The IP routing process is fairly simple and doesn’t change, regardless of the size of your network. For example, we’ll use Figure 1 to describe step-by-step what happens when Host_A wants to communicate with Host_B on a different network.
In this example, a user on Host_A pings Host_B’s IP address. Routing doesn’t get simpler than this, but it still involves a lot of steps. Let’s work through them:
1. Internet Control Message Protocol (ICMP) creates an echo request payload (which is just the alphabet in the data field).
2. ICMP hands that payload to Internet Protocol (IP), which then creates a packet. At a minimum, this packet contains an IP source address, an IP destination address, and a Protocol field with 01h. (Remember that Cisco likes to use 0x in front of hex characters, so this could look like 0x01.) All that tells the receiving host to whom it should hand the payload when the destination is reached—in this example, ICMP.
3. Once the packet is created, IP determines whether the destination IP address is on the local network or a remote one.
4. Since IP determines that this is a remote request, the packet needs to be sent to the default gateway so it can be routed to the remote network. The Registry in Windows is parsed to find the configured default gateway.
5. The default gateway of host 172.16.10.2 (Host_A) is configured to 172.16.10.1. For this packet to be sent to the default gateway, the hardware address of the router’s interface Ethernet 0 (configured with the IP address of 172.16.10.1) must be known. Why? So the packet can be handed down to the Data Link layer, framed, and sent to the router’s interface that’s connected to the 172.16.10.0 network. Because hosts only communicate via hardware addresses on the local LAN, it’s important to recognize that for Host_A to communicate to Host_B, it has to send packets to the Media Access Control (MAC) address of the default gateway on the local network.
Note: MAC addresses are always local on the LAN and never go through and past a router.
6. Next, the Address Resolution Protocol (ARP) cache of the host is checked to see if the IP address of the default gateway has already been resolved to a hardware address:
If it has, the packet is then free to be
handed to the Data Link layer for framing. (The hardware destination address is
also handed down with that packet.) To view the ARP cache on your host, use arp
-a command:
If the hardware address isn’t already in the
ARP cache of the host, an ARP broadcast is sent out onto the local network to
search for the hardware address of 172.16.10.1. The router responds to the
request and provides the hardware address of Ethernet 0, and the host caches
this address.
7. Once the packet and destination hardware address are handed to the Data Link layer, the LAN driver is used to provide media access via the type of LAN being used (in this example, Ethernet). A frame is then generated, encapsulating the packet with control information. Within that frame are the hardware destination and source addresses plus, in this case, an Ether-Type field that describes the Network layer protocol that handed the packet to the Data Link layer—in this instance, IP. At the end of the frame is something called a Frame Check Sequence (FCS) field that houses the result of the cyclic redundancy check (CRC). The frame would look something like what I’ve detailed in Figure 2. It contains Host_A’s hardware (MAC) address and the destination hardware address of the default gateway. It does not include the remote host’s MAC address—remember that!
8. Once the frame is completed, it’s handed down
to the Physical layer to be put on the physical medium (in this example,
twisted-pair wire) one bit at a time.
9. Every device in the collision domain receives
these bits and builds the frame. They each run a CRC and check the answer in
the FCS field. If the answers don’t match, the frame is discarded.
If it’s a match, then the Ether-Type field is checked to find the protocol used
at the Network layer.
If the CRC matches, then the hardware
destination address is checked to see if it matches too (which, in this
example, is the router’s interface Ethernet 0).
10. The packet is pulled from the frame, and what
is left of the frame is discarded. The packet is handed to the protocol listed
in the Ether-Type field—it’s given to IP.
11. IP receives the packet and checks the IP
destination address. Since the packet’s destination address doesn’t match any
of the addresses configured on the receiving router itself, the router will
look up the destination IP network address in its routing table.
12. The routing table must have an entry for the
network 172.16.20.0 or the packet will be discarded immediately and an ICMP
message will be sent back to the originating device with a destination network
unreachable message.
13. If the router does find an entry for the
destination network in its table, the packet is switched to the exit
interface—in this example,interface Ethernet 1. Use show ip route command to
see the output of the Lab_A router’s routing table. No routing protocols are
needed in this network since all networks (all two of them) are directly
connected.
14. The router packet-switches the packet to the
Ethernet 1 buffer.
15. The Ethernet 1 buffer needs to know the
hardware address of the destination host and first checks the ARP cache.
If the hardware address of Host_B has already
been resolved and is in the router’s ARP cache, then the packet and the
hardware address are handed down to the Data Link layer to be framed. Let’s
take a look at the ARP cache on the Lab_A router by using the show ip arp
command:
The dash (-) means that this is the physical
interface on the router. From the output above, we can see that the router
knows the 172.16.10.2 (Host_A) and 172.16.20.2 (Host_B) hardware addresses.
Cisco routers will keep an entry in the ARP table for 4 hours.
If the hardware address has not already been
resolved, the router sends an ARP request out E1 looking for the hardware
address of 172.16.20.2. Host_B responds with its hardware address, and the
packet and destination hardware addresses are both sent to the Data Link layer
for framing.
16. The Data Link layer creates a frame with the
destination and source hardware address, Ether-Type field, and FCS field at the
end. The frame is handed to the Physical layer to be sent out on the physical
medium one bit at a time.
17. Host_B receives the frame and immediately
runs a CRC. If the result matches what’s in the FCS field, the hardware
destination address is then checked. If the host finds a match, the Ether-Type
field is then checked to determine the protocol that the packet should be
handed to at the Network layer—IP in this example.
18. At the Network layer, IP receives the packet
and runs a CRC on the IP header. If that passes, IP then checks the destination
address. Since there’s finally a match made, the Protocol field is checked to
find out to whom the payload should be given.
19. The payload is handed to ICMP, which
understands that this is an echo request. ICMP responds to this by immediately
discarding the packet and generating a new payload as an echo reply.
20. A packet is then created including the source
and destination addresses, Protocol field, and payload. The destination device
is now Host_A.
21. IP then checks to see whether the destination
IP address is a device on the local LAN or on a remote network. Since the
destination device is on a remote network, the packet needs to be sent to the
default gateway.
22. The default gateway IP address is found in
the Registry of the Windows device, and the ARP cache is checked to see if the
hardware address has already been resolved from an IP address.
23. Once the hardware address of the default
gateway is found, the packet and destination hardware addresses are handed down
to the Data Link layer for framing.
24. The Data Link layer frames the packet of
information and includes the following in the header:
The destination and source hardware addresses
The Ether-Type field with 0x0800 (IP) in it
The FCS field with the CRC result in tow
25. The frame is now handed down to the Physical
layer to be sent out over the network medium one bit at a time.
26. The router’s Ethernet 1 interface receives
the bits and builds a frame. The CRC is run, and the FCS field is checked to
make sure the answers match.
27. Once the CRC is found to be okay, the
hardware destination address is checked. Since the router’s interface is a
match, the packet is pulled from the frame and the Ether-Type field is checked
to see what protocol at the Network layer the packet should be delivered to.
28. The protocol is determined to be IP, so it
gets the packet. IP runs a CRC check on the IP header first and then checks the
destination IP address.
Note: IP does not run a complete CRC as the
Data Link layer does—it only checks the header for errors.
Since the IP destination address doesn’t
match any of the router’s interfaces, the routing table is checked to see
whether it has a route to 172.16.10.0. If it doesn’t have a route over to the
destination network, the packet will be discarded immediately. (This is the
source point of confusion for a lot of administrators—when a ping fails, most
people think the packet never reached the destination host. But as we see here,
that’s not always the case. All it takes is for just one of the remote routers
to be lacking a route back to the originating host’s network and—poof!—the
packet is dropped on the return trip, not on its way to the host.)
Note: Just a quick note to mention that when
(if) the packet is lost on the way back to the originating host, you will
typically see a request timed out message because it is an unknown error. If
the error occurs because of a known issue, such as if a route is not in the
routing table on the way to the destination device, you will see a destination
unreachable message. This should help you determine if the problem occurred on
the way to the destination or on the way back.
29. In this case, the router does know how to get
to network 172.16.10.0—the exit interface is Ethernet 0—so the packet is
switched to interface Ethernet 0.
30. The router checks the ARP cache to determine
whether the hardware address for 172.16.10.2 has already been resolved.
31. Since the hardware address to 172.16.10.2 is
already cached from the originating trip to Host_B, the hardware address and
packet are handed to the Data Link layer.
32. The Data Link layer builds a frame with the
destination hardware address and source hardware address and then puts IP in
the Ether-Type field. A CRC is run on the frame and the result is placed in the
FCS field.
33. The frame is then handed to the Physical
layer to be sent out onto the local network one bit at a time.
34. The destination host receives the frame, runs
a CRC, checks the destination hardware address, and looks in the Ether-Type
field to find out to whom to hand the packet.
35. IP is the designated receiver, and after the
packet is handed to IP at the Network layer, it checks the Protocol field for
further direction. IP finds instructions to give the payload to ICMP, and ICMP
determines the packet to be an ICMP echo reply.
36. ICMP acknowledges that it has received the
reply by sending an exclamation point (!) to the user interface. ICMP then
attempts to send four more echo requests to the destination host.
You’ve just experienced 36 easy steps to
understanding IP routing. The key point to understand here is that if you had a
much larger network, the process would be the same. In a really big
internetwork, the packet just goes through more hops before it finds the
destination host.
It’s super-important to remember that when
Host_A sends a packet to Host_B, the destination hardware address used is the
default gateway’s Ethernet interface. Why? Because frames can’t be placed on
remote networks—only local networks. So packets destined for remote networks
must go through the default gateway.
Did you notice that the hardware (MAC)
address that Host_A uses to get to Host_B is the Lab_A E0 interface? Hardware
addresses are always local, and they never pass a router’s interface.
Understanding this process is as important as air to you, so carve this into
your memory!
No comments:
Post a Comment