Routers route traffic across IP subnets based on the destination IP address or prefix. To facilitate the propagation of routing information, routers also support various routing protocols such as OSPF, EIGRP, or BGP.
R1 and R2 are routers connected via an ethernet link.
IP packet switching is the process as to how two end hosts communicate with each other. Much like network layer and IP addresses, the data link layer also has its link-layer addresses which are known as MAC addresses for ethernet. If you two end hosts are on the same IP subnet, they do not need a default gateway or a router to communicate with each other. One end-host can use ARP to find out the other’s MAC address on an ethernet segment, and then simply transmit the packet to the destination host. However, when the destination host is on a different subnet than the source host, the source host would simply send that packet off to the default gateway or the router. If the router knows how to reach that destination IP subnet, via a static or dynamic routing protocol, the router will simply rewrite the L2 information and send packet off to its destination host using the appropriate outgoing interface.
In the earliest days of networking, Cisco routers switched packets from incoming to outgoing interfaces using process switching which was slow due to the CPU overhead involved. Eventually, Cisco streamlined the process with fast switching and then finally CEF switching.
Process switching is the switching mechanism in which a general-purpose CPU, e.g. PowerPC or x86 processor, on a router is used to switch packets. In classic IOS, there is an input_process that runs on the CPU for processing all incoming packets. Today, process switching is only limited to a handful of specific scenarios, while everything else gets CEF switched whether in software (i.e. CPU) or hardware (i.e. network processor) depending on the platform.
The types of packets that require process switching include
The routing table, also known as Routing Information Base (or RIB) is built from information gained from either directly connected interfaces and/or static or dynamic routing protocols.
Cisco Express Forwarding (or CEF) is a Cisco proprietary switching method developed back in the 1990s to keep pace with the modern high capacity and low latency networks. Today, it is the default switching method across all Cisco routers, switches, and even appliances. CEF can be done in software or hardware. CEF can be implemented on both centralized (e.g. ISR 4K or ASR1K) as well as the distributed (e.g. Cisco ASR9K or Nexus 7K) forwarding platforms. Please note that concepts of centralized and distributed forwarding are orthogonal to whether a platform is software-based or hardware.
Software-based CEF implies CEF processing done using a general-purpose processor as opposed to using an ASIC or a network processor. CEF consists of two major components, i.e. Forwarding Information Base (or FIB) and Adjacency table.
The FIB is built directly from the routing table and contains next-hop IP addresses for each destination IP prefix. It is updated when a routing or topology change occurs.
Adjacency table contains MAC addresses and egress interfaces of all directly connected next hops and is populated using the ARP table (for ethernet medium).
Hardware-based CEF is where forwarding is done with the help of ASIC(s) or network processor(s). It can be either centralized (e.g. ASR1K) or distributed (e.g. ASR9K or CRS-1).
The primary advantage of distributed forwarding is that the packet throughput is improved even more so by offloading forwarding tasks to the egress line card(s).
FIB is used for forwarding but is derived from the combination of RIB and adjacency table so that L2 information in each outgoing frame can be rewritten.
| RIB | FIB | |
| Architecture | IP routing table (best AD only) | CEF table |
| Data Structure | Repository of routes | Repository of interface IDs and next-hop information for each destination prefix |
| Plane of Operation | Routing | Forwarding |
The RIB can be local to a routing protocol such as the case with the OSPFv2[1]. The OSPFv2 local RIB acts as the primary state management data structure for SPF computation which minimizes the churn within the global RIB and leads to lesser packet drops. The global RIB is updated only when routes are added, deleted, or changed. By default, the global RIB is used to compute inter-area, NSSA, and forwarding addresses for type 5 and 7 LSAs.
L2 Switches are for bridging or forwarding traffic based on the destination MAC address within a given L2 segment or VLAN based on CAM table which is built using the source MAC addresses. L3 switches can function both as an L2 switch as well as a router for inter-VLAN routing and many other use cases. Cisco Nexus 3000, 5000, 7000, and 9000 series products represent layer 3 families of switches.
The following steps describe the switching process.
Firewalls can be divided into several types based on how they operate on traffic passing through them. The actual implementation could be in the form of a physical or virtual appliance, the latter also suitable for cloud deployments.
It is worth noting that there is no consensus or a definition of what a next-gen firewall is in the security industry. There are two main ways a firewall can be deployed in an enterprise network.
In the case of a firewall as a bastion host with DMZ, you can also choose to deploy two separate firewalls, one facing the trusted (or private) and the other facing the untrusted or public network. Servers on the DMZ are only allowed to send traffic in response to traffic coming from the hosts on the trusted or untrusted network. The biggest drawback associated with a traditional FW deployment is that it does nothing to prevent attacks coming from inside the network.
Intrusion Prevention Systems (IPS) systems come in a variety of shapes and forms, below are the four most common ones.
IPS is deployed alongside firewall clusters, and its placement depends on the underlying use case. IPS can be deployed either in an in-line or TAP (aka passive) mode. In an in-line deployment, all network traffic passes through the IPS, and the ports can be configured in a fail-closed (i.e., no traffic passes if port or the IPS malfunctions) or fail-open fashion.
In a passive IPS deployment, an IPS such as a Firepower system monitors traffic flowing across a network using a switch port that’s configured for port mirroring or SPAN. The SPAN port receives all traffic data copied from other ports, so this type of deployment allows for placing the IPS just about anywhere within the L2 domain. In passive mode, an IPS cannot take actions that require it to be in the data path, such as blocking or shaping.
Below are the common NIPS use cases.
A Wireless LAN (WLAN) controller manages wireless network access points (APs) that wireless devices use to connect to the wireless network. WLAN controller can be deployed in a centralized (most common) or distributed fashion.
Cisco’s WLAN controllers are a key component of intent-based networking. Cisco DNA Center is a controller as well as an analytics platform that makes Cisco’s intent-based networking possible. It consists of five major components.
DNA center appliance hosts SDN controller, analytics engine, and telemetry storage. At the time of writing, a 44-core DNA appliance (DN2-HW-APL) is listed for USD 88.6K in Cisco’s GPL. It must be installed and run on the bundled bare metal server, as we speak, there is no virtual appliance package available.
DNA center licenses come in three flavors, i.e.
Endpoints are desktop or mobile clients that connect into networks to consume network services and access resources. For example, a network-connected laptop, desktop, smartphone, tablets, printers, or any other network-connected hardware with a TCP/IP stack.
A server is a hardware or software device on a network that accepts and responds to a network connection request made by a client or an endpoint. Servers are purpose-built computers to carry out various network functions. For example, a web server is a computer that runs web services (i.e. Apache or Microsoft IIS software) and responds to HTTP/HTTPS requests coming in from the web clients.
