When I was scanning the list of topics I had in mind for my first blog, I decided to start off by answering one of popular question that we initially get when we are introduced to the world of networking.
What happened, when router receives packet?
Upon receiving the Packet, router has to follow three generic steps before its routes the packets:
-> Forwarding (Switching)
Let’s discuss each one of them in detail
Routing Process: Routing process is nothing but routers control plane. Router records a routing table listing what route should be used to forward a data packet, and through which physical interface connection. Router learns your network routes information either by static configuration or by using dynamically configure routing protocol like IGP (OSPF, EIGRP, RIP, IS-IS) or though Exterior routing protocol like BGP.
When router receives any packet it has to remove Layer 2 header information present on packet(Example:In Ethernet, source and destination Mac address present on L2 header). Once router remove L2 information it looks for Layer 3 information available on packet that is source and destination IP address.
For moving L3 packet between interfaces, router checks destination address and finds longest-prefix match in IP routing table to find outgoing interface. In IPv4 router uses longest mask to identify best routing entry for forwarding packet.
Example: Let’s assume we have configured 3 different static routes with different subnet mask.
Sh ip route 220.127.116.11
ip route 18.104.22.168 255.255.255.0 fa0/2
ip route 22.214.171.124 255.255.0.0 fa0/1
ip route 126.96.36.199 255.0.0.0 fa0/0
In above example when router does route lookup for destination address 188.8.131.52 out of 3 entries router will choose longest-prefix length match entry i.e. 184.108.40.206/24 , because destination address has most common bits matches with selected route and will forward packet out fa0/2.
00000001 00000001 00000001 00000001
1St Entry 220.127.116.11/24
00000001 00000001 00000001 00000000
2nd Entry 18.104.22.168/16
00000001 00000001 00000000 00000000
3rd Entry 22.214.171.124/8
00000001 00000000 00000000 00000000
Now for any other destination prefix like 126.96.36.199 longest match is 188.8.131.52/16 and for 184.108.40.206 it would be 220.127.116.11/8
Longest match possible in IPv4 routing is /32 (255.255.255.255) and shortest match possible is default route i.e. 0.0.0.0
->If there are multiple routes with same subnet mask learned via same protocol by router then router chooses lowest metric between them.
For Example: Eigrp use composite “metric” and Ospf uses “Cost” for comparison.
->If there is multiple routes with same subnet mask learn via different protocol on router then router chooses lowest administrative distance (AD).
->Last and important point is recursive lookup: which states that whenever there is route lookup more than once it will be termed as recursive lookup. It has to be done by router till destination address point towards any physical or logical interface.
We have a network 18.104.22.168 connected somewhere and we are reaching it by interface fa0/0 having next-hop IP address 22.214.171.124.So we can configure static route in two different ways either we can define next-hop IP address i.e.126.96.36.199 or we can mention interface number fa0/0 as gateway shown below.
ip route 188.8.131.52 255.255.255.255 184.108.40.206
ip route 220.127.116.11 255.255.255.255 FastEthernet0/0
Both statements look same although both have different meaning.When you point destination address to next hop as exit interface you don’t need further route lookup as router assume destination address is directly connected to that interface. But when you point destination address to any next hop ip address, we need another route lookup also for next hop ip address is referring as recursive lookup.
To get more information on how static route work when you set gateway as Next-Hop IP address or to Next-Hop interface please refer this document.
Forwarding process: It is also known as switching process. Once router finds outgoing interface, packet move between interfaces by switching process. This is done by process switching, fast switching or cef switching. Forwarding can be done by using adjacency tables reside on the route processor or on interface cards that support switching.
-> Process switching requires the device CPU to be involved for every forwarding decision.
-> Fast switching still uses the CPU for initially packets and to fill cache table in router. Once initial packet has been forwarded, the information about how to reach the destination is stored in a fast-switching cache’s .when another packet going to the same destination, the next hop information can be re-used from the cache and so the router processor doesn’t have to look into it, but if the information is not cached the CPU will have to process entire packets.
-> When CEF mode is enabled it build the CEF FIB and adjacency tables reside on the route processor, and the route processor performs the express forwarding.
In switching process device do actual packet link load balancing depending on the methodology we use.
Encapsulation process: L3 header will remain intact unchanged except for nating, vpn etc. layer 2 headers keep changing on hop by hop basis, depending on transmission media. For transmitting L3 packet on wire router need to find out l2 information for packets and it’s depending on the type of media we are using for transmission.
To explain encapsulation process in bit detail, I have created a small topology shown as below in diagram.
As discussed above, depending on the transmission media (In this example transmission media is Ethernet) MAC address in layer 2 headers will keep changing on hop by hop basis.
To generate some traffic, Lets ping from R3 to R2 interface address.As soon as R1 receives the packet from R3, It will remove the L2 information sent by R3 and check the L3 information that is source (18.104.22.168) and destination address (10.1.1.1) available on packet. Then it will look into its routing table to find out going interface i.e. fa0/0 in above example. Once router identify outgoing interface it will attach L2 header before putting the packet on the wire. So now R1 will attach its own interface Mac address as source and R2’s as destination mac address.
Address resolution protocol (ARP) table on R1:
To get closer packet level overview, I have also attached some packet capture taken on R1's interfaces.
Packet capture on R1’s Fa0/1:
Packet capture on R1’s Fa0/0:
Well!!!! There ends my first blog and I think i managed to brief how routers handle the packet.
Thank you for reading and Hope that is informative
Dear Cisco.Greetings...! We have a CISCO FPR 2110 firewall.Does it supports 'Dual internal LAN' configuration without a router. Example: ASA 5505 need a router between every different networks. Can you please let us know asap. Re...
Hi, Can anyone confirm about the DHCP relay commands on Nexus 3000 series. ip dhcp relay address 192.168.1.10ip dhcp relay address 192.168.1.11 As per my understanding when both commands running, if the first one server going to down then t...
Hello i configured DHCP in cisco 870, but after short period of time i lose the configuration of the DHCP only, all other configurations is stable, this happen without restarting or doing any network change, the router runs ios 12.4.ip cefno ip dhcp ...
hi,dyndns unable to capture my public ip address for my remote desktop connection via my dynamic dns instead of ipBelow are some attempt I did,1) setting shorter internal time2) use afraid.org and noip.com3) reload/restart router4) debug ip ddns upda...
Hello, I want to purchase Managed Switch which has UPOE functionality. Recently I have seen 2 new models SG250 and SG350.Can these models have UPOE/UPOE+ functionalities? If not, Can you please suggest some model which have UPOE and UPOE+ featur...