# IP Forwarding

Process Switching, Fast Switching, and Cisco Express Forwarding

With fast switching, the first packet is process switched. The router adds an entry to the fast-switching cache (route cache). The cache has the destination IP address, next-hop information, and data link header information. Future packets with the same destination IP match the cache entry. The cache entries are timed out quickly.
CEF optimizes the route lookup using the Forwarding Information Base (FIB) and adjacency table. FIB contains information about know routes in the RIB and points to entries in the adjancency table. The adjacency table list the outgoing interface and the data link information. This information is precomputed and stored in Ternary Content Addressable Memory (TCAM).

Frame Relay Inverse ARP

With InARP, routers know the DLCI and need to learn the IP address.
A Frame Relay multipoint subinterface uses received InARP information.

Router1(config)# interface s0/0
Router1(config-if)# encapsulation frame-relay
Router1(config)# interface s0/0.1 multipoint
Router1(config-if)# ip address
Router1(config-if)# frame-relay interface-dlci 200
Router1(config-if)# frame-relay interface-dlci 300
Router1# show frame-relay map

A Frame Relay point-to-point subinterface ignores InARP information because any other IP hosts can be reached only by the single DLCI.

Router2(config)# interface s0/0
Router2(config-if)# encapsulation frame-relay
Router2(config)# interface Serial0/0.2 point-to-point
Router2(config-if)# frame-relay interface-dlci 100

A Frame Relay point-to-point interface does not receive InARP information because they only flow across a VC. The solution is to add the frame-relay map command to reach the not directly connected router.

Router3(config)# interface s0/0
Router3(config-if)# encapsulation frame-relay
Router3(config-if)# frame-relay interface-dlci 100
Router3(config-if)# frame-relay map ip 100 broadcast

Disabling InARP

InARP can be disabled on multipoint interfaces and physical interfaces using no frame-relay inverse-arp.
The router stops sending InARP messages and ignores received InARP messages too.

Classless and Classful Routing

Classless routing: when a default route exists and no specific match is made, the default route is used.
Classful routing: when a default route exists and the class A, B or C network does not exist in the routing table, the default route is used. If a class A, B or C network exists, but the packet does not match any of the existing subnets of that classful network, the default route is not used and the packet is discarded.

Policy Routing

set ip next-hop Forwards to the first addres in the list for which the associated interface is up.
set ip default next-hop Same logic, except policy routing first attempts to route based on the routing table.
set interface s0/0 s1/0: Forwards packets using the first interface in the list that is up.
set default interface s0/0 s1/0: Same logic, except policy routing first attempts to route based on the routing table.
ToS (8b) = [7-5b] IP precedence + [4b] Delay + [3b] Throughput + [2b] Reliability + [1b] Monetary cost + [0] Must be 0.
set ip precedence number|name: Sets bits 7,6,5 of the ToS
set ip tos number: Sets all 8 bits of the ToS

Router(config)# access-list 100 permit tcp any any eq 22
Router(config)# route-map MYROUTEMAP permit 10
Router(config-route-map)# match ip address 100
Router(config-route-map)# set ip next-hop
Router(config)# route-map MYROUTEMAP permit 20
Router(config-route-map)# set ip next-hop

Optimized Edge Routing and Performance Routing

OER came first, and Cisco has extended its functionality and renamed it PfR or PIRO (Protocol-Independent Routing Optimization).
OER was created to more optimally route traffic than routing protocols and takes into account:

- Packet loss
- Response time
- Path availability
- Traffic load distribution

PfR leans about network performance using IP SLA (active monitoring) and/or Netflow (passive monitoring).

- Learn
- Measure
- Apply Policy
- Enforce
- Verify


- CEF enabled
- IGP/BGP working
- Does not support MPLS and iBGP
- Uses redistribution of static routes with a tag

Device Roles in PfR

- Master Controller (MC)

Configured using the oer master command.
Learns specified information from the BRs and makes configuration decisions.

- Border Router (BR)

Configured using the oer border command.
A single router can act as both MC and BR.

MC High Availability and Failure Considerations

BR and MC maintain communication using keepalives. If keepalives from the MC stop, the BR removes any PfR information.
For high availability configure more than one MC.

PfR configuration

MC(config)# key-chain key1
MC(config-keychain)# key1
MC(config-keychain-key)# key-string pfr
MC(config)# oer master
MC(config-oer-mc)# logging
MC(config-oer-mc)# mode route control
MC(config-oer-mc)# max prefix total 1000
MC(config-oer-mc)# backoff 90 3000 300
MC(config-oer-mc)# learn
MC(config-oer-mc-learn)# delay
MC(config-oer-mc-learn)# monitor period 5
MC(config-oer-mc-learn)# periodic interval 15
MC(config-oer-mc)# border key-chain key1
MC(config-oer-mc-br)# interface fa0/0 internal
MC(config-oer-mc-br)# interface se0/0 external
MC(config-oer-mc-br-if)# max-xmit-utilization absolute 1500
MC(config-oer-mc-br-if)# cost-minimization fixed fee 1000
MC(config-oer-mc)# border key-chain key1
MC(config-oer-mc-br)# interface fa0/0 internal
MC(config-oer-mc-br)# interface se0/0 external
MC(config-oer-mc-br-if)# max-xmit-utilization absolute 1000
MC(config-oer-mc-br-if)# cost-minimization fixed fee 800
BR1(config)# key-chain key1
BR1(config-keychain)# key1
BR1(config-keychain-key)# key-string pfr
BR1(config)# oer border
BR1(config-oer-br)# master key-chain key1
BR1(config-oer-br)# local fa0/0
BR1(config-oer-br)# active-probe address source interface fa0/0
BR2(config)# key-chain key1
BR2(config-keychain)# key1
BR2(config-keychain-key)# key-string pfr
BR2(config)# oer border
BR2(config-oer-br)# master key-chain key1
BR2(config-oer-br)# local fa0/0
BR2(config-oer-br)# active-probe address source interface fa0/0

GRE Tunnels

Passenger protocol is encapsulated into the transport protocol.
Multicast is a good example of traffic tunneled from one router to another using unicast packets.

R1(config)# int tu0
R1(config-if)# ip address
R1(config-if)# tunnel source FastEthernet0/0
R1(config-if)# tunnel destination
R1(config-if)# tunnel mode gre
R1(config)# int fa0
R1(config-if)# ip address
R1(config)# ip route
R3(config)# int tu0
R3(config-if)# ip address
R3(config-if)# tunnel source FastEthernet0/0
R3(config-if)# tunnel destination
R3(config-if)# tunnel mode gre
R3(config)# int fa0
R3(config-if)# ip address
R3(config)# ip route

No comments: