R&S CONCEPTS 101
PACKET PROCESSING STEPS
For CCENT STUDENTS
The most important thing for Exam is to remember where, when, how, and why MAC
and IP addresses are changing (removed, replaced).
We are assuming that all devices have just been turned on, switch is layer 2 switch and
PCs are properly configured.
PC1 pings remote PC2. As two PCs are separated by a router, they must be on different
networks (subnets).
0. PC1 determines that destination IP is on remote networks using ANDing method of
bit calculating, so PC1 will use its Default Gateway.
1. PC1 looks in its ARP cache for default gateway IP address. If does not have it, it
sends ARP request (hey, you with IP 1.1.1.1, what is your MAC?)
2. Switch1 gets the frame; frame is ARP broadcast, so Switch1 processes the frame.
Adds MAC source address and interface # it came in.
3. ARP is broadcast (all FFFFs), Switch1 sends out the frame to all ports in the same
VLAN except the receiving port. (Frame is not move to upper layers in OSI, instead
Data link takes care of it)
4. Broadcast ARP reaches your Router1. Router1 accepts frame since target IP address
matches the receiving port's IP address.
5. Router1 updates its ARP table with received information and replies to the request
with the receiving port's MAC address. (I am 1.1.1.1, my MAC is 00-11-22-33-44-55)
6. Frame ARP replay now is going back to PC1.
7. Switch1 has MAC of PC1, but adds MAC of Router1 and sends frame ONLY to PC1.
8. PC1 receives APR replay and puts info into his ARP cache. (for 5 min. on Windows)
9. Now PC can continue whatever was trying to do in the first place. PC1 takes MAC of
default gateway stored in cache and builds packet with upper layer protocols (ICMP in
our case).
10. PC1 sends packet to PC2. Source IP is PC1, Dest IP is PC2, source MAC is PC1,
Dest. MAC is Router's Fa0/1.
11. Switch receives packet and forwards out of port connected to Router1. It does not
do anything special now.
12. Router1 looks at MAC Dest. It is for him, processes the frame to look at IP Dest.
IP Destination is directly connected, so it will process the packet (Routers know about
directly connected networks; PC2 is directly connected).
13. If Router1 does not have MAC address of PC2 in his cache, it will send ARP
broadcast on the interface connected to PC2. Router1 waits for ARP replay from PC2,
not from Switch2, although ARP frame will pass through the Switch2 on the way to PC2
and back. Switch 2 is doing same thing as SW1 did: builds MAC table.
14. With PC2's MAC in cache, Router1 will process packet by adding PC2's MAC
address as dest. and his outgoing interface MAC as a source. The IPs in the packet are
the same.
15. Switch2 receives frame, adds MAC address (if not already in the table).
16. Switch2 (and Switch1 for that matter) will process frames if ports are access ports
and are on the same VLAN. Two conditions are often omitted in CCNET discussions as
VLANs are on ICND2 exam.
17. Assuming Router1 and PC2 are on the same VLAN, Switch2 will forward frame to
PC2.
18. PC2 receives frame, reads dest. MAC, strips Ethernet header and trailer, and looks
at dest. IP. OK, it is for me and processes.
19. In this example, packet is an ICMP packet so the ICMP process processes it by
sending Echo Replay message.
20. IP addresses are reversed. Source IP (PC1) becomes destination; destination IP
(PC2) becomes source. Data link layer takes packet and encapsulates it with PC2's
MAC as source and MAC of default gateway on Router1 (destination IP is on different
network).
21. Packet is on his way back to PC1. The return path does not need ARP process so
the return trip will be faster.
The process relates to OSI model:
At Router at Layer 3
1. The routing table finds a routing entry to the destination IP address.
2. The destination network is directly connected. The router sets destination as the nexthop.
3. The router decrements the TTL on the packet.
Router at Layer 2
1. The next-hop IP address is a unicast. The ARP process looks it up in the ARP table.
2. The next-hop IP address is not in the ARP table.
The ARP process tries to send an ARP request for that IP address and drops this
packet.
ARP at Router layer 2
1. The ARP process constructs a request for the target IP address.
2. The device encapsulates the PDU into an Ethernet frame.
Notes:
At step 3; if Switch is configured with an IP address and gateway (for management
purpose) then alternate step 3 is:
3. ARP request's target IP address does not match the receiving port's IP address on
Switch1 's VLAN 1 (if configured), so Switch 1 sends out the frame to all ports in the
same VLAN except the receiving port. (Frame is not move to upper layers in OSI,
instead Data link takes care of it)
Switches do NOT create ARP broadcast and do not care about Network layer (3),
unless the packet is destined for the switch (management purpose).
Switch has ARP table. It is empty at first until you configure IP address for management
purpose. Switch ARP table is build when hosts ping the switch, not when traffic passes
thru the switch.
PART 2
Adding another router to topology is being written.