[nsp] mls in the core?

Sharp, Duncan DRSharp@NaviSite.com
Tue, 3 Dec 2002 14:52:25 -0800


> -----Original Message-----
> From: Stephen J. Wilcox [mailto:steve@telecomplete.co.uk]
> Sent: Tuesday, December 03, 2002 2:15 PM
> To: cisco-nsp@puck.nether.net
> Subject: [nsp] mls in the core?
> 
> 
> Hi,
>  recent topics on mls has me wondering.
> 
> Has anyone experience - live or lab - of running multilayer 
> switching in the
> network core?

	Not in BGP related core. But in our backend core.
	Read below.
> 
> What I mean by this is where you may have multiple gig-e 
> links which you would
> usually plug in to a big router- gsr or whatever that is also 
> running a full bgp
> table possibly with many peers.
> 
> What about if you stick a 7xxx on as the router engine and 
> sit a 6xxx underneath
> with the gig links in and configure the pair to run mls?
> 
> The 6xxx has a much higher throughput and I'd assume be able 
> to really take a
> beating, as the packets dont go thro the engine the 7xxx 
> doesnt need a huge cpu
> and expensive gig line cards - a single GE or possible FE should do.
> 
	We had (now replaced with 6509) 5509 + 7200 (npe300) in backend.
	Multiple vlans going into 7200 over a pair of 100TX links.
	The designed worked until we started to push 120mbit into the 7200s.
	They seemed to falter on the ISL encap/deencap overhead.

	Design moved to RSMs. This allowed much more bandwidth.
	Design failed when ACLs were applied to ALL vlans for security 
	purposes.
	The ACLs prevented the 5509 from switching any packets, and all 
	were sent to RSM.

	All is fine now with 6509s with MSFC1s.

> Any thoughts? The incentive behind this is of course to avoid 
> buying a very
> expensive 12000 router loaded with gig ports. (Btw is anyone 
> using and happy
> with gig line cards on 7xxx?)

	The 7xxx solution can only use multicasts to send MLS hints to 
	your 6xxx switches. Your 6xxx switches will need SUP engines with 
	the PFC or PFC2 card just to do the L3 switching.

	The MSFC:

		does have a direct interface for forwarding updates into the
PFC.

		does have a hardware TCAM (ACL) on the switch.

	There are more "features" in the PFC2/MSFC2 that may or may not have
any 
	bearing on this.

	Which IOS branch are you looking at 12.0S vs. 12.1E ? Or something
like 12.2?

Yours,
Duncan Sharp
> 
> Steve
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>