Layer-3 Switch: Multiple forwarding of one route

Layer-3 Switch: the principle of layer-3 switch is that two hosts A and B Using IP addresses communicate with each other through the layer-3 switch. When Site A starts sending, it compares its IP address with the IP address of Site B to determine whether Site B is in the same subnet as it. If the destination site B and the destination site A are in the same subnet, Layer 2 Forwarding is performed. If two sites are not in the same subnet, if Station A needs to communicate with Station B, station A must send an ARP request (Address Resolution) packet to the "Default Gateway, the IP address of the "Default Gateway" is actually a layer-3 Switch module. When station A broadcasted an ARP request to the IP address of the "Default Gateway", if the layer-3 Switching Module knew the MAC address of Station B during the previous communication, then the MAC address of B is returned to the sending Site. Otherwise, the layer-3 Switch module broadcasts an ARP request to Site B based on the route information. Site B receives the ARP request and then replies to the layer-3 Switch module with its MAC address, the layer-3 Switching Module saves the address and sends it back to the sender Site A. It also sends the MAC address of Site B to the MAC address table of the layer-2 switching engine. After that, all data packets sent by A to B are forwarded to the layer-2 exchange process, enabling high-speed information exchange. Because layer-3 processing is only required in the routing process, most data is forwarded through layer-2 switch, so the speed of layer-3 switch is very fast, close to the speed of layer-2 switch, at the same time, it is much lower than the same vro ". This statement made me depressed for A long time. "When station A broadcasted an ARP request to the IP address of the" Default Gateway, if the layer-3 Switching Module knows the MAC address of Site B in the previous communication process, it will reply the MAC address of Site B to site. Otherwise, the layer-3 Switch module broadcasts an ARP request to Site B based on the routing information ". Analysis: Since A and B are not in the same network segment, A sends the MAC address of the ARP request gateway. How can A layer-3 Switch return the MAC address of B? Let's make a speech! Forget to find the information! It makes sense to reference others' original words! After analyzing the above article, I think this viewpoint violates the basic principle of communication between the host and the default gateway. The article mentions that "when station A broadcasted an ARP request to the IP address of the" Default Gateway ", if the layer-3 Switching Module knew the MAC address of Station B during the previous communication, then the MAC address of B is returned to the sending Site. Otherwise, the layer-3 Switch module broadcasts an ARP request to Site B based on the routing information ". In fact, when station A sends an ARP request from the gateway IP address to the layer-3 Switch module, the ARP request does not contain the IP address of Station B, the layer-3 Switch module only replies the MAC address corresponding to its IP address to Station A, and does not reply to station A's MAC address. This is one of the errors. To put it back, even if the layer-3 Switch module replies to the MAC address of Station B, because Station B and station A are not in the same subnet, station A will not encapsulate the destination MAC address of Station B in the Ethernet frame to be sent by Station. This is error 2. In addition, the layer-3 Switching Module receives the Ethernet frames sent from Station A to Station B. The layer-3 Switching Module extracts the IP addresses of Station B from the IP packets of the Ethernet frames and searches the route table, find the next hop of Station B. If Station B and a layer-3 switch interface are in the same network segment, the layer-3 Switch broadcasts ARP requests to the IP address of the B station, the MAC address of Station B can be learned from the ARP response of Station B. If an interface of Station B and layer-3 switch is not in the same network segment, there are several hops between them, the layer-3 Switch module only broadcasts ARP requests to the next hop IP address. The next hop ARP responds to the MAC address of the next hop IP address. The layer-3 Switch module does not know the MAC address of site B. This is error 3. To achieve the goal of "routing once, everywhere switching" or "Layer 2 Switching Based on the destination MAC address, the communication mechanism between the existing host and the default gateway or the routing rules of the layer-3 switch must be changed. In other words, the existing communication mechanism must be replaced by a new communication mechanism between the host and the default gateway. Just like the Fast IP technology of 3Com. In the actual network, both the host and the layer-3 switch work well, without any changes to the host or the original network facilities. When the third-layer Switch replaces the traditional router, the traffic forwarding performance between subnets has been improved unprecedentedly. This is not the result of changing the forwarding mechanism of the switch to the layer-3 packet, that is, the result of "one route, switch everywhere" or "layer-2 switch based on the target MAC address, instead, layer-3 switches quickly forward layer-3 packets based on hardware. After searching for information, I sorted out the principle of multiple switching of one route as follows: layer-3 switch structure: ASIC chip and CPUASIC chip are used to complete forwarding of layer-2 and layer-3, the table contains the MAC address table used for layer-2 forwarding and the layer-3 forwarding table used for IP forwarding. The CPU is used for forwarding control. It mainly maintains some software table items (including route tables and ARP tables) and configures the hardware layer-3 forwarding table of ASIC based on the forwarding information of Software Table items. What determines high-speed forwarding is the two-tier hardware table item of ASCIC, while the hardware table of ASIC comes from the Software Table item maintained by the CPU. Assume that A and B are in different VLANs of different network segments, and route forwarding is performed through the SVI interface of the layer-3 switch in the middle. ApingB data stream analysis is as follows: host A checks the IP address of target B, which is not in the same network segment as itself. Therefore, it needs to be forwarded through the gateway. First, it queries the ARP cache and does not find the gateway MAC, so broadcast ARP requests (the target MAC is all F, the source MAC is the MAC of A, the source IP is the IP of A, and the target IP is the gateway IP) and request the MAC address of the gateway, when A layer-3 Switch receives A broadcast frame, it unpacks it and finds that the target IP address is for itself. Therefore, it returns an ARP response and tells A about its MAC address. After receiving the ARP response,, update the ARP cache and re-encapsulate ICMP (the target MAC is the gateway, the source MAC is A, the target IP is B, and the source IP is A). After the switch receives the IP address, first, update the MAC table based on the source MAC + VID of the message, and query the MAC table based on the destination MAC + VID of the message to find the MAC table items matching the layer-3 interface (description: when a layer-3 Switch assigns a svi ip address, the MAC + VID of the layer-3 interface is added to the MAC table of the switch ), when the destination MAC in the packet matches the MAC table of the layer-3 interface, layer-3 Forwarding is performed to search for layer-3 Layer table items, because the first time is empty, so the query fails, so the packet is handed over to the CPU for software processing, the CPU searches for the route based on the target IP address, match to a direct connection network segment, so the ARP table is still empty for the first time. If the query fails, the System Broadcasts the MAC address of ARP request B in the destination CIDR block. After receiving the ARP request, B returns the ARP response and the switch receives the response, update the MAC table and ARP table, and re-encapsulate ICMP and send it to B (the target MAC is B, the source MAC is the MAC of the layer-3 switching interface, the target IP is B, and the source IP is ). At the same time, the layer-3 Table item of the switch adds table items (including IP, MAC, VLAM, and outbound interfaces) based on the obtained layer-3 forwarding information. If subsequent packets match layer-3 table items, you can directly perform hardware forwarding, which is called Multiple Route exchanges at a time. B receives an ICMP response, which is the inverse process of the above process. Therefore, PING is successful.