Catalyst 6000 Family Software Configuration Guide—Releases 6.3 and 6.4
Chapter 14 Configuring MLS
Understanding How Layer 3 Switching Works
MLS Cache Size
The maximum MLS cache size is 128K entries. The MLS cache is shared by all MLS processes on the
switch (IP MLS, IP MMLS, and IPX MLS). An MLS cache larger than 32K entries increases the
probability that a flow will not be Layer 3 switched, but will instead be forwarded to the MSFC.
Understanding Flow Masks
The PFC uses flow masks to determine how MLS entries are created.
These sections describe the flow mask modes:
Flow Mask Modes, page 14-6
Flow Mask Mode and show mls entry Command Output, page 14-7
Flow Mask Modes
The PFC supports only one flow mask (the most specific one) for all MSFCs that are Layer 3 switched
by that PFC. If the PFC detects different flow masks from different MSFCs for which it is performing
Layer 3 switching, it changes its flow mask to the most specific flow mask detected.
When the PFC flow mask changes, the entire MLS cache is purged. When the PFC exports cached
entries, flow records are created based on the current flow mask. Depending on the current flow mask,
some fields in the flow record might not have values. Unsupported fields are filled with a zero (0).
The MLS flow masks are as follows:
destination-ip—The least-specific flow mask. The PFC maintains one MLS entry for each Layer 3
destination address. All flows to a given Layer 3 destination address use this MLS entry.
destination-ipx—The only flow mask mode for IPX MLS is destination mode. The PFC maintains
one IPX MLS entry for each destination IPX address (network and node). All flows to a given
destination IPX address use this IPX MLS entry.
source-destination-ip—The PFC maintains one MLS entry for each source and destination IP
address pair. All flows between a given source and destination use this MLS entry regardless of the
IP protocol ports.
source-destination-vlan—For IP MMLS. The PFC maintains one MMLS cache entry for each
{source IP, destination group IP, source VLAN}. The multicast source-destination-vlan flow mask
differs from the IP unicast MLS source-destination-ip flow mask in that, for IP MMLS, the source
VLAN is included as part of the entry. The source VLAN is the multicast reverse path forwarding
(RPF) interface for the multicast flow.
full flow—The most-specific flow mask. The PFC creates and maintains a separate MLS cache entry
for each IP flow. A full flow entry includes the source IP address, destination IP address, protocol,
and protocol ports.