Packet Forwarding Process Flashcards
Packet-Forwarding Process
When troubleshooting connectivity issues for an IP-based network, the network layer (Layer 3) of the OSI reference model is often an appropriate place to begin your troubleshooting efforts (divide-and-conquer method). For example, if you are experiencing connectivity issues between two hosts on a network, you could check Layer 3 by pinging between the hosts. If the pings are successful, you can conclude that the issue resides at upper layers of the OSI reference model (Layers 4 through 7). However, if the pings fail, you should focus your troubleshooting efforts on Layers 1 through 3. If you ultimately determine that there is a problem at Layer 3, your efforts might be centered on the packet-forwarding process of a router.
L3 Packet Forwarding Step 1
PC1 needs to access HTTP resources on Server1. Notice that PC1 and Server1 are on different networks. So how does a packet from source IP address 192.168.1.2 get routed to destination IP address 192.168.3.2?
Step 1. PC1 compares its IP address and subnet mask 192.168.1.2/24 with the destination IP address 192.168.3.2. PC1 determines the network portion of its own IP address. It then compares these binary bits with the same binary bits of the destination address. If they are the same, it knows the destination is on the same subnet. If they differ, it knows the destination is on a remote subnet. PC1 concludes that the destination IP address resides on a remote subnet in this example. Therefore, PC1 needs to send the frame to its default gateway, which could have been manually configured on PC1 or dynamically learned via DHCP. In this example, PC1 has the default gateway address 192.168.1.1 (that is, R1). To construct a proper Layer 2 frame, PC1 needs the MAC address of the frame’s destination, which is PC1’s default gateway in this example. If the MAC address is not in PC1’s Address Resolution Protocol (ARP) cache, PC1 uses ARP to discover it. Once PC1 receives an ARP reply from router R1, PC1 adds R1’s MAC address to its ARP cache. PC1 then sends its data destined for Server1 in a frame addressed to R1.
L3 Packet Forwarding Step 2
Step 2. R1 receives the frame sent from PC1, and because the destination MAC address is R1’s, R1 tears off the Layer 2 header and interrogates the IP (Layer 3) header. An IP header contains a time-to-live (TTL) field, which is decremented once for each router hop. Therefore, R1 decrements the packet’s TTL field. If the value in the TTL field is reduced to zero, the router discards the packet and sends a time-exceeded Internet Control Message Protocol (ICMP) message back to the source. Assuming that the TTL is not decremented to zero, R1 checks its routing table to determine the best path to reach the IP address 192.168.3.2. In this example, R1’s routing table has an entry stating that network 192.168.3.0/24 is accessible through interface Serial 1/1. Note that ARP is not required for serial interfaces because these interface types do not have MAC addresses. Therefore, R1 forwards the frame out its Serial 1/1 interface, using the Point-to-Point Protocol (PPP) Layer 2 framing header.
L3 Packet Forwarding Step 3
Step 3. When R2 receives the frame, it removes the PPP header and then decrements the TTL in the IP header, just as R1 did. Again, assuming that the TTL did not get decremented to zero, R2 interrogates the IP header to determine the destination network. In this case, the destination network 192.168.3.0/24 is directly attached to R2’s Fast Ethernet 0/0 interface. Much the way PC1 sent out an ARP request to determine the MAC address of its default gateway, R2 sends an ARP request to determine the MAC address of Server1 if it is not already known in the ARP cache. Once an ARP reply is received from Server1, R2 stores the results of the ARP reply in the ARP cache and forwards the frame out its Fast Ethernet 0/0 interface to Server1.
Router Data Structures
IP routing table: When a router needs to route an IP packet, it consults its IP routing table to find the best match. The best match is the route that has the longest prefix. For example, suppose that a router has a routing entry for networks 10.0.0.0/8, 10.1.1.0/24, and 10.1.1.0/26. Also, suppose that the router is trying to forward a packet with the destination IP address 10.1.1.10. The router selects the 10.1.1.0/26 route entry as the best match for 10.1.1.10 because that route entry has the longest prefix, /26 (so it matches the most number of bits).
Layer 3-to-Layer 2 mapping table: R2’s ARP cache contains Layer 3-to-Layer 2 mapping information. Specifically, the ARP cache has a mapping that says MAC address 2222.2222.2222 corresponds to IP address 192.168.3.2. An ARP cache is the Layer 3-to-Layer 2 mapping data structure used for Ethernet-based networks, but similar data structures are used for Multipoint Frame Relay networks and Dynamic Multipoint Virtual Private Network (DMVPN) networks. However, for point-to-point links such as PPP or High-Level Data Link Control (HDLC), because there is only one other possible device connected to the other end of the link, no mapping information is needed to determine the next-hop device.
CEF
Continually querying a router’s routing table and its Layer 3-to-Layer 2 mapping data structure (for example, an ARP cache) is less than efficient. Fortunately, Cisco Express Forwarding (CEF) gleans its information from the router’s IP routing table and Layer 3-to-Layer 2 mapping tables. Then, CEF’s data structures in hardware can be referenced when forwarding packets.
CEF Data Structures
Forwarding Information Base (FIB): The FIB contains Layer 3 information, similar to the information found in an IP routing table. In addition, an FIB contains information about multicast routes and directly connected hosts.
Adjacency table: When a router is performing a route lookup using CEF, the FIB references an entry in the adjacency table. The adjacency table entry contains the frame header information required by the router to properly form a frame. Therefore, an egress interface and a next-hop MAC address is in an adjacency entry for a multipoint Ethernet interface, whereas a point-to-point interface requires only egress interface information.
Tshoot Packet Forwarding Process
If the observed behavior of the traffic is not conforming to information in the IP routing table, remember that the IP routing table is maintained by a router’s control plane and is used to build the tables at the data plane. CEF is operating in the data plane and uses the FIB. You need to view the CEF data structures (that is, the FIB and the adjacency table) that contain all the information required to make packet-forwarding decisions.
For a multipoint interface such as point-to-multipoint Frame Relay or Ethernet, when a router knows the next-hop address for a packet, it needs appropriate Layer 2 information (for example, next-hop MAC address or data link connection identifier [DLCI]) to properly construct a frame. The show ip arp command, which displays the ARP cache that is stored in the control plane on a router.
The show ip nhrp command. Displays the Next Hop Resolution Protocol cache that is used with DMVPN networks. In this example, if a packet needs to be sent to the 192.168.255.2 next-hop IP address, the nonbroadcast multiaccess (NBMA) address 198.51.100.2 is used to reach it.
Routing Information Sources
A router could conceivably receive routing information from the following routing sources all at the same time:
- Connected interface
- Static route
- RIP
- EIGRP
- OSPF
- BGP
Data Structures and the Routing Table
As a router receives routing information from a neighboring router, the information is stored in the data structures of the IP routing protocol and analyzed by the routing protocol to determine the best path, based on metrics.
If the routing information received from all these sources is for different destination networks, each one is used for its respectively learned destination networks and placed in the routing table. However, what if the route received from RIP and OSPF is exactly the same? For example, say that both protocols have informed the router about the 10.1.1.0/24 network. How does the router choose which is the most believable, or the best source of routing information? It cannot use both; it must pick one and install that information in the routing table.
Routing information sources are each assigned an administrative distance (AD). The lower the AD, the more preferred the source of information.
Administrative Distance Path Selection
AD is also used to manipulate path selection. For example, you might have two different paths to the same destination, learned from two different sources (for example, EIGRP and a static route). In this case, the static route is preferred. However, this static route may be pointing to a backup link that is slower than the EIGRP path. Therefore, you want the EIGRP path to be installed in the routing table because the static route is causing suboptimal routing. But you are not allowed to remove the static route. To solve this issue, create a floating static route. This static route has a higher AD than the preferred route. Because you want EIGRP to be preferred, modify the static route so that it has an AD higher than EIGRP, which is 90. As a result, the EIGRP-learned route is installed in the routing table, and the static route is installed only if the EIGRP-learned route goes away.
