Solved

How to learn packet flow through routers and switches

Posted on 2010-08-18
4
822 Views
Last Modified: 2012-05-10
Can anyone recommend a good source to learn the path a packet takes trough routers and switches?

I am looking for some material that goes step by step from the source through the switch, vlan interface, the router and finally the end point . Stopping at each step along the way to explain exactly what happens.

For example why does a router have an arp cache of ip addresses to macs if it is going to send the packet to a different layer 3 switch that has vlan interfaces. Isn't the layer 3 switch capable of accepting the packets, routing the packet to the correct vlan and then sending arp messages to find the mac address associated with the ip address?

Another example is when you do a "sh ip arp 1.1.1.1" you get mac addresss aa.aa.aa.aa.aa.aa and 1.1.1.1. is assigned to gi1/1. But when I "sh ip route 1.1.1.1" it shows directly connected via gi1/1 so do you even need the mac address if the routing table shows as directly connected?

I am thinking about going back and rereading Lammle CCNA but I read that several times and at the time I thought that I got it. But when I get on routers and switches and start trying to visualize being the packets I get confused.

I am not really curious about the inner workings of these devices past the point of being able to confidently follow the packet from source to destination. I would also like to learn proper network design and troubleshooting.
0
Comment
Question by:Dragon0x40
  • 2
4 Comments
 
LVL 2

Accepted Solution

by:
jimmytheshark earned 250 total points
ID: 33473076
I think the new CCNP ROUTE and CCNP SWITCH books delve a little deeper into the exactly what happens to a packets as it traverses the network.

That migth be a good place to start.

J
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33474740
the CCNP books are a bit too advanced in what you want to learn in my opinion. What you need is a good CCNA book. That will get you the basics you need, but it all comes to years of experience to troubleshoot and design networks

Of course it does not hurt to dive in reading the CCNP books, they are a good reference, but what you need are the basics, but just do not get to ahead of yourself, take your time, read, comprehend and do lab work. You can use dynamips/dyngen and wireshark study the frames/packets on a link between 2 switches/routers. Take a read:http://www.ietf.org/rfc/rfc1180.txt

For example why does a router have an arp cache of ip addresses to macs if it is going to send the packet to a different layer 3 switch that has vlan interfaces. Isn't the layer 3 switch capable of accepting the packets, routing the packet to the correct vlan and then sending arp messages to find the mac address associated with the ip address?

Assuming Ethernet Networks:Think layer 2 (The packet needs to be encapsulated into an Ethernet frame[Source and destination mac address, switches need to know where to send the frame!])

Another example is when you do a "sh ip arp 1.1.1.1" you get mac addresss aa.aa.aa.aa.aa.aa and 1.1.1.1. is assigned to gi1/1. But when I "sh ip route 1.1.1.1" it shows directly connected via gi1/1 so do you even need the mac address if the routing table shows as directly connected?

The arp table is used to help the router build the frame (Layer 2) so that the router can encapsulate the packet, the routing table is used to determine the best path to forward packet too. Read rfc 1180 (Link I posted above it it might help a bit). It is a little confusing in the beginning, and all I can recommend is stay with it, ask questions, and keep studying.

Billy
0
 

Author Comment

by:Dragon0x40
ID: 33481502
thanks jimmytheshark and rfc1180,

I will read the Route and Switch books.

I have previously read the rfc1180 and while it has good information it does not explain the things that I am looking for.

It seems that there would be a need for a book that helps you trace through the network. It could show a diagram of a network, then use show commands and maybe even wireshark to follow the packets through the network.

I have a lot of knowledge but have some holes here and there that need to be filled in. I am hoping that it won't take years to firm up my basics. I am asking how to trace through a simplified network.

For example what should an ip arp table show and why? You should expect to see ip to mac mappings for for all subnets that are assigned to interfaces on the router. If a switch has a management ip address of 10.10.10.10/24 then when you run "sh ip arp" you should expect to only get 10.10.10.x mappings. But if you add a vlan interface with and ip address of xxx.16.1.10/24 you will also get xxx.16.1.x mappings.

Another example is that a port in a vlan without a VLAN interface is just a layer 2 switchport but once you create a Vlan interface and assign an ip address the ports in that vlan are now basically layer 3 ports but all with the same ip address.

These are the kind of things that I want to learn more about.
0
 
LVL 24

Assisted Solution

by:rfc1180
rfc1180 earned 250 total points
ID: 33482041
>I have a lot of knowledge but have some holes here and there that need to be filled in.

understood, We are all in the same boat depending on our skill-set. This is what I love about this field (Networking) tis challenging and you always learn something new everyday.

>For example what should an ip arp table show and why? You should expect to see ip to mac mappings for for all subnets that are assigned to interfaces on the router.

Not necessarily, the arp table is dynamic and is populated based on ARP requests and replies (Typically, Cisco routers by default will have a ARP timer of about 4 hours.

>If a switch has a management ip address of 10.10.10.10/24 then when you run "sh ip arp" you should expect to only get 10.10.10.x mappings.

Yes, based on ARP requests/replies from the 10.10.10.0/24 you should only expect to see the mappings for that network.

>But if you add a vlan interface with and ip address of xxx.16.1.10/24 you will also get xxx.16.1.x mappings.

Correct

>Another example is that a port in a vlan without a VLAN interface is just a layer 2 switchport but once you create a Vlan interface and assign an ip address the ports in that vlan are now basically layer 3 ports but all with the same ip address.

Yeah, for the most part, just remember that a vlan interface (SVI) is a virtual interface, and you still have to assign a physical interface to a vlan, so that port is still a layer 2 switchport. If you did not want to create a SVI, then depending on the model/feature set you could disable switchport (no switchport) on a physical interface and convert to a layer 3 interface (Routed Physical Interface)
http://www.ciscopress.com/articles/article.asp?p=358549&seqNum=4

Just keep at it, just do not overwhelm yourself and take it slowly, have patience, and ask questions.

Good Luck
Billy
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now