CertCities.com -- The Ultimate Site for Certified IT Professionals
Listen, See, Win! Register for a Free Tech Library Webcast Share share | bookmark | e-mail
  Microsoft®
  Cisco®
  Security
  Oracle®
  A+/Network+"
  Linux/Unix
  More Certs
  Newsletters
  Salary Surveys
  Forums
  News
  Exam Reviews
  Tips
  Columns
  Features
  PopQuiz
  RSS Feeds
  Press Releases
  Contributors
  About Us
  Search
 

Advanced Search
  Free Newsletter
  Sign-up for the #1 Weekly IT
Certification News
and Advice.
Subscribe to CertCities.com Free Weekly E-mail Newsletter
CertCities.com

See What's New on
Redmondmag.com!

Cover Story: IE8: Behind the 8 Ball

Tech-Ed: Let's (Third) Party!

A Secure Leap into the Cloud

Windows Mobile's New Moves

SQL Speed Secrets


CertCities.com
Let us know what you
think! E-mail us at:



 
 
...Home ... Editorial ... Columns ..Column Story Saturday: April 5, 2014


 Link State Update  
Eric Quinn
Eric Quinn


 Router, in a Card, on a Card, in a Slot, on a Switch
Want to forward 15 million packets per second? Then the MSFC routing "daughter card" is for you.
by Eric Quinn , courtesy of TCPmag.com
10/1/2000 -- If you ask someone--better make it a Cisco someone--what an MSFC is, you'll most likely get a blank look.

If the person does attempt to answer, the response will most likely be something that's technically accurate but absolutely useless, along the lines of, "It's part of a high-end switch."

So, what is a MSFC? A Multilayer Switch Feature Card (MSFC) is a routing daughter card that sits on the supervisor module of a 6000 or 6500 series switch and works with a piece called the PFC. No, not a Private First Class. The PFC is the Policy Feature Card. The cool thing about the PFC is packet filtering, which I'll talk more about shortly.

If you've gone through the CLSC or BCMSN courses or exams, then you're probably familiar with a Route Switch Module (RSM). The RSM from a 5000-series Catalyst switch isn't much smaller than the blade off a guillotine, which is why these modules are often called blades. They do the same work as a regular router (e.g., they route), but because a RSM is a part of the switch, it doesn't have physical ports. Well, actually, it does--but not at the level you'd normally think. Instead, it uses VLAN ports that are then matched up with the VLANs created on the switch, allowing the RSM to route VLAN traffic.

Still with me? Good. Now, if you shrink a RSM down to a card the size of a NIC and then attach it directly to the supervisor card, you get a MSFC.

You may see a potential problem here. In order to get redundancy in a Catalyst 5000 with a RSM, you need two Supervisor modules--both have the capability of working with the single RSM. You could also have RSM redundancy, but you don't have a single point of failure. With the router now sitting on the Supervisor, if the Supervisor card goes, so does your router. This means you need to have two Supervisor cards, each with MSFCs on board. As anyone who has had to outfit a 6509 for redundancy can tell you, this gets expensive fast!

Benefits of MSFC
What does a MSFC card give you that the old RSM didn't? The first thing that most people latch on to is up to 15 million packets per second of forwarding while attached to a 32 gigabit backplane! MSFC can also do regular routing and packet filtering with Access Control Lists (ACLs). But beyond the basic access lists, you can also configure dynamic and reflexive lists. The most interesting list is called a VLAN Access Control List (VACL), which requires the PFC.

As more and more people think they're qualified to make changes willy-nilly on their work PCs, the frequency of rogue DHCP servers is increasing. (I can see several heads nodding at this last statement.) There are a couple of ways of dealing with this, and one is using tried and true basic Extended Access Lists. This method works fine, except it's rather process intensive and won't filter any packets that stay on the same VLAN they originated on.

If you're using an Extended Access List, how do you filter a packet that doesn't touch the router? You don't, so you need to configure a list off the router. With regards to the rogue DHCP problem, you'd be able to specify that only a certain device is able to forward a response to a DHCP client request through the switch.

For more information on the packet filtering capabilities of the 6000-series switch, check out this Cisco page on configuring ACLs: www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_5_4/msfc/acc_list.htm.

Reprinted from TCPmag.com, October 2000.


Eric Quinn, CCNP, CCDP, CCSI, is a security instructor and consultant. He is also co-author of the CCNP Remote Access Exam Cram by Coriolis Press. He writes the “Link State Update” column for TCPmag.com, and is a contributing editor for CertCities.com. Reach him at .

 


More articles by Eric Quinn:

-- advertisement --


There are 27 CertCities.com user Comments for “Router, in a Card, on a Card, in a Slot, on a Switch”
Page 1 of 3
3/3/02: k.ravinder from hyderabad says: Dear sir, i wated sample access-lists configarations for layar -2&3 cisco switches my doubt:- are access-lists same for router and switch?.
2/13/12: Jocel from oGMRCtpZaVNw says: I hate Apple too, but is it rllaey that wrong for a company to show their logo on their product?
6/30/13: louisvuittonttoutlet.com from [email protected] says: nice articles louisvuittonttoutlet.com http://www.louisvuittonttoutlet.com
7/5/13: gucci outlet store from [email protected] says: ths gucci outlet store http://www.guccioutletstore-online.com
7/5/13: christianlouboutinoutleta.com from [email protected] says: ths christianlouboutinoutleta.com http://www.christianlouboutinoutleta.com
7/25/13: Discount Louboutin from [email protected] says: thanks for share! Discount Louboutin http://www.discount-louboutin.net/
7/29/13: Toms Canada from [email protected] says: The Care-free Man's Road To The shoes Accomplishment Toms Canada http://www.tomscanadaoutlets.com
8/1/13: ReplicaOakleySunglas from [email protected] says: Here's Some Of The Technique That's In fact Allowing sunglass-experts To Rise Replica Oakley Sunglasses http://www.sunglassesgood.com
8/5/13: nike running from [email protected] says: Can you remember When You Could get the new shoes absolutely free, And Just didn't? nike running http://www.runontheway.com/
8/5/13: Fakeoakleysunglasses from [email protected] says: The Astounding Unique sunglass blueprint Discovered By My Mate Fake oakley sunglasses Sale http://www.fakeoakleysglasses.com
First Page   Next Page   Last Page
Your comment about: “Router, in a Card, on a Card, in a Slot, on a Switch”
Name: (optional)
Location: (optional)
E-mail Address: (optional)
Comment:
   

-- advertisement (story continued below) --

top