Insight Into Packet Forwarding Decision Process
Now that the router has determined the best path for a packet based on the longest match, it must determine how to encapsulate the packet and forward it out to the correct egress interface.
The figure explains how a router determines the best path to use to forward a packet.
The figure depicts how a router first determines the best path, and then forwards the packet. There are 5 steps depicted with these steps:
1. The data link frame with an encapsulated IP packet arrives on the ingress interface. 2. The router examines the destination IP address in the packet header and consults its IP routing table. 3. The router finds the longest matching prefix in the routing table. 4. The router encapsulates the packet in a data link frame and forwards it out the egress interface. The destination could be a device connected to the network or a next-hop router. 5. However, if there is no matching route entry the packet is dropped.
Forwards the Packet to a Device on a Directly Connected Network
If the route entry indicates that the egress interface is a directly connected network, this means that the destination IP address of the packet belongs to a device on the directly connected network. Therefore, the packet can be forwarded directly to the destination device. The destination device is typically an end device on an Ethernet LAN, which means the packet must be encapsulated in an Ethernet frame.
To encapsulate the packet in the Ethernet frame, the router needs to determine the destination MAC address associated with the destination IP address of the packet. The process varies based on whether the packet is an IPv4 or IPv6 packet:
- IPv4 packet – The router checks its ARP table for the destination IPv4 address and an associated Ethernet MAC address. If there is no match, the router sends an ARP Request. The destination device will return an ARP Reply with its MAC address. The router can now forward the IPv4 packet in an Ethernet frame with the proper destination MAC address.
- IPv6 packet – The router checks its neighbor cache for the destination IPv6 address and an associated Ethernet MAC address. If there is no match, the router sends an ICMPv6 Neighbor Solicitation (NS) message. The destination device will return an ICMPv6 Neighbor Advertisement (NA) message with its MAC address. The router can now forward the IPv6 packet in an Ethernet frame with the proper destination MAC address.
The routing table of a router stores the following information:
- Directly connected routes – These routes come from the active router interfaces. Routers add a directly connected route when an interface is configured with an IP address and is activated.
- Remote routes – These are remote networks connected to other routers. Routes to these networks can either be statically configured or dynamically learned through dynamic routing protocols.
Specifically, a routing table is a data file in RAM that is used to store route information about directly connected and remote networks. The routing table contains network or next hop associations. These associations tell a router that a particular destination can be optimally reached by sending the packet to a specific router that represents the next hop on the way to the final destination. The next hop association can also be the outgoing or exit interface to the next destination.
The figure identifies the directly connected networks and remote networks of router R1.
The figure is labeled directly connected and remote network routes. The image shows five ovals, two on the left hand side, two on the right hand side and one in the middle. The two ovals on the left each contain a LAN switch icon. The top left oval is labled: network directly connected to R1, with the IP address 192.168.10.0/24. A line connects the LAN switch icon to a router icon labeled R1. R1 is shown as having two FastEthernet interfaces and one serial interface. The interface on R1 is labled .1. The lower left oval is labeled : network directly connect to R1 with the IP address of 192.168.11.0/24. A line connects the LAN switch icon to router R1. Within the middle oval, router R1 is connected to router R2 with a serial wan connection, depicted as a red lightning bolt. The serial interface on R1 is labeled .225 and the connected serial interface on R2 is labeled .226. Above the connection between R1 and R2 is the IP network address 18.104.22.168/30. Below the middle oval is a label that says: network directly connected to R1. The two ovals on the right side each contain a LAN switch icon. The top right oval is labeled: Network remote to R1 and the IP address 10.1.1.0/24. The bottom right oval is labeled Network remote to R1 and the IP address of 10.1.2.0/24.
Directly Connected and Remote Network Routes
The destination network entries in the routing table can be added in several ways:
- Local Route interfaces – These are added when an interface is configured and active. This entry is only displayed in IOS 15 or newer for IPv4 routes, and all IOS releases for IPv6 routes.
- Directly connected interfaces – These are added to the routing table when an interface is configured and active.
- Static routes – These are added when a route is manually configured and the exit interface is active.
- Dynamic routing protocol – This is added when routing protocols that dynamically learn about the network, such as EIGRP or OSPF, are implemented and networks are identified.
Dynamic routing protocols exchange network reachability information between routers and dynamically adapt to network changes. Each routing protocol uses routing algorithms to determine the best paths between different segments in the network, and updates routing tables with these paths.
Dynamic routing protocols have been used in networks since the late 1980s. One of the first routing protocols was RIP. RIPv1 was released in 1988. As networks evolved and became more complex, new routing protocols emerged. The RIP protocol was updated to RIPv2 to accommodate growth in the network environment. However, RIPv2 still does not scale to the larger network implementations of today. To address the needs of larger networks, two advanced routing protocols were developed: Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS). Cisco developed the Interior Gateway Routing Protocol (IGRP) and Enhanced IGRP (EIGRP), which also scales well in larger network implementations.
Additionally, there was the need to connect different internetworks and provide routing between them. The Border Gateway Protocol (BGP) is now used between Internet Service Providers (ISPs). BGP is also used between ISPs and their larger private clients to exchange routing information.
The table classifies the protocols. Routers configured with these protocols will periodically send messages to other routers. As a cybersecurity analyst, you will see these messages in various logs and packet captures.
|Protocol||Interior Gateway Protocols||Exterior Gateway Protocols|
|Distance Vector||Link State||Path Vector|
|IPv6||RIPng||EIGRP for IPv6||OSPFv3||IS-IS for IPv6||BGP-MP|
End-to-End Packet Forwarding
The primary responsibility of the packet forwarding function is to encapsulate packets in the appropriate data link frame type for the outgoing interface. For example, the data link frame format for a serial link could be Point-to-Point (PPP) protocol, High-Level Data Link Control (HDLC) protocol, or some other Layer 2 protocol.
PC1 Sends Packet to PC2
In the first animation, PC1 sends a packet to PC2. Since PC2 is on a different network, PC1 will forward the packet to its default gateway. PC1 will look in its ARP cache for the MAC address of the default gateway and add the indicated frame information.
Note: If an ARP entry does not exist in the ARP table for the default gateway of 192.168.1.1, PC1 sends an ARP request. Router R1 would then return an ARP reply with its MAC address.
I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.
Download Our App.
Follow Us On Telegram
CEHNigeria On Google Playstore
GET SEOPOZ . OUTSMART YOUR BLOG COMPETITORS
Join Our Whatsapp Group
Follow Us On Twitter and I will Follow Back
Follow Us On Twitter
Kindly follow me on Twitter and I promise I will follow back. Aside you will get updated when we post new articles.