Information Technology Reference
In-Depth Information
should make sure that it matches the MLS mode on the router for MLS to work. For source-destination-ip
and full-flow-ip modes, remember to apply the access list to the appropriate router interface. With no
access list applied, even if configured, the MLS mode simply will be destination-ip, the default.
Warning
Whenever the flowmask is changed, whether on the MLS-RP or on the MLS-SE, all
cached MLS flows are purged, and the MLS process is restarted. A purge also can occur
when applying the command clear ip route-cache on the router. Applying the global
router configuration command no ip routing, which turns off IP routing and essentially
transforms the router into a transparent bridge, will cause a purge and disable MLS
(remember, routing is a prerequisite of MLS). Each of these may temporarily—but
seriously—affect router performance in a production network because the router will
experience a spike in its load until the new shortcuts are created: After all, it must now
handle all the flows that were just previously being processed by the switch.
Especially with a member of the Catalyst 5000 family as the MLS-SE, it is best to
avoid the very wide use of flowmasks that are configured with Layer 4 information.
By forcing the router to peer so deeply into every packet on the interface, much of
the intended benefits of MLS are bypassed. This is much less of an issue when
utilizing a Catalyst 6xxx family member as the MLS-SE because the switch ports
themselves can recognize Layer 4 information.
Note
Until recently, MLS did not support flowmasks configured inbound on an MLS-RP
interface, only outbound. Now, by using the mls rp ip input-acl command in
addition to normal MLS-RP configuration commands on a router interface, an
inbound flowmask is supported.
Note
Are more than a couple of MLS “Too many moves” error messages continuously seen on the switch?
As the previous note mentions, changing a flowmask, clearing the route cache, or globally turning off IP
routing will cause a cache purge. Other circumstances can also cause full or many single entry purges,
and cause MLS to complain of “Too many moves.” There are several forms of this message, but each
contains these three words. Aside from what has already been mentioned, the most common cause of
this error occurs when the switch learns multiple identical Ethernet Media Access Control (MAC)
address within the same VLAN; Ethernet standards do not allow for identical MAC addresses within the
same VLAN. If you see this message infrequently, or just a few times in a row, there is no cause for
concern. MLS is a robust feature, and the message may be simply caused by normal network events, such
as a PC connection being moved between ports, for example. If you see this message continuously for
several minutes, however, it is likely a symptom of a more serious issue.
When such a situation arises, its root cause is commonly the presence of two devices with the same MAC
address actually connected to a VLAN, or a physical loop within the VLAN (or multiple VLANs, if
bridging across these broadcast domains). Use spanning-tree troubleshooting covered in the section
“Troubleshooting Spanning-Tree Protocol and Related Design Considerations” found later in this
chapter and the hint that follows to find the loop and eliminate it. Also, any rapid topology changes can
cause temporary network (and MLS) instability (flapping router interfaces, a bad NIC,and so on).
Step 8
Search WWH ::




Custom Search