Chapter 19
Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1
Layer 3 MLS Cache
The PFC maintains a Layer 3 switching table (the Layer 3 MLS cache) for Layer 3-switched flows. The
cache also includes entries for traffic statistics that are updated in tandem with the switching of packets.
After the MLS cache is created, packets identified as belonging to an existing flow can be Layer 3
switched based on the cached information. The MLS cache maintains flow information for all active
flows.
An MLS cache entry is created for the initial packet of each flow. Upon receipt of a packet that does not
match any flow currently in the MLS cache, a new IP MLS entry is created.
The state and identity of the flow are maintained while packet traffic is active; when traffic for a flow
ceases, the entry ages out. You can configure the aging time for MLS entries kept in the MLS cache. If
an entry is not used for the specified period of time, the entry ages out and statistics for that flow can be
exported to a flow collector application.
The maximum MLS cache size is 128K entries. However, an MLS cache larger than 32K entries
increases the probability that a flow will not be switched by the PFC and will get forwarded to the
Cisco 7600 series router.
Flow Masks
A flow mask is a filter configured by a network administrator that is used by the PFC to determine how
MLS entries are created. The more detailed the flow-mask criteria, the deeper into the packet the MLS
process must look in order to verify if the packet meets those criteria.
The PFC supports only one flow mask, and when the PFC flow mask changes, the entire MLS cache is
purged. When the PFC exports cached entries, flow records are created based on the current flow mask.
Depending on the current flow mask, some fields in the flow record might not have values. Unsupported
fields are filled with a zero (0).
There are three types of IP MLS flow-mask modes: destination-ip, source-destination-ip, and
full-flow-ip. This section describes how these three flow-mask modes work.
•
•
•
Note
The flow mask mode affects the screen output of the show mls ip command.
Interaction Between Software Features and Flow Mask Behavior
This section describes the flow mask used when different software features are configured in a system
with a Supervisor Engine 1.
78-14064-04
destination-ip—The least-specific flow mask. The PFC maintains one MLS entry for each
destination IP address. All flows to a given destination IP address use this MLS entry. In
destination-ip mode, the destination IP address of the switched flows are displayed, along with the
packet rewrite information: rewritten destination MAC, rewritten VLAN, and egress interface.
source-destination-ip—The PFC maintains one MLS entry for each source and destination IP
address pair. All flows between a given source and destination use this MLS entry regardless of the
protocol-specific Layer 4 port information.
full-flow-ip—The most-specific flow mask. The PFC creates and maintains a separate MLS cache
entry for each IP flow. A full-flow-ip entry includes the source IP address, destination IP address,
protocol, and protocol-specific Layer 4 port information.
Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E
Understanding How IP MLS Works
19-3