Layer 3 Switching with a NetFlow Feature Card (NFFC)

For vastly improved routing performance on a Catalyst 5000 router, another alternative is to install a NetFlow Feature Card (NFFC). The NFFC is a specialized piece of hardware that acts as a pattern-matching engine for the purpose of rewriting the subsequent packets in a routed transmission at Layer 2. This results in vastly improved routing performance suitable for campus environments.

MLS uses three primary components in order to facilitate higher-speed Layer 3 switching performance. These are listed below, along with explanations of their purposes:

MLS Route Processor. In a Layer 3 switch, the MLS Route Processor takes on the role of a router. Ultimately it makes routing decisions for the network, using the information stored in its routing table. Even when a packet is switched using a rewrite process at Layer 2, it is ultimately the Route Processor that made the initial decision on how this should occur.

MLS Switching Engine. The MLS switching engine is simply a switch that includes an NFFC. This switch will build CAM table entries for the various MLS Route Processors that it knows about, and build cache entries for the shortcut switching methods discussed earlier.

Multilayer Switching Protocol. The Multilayer Switching Protocol is a lightweight protocol that runs on an MLS Route Processor, allowing it to communicate with the MLS Switching Engine.

When a multilayer switch boots up, the Multilayer Switch Protocol on MLS Route Processor sends hello packets to the NFFC, identifying VLANs and MAC addresses used by the router. As the NFFC forwards initial packets to the route processor (known as candidate packets) it creates a partial shortcut entry. When the packet it ultimately forwarded back to the NFFC from the router, the NFFC checks its shortcut table, notices a partial entry for the original packet that was forwarded to this router, and creates a full shortcut entry for the flow. In essence, the NFFC has noted that a packet forwarded to the route processor was passed back to it, and it will subsequently handle the inline rewrite of matching packets automatically at Layer 2 until the flow either times out (has not been used for a period of time) or the route processor lets it know of a topology change.

While this is a simplified view of what can be a very detailed process, it helps you to get the picture – an NFFC can significantly speed up the routing process at Layer 2 by rewriting packets, even though the ultimate routing decision is still made by the route processor at Layer 3.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.