CCNP Route - 300-101 - Sub-Topics - uRPF + CEF

[LynK]

Introduction:

Here we go, I am going to start covering topics that I believe people who take the CCNP should have a firm grasp on. I also believe that many of these topics are not covered in nearly enough detail, so lets begin.

---------------------------------------------------------------------------------------------------

uRPF

---------------------------------------------------------------------------------------------------

uRPF, also known as Unicast Reverse Path Forwarding is a security measure that prevents malicious attacks, and also block spoofed IP Addresses.

But to understand uRPF, you and I must first understand the concept of CEF (Cisco Express Forwarding). So lets begin!

---------------------------------------------------------------------------------------------------

CEF

---------------------------------------------------------------------------------------------------

Before we get into CEF, I want to discuss its two predecessors, and why CEF is so great. It all starts with Process Switching. Process switching was very inefficient in that it took EVERY packet coming into the router, and sent it to the CPU to be processed. Once processed, it forwards it out the egress interface. Sounds inefficient huh? YES!

To configure this:

Code Select Expand

no ip route-cache

The next invention down the tree is called Fast Switching. Fast switching is significantly more efficient than process switching because it only processes the first packet in a flow, and then stores it in a cache. Every packet after goes through the pre-processed cache to egress.

To configure this:

Code Select Expand

ip route-cache

CEF is a layer 3 packet switching mechanism. A what? A who? A layer 3 packet switching mechanism. Lets break this down into some simpler terms. CEF maintains two unique tables, that when combined provides an effective way to forward packets. Think of RIP for example. RIP looks in its routing table for the best route, but how does it determine its best route? By utilizing its metric of number of Hops. CEF has its own tables that it can be referenced to check the validity of these packets.

To configure this:

Code Select Expand

ip cef

CEF has two tables:
   -Adjacency Table
   -FIB Table

The Adjacency Table contains Layer 2 forwarding information! On the other hand CEF also has the FIB table (Forwarding Information Base), this contains.... the Layer 3 forwarding information!

Lets break this down even further. FIB maintains prefixes, and their next hop IP addresses on how to get to specifc destinations. Look below:

Code Select Expand


R1#show ip cef
Prefix               Next Hop             Interface
0.0.0.0/0            no route
0.0.0.0/8            drop
0.0.0.0/32           receive
1.1.1.1/32           receive              Loopback0
2.2.2.2/32           10.0.0.2             GigabitEthernet0/0
10.0.0.0/24          attached             GigabitEthernet0/0
10.0.0.0/32          receive              GigabitEthernet0/0
10.0.0.1/32          receive              GigabitEthernet0/0
10.0.0.2/32          attached             GigabitEthernet0/0
10.0.0.255/32        receive              GigabitEthernet0/0
11.11.11.11/32       receive              Loopback1
22.22.22.22/32       10.0.0.2             GigabitEthernet0/0


Notice how the next-hops say "no route" "drop" "received" "attached"

Received - Packets will not be forwarded to a physical interface, they are to be processed locally on the CPU (notice 10.0.0.1/32, also notice 1.1.1.1/32 that is an IP on THIS ROUTER. It is not going to forward anything if it is his own IP he is going to process it!)

Attached - Attached means... I have a wire directly from me------you. I am attached to you.

Drop - Self Explanatory here.

No route - Also Self Explanatory



Now that the FIB is covered, lets go a little deeper and look at the Adjacency Table.

Code Select Expand


R1# show adjacency
Protocol Interface                 Address
IP       GigabitEthernet0/0        10.0.0.2(12)


Well... that is all folks, nothing to see here.... NOT!

There are 6 different Types!! Most of which are self explanatory:

-Null Adjacency - If packets are sent to a null interface, drop them. (Think SUMMARY ROUTES!)

-Glean Adjacency - Router is connected to many hosts (Think Ethernet). This stores a network prefix, not a host route (Ex: 10.0.0.0/24 instead of 10.0.0.1/32, 10.0.0.2/32, 10.0.0.3/32, 10.0.0.4/32, etc). This keeps the table small. When a packet needs to be sent to a specific address to GLEANS to resolve an ARP request of the 'directly attached' neighbor.

-Punt Adjacency - This is used when it cannot locate a valid adjacency for a MAC address, it punts it to the CPU to process ARP

-Discard Adjacency - Packets are discarded

-Drop Adjacency - Packets are drops


With all this being said, let me give you the whole picture. Stand back and be AMAZED. This is why CEF is so amazing, and is phenominal in the forwarding of packets.

So we have a packet come in from a host (1.1.1.1), who needs to get to 2.2.2.2. The routing table looks up the route, sees 2.2.2.0/24, determines the BEST PATH, then FORWARDS the packet to the FIB. FIB says I know about 2.2.2.2 I have him here in my table. THE NEXT HOP (adjacency) is right here in my table too (TY ADJACENCY TABLE). Because the information is already in the table, the packet does not have to do processing to get this information. It slaps it on and sends it to R2. R2 receives the information looks in his routing table and sees a directly connected route, where does it forward it? It checks its FIB and sees it as RECEIVED. So it sends it locally to be processed.

---------------------------------------------------------------------------------------------------

Back to uRPF

---------------------------------------------------------------------------------------------------

With all that being behind us now, lets look at uRPF. uRPF has three modes of operation:

-Strict Mode
-Loose Mode
-VRF Mode

-Strict mode performs TWO CHECKS on all INCOMING PACKETS on an interface:
    1) Is there a matching entry for the source in the routing table?
    2) Do I use the same interface to reach this source, as where I received this packet?

IF and ONLY IF both of these matches then the packet is permitted.

To configure this:

Code Select Expand


interface gig0/0
   ip verify unicast source reachable-via rx


-Loose mode performs ONE check on INCOMING PACKETS
    1) Do I have a matching entry for the source in the routing table?

To configure this:

Code Select Expand


interface gig0/0
   ip verify unicast source reachable-via any


-VRF Mode is the exact same thing as loose mode, but with VRFs involved.

What if your packets are being matched on a default route, and you are using loose mode? DROPPED!

To prevent this:

Code Select Expand


interface gig0/0
   ip verify unicast source reachable-via any allow-default


Verification Commands:

Code Select Expand


show ip cef
show cef interface
show adjacency


I hope this helps. If there are any questions/errors. Let me know.

[icecream-guy]

for the CEF part. might want to imbibe in a little store-and-forward switching, then a little cut-through switching before leading into the CEF,  these two are the predecessors to CEF. it would help people understand why CEF is the way it is.

[LynK]

@ristau

Good point. I was thinking about that while I was writing it, besides that how is everything?

[icecream-guy]

@ristau

Good point. I was thinking about that while I was writing it, besides that how is everything?

you expanded on that CEF.....a bit, I'll have to look it over again, cursory review looks fine.