Steps for sending a packet out

THIS is from https://learningnetwork.cisco.com/thread/15223

       

Steps for sending a packet out -

Step 1 - (IPv4 Routing Lookup) --> Goal is to decide on the following entities first.

- Longest match / Lowest AD / Lowest Metric / Overlapping Routes(Multiple routes to the same destination in the routing table) / Policy Routing (Will override all the above steps)

- Outgoing interface

- Next-hop

Step 2 - (IPv4 Switching Method) --> Goal is to move packets between interfaces. Load Balancing occurs at this stage. Even though we have multiple routes in the routing table, the load balancing will not occur if the switching method is not configured to do so. If the switching method is not configured for load balancing, the packets will follow the same path even though multiple paths exists in the routing table. Can be verified by "show ip cef exact-route <source ip> <destination ip>". The above command based on the inputs of source and destination, will tell us the next hop IP and outgoing interface the packet is taking.

Decide on the following entities in the second step.

- Process

- Fast

- CEF

- Etc.

[Note -

1.) Once CEF is enabled, it will form the FIB and adjacency table with the help of Routing table and at the same moment and it will not check the routing table from then on unless there is change in the routing table and will forward all the packets based on CEF table only. CEF is ON by default on the routers.

2.) If on a local LAN, some users are saying that they are able to surf web without any issues and some are saying that they are having problems in surfing even though they all are on the sam LAN, then it's most probably issue with the underlying switching method. You can verify it using the command ip cef exact-route <source ip> <destination ip>, by giving the different Users source IP address and the same destination IP address. You can see different next-hop IP address, in the output if two route exists in the routing table for the same destination IP address.

3.) "show ip route" command simply checks whether our routing lookup is working or not. If you can see an valid output by show ip route command, it means our Routing Lookup worked fine. Now we can move on to check the Switching method. ]

Step 3 - (Layer 2 Encapsulation) --> Goal is to build Layer 2 frame header based on the next-hop value.

- Multipoint interfaces require layer 3 to layer 2 resolutions (For ethernet it depends on ARP / Proxy-ARP / Reverse ARP. For Frame-Relay it depends on Inverser-ARP / Static Mappings. Note that Ethernet is mapping remote layer 3 to remote layer 2 whereas Frame-Relay is mapping the remote layer 3 to local layer 2.)

- Point-to-Point interfaces do not require layer 3 to layer 2 mapping.

·         Debug ip-packet walkthrough

1.) First and foremost it will only show the process-switched packets.

2.) Secondly, all the packets locally generated or destined to any local interface will only be process switched no matter what. All transit traffic will be fast switched or CEF switched depending on what we have configured on the router.

3.) When you do "debug ip packet", follow the following messages

*Mar  2 02:33:38.559: IP: tableid=0, s=163.1.12.1 (local),d=163.1.12.2(Serial0/0), routed via RIB

*Mar  2 02:33:38.559: IP: s=163.1.12.1 (local), d=163.1.12.2 (Serial0/0),len 100, sending

*Mar  2 02:33:38.559:     ICMP type=8, code=0.

*Mar  2 02:33:41.559: IP: s=163.1.12.1 (local), d=163.1.12.2 (Serial0/0),len 100, encapsulation failed

*Mar  2 02:33:41.559:     ICMP type=8, code=0

STEP 1 - "routed via FIB / RIB" simply means that routing process was successful. Routed via RIB / FIB doesn't mean that the end-to-end connectivity is through.

STEP 2 - "sending" simply means that the packet is being sent to the switching process. The interface mentioned here is the outgoing interface where the switching process put the packet for transfer.

STEP 3 - If the third line in the output shows that "encapsulation failed" message, it means that our STEP 3 of packet forwarding failed. If you do "debug arp" along with "debug ip packet" you can see exactly after step 2, an ARP will be sent for any network not reachable.

[NOTE -

1.) If one of the above step is broken then it does't imply that the other step is broken. For example, if encapsulation is broken, then it doesn't imply that the routing is broken.

2.) If some router is sitting in the middle of the path and it doesn't have a route to the destination, it will generate ICMP unreachable message back to the source. You can verify it via "debug ip icmp". This is useful in determining end to end rechability. ]

Thanks to Brian McGahan for giving a clear picture of the above concept.

Regards,

Somit Maloo....