Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to learn packet flow through routers and switches

Posted on 2010-08-18
4
Medium Priority
?
849 Views
Last Modified: 2012-05-10
Can anyone recommend a good source to learn the path a packet takes trough routers and switches?

I am looking for some material that goes step by step from the source through the switch, vlan interface, the router and finally the end point . Stopping at each step along the way to explain exactly what happens.

For example why does a router have an arp cache of ip addresses to macs if it is going to send the packet to a different layer 3 switch that has vlan interfaces. Isn't the layer 3 switch capable of accepting the packets, routing the packet to the correct vlan and then sending arp messages to find the mac address associated with the ip address?

Another example is when you do a "sh ip arp 1.1.1.1" you get mac addresss aa.aa.aa.aa.aa.aa and 1.1.1.1. is assigned to gi1/1. But when I "sh ip route 1.1.1.1" it shows directly connected via gi1/1 so do you even need the mac address if the routing table shows as directly connected?

I am thinking about going back and rereading Lammle CCNA but I read that several times and at the time I thought that I got it. But when I get on routers and switches and start trying to visualize being the packets I get confused.

I am not really curious about the inner workings of these devices past the point of being able to confidently follow the packet from source to destination. I would also like to learn proper network design and troubleshooting.
0
Comment
Question by:Dragon0x40
  • 2
4 Comments
 
LVL 2

Accepted Solution

by:
jimmytheshark earned 1000 total points
ID: 33473076
I think the new CCNP ROUTE and CCNP SWITCH books delve a little deeper into the exactly what happens to a packets as it traverses the network.

That migth be a good place to start.

J
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33474740
the CCNP books are a bit too advanced in what you want to learn in my opinion. What you need is a good CCNA book. That will get you the basics you need, but it all comes to years of experience to troubleshoot and design networks

Of course it does not hurt to dive in reading the CCNP books, they are a good reference, but what you need are the basics, but just do not get to ahead of yourself, take your time, read, comprehend and do lab work. You can use dynamips/dyngen and wireshark study the frames/packets on a link between 2 switches/routers. Take a read:http://www.ietf.org/rfc/rfc1180.txt

For example why does a router have an arp cache of ip addresses to macs if it is going to send the packet to a different layer 3 switch that has vlan interfaces. Isn't the layer 3 switch capable of accepting the packets, routing the packet to the correct vlan and then sending arp messages to find the mac address associated with the ip address?

Assuming Ethernet Networks:Think layer 2 (The packet needs to be encapsulated into an Ethernet frame[Source and destination mac address, switches need to know where to send the frame!])

Another example is when you do a "sh ip arp 1.1.1.1" you get mac addresss aa.aa.aa.aa.aa.aa and 1.1.1.1. is assigned to gi1/1. But when I "sh ip route 1.1.1.1" it shows directly connected via gi1/1 so do you even need the mac address if the routing table shows as directly connected?

The arp table is used to help the router build the frame (Layer 2) so that the router can encapsulate the packet, the routing table is used to determine the best path to forward packet too. Read rfc 1180 (Link I posted above it it might help a bit). It is a little confusing in the beginning, and all I can recommend is stay with it, ask questions, and keep studying.

Billy
0
 

Author Comment

by:Dragon0x40
ID: 33481502
thanks jimmytheshark and rfc1180,

I will read the Route and Switch books.

I have previously read the rfc1180 and while it has good information it does not explain the things that I am looking for.

It seems that there would be a need for a book that helps you trace through the network. It could show a diagram of a network, then use show commands and maybe even wireshark to follow the packets through the network.

I have a lot of knowledge but have some holes here and there that need to be filled in. I am hoping that it won't take years to firm up my basics. I am asking how to trace through a simplified network.

For example what should an ip arp table show and why? You should expect to see ip to mac mappings for for all subnets that are assigned to interfaces on the router. If a switch has a management ip address of 10.10.10.10/24 then when you run "sh ip arp" you should expect to only get 10.10.10.x mappings. But if you add a vlan interface with and ip address of xxx.16.1.10/24 you will also get xxx.16.1.x mappings.

Another example is that a port in a vlan without a VLAN interface is just a layer 2 switchport but once you create a Vlan interface and assign an ip address the ports in that vlan are now basically layer 3 ports but all with the same ip address.

These are the kind of things that I want to learn more about.
0
 
LVL 24

Assisted Solution

by:rfc1180
rfc1180 earned 1000 total points
ID: 33482041
>I have a lot of knowledge but have some holes here and there that need to be filled in.

understood, We are all in the same boat depending on our skill-set. This is what I love about this field (Networking) tis challenging and you always learn something new everyday.

>For example what should an ip arp table show and why? You should expect to see ip to mac mappings for for all subnets that are assigned to interfaces on the router.

Not necessarily, the arp table is dynamic and is populated based on ARP requests and replies (Typically, Cisco routers by default will have a ARP timer of about 4 hours.

>If a switch has a management ip address of 10.10.10.10/24 then when you run "sh ip arp" you should expect to only get 10.10.10.x mappings.

Yes, based on ARP requests/replies from the 10.10.10.0/24 you should only expect to see the mappings for that network.

>But if you add a vlan interface with and ip address of xxx.16.1.10/24 you will also get xxx.16.1.x mappings.

Correct

>Another example is that a port in a vlan without a VLAN interface is just a layer 2 switchport but once you create a Vlan interface and assign an ip address the ports in that vlan are now basically layer 3 ports but all with the same ip address.

Yeah, for the most part, just remember that a vlan interface (SVI) is a virtual interface, and you still have to assign a physical interface to a vlan, so that port is still a layer 2 switchport. If you did not want to create a SVI, then depending on the model/feature set you could disable switchport (no switchport) on a physical interface and convert to a layer 3 interface (Routed Physical Interface)
http://www.ciscopress.com/articles/article.asp?p=358549&seqNum=4

Just keep at it, just do not overwhelm yourself and take it slowly, have patience, and ask questions.

Good Luck
Billy
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question