Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5632
Views
15
Helpful
5
Replies

Router packet processing

Go to solution
suresh.cisco123
Level 1
Level 1

‎12-27-2011 03:21 AM - edited ‎03-04-2019 02:45 PM

Hi,

Can some body help on how packet is processing in a router b/w interfaces when below points are implemented

Routing

PBR

ACL

rate limits etc....

Please guide me in how the packet is processing in a router from one interface to another interface by checking all concepts which are implemented in Router.

Rgds

Suresh Chandra

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
JohnTylerPearce
Level 7
Level 7

‎12-27-2011 05:58 AM

Let's say all the routers in this example are configured in a linear fashion. We have routers
A through Z in this enterprise network. Now, we have an ACL configured that blocks access from
RA to RZ. When a host on the Ethernet segment attached to RA, wants to send a packet to RZ, the host
will first realize that the destination is not local and will use the ARP entry for the default
gateway OR it will ARP for the mac address of the default gateway. THe host will then construct
a frame which will then travel towards the default gateway of the ethernet segment on RA. Once
the router receives this frame, it will then knock off the frame, and look at the IP header for
the destination IP address. Once it has this information, the ACL which was configured inbound
on RA's Ethernet interface, will see that this is a match, and will deny the packet to travel
further to the destination. Of course we will put in an 'ip permit any any' at the end of this
ACL otherwise all traffic will be blocked.

Now, in this example, we have PBR configured to allow the Ethernet segment on RA to use the
second link to RB, on it's way towards an attached ethernet segment on RZ. Host A will notice
that the destination is not local, will use the ARP entry in the ARP table OR if an entry does
not exist, will ARP for the MAC of the default gateway on RA. The host will construct a frame
and send it to the destination mac address of the default gateway on RA. Once RA receives this
frame it knocks off the frame, and looks at the destination IP address in the IP header of the
IP Packet. The PBR process on the router, notices that it matches the PBR configuration, and
uses the ARP table entry for the next-hop ip address in the PBR, OR ARPs for the mac address
for the next-hop ip address if it does not have one. It when constructs a frame with this
mac address as the destination mac address and the source mac address as the source of the
interface that sent the frame from RA.

Remember that the source ip address/destination ip address do not change unless you're using
NAT, but the router will remember the NAT translation so that's ok. The source mac and destination
mac will change hop to hop.

I hope that helped some.

I'm not too familiar with rate limiting so I'll let someone else answer that one.

View solution in original post

0 Helpful

Go to solution
ajay chauhan
Level 7
Level 7
In response to JohnTylerPearce

‎12-27-2011 07:23 AM

It should look like this-

Data  >  Input ACL/NAT  >  PBR   >  Route Lookup  >  Output ACL/NAT/PAT  >  Queueing

last one where you can do rate limits.

Thanks

Ajay

View solution in original post

0 Helpful

Go to solution
gfcisco31
Level 1
Level 1

‎12-27-2011 07:37 AM

See if this helps !

Please, rate useful posts.

View solution in original post

5 Replies 5

Go to solution
JohnTylerPearce
Level 7
Level 7

‎12-27-2011 05:58 AM

Let's say all the routers in this example are configured in a linear fashion. We have routers
A through Z in this enterprise network. Now, we have an ACL configured that blocks access from
RA to RZ. When a host on the Ethernet segment attached to RA, wants to send a packet to RZ, the host
will first realize that the destination is not local and will use the ARP entry for the default
gateway OR it will ARP for the mac address of the default gateway. THe host will then construct
a frame which will then travel towards the default gateway of the ethernet segment on RA. Once
the router receives this frame, it will then knock off the frame, and look at the IP header for
the destination IP address. Once it has this information, the ACL which was configured inbound
on RA's Ethernet interface, will see that this is a match, and will deny the packet to travel
further to the destination. Of course we will put in an 'ip permit any any' at the end of this
ACL otherwise all traffic will be blocked.

Now, in this example, we have PBR configured to allow the Ethernet segment on RA to use the
second link to RB, on it's way towards an attached ethernet segment on RZ. Host A will notice
that the destination is not local, will use the ARP entry in the ARP table OR if an entry does
not exist, will ARP for the MAC of the default gateway on RA. The host will construct a frame
and send it to the destination mac address of the default gateway on RA. Once RA receives this
frame it knocks off the frame, and looks at the destination IP address in the IP header of the
IP Packet. The PBR process on the router, notices that it matches the PBR configuration, and
uses the ARP table entry for the next-hop ip address in the PBR, OR ARPs for the mac address
for the next-hop ip address if it does not have one. It when constructs a frame with this
mac address as the destination mac address and the source mac address as the source of the
interface that sent the frame from RA.

Remember that the source ip address/destination ip address do not change unless you're using
NAT, but the router will remember the NAT translation so that's ok. The source mac and destination
mac will change hop to hop.

I hope that helped some.

I'm not too familiar with rate limiting so I'll let someone else answer that one.

0 Helpful

Go to solution
ajay chauhan
Level 7
Level 7
In response to JohnTylerPearce

‎12-27-2011 07:23 AM

It should look like this-

Data  >  Input ACL/NAT  >  PBR   >  Route Lookup  >  Output ACL/NAT/PAT  >  Queueing

last one where you can do rate limits.

Thanks

Ajay

0 Helpful

Go to solution
gfcisco31
Level 1
Level 1

‎12-27-2011 07:37 AM

See if this helps !

Please, rate useful posts.

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to gfcisco31

‎12-27-2011 09:59 AM

Gustavo,

This one is nice! Have you created the chart yourself? This one seems to me to be combining information from two distinct documents:

NAT Order of Operation:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

Quality of Service Order of Operation

http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a0080160fc1.shtml

Best regards,

Peter

0 Helpful

Go to solution
gfcisco31
Level 1
Level 1
In response to Peter Paluch

‎12-27-2011 10:05 AM

Hi Peter...

No, i found this one here at the forum (i believe)... and its indeed a good one !!

Thank you !

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card