7.1 MLS Processes
7.1.7 Step 4: The MLS-SE shortcuts future packets
As future packets are sent by Host-A, the MLS-SE uses the destination IP address to look up the completed shortcut entry created in Step 3. Finding a match, it uses a rewrite engine to modify the necessary header information and then sends the packet directly to Host-B (the packet is not forwarded to the router). The rewrite operation modifies all the same fields initially modified by the router for the first packet. From the perspective of Host-B, it has no idea that the MLS-SE has intercepted the packet. Figure illustrates this operation.

The rewrite mechanism can modify the following fields:

  • Source and Destination MAC Address
  • VLAN ID
  • TTL
  • IP Encapsulation (for example, ARPA [DEFINE] to Subnetwork Access Protocol [SNAP])
  • Checksums
  • Type of Service/Class of Service (ToS/CoS)

It is important to understand that, although MLS is a Cisco specific term, it is entirely standards compliant. Unlike some other shortcut and cut-through mechanisms, MLS makes all the modifications that a normal router makes to an IP or Internetwork Packet Exchange (IPX) packet. Even using a protocol analyzer to capture traffic going through a MLS versus a router would not be able to tell the difference.

MLS can use two options to rewrite the packet. In the first option, the MLS-SE itself is used to rewrite the packet. On the Catalyst 5500, the MLS-SE contains three rewrite engines, one per Catalyst 5500 bus. The Catalyst 6000 series switch contains one rewrite engine. These rewrite engines are referred to as central rewrite engines. The downside of using a central rewrite engine is that it requires the packet to traverse the bus twice. For example, in Figure , the packet first arrives through Port 2/1 and is flooded across the backplane as a VLAN 1 frame. The MLS-SE is treated as the destination output port. After the MLS-SE has completed the shortcut lookup operation, it uses the rewrite information contained in the Layer 3 CAM table to update the packet appropriately. It then sends the rewritten packet back across the bus as a VLAN 2 frame, where the Layer 2 CAM table is used to forward it out Port 3/1. In other words, it crosses the bus first as a packet in the red VLAN and again as a packet in the blue VLAN. As a result, performance is limited to approximately 750,000 packets per second (pps) (on Catalyst 5000s).

The second rewrite option uses a feature called inline rewrite to optimize this flow. When using Catalyst modules that support this feature, the rewrite operation can be performed on the output module itself, allowing the packet to cross the bus a single time. Figure illustrates the inline rewrite operation. Inline rewrite operation is supported only on selected modules for the Catalyst 5000 series switch. Inline rewrite operation is supported on all Catalyst 6000 series modules.

When the packet comes in from Host-A, it is flooded across the bus. All ports make a copy of the frame, including the destination Port 3/1 and the MLS-SE. The MLS-SE looks up the existing shortcut entry and sends just the rewrite information to Module 3 (this occurs on a separate bus from the data bus). Module 3 is the third module in the Catalyst switch - the modules are numbered vertically from the top down. Module 3 uses its local rewrite engine to modify the packet and immediately forwards it out Port 3/1. Because the frame traversed the bus only once, throughput is doubled to approximately 1,500,000 pps for the Catalyst 5500.