Information Technology Reference
In-Depth Information
Also, remember that, as of publication time, only members of the 7500, 7200, 4700, 4500, and 3600
router families support MLS externally. Currently, only these external routers and the routers that fit into
the Catalyst 5xxx or 6xxx switch families (such as the RSM and RSFC for the Catalyst 5xxx family, and
the MSFC for the Catalyst 6xxx family) can be MLS-RPs. The MSFC requires the Policy Feature Card
(PFC) as well, both installed on the Catalyst 6xx Supervisor. IP MLS is now a standard feature in IOS
12.0 and later router software. IOS software lower than IOS 12.0 generally requires a special train; for
such IP MLS support, install the latest images in IOS 11.3 that have the letters “WA” in their filenames.
For the MLS-SE, a NetFlow Feature Card (NFFC) is required for a member of the Catalyst 5xxx family;
this card is installed in the Supervisor module of the Catalyst switch and is included as standard
hardware in newer Catalyst 5xxx series Supervisors (since 1999). The NFFC is not supported on the
Supervisors I or II and is an option on early Supervisor IIIs. Also, a minimum of 4.1.1 CatOS is required
for IP MLS. In contrast, for the Catalyst 6xxx family, the required hardware comes as standard
equipment, and IP MLS has been supported since the first CatOS software release, 5.1.1 (in fact, IP MLS
is an essential and default ingredient for its high performance). With new platforms and software being
released that support IP MLS, it is important to check documentation and release notes, and to generally
install the latest release in the lowest train that meets your feature requirements. Always check the
release notes and consult with your local Cisco sales office for new MLS support and feature
developments.
Commands to check the installed hardware and software are
show version
on the router, and
show
module
on the switch.
The Catalyst 6xxx family of switches does
not
support an external MLS-RP at this
time. The MLS-RP must be an MSFC.
Note
Are the source and destination devices in different VLANs off the same MLS-SE, sharing a single
common MLS-RP?
It is a basic topology requirement of MLS that the router have a path to each of the VLANs. Remember
that the point of MLS is to create a shortcut between two VLANs so that the “routing” between the two
end devices can be performed by the switch, thus freeing the router for other tasks. The switch is not
actually routing; it is rewriting the frames so that it appears to the end devices that they are talking
through the router. If the two devices are in the same VLAN, then the MLS-SE will switch the frame
locally without utilizing MLS, as switches do in such a transparently bridged environment, and no MLS
shortcut will be created. It is possible to have multiple switches and routers in the network, and even
multiple switches along the flow path, but the path between the two end devices for which an MLS
shortcut is desired must include a single MLS-RP in that VLAN for that path.
In other words, the flow from source to destination must cross a VLAN boundary on the same MLS-RP,
and a candidate and enabler packet pair must be seen by the same MLS-SE for the MLS shortcut to be
created. If these criteria are not met, then the packet will be routed normally without the use of MLS.
See the documents suggested at the end of this chapter for diagrams and discussions regarding supported
and unsupported network topologies.
Step 2
Does the MLS-RP contain an
mls rp ip
statement under
both
its global and interface configuration?
If one is not present, add
mls rp ip
statements appropriately on the MLS-RP. Except for routers for
which IP MLS is automatically enabled (such as the Catalyst 6xxx MSFC), this is a required
configuration step. For most MLS-RPs (routers configured for IP MLS), this statement must appear both
in the global configuration and under the interface configuration.
Step 3
