IOSvL2
Overview
IOSvL2 is an implementation of Cisco IOS layer-2 switching code that runs as a full virtual machine. IOSvL2 images are based on the DSGS code branch and support up to 16 GigabitEthernet interfaces. IOSvL2 is primarily a Layer-2 switch, but Layer-3 control plane and data-plane functionality is also present in the image.
Limitations
IOSvL2 is performance limited when forwarding traffic. Forwarding performance has been tested with iperf running a basic test.
Achieved throughputs are ~2.3 Mb/s when passing traffic through one IOSvL2 switch, and ~2.2 Mb/s when chained over two switches. Baseline throughput bypassing the switch was ~595 Mb/s.
IOSvL2 Features
Supported Features
The following features are included in the IOSvL2 image:
- Layer-2 forwarding
- Switchport
- 802.1q trunk, 802.1q VLANs
- Spanning tree
- Port-Channel (pagp and lacp)
- 802.1x passthrough
- Port-ACLs
- Dynamic ARP inspection
- DHCP snooping
- IP device tracking
- Switched Virtual Interfaces (SVI)
- Layer-3 forwarding over SVIs
- Routing protocol support (ISIS is NOT supported)
- VTP v1-3
- PVST
- QoS
- Inter-vlan routing
- VLAN access maps (VACLs / access control lists for VLANs)
- ACL functionality for both layer-2 and layer-3 protocol packets
- Dynamic Trunking Protocol support
- Switchport protected mode
Unsupported Features
The following features are not supported by IOSvL2 and are known not to work:
- Port mirroring (SPAN)
- Private VLANs
Features Tested with CML
Each CML release is tested with the bundled version of IOSvL2. The tests validate the following features:
Test Name | Result |
---|---|
CDP | Pass |
SVI | Pass |
Port-security | Pass |
Autorecovery | Pass |
Port-channel | Pass |
DHCP | Pass |
DHCP Snooping | Pass |
Spanning-tree | Pass |
HSRP | Pass |
Loopback | Pass |
Routed port | Pass |
The lab used for the tests is IOSvL2 Feature Tests, which is one of the sample labs included with CML on the Tools > Sample Labs page.
CDP
- peer device is detected on the interface and listed in the CDP table
- Neighbor type: IOSvL2
iosvl2-2#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
iosvl2-0 Gig 0/2 133 R S I Gig 0/2
iosvl2-1 Gig 0/3 174 S I Gig 0/3
SVI
- Interface VLAN 100 configured with IP address 192.168.253.2
- Alpine Linux VM in VLAN 100 can successfully ping the interface vlan 100
alpine-0:~$ ping 192.168.253.2
PING 192.168.253.2 (192.168.253.2): 56 data bytes
64 bytes from 192.168.253.2: seq=0 ttl=42 time=7.491 ms
64 bytes from 192.168.253.2: seq=1 ttl=42 time=3.528 ms
64 bytes from 192.168.253.2: seq=2 ttl=42 time=3.488 ms
64 bytes from 192.168.253.2: seq=3 ttl=42 time=4.045 ms
Port-security
- Port-security configured on Gig0/0 interface on iosvl2-2 switch
- Violation mode set to shutdown
- Verification: Interface goes to err-disabled mode if there is a violation
- Autorecovery also works, port goes back up if there is no violation
Port-channel
- Links between two IOSvL2 switches grouped into etherchannel using LACP
iosvl2-0#show etherchannel summary
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) LACP Gi0/0(P) Gi0/1(P)
DHCP
- DHCP pool configured on IOSvL2 switch
- Alpine Linux VM successfully obtains IP address
udhcpc: sending discover
udhcpc: sending select for 192.168.253.6
udhcpc: lease of 192.168.253.6 obtained, lease time 86400
DHCP SNOOPING
- Switch successfully blocks DHCP messages on untrusted ports
- VM always gets IP address from the trusted DHCP
SPANNING-TREE
- Spanning-tree successfully calculates a loop-free topology for every VLAN
iosvl2-2: show spanning-tree vlan 100
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/0 Desg FWD 4 128.1 P2p
Gi0/2 Root FWD 4 128.3 P2p
Gi0/3 Altn BLK 4 128.4 P2p
HSRP
- HSRP configured on SVI interfaces on two IOSvL2 switches
- Verification: Alpine Linux VM can successfully ping the Virtual IP address
iosvl2-0#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl100 1 100 P Active local 192.168.253.3 192.168.253.1
Loopback
- Loopback interface configured on IOSvL2 switch
Loopback0 172.31.255.1 YES manual up up
Routed port
- Interface gig0/1 on IOSvL2 configured as routed port
- Verification: Ping
iosvl2-2#show ip int br
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 unassigned YES unset up up
GigabitEthernet0/1 192.168.253.4 YES manual up up