New Generation of Cisco Switching

by Howard Berkowitz

Old and New Models: Hierarchical, SAFE, and ECNM
      "Is it SAFE?"
What to study -- and Not to Study
  New Paradigms and Metaphors
  Cisco's Switch Product Positioning
  Failover Requirements
      CertificationZone Subscribers Should
      What does this mean in the context of switches?
  Availability Terminology
    Paging Mr. Murphy
  Selecting Recovery Strategies
    Cost and Complexity in Selecting Strategies
    Recovery Time Requirements in Selecting Strategies
    1:N, 1:1, and 1+1 Protection Strategies
Switch Platform Architecture: A Model
  Practical Issues: What Are Ports?
    Forwarding Tables and Populating Them
    Ingress Buffering and Processing
      Pattern Recognition
    Advances in Forwarding Tables: CAM and TCAM
      Introducing Ternary Tables
      For further details...
      Forwarding models
      Shared Bus
      Shared Memory
    Egress Processing
    QoS at the Switch
  Interfacing: the GBIC (Gigabit Ethernet Interface Converter)
Characterizing Switch Performance
    Output Blocking
Grandfather Switch: Catalyst 5x00 Platform Family
Stacking and Clustering: 3750 and 2950
Midrange Flexibility: Catalyst 3550 Platform Family
  A New Interface Paradigm
      Hardware Aspects of Voice Ports
  Management and Control
Catalyst 4000/4500 Platform Family
  Management and Control
Catalyst 6000/6500 Platform Family
  Management and Control
    Database Manager
Switching Functions for High Availability
  Layer 1/2 High Availability for Links and Interfaces
    Layer 1 Failover
      SONET and POS
    Unidirectional Links: Detection Protocol (UDLD) and configuring Unidirectional Ethernet
    Layer 2 Aggregation
    Preventing Broadcast Storms
  Other Layer 2 Security and Management Enhancements
    Private VLANs
    802.1x -- Port Based Authentication
    DHCP-related Security Features
  Growing Frames beyond Normal Size
Single Spanning Tree High Availability
      Layer 2 Traceroute
  Core/Backbone Switch Failure
  Indirect Root Failures
  Root Wars
  Distribution Switch Failure
Performance Enhancements to Individual Spanning Trees
  IEEE 802.1w Rapid Spanning Tree Protocol (RSTP)
    Port Types in 802.1d and 802.1w
    Port States in 802.1d and 802.1w
    PortFast, BPDU Guard, and 802.1w Functional Equivalence
  Root Wars and Root Guard
  STP Convergence Time
Performance Enhancements to Multiple Spanning Trees
  MSTP: Subdividing the Spanning Tree for Faster Convergence
    MSTP Regions
    IST, CIST, and CST
  VLAN Tagging and VLAN Trunk Protocol (VTP)
      VTP Pruning
  VLAN-to-Spanning Tree Relationships


While most of the focus of this paper is on L2 switching, there is a significant amount on the architecture and implementation of "L3 switching". L3 switching is really routing, but the term L3 switching has tended to become associated with implementation techniques that do much of the work in specialized hardware.

Please, please don't get confused by trying to see how L3 switching is somehow different, in basic principles, from routing. It isn't. At worst, it's purely a marketing term; at best, it emphasizes certain implementations. There's no accident that the Cisco 12000 is called the Gigabit Switch Router (GSR), because it makes extensive use of hardware processing. Since it's targeted at a WAN and ISP market, however, Cisco doesn't designate it a switch to avoid confusion with enterprise and server farm relays.

This particular paper has many cross-references to other CertificationZone tutorials, and for good reason. The focus here is how a switch does something, while such things as QoS, high availability, and security tutorials define why something is done.

Old and New Models: Hierarchical, SAFE, and ECNM

One thing to bear in mind is that Cisco has updated some of its design models that make use of switching. While there's been a good deal of buzz, including in exam objectives, about the SAFE and Enterprise Composite Networking Model (ECNM), the old three-level hierarchical model, with some updating, is still usefully with us.

The SAFE blueprint does describe security measures for a variety of enterprise subsystems, and the hierarchical model can be applied individually to many of these subsystems. For all practical purposes, ECNM is simply the hierarchical model in new clothing, now married to the SAFE blueprint.

"Is it SAFE?"

Well, the quote is from the movie "Marathon Man," which is guaranteed to give nightmares about going to dentists. However, SAFE itself doesn't seem to be an acronym -- at least, it's not spelled out in the main SAFE blueprint from Cisco.

Part of the confusion about SAFE and ECNM seems be that material about them is not on Cisco CCO. There is mention of ECNM in several security and design instructor-led courses, but there is no corresponding Cisco white paper. My best interpretation is that ECNM really means the overall design resulting from applying the three-layer hierarchical model to each appropriate subsystem of SAFE.

Some Cisco presentations to service provider audiences introduce a fourth hierarchical layer, "collection", between access and distribution. The collection layer involves broadband aggregation (e.g., IP over cable or DSL) between the user premises and the ISP -- it's where the broadband service provider lives.

In the Cisco Enterprise SAFE document, http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safe_wp.htm, there is one mention of an "enterprise campus module". This module is composed of the campus proper, the "campus edge", and the edge of service provider networks. Cisco has not made it clear if the "collection tier" is equivalent to the "campus edge" discussed in enterprise-oriented presentations.

You may also want to look at an Internet-Draft I coauthored, which hopefully will soon move to RFC, "Terminology for Benchmarking BGP Device Convergence in the Control Plane",http://www.ietf.org/internet-drafts/draft-ietf-bmwg-conterm-05.txt, where we draw a distinction between two functions in the Cisco "distribution tier", the "provider edge router" and the "inter-provider border router," as opposed to the "subscriber edge router". This distinction, while informal, captures some of the flavor of Cisco's "campus edge". While not listed as an official coauthor because we weren't allowed to list more than five coauthors, Alvaro Retana of Cisco was part of the team that wrote this document.

The hierarchical model has changed the most in that Cisco emphasizes "L3 switching" in the core. Previously, the core emphasized L2 switching, either LAN or ATM.

So, the "new" core is simply a place for high-performance routers. The products Cisco calls "high performance multilayer switches", such as the 6500 family discussed in this tutorial, still do IP routing as well as L2 switching. In contrast with routers such as the 12000, 10000, and 7500, the 6500s emphasize Ethernet port density and features more appropriate for LANs than WANs.

What to study -- and Not to Study

Understanding the 3550 is vital for CCIE candidates because it is the only L2-switching capable device announced to be in the CCIE lab. The 3550, however, also has routing/L3 switching capability as well as L4 QoS, so it could appear in lab scenarios as a L2 switch, a hybrid switch-router, a router, or as a edge traffic policy enforcer.

At the same time, especially if you are studying for the CCNP Switching or CCIE Written examinations, you need to know about platforms that are not in the CCIE lab. The 6500 switch, for example, is Cisco's flagship product for large enterprises and internal use within ISPs. It has some unique features on which you might be tested.

For many switches, you will need to recognize that there is a product family that includes more than one numbered series. For example, the 4000 series switches are modular, but the 2948G switches are very similar devices whose configurations are fixed.

Table 1. General Positioning Model for Enterprise Switches

Enterprise sizeWire closetBackbone
SmallFixed configuration
Fixed configuration
MidrangeFixed configuration

You will find switches positioned for different functions, and for the same function within organizations of different size. Fixed configuration platforms are most associated with the smaller enterprises, but they also can be quite useful as aggregation platforms inside larger enterprises.

New Paradigms and Metaphors

Many of Cisco's earlier switches are the result of acquisitions, although modern switches are designed and manufactured by Cisco. As a result, there was a confusing assortment of operating systems and human interfaces across platforms. The "Catalyst Interface", for example, came from Cisco's acquisition of Catalyst.

Table 2. Switch Operating Systems and their Interfaces

Operating System InterfaceComments
CatOS4000, 5000, 6000
Native OS2950, 3550, 4000 Sup 3, 6000 MSFC
HybridCat OS + IOS on MSFC (5x00)
IOSRouters, MSFC

Real consolidation and a clear picture of future trend came with the introduction with the 3550 and its IOS-based interface. This interface has considerable QoS capability, especially important for Cisco AVVID (Architecture for Voice, Video, and Integrated Data) use.

Cisco's Switch Product Positioning

Table 3. The View in 1999

Wire closetServer farmCore
2900/4000, 500060008500

Table 4. Qualifying the 1999 view for Enterprise Size

Enterprise sizeWire closetBackbone

Table 5. The View in 2003

Wire closetServer farmCore
2900/4000, 50004000,60006500

Failover Requirements

CertificationZone Subscribers Should

See my High Availability tutorial for additional details.

Selecting the appropriate level of availability is as much a business as a technical decision. In her book Planning for Survivable Networks, Annlee Hines has written extensively on the basis of these decisions. If you ever plan to recommend real network designs rather than simply pass tests, read her book! [Hines 2002]

My WAN Survival Guide [Berkowitz 2000] discusses some of these cost-benefit trade-offs from the enterprise standpoint, and my Building Service Provider Networks [Berkowitz 2002] looks at the trade-offs from the service provider viewpoint.

Table 6. Broad Goals for High Availability [Berkowitz 2000]

Availability LevelServerNetwork
1"Do nothing special"
Locked network equipment
2"Increased availability: protect the data"
Full or partial disk mirroring, transaction logging
Dial/ISDN backup
3"High availability: Protect the system"
Clustered servers
Redundant routers
No single-point-of-failure local loop
4"Disaster recovery: protect the organization"
Alternate server sites
No single-point-of-failure national backbone

High availability involves a great many cost trade-offs, some of which are "Layer 8" business rather than technical considerations.

Table 7. Costs of High Availability Mechanisms

Backup equipmentDesign
Additional lines/bandwidthNetwork administrator time due to additional complexity; higher salaries for higher skills
Floor space, ventilation, and electrical power for additional resourcesPerformance drops due to fault tolerance overhead

If you choose to "pay me later" and accept failures, what are some of the costs of failures when they occur?

Table 8. Costs of Lack of Availability

Revenue lossLost marketing opportunities
Overtime charges for repairShareholder suits
Salaries of idle production staffStaff morale

What does this mean in the context of switches?

