Wednesday, August 21, 2019

IP Traffic Flow

The IP routing process is fairly simple and doesn’t change, regardless of the size of your network. For example, we’ll use Figure 1 to describe step-by-step what happens when Host_A wants to communicate with Host_B on a different network.




In this example, a user on Host_A pings Host_B’s IP address. Routing doesn’t get simpler than this, but it still involves a lot of steps. Let’s work through them:


1. Internet Control Message Protocol (ICMP) creates an echo request payload (which is just the alphabet in the data field).


2. ICMP hands that payload to Internet Protocol (IP), which then creates a packet. At a minimum, this packet contains an IP source address, an IP destination address, and a Protocol field with 01h. (Remember that Cisco likes to use 0x in front of hex characters, so this could look like 0x01.) All that tells the receiving host to whom it should hand the payload when the destination is reached—in this example, ICMP.


3. Once the packet is created, IP determines whether the destination IP address is on the local network or a remote one.


4. Since IP determines that this is a remote request, the packet needs to be sent to the default gateway so it can be routed to the remote network. The Registry in Windows is parsed to find the configured default gateway.


5. The default gateway of host 172.16.10.2 (Host_A) is configured to 172.16.10.1. For this packet to be sent to the default gateway, the hardware address of the router’s interface Ethernet 0 (configured with the IP address of 172.16.10.1) must be known. Why? So the packet can be handed down to the Data Link layer, framed, and sent to the router’s interface that’s connected to the 172.16.10.0 network. Because hosts only communicate via hardware addresses on the local LAN, it’s important to recognize that for Host_A to communicate to Host_B, it has to send packets to the Media Access Control (MAC) address of the default gateway on the local network.


Note: MAC addresses are always local on the LAN and never go through and past a router.


6. Next, the Address Resolution Protocol (ARP) cache of the host is checked to see if the IP address of the default gateway has already been resolved to a hardware address:


If it has, the packet is then free to be handed to the Data Link layer for framing. (The hardware destination address is also handed down with that packet.) To view the ARP cache on your host, use arp -a command: 

If the hardware address isn’t already in the ARP cache of the host, an ARP broadcast is sent out onto the local network to search for the hardware address of 172.16.10.1. The router responds to the request and provides the hardware address of Ethernet 0, and the host caches this address.


7. Once the packet and destination hardware address are handed to the Data Link layer, the LAN driver is used to provide media access via the type of LAN being used (in this example, Ethernet). A frame is then generated, encapsulating the packet with control information. Within that frame are the hardware destination and source addresses plus, in this case, an Ether-Type field that describes the Network layer protocol that handed the packet to the Data Link layer—in this instance, IP. At the end of the frame is something called a Frame Check Sequence (FCS) field that houses the result of the cyclic redundancy check (CRC). The frame would look something like what I’ve detailed in Figure 2. It contains Host_A’s hardware (MAC) address and the destination hardware address of the default gateway. It does not include the remote host’s MAC address—remember that!



8. Once the frame is completed, it’s handed down to the Physical layer to be put on the physical medium (in this example, twisted-pair wire) one bit at a time.

 

9. Every device in the collision domain receives these bits and builds the frame. They each run a CRC and check the answer in the FCS field. If the answers don’t match, the frame is discarded.

 


If it’s a match, then the Ether-Type field is checked to find the protocol used at the Network layer.







If the CRC matches, then the hardware destination address is checked to see if it matches too (which, in this example, is the router’s interface Ethernet 0).

 

10. The packet is pulled from the frame, and what is left of the frame is discarded. The packet is handed to the protocol listed in the Ether-Type field—it’s given to IP.

 

11. IP receives the packet and checks the IP destination address. Since the packet’s destination address doesn’t match any of the addresses configured on the receiving router itself, the router will look up the destination IP network address in its routing table.

 

12. The routing table must have an entry for the network 172.16.20.0 or the packet will be discarded immediately and an ICMP message will be sent back to the originating device with a destination network unreachable message.

 

13. If the router does find an entry for the destination network in its table, the packet is switched to the exit interface—in this example,interface Ethernet 1. Use show ip route command to see the output of the Lab_A router’s routing table. No routing protocols are needed in this network since all networks (all two of them) are directly connected.

14. The router packet-switches the packet to the Ethernet 1 buffer.

 

15. The Ethernet 1 buffer needs to know the hardware address of the destination host and first checks the ARP cache.

 

If the hardware address of Host_B has already been resolved and is in the router’s ARP cache, then the packet and the hardware address are handed down to the Data Link layer to be framed. Let’s take a look at the ARP cache on the Lab_A router by using the show ip arp command:



The dash (-) means that this is the physical interface on the router. From the output above, we can see that the router knows the 172.16.10.2 (Host_A) and 172.16.20.2 (Host_B) hardware addresses. Cisco routers will keep an entry in the ARP table for 4 hours.

 

If the hardware address has not already been resolved, the router sends an ARP request out E1 looking for the hardware address of 172.16.20.2. Host_B responds with its hardware address, and the packet and destination hardware addresses are both sent to the Data Link layer for framing.

 

16. The Data Link layer creates a frame with the destination and source hardware address, Ether-Type field, and FCS field at the end. The frame is handed to the Physical layer to be sent out on the physical medium one bit at a time.

 

17. Host_B receives the frame and immediately runs a CRC. If the result matches what’s in the FCS field, the hardware destination address is then checked. If the host finds a match, the Ether-Type field is then checked to determine the protocol that the packet should be handed to at the Network layer—IP in this example.

 

18. At the Network layer, IP receives the packet and runs a CRC on the IP header. If that passes, IP then checks the destination address. Since there’s finally a match made, the Protocol field is checked to find out to whom the payload should be given.

 

19. The payload is handed to ICMP, which understands that this is an echo request. ICMP responds to this by immediately discarding the packet and generating a new payload as an echo reply.

 

20. A packet is then created including the source and destination addresses, Protocol field, and payload. The destination device is now Host_A.

 

21. IP then checks to see whether the destination IP address is a device on the local LAN or on a remote network. Since the destination device is on a remote network, the packet needs to be sent to the default gateway.

 

22. The default gateway IP address is found in the Registry of the Windows device, and the ARP cache is checked to see if the hardware address has already been resolved from an IP address.

 

23. Once the hardware address of the default gateway is found, the packet and destination hardware addresses are handed down to the Data Link layer for framing.

24. The Data Link layer frames the packet of information and includes the following in the header:

 

The destination and source hardware addresses

The Ether-Type field with 0x0800 (IP) in it The FCS field with the CRC result in tow

25. The frame is now handed down to the Physical layer to be sent out over the network medium one bit at a time.

 

26. The router’s Ethernet 1 interface receives the bits and builds a frame. The CRC is run, and the FCS field is checked to make sure the answers match.

 

27. Once the CRC is found to be okay, the hardware destination address is checked. Since the router’s interface is a match, the packet is pulled from the frame and the Ether-Type field is checked to see what protocol at the Network layer the packet should be delivered to.

 

28. The protocol is determined to be IP, so it gets the packet. IP runs a CRC check on the IP header first and then checks the destination IP address.

 

Note: IP does not run a complete CRC as the Data Link layer does—it only checks the header for errors.

 

Since the IP destination address doesn’t match any of the router’s interfaces, the routing table is checked to see whether it has a route to 172.16.10.0. If it doesn’t have a route over to the destination network, the packet will be discarded immediately. (This is the source point of confusion for a lot of administrators—when a ping fails, most people think the packet never reached the destination host. But as we see here, that’s not always the case. All it takes is for just one of the remote routers to be lacking a route back to the originating host’s network and—poof!—the packet is dropped on the return trip, not on its way to the host.)

 

Note: Just a quick note to mention that when (if) the packet is lost on the way back to the originating host, you will typically see a request timed out message because it is an unknown error. If the error occurs because of a known issue, such as if a route is not in the routing table on the way to the destination device, you will see a destination unreachable message. This should help you determine if the problem occurred on the way to the destination or on the way back.

 

29. In this case, the router does know how to get to network 172.16.10.0—the exit interface is Ethernet 0—so the packet is switched to interface Ethernet 0.

 

30. The router checks the ARP cache to determine whether the hardware address for 172.16.10.2 has already been resolved.

 

31. Since the hardware address to 172.16.10.2 is already cached from the originating trip to Host_B, the hardware address and packet are handed to the Data Link layer.

 

32. The Data Link layer builds a frame with the destination hardware address and source hardware address and then puts IP in the Ether-Type field. A CRC is run on the frame and the result is placed in the FCS field.

33. The frame is then handed to the Physical layer to be sent out onto the local network one bit at a time.

 

34. The destination host receives the frame, runs a CRC, checks the destination hardware address, and looks in the Ether-Type field to find out to whom to hand the packet.

 

35. IP is the designated receiver, and after the packet is handed to IP at the Network layer, it checks the Protocol field for further direction. IP finds instructions to give the payload to ICMP, and ICMP determines the packet to be an ICMP echo reply.

36. ICMP acknowledges that it has received the reply by sending an exclamation point (!) to the user interface. ICMP then attempts to send four more echo requests to the destination host.

 

You’ve just experienced 36 easy steps to understanding IP routing. The key point to understand here is that if you had a much larger network, the process would be the same. In a really big internetwork, the packet just goes through more hops before it finds the destination host.

 

It’s super-important to remember that when Host_A sends a packet to Host_B, the destination hardware address used is the default gateway’s Ethernet interface. Why? Because frames can’t be placed on remote networks—only local networks. So packets destined for remote networks must go through the default gateway.

 

Did you notice that the hardware (MAC) address that Host_A uses to get to Host_B is the Lab_A E0 interface? Hardware addresses are always local, and they never pass a router’s interface. Understanding this process is as important as air to you, so carve this into your memory!






No comments:

Post a Comment

Tables Used in Switching

Tables Used in Switching Catalyst switches maintain several types of tables to be used in the switching process. The tables are tailo...