Simplified Explanation of Routed Connection Setup for the DFE

  • 0
  • 1
  • Article
  • Updated 5 years ago
Article ID: 5115 

Products
N-Series
DFE 

Goals
Explain how arp works
How does Arp Resolution work
How does connection setup work
How does l3 flow setup work 

Solution
This document discusses the process of two stations, living on different vlans, establish communication where the stations are connected by a DFE chassis. It is assumed that the reader has some understanding of configuration of the DFE as well as basic networking. The process of how information is distributed within the DFE is outside the scope of this document as are several other topics contained in the following discussion. If enough questions are raised, then an attempt will be made to add further clarification and the appropriate links will be added to this document at that time. 

In the following text, all assumptions are defined in bolded text. The non-bolded text immediately following each assumption walks through the processes that occur within the DFE. 

User A on vlan red connected to slot 1.
User B on vlan blue connected to slot 2.
 
There is an existing switch config that puts various ports on various blades into the red vlan and in the blue vlan. 

Slot 3 is where the router instance lives. 
There is a router configured on blade 3 that is configured with numbered vlans that correspond to the red and blue vlans. 
The configuration of a router on slot 3, not only starts a routing protocol engine (RPE) process on slot 3, but it also starts a router forwarding engine (RFE) process on every other DFE blade in the chassis. 
A distributed ARP agent process is started on all DFE blades in the chassis as a result of enabling a router instance on slot 3. 

Router 3 is configured with interfaces on vlans red and blue. 
int vlan 40 (red)
ip address 134.141.40.1 255.255.255.0
int vlan 41 (blue)
ip address 134.141.41.1 255.255.255.0 

User A and B have Router 3 as their default gateway. 
The red and blue vlan have router 3 as the default gateway. 
The blue users have 134.141.41.1 as the default gateway for the blue vlan. 
The red users have 134.141.40.1 as the default gateway for the red vlan. 

Slot 4 has ports that are part of vlan blue. 
Slot 4 has ports in the blue vlan. (We will assume that every slot has one or more ports in the blue vlan.) 
No ARP entries exist and there are no connections currently setup. 
Host A wants to talk to host B. 

User A ARPs for its default gateway (router 3). 
The ARP request is received on slot 1 where host A is connected. 
The slot 1 switching engine learns where host A is connected. The SAT is updated on all switching engines in the DFE chassis with host A on vlan red. 
The ARP broadcast on the red vlan is flooded to all the ports in the chassis (by the switching engine) that are associated with the red vlan. 
Since the router protocol engine (RPE on slot 3) has an interface configured on the red vlan (134.141.40.1), the router forwarding engine (RFE) on the ingress slot (1) will also get the ARP request. 
Note: The ARP request is not sent to the router protocol engine (RPE) on slot 3. 
The ARP agent on slot 1 distributes the ARP entry for host A to the ARP agent on all slots. 

The RFE on slot 1 replies to host A's ARP request by constructing an ARP reply with the MAC address for 134.141.40.1 which resides with the RPE on slot 3. 
The reply is sent by the RFE on slot 1 to the switching engine on slot 1 for transmission on vlan 40 to host A's MAC. 
Note: The RFE does not know (or care) what port host A is on. 

The switch directs the ARP reply from the RFE in slot 1 to host A. 
Host A learns the MAC address of the default gateway (134.141.40.1). 

User A then sends a packet destined to User B. 
Best next hop information of all known destination networks are distributed from the RPE on slot 3 to all slots.In other words, the RPE distributes the Forwarding Information Base (FIB) to all RFEs. 
Interface configuration is distributed from the RPE to all slots. 
Access rule lists are distributed from the RPE to all slots. 

The RFE on slot 1 parses the packet for host B's destination IP (DIP). 
The RFE applies inbound access rules for packet filtering. 
The RFE looks in the the next hop table for the DIP's network. 
The RFE determines that it can get to the DIP's network. 
The DIP's network is directly connect to this router on another interface. 
The RFE looks in the distributed ARP table to see if there is a MAC for host B. 
There is no entry for host B. 

The packet is handed off to the ARP agent on slot 1. 
The packet is copied and stored. (This is done only on the first packet to any destination.) 
All subsequent frames that are destined for host B during the following ARP resolution are dropped. 
The ARP agent on slot 1 generates an ARP request for the DIP. 
The ARP request is sent to the switching engine on slot 1 which floods the ARP request to all the ports on the blue vlan on all slots. (This is possible because the switch engine already knows where all ports that belong to the blue vlan reside.) 

Host B responds. (We are working in a perfect world, after all.) 
The switch filter database (slot 2) learns the location of host B. This information is distributed to all slots. 
The response is destined for the router's MAC address on the blue vlan (134.141.41.1). 
The RFE on slot 2 (ingress for host B) gets the reply. 
The RFE hands the reply off to the ARP agent on slot 2. 
The ARP agent programs router reframing ram for routed traffic that will subsequently be sent to host B from the router. 
The ARP entry is created for host B on vlan 41, which also contains the index to the programmed reframing instructions. 

The ARP entry is distributed to all slots. 
Slot 1 processes the ARP entry and sends the previously deferred frame to the switch for delivery. 
There is still no connection at this time from host A to host B. 

The next packet that the router receives that is destined to host B will not have to be deferred since all the slots now know about host B. 
The next packet from host A is received on slot 1. 
The RFE applies inbound access rules for packet filtering. 
The RFE looks in the the next hop table for the DIP's network. 
The RFE determines that it can get to the DIP's network. 
The DIP's network is directly connect to this router on another interface. 
The RFE looks in the distributed ARP table to see if there is a MAC for host B. 
There is an existing ARP entry. 
The RFE applies the outbound access rule lists. 
The RFE provides the switch with information needed to install a connection (such as DA MAC, outbound vlan, reframing index). 

From this point on, the router will not touch the frames going from A to B. 
The connection will age out if no traffic flows on the connection for approximately 40 seconds. 
The ARP entry will age after 4 hours, at which time the entry will be refreshed by a unicast ARP directed at host B. 
If host B moves to another port during the 4 hours, it will be relearned in it's new location. 
If host B is removed from the network, it will age out after 4 hours. 

NOTE: This is considered a living document. All content is subject to change.
Photo of FAQ User

FAQ User, Official Rep

  • 13,620 Points 10k badge 2x thumb

Posted 5 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.