32
1
1024
...
32
...
2
1
BRKARC-3445 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
92
2048 ... 3 2 1
BRKARC-3445
2048 ... 2 1
2048 ...
1024
1024
1024
32
2 1 2 1 2 1 2 1
IPv4 block
IPv6 block
Maximum is 12 blocks Maximum number of Access Control Entries (ACE) in all policies combined on a single ACL path cannot exceed 24K ACEs IPv6 ACEs are double the width of IPv4; you cannot have an IPv6 ACL with more than 12K ACEs
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
93
Agenda
Catalyst 4500E overview IOS XE and Wireshark Overview System Architecture and Packet walk Flexible NetFlow Secure via MACSec ACL/QoS TCAM Forwarding TCAM High Availability Summary
BRKARC-3445
Cisco Public
94
Dual Forwarding CAMs provide 64 blocks to store IPv4 and IPv6 Unicast Multicast Routes 256,000 IPv4 Routes 128,000 IPv6 Routes
Optimized Space Allocation for IPv4 and IPv6 Configurations! Hardware Support for IPv6
BRKARC-3445 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
95
Agenda
Catalyst 4500E overview IOS XE and Wireshark Overview System Architecture and Packet walk Flexible NetFlow Secure via MACSec ACL/QoS TCAM Forwarding TCAM High Availability Summary
BRKARC-3445
Cisco Public
96
Packet Processor
Forwarding Engine
Active Supervisor
FPGA
S2W BUS
CPU
FPGA
SERDES
CPU
Forwarding Engine
Packet Processor
Standby Supervisor
FPGA
SERDES
Linecard
Port ASIC
Cisco Public
PHY
RJ45 Ports
97
1G PHY
Keep-Alive
Keep-Alive - ACK
1G PHY
Standby Supervisor
BRKARC-3445 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
98
Active Ports
Inactive Ports
BRKARC-3445
Cisco Public
99
SSOStateful SwitchOver
SSO allows Redundant Supervisors to run a stateful IOS and stateful applications to exchange state in order to minimize outage at the time of switchover from Active to Standby Supervisor. SSO supported in Cisco IOS Release 12.2(46)SG with Sup6-E, and now with Sup7-E Default Redundancy Mode Redundant Supervisor fully initialized Upon Switchover Physical Links stay up - Protocols do not reset Traffic Interruption: Sub-Second (<40ms for Layer 2, and <200ms for Layer 3) IOS Images need to be identical
BRKARC-3445 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
100
101
Switch#show redundancy states my state = 13 -ACTIVE peer state = 8 -STANDBY HOT Mode = Duplex Unit = Primary Unit ID = 5 Redundancy Mode (Operational) Redundancy Mode (Configured) Redundancy State Manual Swact Communications = Up client count = 64 client_notification_TMR keep_alive TMR keep_alive count keep_alive threshold RF debug mask = = = = Stateful Switchover Stateful Switchover Stateful Switchover enabled
= = = = =
BRKARC-3445
Cisco Public
102
SSO-Aware Features
SSO supports stateful switchover of the following Layer 2 features. The state of the features are preserved between both Active and Standby Supervisor Engines
BRKARC-3445
Cisco Public
103
Non-Stop Forwarding (NSF) provides the capability for the routing protocols to gracefully restart after an SSO fail-over
Si
Si
The newly active redundant supervisor continues forwarding traffic using the synchronized HW forwarding tables
The NSF capable Routing Protocol requests a graceful neighbor start Routing neighbors reform with no loss of traffic
Si
Si
104
EIGRP Example
Switch(config)#router ospf 100 Switch(config-router)#nsf ? cisco Cisco Non-stop forwarding ietf IETF graceful restart
OSPF Example
Switch(config-router)#nsf cisco ? enforce Cancel NSF restart when non-NSF-aware neighbors detected helper helper support
Switch(config-router)#bgp graceful-restart ? restart-time Set the max time needed to restart and come back up stalepath-time Set the max time to hold onto restarting peer's stale paths
BGP Example
BRKARC-3445
Cisco Public
105
03.01.00.SG 03.02.00.SG
BRKARC-3445
Cisco Public
106
OLD
NEW
OLD NEW
acceptversion
OLD NEW
There is a 4-Step Traditional Method: Load Version Run Version Accept Version Commit Version
BRKARC-3445 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
Active Standby
107
Standby Supervisor
Cisco Public
Switch#show issu state detail Slot RP State ISSU State Operating Mode Current Image Pre-ISSU (Original) Image Post-ISSU (Targeted) Image Slot RP State ISSU State Operating Mode Current Image Pre-ISSU (Original) Image Post-ISSU (Targeted) Image = = = = = = = = = = = = = = 5 Standby Init Stateful Switchover bootflash:xo166 N/A N/A 6 Active Init Stateful Switchover bootflash:xo166 N/A N/A
BRKARC-3445
Cisco Public
109
Runtime Diagnostics Line Card Module, Temperature, Power Supply, Fan Tray
BRKARC-3445
Cisco Public
110
Agenda
Catalyst 4500E overview IOS XE and Wireshark Overview System Architecture and Packet walk Flexible NetFlow Secure via MACSec ACL/QoS TCAM Forwarding TCAM High Availability Summary
BRKARC-3445
Cisco Public
111
CPU / SDRAM
Forwarding Engine
Packet Processor
Passive Backplane
All forwarding, queuing, security is implemented on the Supervisor Upgrade Advantages
BRKARC-3445
Cisco Public
IOS XE that can leverage multicore CPU, and ability to host applications separately outside IOS context
112
BRKARC-3445
Cisco Public
113
Thank you.
BRKARC-3445
Cisco Public
114
Appendix
Distribution
Access
BRKARC-3445
Cisco Public
116