cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5631
Views
15
Helpful
5
Replies

Router packet processing

suresh.cisco123
Level 1
Level 1

Hi,

Can some body help on how packet is processing in a router b/w interfaces when below points are implemented

Routing

PBR

ACL

rate limits etc....

Please guide me in how the packet is processing in a router from one interface to another interface by checking all concepts which are implemented in Router.

Rgds

Suresh Chandra

3 Accepted Solutions

Accepted Solutions

JohnTylerPearce
Level 7
Level 7

Let's say all the routers in this example are configured in a linear fashion. We have routers
A through Z in this enterprise network. Now, we have an ACL configured that blocks access from
RA to RZ. When a host on the Ethernet segment attached to RA, wants to send a packet to RZ, the host
will first realize that the destination is not local and will use the ARP entry for the default
gateway OR it will ARP for the mac address of the default gateway. THe host will then construct
a frame which will then travel towards the default gateway of the ethernet segment on RA. Once
the router receives this frame, it will then knock off the frame, and look at the IP header for
the destination IP address. Once it has this information, the ACL which was configured inbound
on RA's Ethernet interface, will see that this is a match, and will deny the packet to travel
further to the destination. Of course we will put in an 'ip permit any any' at the end of this
ACL otherwise all traffic will be blocked.

Now, in this example, we have PBR configured to allow the Ethernet segment on RA to use the
second link to RB, on it's way towards an attached ethernet segment on RZ. Host A will notice
that the destination is not local, will use the ARP entry in the ARP table OR if an entry does
not exist, will ARP for the MAC of the default gateway on RA. The host will construct a frame
and send it to the destination mac address of the default gateway on RA. Once RA receives this
frame it knocks off the frame, and looks at the destination IP address in the IP header of the
IP Packet. The PBR process on the router, notices that it matches the PBR configuration, and
uses the ARP table entry for the next-hop ip address in the PBR, OR ARPs for the mac address
for the next-hop ip address if it does not have one. It when constructs a frame with this
mac address as the destination mac address and the source mac address as the source of the
interface that sent the frame from RA.

Remember that the source ip address/destination ip address do not change unless you're using
NAT, but the router will remember the NAT translation so that's ok. The source mac and destination
mac will change hop to hop.

I hope that helped some.

I'm not too familiar with rate limiting so I'll let someone else answer that one.

View solution in original post

It should look like this-

Data  >  Input ACL/NAT  >  PBR   >  Route Lookup  >  Output ACL/NAT/PAT  >  Queueing

last one where you can do rate limits.

Thanks

Ajay

View solution in original post

gfcisco31
Level 1
Level 1

See if this helps !

Please, rate useful posts.

View solution in original post

5 Replies 5

JohnTylerPearce
Level 7
Level 7

Let's say all the routers in this example are configured in a linear fashion. We have routers
A through Z in this enterprise network. Now, we have an ACL configured that blocks access from
RA to RZ. When a host on the Ethernet segment attached to RA, wants to send a packet to RZ, the host
will first realize that the destination is not local and will use the ARP entry for the default
gateway OR it will ARP for the mac address of the default gateway. THe host will then construct
a frame which will then travel towards the default gateway of the ethernet segment on RA. Once
the router receives this frame, it will then knock off the frame, and look at the IP header for
the destination IP address. Once it has this information, the ACL which was configured inbound
on RA's Ethernet interface, will see that this is a match, and will deny the packet to travel
further to the destination. Of course we will put in an 'ip permit any any' at the end of this
ACL otherwise all traffic will be blocked.

Now, in this example, we have PBR configured to allow the Ethernet segment on RA to use the
second link to RB, on it's way towards an attached ethernet segment on RZ. Host A will notice
that the destination is not local, will use the ARP entry in the ARP table OR if an entry does
not exist, will ARP for the MAC of the default gateway on RA. The host will construct a frame
and send it to the destination mac address of the default gateway on RA. Once RA receives this
frame it knocks off the frame, and looks at the destination IP address in the IP header of the
IP Packet. The PBR process on the router, notices that it matches the PBR configuration, and
uses the ARP table entry for the next-hop ip address in the PBR, OR ARPs for the mac address
for the next-hop ip address if it does not have one. It when constructs a frame with this
mac address as the destination mac address and the source mac address as the source of the
interface that sent the frame from RA.

Remember that the source ip address/destination ip address do not change unless you're using
NAT, but the router will remember the NAT translation so that's ok. The source mac and destination
mac will change hop to hop.

I hope that helped some.

I'm not too familiar with rate limiting so I'll let someone else answer that one.

It should look like this-

Data  >  Input ACL/NAT  >  PBR   >  Route Lookup  >  Output ACL/NAT/PAT  >  Queueing

last one where you can do rate limits.

Thanks

Ajay

gfcisco31
Level 1
Level 1

See if this helps !

Please, rate useful posts.

Gustavo,

This one is nice! Have you created the chart yourself? This one seems to me to be combining information from two distinct documents:

NAT Order of Operation:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

Quality of Service Order of Operation

http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a0080160fc1.shtml

Best regards,

Peter

Hi Peter...

No, i found this one here at the forum (i believe)... and its indeed a good one !!

Thank you !

Regards

Review Cisco Networking for a $25 gift card