Layer-3 Switch learning-precise match and longest match of layer-3 table items

Source: Internet
Author: User

1,Layer-3 forwardingYesRoute information is requiredThe route selection in the forwarding process determines the final egress of the message,L3 SwitchJust put thisRoute functions are integrated into the switch ChipGo.

2,Route SelectionExistExact matchAndLongest matchTwo methods.

2.1,Exact matchThat is, the destination IP address and the route address information must be completely consistent;

2.2,Longest matchSelect the longest mask for all routes containing the destination address.

2.3 In the early three-tier switch, its switching chip usually uses a precise matching method. Their hardware three-tier table items only contain specific destination IP addresses without mask information. For example, if a packet whose destination IP address is matches a non-direct connection route, add the forwarding information of to the switch chip. to forward packets in, you need to re-search the software and add new table items in the switch chip for This routing method and table item structure have a high requirement on the hardware resources of the switching chip because the storage space of the table item integrated in the chip is very limited. If you want to forward a large number of packets with different destination IP addresses A large number of hardware table items need to be added. A flood of shock waves caused a large number of layer-3 switches that only support exact matching to run out of resources. Because one of the methods of the shock wave virus is to send a large number of network segment scan packets, and most layer-3 switches are configured with the default route, so that all packets can find the matching route in the CPU software search, for each target IP address of a virus message, you need to add a hardware table and quickly fill up the hardware resources. In this way, the normal data stream of most users is not processed at high speed because the forwarding resources are exhausted.
Because of the exact matchDue to the defects of layer-3 switches, the support for the longest matching mode is added to the later layer-3 switches-that is, the hardware layer-3 Table item can also contain IP addresses and masks that follow the longest matching principle during search.. This type of layer-3 Switch generally adds route information to the hardware layer-3 table when the software route table is created, including the direct connection route and non-direct connection route. The tocpu flag of the hardware layer-3 Table item corresponding to the direct connection route is always set to 1. The destination IP address of the packet matches the table item and is sent to the CPU for processing. The CPU software sends an ARP request in the direct connection CIDR Block and adds the obtained ARP information to the hardware table as the host route. The corresponding tocpu flag position is 0, in this way, messages of the same destination IP address will be directly forwarded through the new hardware table. For non-direct connection routes, when the corresponding ARP information of the next hop address is not obtained, the tocpu mark position 1 of the corresponding hardware layer-3 Table item. After the destination IP address of the packet matches such a table item, sent to the CPU for processing. The CPU software sends ARP requests to the direct connection CIDR Block corresponding to the next hop address, and uses the obtained ARP information such as the next hop Mac and egress VLAN, update the corresponding hardware layer-3 Table item, and set its tocpu flag to 0, in this way, the subsequent destination IP address matches the non-direct connection route packet and can be directly forwarded through the modified hardware table item.Currently, mostL3 SwitchBoth can support exact match of table items and longest match table items at the same time. Generally, exact match of table items corresponds to the maximum match Table item in the ARP table in the software corresponding to the direct connection route and non-direct connection route in the software.

3,Export Information of three-tier table items

In the layer-3 forwarding process of a vswitch, the hardware layer-3 table items are composed of the target IP address or CIDR Block, the target IP address or the next hop IP address corresponding to Mac, egress VLAN, and outbound port, the layer-3 switching chip that uses such table items can complete forwarding simply by searching the layer-3 forwarding table items. This processing mechanism has a simple process and high forwarding efficiency, but also makes the configuration control of the hardware table item by the CPU software complicated. Each time the Mac and physical ports corresponding to the IP address change, the three-tier Forwarding Table item must be updated. There is a high possibility of Layer 2 information changes on the vswitch. In particular, the vswitch supports redundant mechanisms such as link aggregation and Spanning Tree. Therefore, in some application environments, the CPU has to update the three-tier Forwarding Table frequently. Once an update fails, especially when a port error occurs, it will inevitably cause serious adverse impact on forwarding.
However, not all three-tier switch hardware three-tier table items contain output port information, the hardware table items used by some SWAP chips only include the destination IP address or CIDR Block, destination IP address or next hop IP address corresponding to Mac and egress VLAN. The forwarding process has the following changes:After finding the layer-3 Forwarding Table Based on the destination IP address of the packet, the MAC address and the egress VLAN corresponding to the destination IP address or the next hop IP address are obtained. Then, the MAC address table is searched based on the macvid, finally, the port information is obtained. If the Mac Table query fails, the information is broadcast on the egress VLAN.Although this processing mechanism increases the processing complexity of the chip, the process is clearer and more reasonable, and the CPU processing is simpler, because the physical exit changes only need to be reflected in the MAC address table, the hardware layer-3 table items do not need to be updated frequently.
The two processing methods have their own advantages for switching chips. Different manufacturers choose based on costs, reliability, product positioning, and other factors.L3 SwitchDifferent performance may occur in the same application environment.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.