Insight Into Packet Forwarding Decision Process

packet forwarding decision process

Insight Into Packet Forwarding Decision Process



Now that the router has determined the best path for a packet based on the longest match, it must determine how to encapsulate the packet and forward it out to the correct egress interface.

The figure explains how a router determines the best path to use to forward a packet.

The figure depicts how a router first determines the best path, and then forwards the packet. There are 5 steps depicted with these steps:

1. The data link frame with an encapsulated IP packet arrives on the ingress interface.
2. The router examines the destination IP address in the packet header and consults its IP routing table.
3. The router finds the longest matching prefix in the routing table.
4. The router encapsulates the packet in a data link frame and forwards it out the egress interface. The destination could be a device connected to the network or a next-hop router.
5. However, if there is no matching route entry the packet is dropped.

Click each button for a description of the three things a router can do with a packet after it has determined the best path.

Forwards the Packet to a Device on a Directly Connected Network
Forwards the Packet to a Next-Hop Router
Drops the Packet – No Match in Routing Table

Forwards the Packet to a Device on a Directly Connected Network

If the route entry indicates that the egress interface is a directly connected network, this means that the destination IP address of the packet belongs to a device on the directly connected network. Therefore, the packet can be forwarded directly to the destination device. The destination device is typically an end device on an Ethernet LAN, which means the packet must be encapsulated in an Ethernet frame.

To encapsulate the packet in the Ethernet frame, the router needs to determine the destination MAC address associated with the destination IP address of the packet. The process varies based on whether the packet is an IPv4 or IPv6 packet:

  • IPv4 packet – The router checks its ARP table for the destination IPv4 address and an associated Ethernet MAC address. If there is no match, the router sends an ARP Request. The destination device will return an ARP Reply with its MAC address. The router can now forward the IPv4 packet in an Ethernet frame with the proper destination MAC address.
  • IPv6 packet – The router checks its neighbor cache for the destination IPv6 address and an associated Ethernet MAC address. If there is no match, the router sends an ICMPv6 Neighbor Solicitation (NS) message. The destination device will return an ICMPv6 Neighbor Advertisement (NA) message with its MAC address. The router can now forward the IPv6 packet in an Ethernet frame with the proper destination MAC address.

Routing Information

The routing table of a router stores the following information:

  • Directly connected routes – These routes come from the active router interfaces. Routers add a directly connected route when an interface is configured with an IP address and is activated.
  • Remote routes – These are remote networks connected to other routers. Routes to these networks can either be statically configured or dynamically learned through dynamic routing protocols.

Specifically, a routing table is a data file in RAM that is used to store route information about directly connected and remote networks. The routing table contains network or next hop associations. These associations tell a router that a particular destination can be optimally reached by sending the packet to a specific router that represents the next hop on the way to the final destination. The next hop association can also be the outgoing or exit interface to the next destination.

The figure identifies the directly connected networks and remote networks of router R1.

The figure is labeled directly connected and remote network routes. The image shows five ovals, two on the left hand side, two on the right hand side and one in the middle. The two ovals on the left each contain a LAN switch icon. The top left oval is labled: network directly connected to R1, with the IP address A line connects the LAN switch icon to a router icon labeled R1. R1 is shown as having two FastEthernet interfaces and one serial interface. The interface on R1 is labled .1. The lower left oval is labeled : network directly connect to R1 with the IP address of A line connects the LAN switch icon to router R1. Within the middle oval, router R1 is connected to router R2 with a serial wan connection, depicted as a red lightning bolt. The serial interface on R1 is labeled .225 and the connected serial interface on R2 is labeled .226. Above the connection between R1 and R2 is the IP network address Below the middle oval is a label that says: network directly connected to R1. The two ovals on the right side each contain a LAN switch icon. The top right oval is labeled: Network remote to R1 and the IP address The bottom right oval is labeled Network remote to R1 and the IP address of

Directly Connected and Remote Network Routes

The destination network entries in the routing table can be added in several ways:

  • Local Route interfaces – These are added when an interface is configured and active. This entry is only displayed in IOS 15 or newer for IPv4 routes, and all IOS releases for IPv6 routes.
  • Directly connected interfaces – These are added to the routing table when an interface is configured and active.
  • Static routes – These are added when a route is manually configured and the exit interface is active.
  • Dynamic routing protocol – This is added when routing protocols that dynamically learn about the network, such as EIGRP or OSPF, are implemented and networks are identified.

Dynamic routing protocols exchange network reachability information between routers and dynamically adapt to network changes. Each routing protocol uses routing algorithms to determine the best paths between different segments in the network, and updates routing tables with these paths.


Dynamic routing protocols have been used in networks since the late 1980s. One of the first routing protocols was RIP. RIPv1 was released in 1988. As networks evolved and became more complex, new routing protocols emerged. The RIP protocol was updated to RIPv2 to accommodate growth in the network environment. However, RIPv2 still does not scale to the larger network implementations of today. To address the needs of larger networks, two advanced routing protocols were developed: Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS). Cisco developed the Interior Gateway Routing Protocol (IGRP) and Enhanced IGRP (EIGRP), which also scales well in larger network implementations.


Additionally, there was the need to connect different internetworks and provide routing between them. The Border Gateway Protocol (BGP) is now used between Internet Service Providers (ISPs). BGP is also used between ISPs and their larger private clients to exchange routing information.


The table classifies the protocols. Routers configured with these protocols will periodically send messages to other routers. As a cybersecurity analyst, you will see these messages in various logs and packet captures.

Protocol Interior Gateway Protocols Exterior Gateway Protocols
Distance Vector Link State Path Vector
IPv6 RIPng EIGRP for IPv6 OSPFv3 IS-IS for IPv6 BGP-MP

End-to-End Packet Forwarding

The primary responsibility of the packet forwarding function is to encapsulate packets in the appropriate data link frame type for the outgoing interface. For example, the data link frame format for a serial link could be Point-to-Point (PPP) protocol, High-Level Data Link Control (HDLC) protocol, or some other Layer 2 protocol.

Click each button and play the animations of PC1 sending a packet to PC2. Notice how the contents and format of the data link frame change at each hop.

PC1 Sends Packet to PC2
R1 Forwards the Packet to PC2
R2 Forwards the Packet to R3
R3 Forwards the Packet to PC2

PC1 Sends Packet to PC2

In the first animation, PC1 sends a packet to PC2. Since PC2 is on a different network, PC1 will forward the packet to its default gateway. PC1 will look in its ARP cache for the MAC address of the default gateway and add the indicated frame information.

Note: If an ARP entry does not exist in the ARP table for the default gateway of, PC1 sends an ARP request. Router R1 would then return an ARP reply with its MAC address.

Action Point

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

Download Our App.


Follow Us On Telegram

CEHNigeria On Google Playstore







Join Our Whatsapp Group

Follow Us On Twitter and I will Follow Back


Follow Us On Twitter

Kindly follow me on Twitter and I promise I will follow back. Aside you will get updated when we post new articles.

About Adeniyi Salau 829 Articles
I am an IT enthusiast and a man of many parts. I am a Certified Digital Marketer, Project Manager and a Real Estate Consultant. I love writing because that's what keeps me going. I am running this blog to share what I know with others. I am also a Superlife Stem Cell Distributor. Our Stem Cell Products can cure many ailments.

Be the first to comment

Leave a Reply

Your email address will not be published.


CommentLuv badge