When troubleshooting connectivity issues for an IP-based network, the network layer (Layer 3) of the OSI reference model is often an appropriate place to begin your troubleshooting efforts (divide-and-conquer method).
For example, if you are experiencing connectivity issues between two hosts on a network, you could check Layer 3 by pinging between the hosts. If the pings are successful, you can conclude that the issue resides at upper layers of the OSI reference model (Layers 4 through 7). However, if the pings fail, you should focus your troubleshooting efforts on Layers 1 through 3. If you ultimately determine that there is a problem at Layer 3, your efforts might be centered on the packet-forwarding process of a router.
Layer 3 Packet-Forwarding Process
- PC1 needs to access HTTP resources on Server1.
- Notice that PC1 and Server1 are on different networks.
- So how does a packet from source IP address 192.168.1.2 get routed to destination IP address 192.168.3.2?
- PC1 compares its IP address and subnet mask 192.168.1.2/24 with the destination IP address 192.168.3.2.
- PC1 determines the network portion of its own IP address.
- It then compares these binary bits with the same binary bits of the destination address. If they are the same, it knows the destination is on the same subnet. If they differ, it knows the destination is on a remote subnet.
- PC1 concludes that the destination IP address resides on a remote subnet. Therefore, PC1 needs to send the frame to its default gateway, which could have been manually configured on PC1 or dynamically learned via DHCP.
- PC1 has the default gateway address 192.168.1.1 (that is, R1). To construct a proper Layer 2 frame, PC1 needs the MAC address of the frame’s destination, which is PC1’s default gateway. If the MAC address is not in PC1’s ARP cache, PC1 uses ARP to discover it.
- Once PC1 receives an ARP reply from R1, PC1 adds R1’s MAC address to its ARP cache. PC1 then sends its data destined for Server1 in a frame addressed to R1.
- R1 receives the frame sent from PC1, and because the destination MAC address is R1’s, R1 tears off the Layer 2 header and interrogates the IP (Layer 3) header.
- An IP header contains a time-to-live (TTL) field, which is decremented once for each router hop. Therefore, R1 decrements the packet’s TTL field. If the value in the TTL field is reduced to zero, the router discards the packet and sends a time-exceeded Internet Control Message Protocol (ICMP) message back to the source.
- Assuming that the TTL is not decremented to zero, R1 checks its routing table to determine the best path to reach the IP address 192.168.3.2.
- R1’s routing table has an entry stating that network 192.168.3.0/24 is accessible through interface Serial 1/1.
- Note that ARP is not required for serial interfaces because these interface types do not have MAC addresses. Therefore, R1 forwards the frame out its Serial 1/1 interface, using the Point-to-Point Protocol (PPP) Layer 2 framing header.
- When R2 receives the frame, it removes the PPP header and then decrements the TTL in the IP header, just as R1 did.
- Again, assuming that the TTL did not get decremented to zero, R2 interrogates the IP header to determine the destination network.
- In this case, the destination network 192.168.3.0/24 is directly attached to R2’s Fast Ethernet 0/0 interface.
- Much the way PC1 sent out an ARP request to determine the MAC address of its default gateway, R2 sends an ARP request to determine the MAC address of Server1 if it is not already known in the ARP cache.
- Once an ARP reply is received from Server1, R2 stores the results of the ARP reply in the ARP cache and forwards the frame out its Fast Ethernet 0/0 interface to Server1.
Router Data Structures
The previous steps identified two router data structures:
- IP routing table: When a router needs to route an IP packet, it consults its IP routing table to find the best match. The best match is the route that has the longest prefix.
- For example, suppose that a router has a routing entry for networks 10.0.0.0/8, 10.1.1.0/24, and 10.1.1.0/26. Also, suppose that the router is trying to forward a packet with the destination IP address 10.1.1.10. The router selects the 10.1.1.0/26 route entry as the best match for 10.1.1.10 because that route entry has the longest prefix, /26 (so it matches the most number of bits).
- Layer 3-to-Layer 2 mapping table: R2’s ARP cache contains Layer 3-to-Layer 2 mapping information. Specifically, the ARP cache has a mapping that says MAC address 2222.2222.2222 corresponds to IP address 192.168.3.2.
- An ARP cache is the Layer 3-to-Layer 2 mapping data structure used for Ethernet-based networks, but similar data structures are used for Multipoint Frame Relay networks and Dynamic Multipoint Virtual Private Network (DMVPN) networks.
- However, for point-to-point links such as PPP or High-Level Data Link Control (HDLC), because there is only one other possible device connected to the other end of the link, no mapping information is needed to determine the next-hop device.
Continually querying a router’s routing table and its Layer 3-to-Layer 2 mapping data structure (for example, an ARP cache) is less than efficient. Fortunately, CEF gleans its information from the router’s IP routing table and Layer 3-to-Layer 2 mapping tables. Then, CEF’s data structures in hardware can be referenced when forwarding packets.
The two primary CEF data structures are as follows:
- Forwarding Information Base (FIB): The FIB contains Layer 3 information, similar to the information found in an IP routing table. In addition, an FIB contains information about multicast routes and directly connected hosts.
- Adjacency table: When a router is performing a route lookup using CEF, the FIB references an entry in the adjacency table.
- The adjacency table entry contains the frame header information required by the router to properly form a frame.
- Therefore, an egress interface and a next-hop MAC address is in an adjacency entry for a multipoint Ethernet interface, whereas a point-to-point interface requires only egress interface information.
Tshoot Packet-Forwarding Process
When troubleshooting packet-forwarding issues, you need to examine a router’s IP routing table.
- If the observed behavior of the traffic is not conforming to information in the IP routing table, remember that the IP routing table is maintained by a router’s control plane and is used to build the tables at the data plane.
- CEF is operating in the data plane and uses the FIB.
- You need to view the CEF data structures (that is, the FIB and the adjacency table) that contain all the information required to make packet-forwarding decisions.
The output indicates that, according to CEF, IP address 192.168.1.11 is accessible out interface Fast Ethernet 0/0, with the next-hop IP address 192.168.0.11.
The output indicates that a packet sourced from IP address 10.2.2.2 and destined for IP address 192.168.1.11 will be sent out interface Fast Ethernet 0/0 to next-hop IP address 192.168.0.11.
For a multipoint interface such as point-to-multipoint Frame Relay or Ethernet, when a router knows the next-hop address for a packet, it needs appropriate Layer 2 information (for example, next-hop MAC address or data link connection identifier [DLCI]) to properly construct a frame.
- The output shows the Frame Relay interfaces, the corresponding DLCIs associated with the interfaces, and the next-hop IP address that is reachable out the interface using the permanent virtual circuit (PVC) associated with the listed DLCI.
- In this case, if R2 needs to send data to the next-hop IP address 172.16.33.6, it uses the PVC associated with DLCI 406 to get there.
- show ip nhrp, this command displays the NHRP cache that is used with DMVPN networks.
- In this example, if a packet needs to be sent to the 192.168.255.2 next-hop IP address, the nonbroadcast multiaccess (NBMA) address 198.51.100.2 is used to reach it.
The output shows the CEF information used to construct frame headers needed to reach the next-hop IP addresses through the various router interfaces.
- Notice the value 64510800 for Serial 1/0. This is a hexadecimal representation of information that is needed by the router to successfully forward the packet to the next-hop IP address 172.16.33.5, including the DLCI 405.
- Notice the value CA1B01C4001CCA1C164000540800 for Fast Ethernet 3/0. This is the destination MAC address, the source MAC address, and the EtherType code for an Ethernet frame. The first 12 hex values are the destination MAC address, the next 12 are the source MAC address, and 0800 is the IPv4 EtherType code.
Routing Information Sources
As a router receives routing information from a neighboring router, the information is stored in the data structures of the IP routing protocol and analyzed by the routing protocol to determine the best path, based on metrics. An IP routing protocol’s data structure can also be populated by the local router. For example, a router might be configured for route redistribution, where routing information is redistributed from the routing table into the IP routing protocol’s data structure. The router might be configured to have specific interfaces participate in an IP routing protocol process. In that case, the network that the interface belongs to is placed into the routing protocol data structure as well.
A router could conceivably receive routing information from the following routing sources all at the same time:
- Connected interface
- Static route