Figure 210 The Mlsse Offloads Work from the MLSRP

[View full size image]

MLS Cache

Dest Source ^reloco! Dm! Source Dest VU\N Port IP >P Pen Port MAC

Dest Source ^reloco! Dm! Source Dest VU\N Port IP >P Pen Port MAC

In Figure 2-10, the MLS-RP and MLS-SE communicate using MLSP. The SE learns the MAC addresses of the RP (one for each VLAN that is running MLS). When device 1 (10.1.1.1/16) wants to send a packet to device 2 (10.2.2.2/16), device 1 creates a frame with the destination MAC address of its default gateway, the router, which in this case is the RP. The SE receives the frame, sees that it is for the RP, and therefore examines its MLS cache to see whether it has a match for this flow. In the case of the first packet in the flow, no match exists, so the SE forwards the frame to the RP. The SE also puts the frame in its MLS cache and marks the frame as a candidate entry.

The MLS-RP receives the frame, decapsulates (unwraps) the frame, and examines the packet. The RP then examines its routing table to see whether it has a route to the destination of the packet; assuming that it does, the RP creates a new frame for the packet after decrementing the IP header Time to Live (TTL) field and recalculating the IP header checksum. The source MAC address of this frame is the MAC address of the RP; the destination MAC address of this frame is the MAC address of the destination device (or next-hop router). The RP then sends the frame through the SE.

The MLS-SE receives the frame and compares it to its MLS cache; the SE recognizes that the frame is carrying the same packet as a candidate entry and is on its way back from the same RP. The SE therefore completes the MLS cache entry using information from the frame; this entry is now an enabler entry. The SE also forwards the frame out of the appropriate port toward its destination.

When a subsequent packet in the same flow enters the switch, the SE examines its MLS cache to see whether it has a match. This time it does have a match, so it does not forward the frame to the RP. Instead, the SE rewrites the frame using the information in the MLS cache, including decrementing the TTL field, recalculating the IP header checksum, and using the MAC address of the RP as the source MAC address; the resulting frame looks as though it came from the RP. The SE then forwards the frame out of the appropriate port toward its destination.

Was this article helpful?

0 0

Post a comment