Multilayer Switch Feature Card is the Layer 3 switching engine that sites on the Catalyst Supervisor as a daughter card. The MSFC is an integral part of the Supervisor Engine, providing high performance, multilayer switching and routing intelligence. On the MSFC daughter card, the route processor (RP) is located on the MSFC itself. Equipped with a high performance processor, the MSFC runs layer 2 protocols on one CPU and layer 3 protocols on the second CPU. These include routing protocol support, layer 2 protocols (Spanning Tree Protocol and VLAN Trunking Protocol for example), and security services.
The control plane functions in the Cisco Catalyst 6500 are processed by the MSFC and include handling Layer 3 routing protocols, maintaining the routing table, some access control, flow initiation, and other services not found in hardware. Performance of the control plane is dependent on the type and number of processes running on the MSFC. The MSFC3 can support forwarding rates up to 500Kpps. The MSFC provide a means to perform Multilayer Switching (MLS) and interVLAN routing.
The MSFC builds the Cisco Express Forwarding information Base (FIB) table in software and then downloads this table to the hardware Application-specific-integrated circuits (ASICs) on the PFC and DFC (if present) that make the forwarding decisions for IP unicast and multicast traffic.
Role of MSFC
Provide IOS based multi-protocol routing using a variety of routing protocols.
Work with the PFC for implementing layer 3 switching & traditional router based input/output ACL's. Note, PFC can implement ACL's without requiring a MSFC.
Provide other SW based features (like NAT, Policy Routing, Encryption etc) which are not supported in PFC hardware.
Table1. MSFC/Supervisor Compatibility Chart
Supervisor 1 or Supervisor 1A
Supervisor 1A or Supervisor 2
Supervisor 720 Models
Supervisor 720-10GE Models
Policy Feature Card (PFC)
The PFC3 is the ASIC-based forwarding engine daughtercard for the Sup720; the DFC3 is the ASIC-based forwarding engine daughtercard for various fabric-enabled linecards (CEF256, CEF720). Contains the ASICs that are used to accelerate Layer 2 and Layer 3 switching, store and process QoS and security ACLs, and maintain NetFlow statistics.
The PFC3/DFC3 generation is built upon a forwarding architecture known as EARL7. Within this generation, there are three different versions - 'A', 'B', and 'BXL' - that are all based on the same fundamental technologies but that each have incremental functionality. 'A' is the standard offering; 'B' is the intermediate option, and 'BXL' is the high-end option.
The PFC contains a Layer 2 and a Layer 3 forwarding engine.
Role of PFC Layer 2 engine
Layer 2 MAC address lookups into the Layer 2 CAM table.
Looking into the packet headers to determine if this switching operation will be a Layer 2 or a Layer 3 operation. If it is going to be a Layer 3 operation, then it will hand off the packet to the Layer 3 engine for further processing.
Role of PFC Layer 3 Engine
NetFlow Statistics collection.
Hardware based forwarding of IPv4, IPv6 and MPLS tagged packets.
QoS mechanism for ACL classification, marking of packets, and policing (rate limiting).
Security mechanism for validating ACL rules against incoming packets.
Maintaining Adjacency entries and statistics.
Maintaining Security ACL counters.
The PFC3 supports hardware based Layer 2 and Layer 3 switching, processing security and QoS ACLs in hardware and the collection of NetFlow statistics.
There are five versions of the Policy Feature Card in use today. The PFC3A , PFC3B, and PFC3BXL are integrated into the Supervisor 720-3A, Supervisor 720-3B and Supervisor 720-3BXL respectively. The PFC3B is the only option for the Supervisor 32, while the PFC3C and PFC3CXL are integrated into the Supervisor 720-10G-3C and Supervisor 720-10G-3CXL.
Table2. PFC/Supervisor Compatibility Chart
Supervisor 1 or Supervisor 1A
Distributed Forwarding Card (DFC)
The Catalyst 6500 architecture supports the use of Distributed Forwarding Cards (DFC). Distributed Forwarding Card is a combo daughter card comprising a MSFC and PFC used by a fabric enabled Cat6500 linecard to perform distributed switching. DFCs are located in linecards, not in Supervisors.
A DFC is used to hold a local copy of the forwarding tables (constructed by the MSFC) along with Security and QoS policies to facilitate local switching on the linecard. The DFC3A is available as an option on CEF256 and CEF720 based linecards. The DFC3B and DFC3BXL were introduced for linecards to operate with the Supervisor 720 equipped with PFC3B and PFC3BXL. The last generation of DFC, the DFC3C, is available as an option on the CEF720 based linecards but are integrated on the latest generation linecards, the WS-X6708 and WS-X6716.
It is important to note that there are some operational considerations that can impact the ability of the Catalyst 6500 system to provide specific QoS features. This can happen when you mix different generations of PFC's and DFC's together. The rule is that the system will operate at the lowest common feature denominator.
Table 3. DFC/PFC Operation
PFC3B operates as a PFC3A
PFC3BXL operates as a PFC3A
PFC3C operates as a PFC3A
PFC3CXL operates as a PFC3A
DFC3B operates as a DFC3A
PFC3BXL operates as a PFC3B
PFC3C operates as a PFC3A
PFC3CXL operates as a PFC3B
DFC3BXL operates as a DFC3A
DFC3BXL operates as a DFC3B
PFC3C operates as a PFC3BXL
PFC3CXL operates as a PFC3BXL
DFC3C operates as a DFC3A
DFC3C operates as a DFC3B
DFC3C operates as a DFC3B and PFC3BXL operates as a PFC3B
PFC3CXL operates as a PFC3C
DFC3CXL operates as a DFC3A
DFC3CXL operates as a DFC3B
DFC3CXL operates as a DFC3BXL
DFC3CXL operates as a DFC3C
The primary MSFC3 will calculate, then push down a FIB table (Forwarding Information Base) giving the DFC3x its layer 3 forwarding tables. The MSFC3 will also push down a copy of the QoS policies so that they are also local to the line card. Subsequent to this, local switching decisions can reference the local copy of any QoS policies providing hardware QoS processing speeds and yielding higher levels of performance though distributed switching.
Benefits of DFC
Performance is the biggest and most obvious reason to implement DFCs. You move from a 30 Mpps centralized forwarding system anywhere up to a 400 Mpps distributed forwarding system. This forwarding performance is for all L2 bridging, L3 routing, ACLs, QoS, and Netflow features, i.e., not just L3.
The performance benefit of a DFC is most applicable when you use the 67xx series modules. This is because these modules have enough ports and bandwidth to generate much more than the 30Mpps centralized forwarding engine has available. A 67xx-series module without a DFC is subject to the same centralized performance characteristics of all other centralized forwarding modules.
DFC also minimize the impact that a classic module has in a system. Classic modules do affect the centralized forwarding performance of a system, limiting the maximum centralized forwarding rate to 15Mpps. Modules enabled with DFCs have their own forwarding engine and are not subject to this performance degradation. If a classic module used, the inclusion of a DFC mitigates any performance issues/concerns. Any non-DFC modules are still subject to the available 15 Mpps of forwarding available when a classic-module is present.
Packet Forwarding is done on the ingress forwarding engine. Therefore, packets coming into the ports on the Sup720-3B will have forwarding done on the PFC3B of the Supervisor. Packets coming into ports of line cards with DFC3s will have the forwarding done on the DFC3. Packets coming into ports of line cards with CFCs will have the forwarding done on the PFC3B of the Supervisor. The MSFC3 only does forwarding in the cases where the PFC3 or DFC3 cannot make the forwarding decision. Some of these cases include when traffic has IP Options set, when ACLs are applied to an interface but the ACL is not programmed into the ACL TCAM for some reason, when packets have TTL expiration, when packets hit an ACE with the "log" keyword, and others.
Centralized Forwarding Card (CFC)
CFC is a centralized forwarding card for the switching modules which makes IPv4 Routing over the PFC. CFC does not do local forwarding, the forwarding is done by the PFC in the Supervisor. As the forwarding is centralized, the PFC performance, FIB entries, ACL lables are shared among the line cards that uses the Supervisor PFC for forwrding. WS-F6700-CFC is the CFC card used on WS-X67xx Ethernet Modules. This daughter card is supported only by the Supervisor Engine 720.
Note: CFC or the Centralized Forwarding Card was introduced along with the CEF720 modules. It provides centralized connectivity to the supervisor for look-ups and results. Though the switch fabric is used for the data, but the CFC is responsible to send a look-up request from the Supervisor and then get those results back.
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
About the same as in a non-VSS chassis.
Inayath's post has the details, but the PFC/MSFC is the L2/L3 hardware on the supervisor card and the DFC is the L2/L3 hardware on (some) line cards (offloading the need for the supervisor to do the L2/L3 forwarding). The CFC is a placeholder for when the DFC isn't present, i.e. when a line card's hardware forwarding is done by the supervisor.
In VSS mode, each chassis still makes L2/L3 forwarding decisions for its (local) traffic using its (local) PFC/MSFC and DFCs.
Although VSS operates the dual chassis as one logical platform, if the same frame/packet needs to transit the VSL between the chassis (a situation to be avoided), to the best of my understanding, the frame/packet will be subjected to a second instance of hardware forwarding.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...