Posted on

Cisco Router Packet Forwarwding

Process Switching

The router scans the entire routing table, searching for an exit interface that is connected to the destination network. Note this is CPU intensive and no longer practiced because it would quickly bog down a router.

Fast Switching

Enabled by default on all interfaces that support fast switching. To conserve resources, the router builds a table in high speed cache to prevent process switching every packet it receives.

When a router receives a packet sent to a destination not already in cache, it will be process switched.

After finding the exit interface and determining the Next Hop IP, the router will place this information in the cache.

You can enable fast switching per interface by issuing

conf t
int fa0/0
ip route-cache

Review that fast switching has been enabled

Lab-C#show ip int fa0/0 | in IP fast
 IP fast switching is enabled
 IP fast switching on the same interface is disabled

You can view the table held in cache

show ip cache

You can review this process of placing entries in the cache by enabling packet debugging by issuing

debug ip packet detail

Keep in mind that when you have enabled packet debugging you can review process switching activity, however fast switched and CEF switched packets do not show up. So for the sake of troubleshooting it may be a good idea to disable fast switching (no ip route-cache) and CEF.

References

Intense School: Process Switching, Fast Switching, and CEF

Cisco Fast Switching

Cisco Verify CEF Switching

Posted on

Gratuitous ARP

A client network interface configured for DHCP will issue a gratuitous ARP request after it has received an IP offered from the DHCP server. It does this to detect if any other local hosts have the same IP address in order to avoid a continued address conflict.

The host in question will issue a gratuitous ARP request packet configured as follows:

Source Hardware Address (SHA): its own MAC address
Source Protocol Address (SPA): the DHCP assigned IP address
Destination Hardware Address: Broadcast MAC FF:FF:FF:FF:FF:FF
Destination Protocol Address: the DHCP assigned IP address

Since hosts are required to receive and process all ARP traffic, you can expect a gratuitous ARP reply if another host already has the IP address recently assigned. At this point the DHCP client will report the address conflict to the DHCP server.

Although the DHCP server will initially send pings to the IP it intends to assign as a preventative measure, it is possible the ARP table on the DHCP server is not accurate. Therefore a local host could be lurking on the network with the IP in question but a MAC address other than what is, or is not, recorded in the ARP table on the DHCP server.

References:

RFC 826: Ethernet Address Resolution Protocol

RFC 5227: IP Address Conflict Detection

Wireshark: Gratuitous ARP

Posted on

Slot Naming Convention

When matching physical interfaces on a router to what we see in the CLI it is important to understand the Cisco slot naming convention. Cisco will number slots,sub slots, and ports right to left, then bottom to top.

Convention is Slot#/Port# or Slot#/Subslot#/Port#

Review available interfaces from the CLI by issuing the command:

show ip interfaces

Built-in interfaces belong to Slot 0.  For example, the 2811 router has two built in Fast Ethernet ports. From the CLI they are identified as Fa0/0 and Fa0/1

Say I plug in a serial module WIC-2T into subslot 0. From the CLI they are identified as S0/0/0 and S0/0/1. This shows the WIC-2T module belongs to slot 0, subslot 0, and we have two interfaces available at ports 0 and 1.

To illustrate another slot, slot 1; I plug a network module extension (NME) known as NM-1FE2W.  This has one Fast Ethernet interface and provides two additional subslot spots for wide interface card (WIC) modules above. In my following illustration you can see I have added another WIC-2T to the NM-1FE2W.

As a result I now have two more serial interfaces that are identified in the CLI as S1/0/0 and S1/0/1.

At last I will populate subslot1 of the previously installed NM-1FE2W with a 4 port switch interface card, the HWIC-4ESW. From the CLI you’ll observe 4 new interfaces, Fa1/1/0, Fa1/1/1, Fa1/1/2, and Fa1/1/3.

After adding the NME and all WICs you have access to the following interfaces:

Router>show ip interface FastEthernet0/0 is administratively down, line protocol is down (disabled) Internet protocol processing disabled FastEthernet0/1 is administratively down, line protocol is down (disabled) Internet protocol processing disabled 
Serial0/0/0 is administratively down, line protocol is down (disabled) Internet protocol processing disabled Serial0/0/1 is administratively down, line protocol is down (disabled) Internet protocol processing disabled FastEthernet1/0 is administratively down, line protocol is down (disabled) Internet protocol processing disabled 
Serial1/0/0 is administratively down, line protocol is down (disabled) Internet protocol processing disabled Serial1/0/1 is administratively down, line protocol is down (disabled) Internet protocol processing disabled FastEthernet1/1/0 is up, line protocol is down Internet protocol processing disabled FastEthernet1/1/1 is up, line protocol is down Internet protocol processing disabled FastEthernet1/1/2 is up, line protocol is down Internet protocol processing disabled FastEthernet1/1/3 is up, line protocol is down Internet protocol processing disabled Vlan1 is administratively down, line protocol is down Internet protocol processing disabled

Below is a screen shot of what my Cisco 2811 router looks like in Packet Tracer.

CiscoSlotConvention

Posted on

Destination Unreachable vs Request Timed-Out

According to Mr. Lammle:

If a packet is lost on the return to the originating host we will probably see a request timed-out because of an unknown error.

If a packet is lost on the way to it’s destination, we will see a destination unreachable message. Typical cause is a router along the way does not possess a route to the destination.

To summarize, a packet can successfully reach its destination and on the return can be dropped at the destination host or a successive router because a needed route does not exist.