Cisco Express Forwarding

  • What 3 operational plane does a router have? What do they do?
    • Management plane: Management of the device
    • Control plane: Making decisions for packet forwarding. (ie: routing protocol operatioins)
    • Data plane: Forwarding data through router.
  • What 3 models do you know of packet switching? Explain them!
    • Process switching: The router makes routing decision for every single incoming packet using the CPU. (ACL with logging)
    • Fast switching: After deciding where to forward the first packet in a data flow the forwarding info is stored in fast cache. This reduces the CPU utilization.
      (interface)  ip route-cache
    • Cisco Express Forwarding: It has 2 tables in the data plane: FIB (Forwarding Information Base) with L3 info and adjacency table with L2 infos (next hop listed for FIB).
      (interface) ip route-cache cef
  • In which packet switching state does the router checks ACL and filters?
    • ???
  • What does receive, attached and an IP means in the sho ip cef output?
    • These names are below the Next Hop section so
      receive mean: traffic is received on that Prefix (incoming)
      attached means: traffic for that Prefix is forwarded to the Interface attached
      IP means: traffic is forwarded on the given Interface for another IP (ie: loopback)
  • What kind of CEF adjacencies exist?
    • Null adjacency: send packets to null interface
    • Drop adjacency: packets cannot be forwarded (protocol not supported/encapsulation error..)
    • Discard adjacency:  packet is dropped because of an ACL
    • Glean adjacency: The FIB table on a router maintains a prefix for the subnet rather than individual host prefixes.  When packets need to be forwarded to a specific host, the adjacency database is gleaned (tallóz/böngészik) for the specific prefix.
    • Punt adjacency: CEF cannot forward the packet. It will be passed to the next switching method (fast switching / process switching)

Policy-Based Routing

  • What is policy based routing used for? How does it work?
    • PBR intercepts the packet after deencapsulation and before CEF table lookup. After this PBR chooses how to forward the packet (using route-map and ACL):
    • First we create a route-map which matches the packet adn sets a route. Then we use the route-map in a PBR on a given interface (where the packet enters).
  • How can we match a route (command)?
    • With route map:
      match ip address
      match length
  • What does the default parameter do when setting a route?
    • Without default: Try PBR first and if PBR’s route doesn’t work, try to route as usual.
    • With default: Try to route as usual but ignoring any default routes, but if normal routing fails, us PBR.
  • How do you set a route?
    • set ip next-hop :Traffic routed by PBR IP but if no IP available it will route normally.
    • set ip default next-hop ..: Traffic routed normally but if it fails it will use the route set by PBR. (No default route used)
    • set interface ..: Traffic routed by PBR but if interfaces down it will route normally.
    • set default interface ..: Traffic routed normally and if that fails it will routed by PBR. (No default route used)
  • Example:

    interface Fastethernet 0/0
    ip address
    ip policy route-map PC2-over-low-route
    route-map PC2-over-low-route permit
    match ip address 101
    set ip next-hop
    access-list 101 permit ip host
  • What happens if you ping S1 server from R1 with Fa0/0 as source?
    • The policy will not apply !! The policy is only applied on the traffic which goes through Fa0/0 !! Normal routing will be used.
  • How does the implicit deny effect in a route-map on the PBR?
    • The packets which are matched by the deny clause, PBR lets the packet go through to the normal IP routing process.
  • How do you verify PBR?
    • sho ip policy
  • How can you route local traffic with PBR (ie: IP SLA)?
    • ip local policy route-map


  • What is SLA?
    • Service Level Agreement. It is the part of the service contract where the service is formally defined. The IP SLA enables the customer to assure the new business critical application and IP service that utilize the video, voice and data in the network.
  • What is IP SLA used for?
    • It is used for measuring the network behaviour.
  • Where is the collected data stored?
    • In the MIB (Management Information Base)
  • What is an operation?
    • The operation defines what kind of packet will IP SLA generate for testing the network.
  • Why is it better to send IP SLA messages to an IP SLA responder than to a simple router or host?
    • Because a device with IP SLA responder will respond to packet that normally would not (ie.: voice packets)
  • What is the difference between ICMP echo and jitter?
    • Echo operation is to monitor the end to end response time.
    • Jitter operation include latency, round-trip time, jitter and packet loss statistics.
  • What is ICMP path echo operation?
    • Path echo IP SLA operations measure round trip time between each node on a designated path on your network. Round trip time is measured hop-by-hop.
  • What is TCP connect operation?
    • TCP connect operation measures the response time taken to perform a TCP connection operation between a Cisco device and devices using IP (or an IP SLA responder).
      TCP Connect is used to test virtual circuit availability or application availability. This gives the engineer connection oriented statistics.
  • How do you configure a simple IP SLA with ICMP echo operation?
    R1# conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    R1(config)# ip sla 11
    R1(config-ip-sla)# icmp?
        icmp-echo icmp-jitter
    R1(config-ip-sla)# icmp-echo source-ip
    R1(config-ip-sla)# frequency 60
    R1(config-ip-sla)# exit
    R1(config)# ip sla schedule 11 start-time now life forever
    ! Changes to the PBR configuration below
    R1(config)# access-list 101 permit ip host host
    R1(config)# ip local policy route-map PC2-over-low-route
    R1(config)# end
  • ipsla-test
  • What state does a tracking object have?
    • up or down
  • Why do IOS requires to use tracking object?
    • Because it can prevent interface flapping. It can set a delay soon after a state change.
  • How do you configure tracking for an interface to use a static route?
  • R1# conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    R1(config)# track 2 ip sla 11 state
    R1(config-track)# delay up 90 down 90
    R1(config-track)# exit
    R1(config)# ip route s0/0/1 track 2
    R1(config)# end
    • 1: track ip sla <state|reachability> The object number can be any number.
    • 2. You can configure the delay for flapping interfaces.
    • 3. Last use the track for the static route to active tracking.
    • How do you verify the tracking?
      • sho track
    • How do you set tracking for PBR? How does this work?
      • In additional in the PBR set section we add the bold parts:set ip next-hop verify-availability track 2
      • When tracking is up the next-hop in PBR is working. When tracking goes down, PBR acts as that next-hop entry doesnt exist.
    • VRF-Lite

      • How can 2 routers with multiple VRFs communicate?
        • They have to have a subinterface for each vrf in use. The Layer 2 frames will have different vlan tags so when the router on the other side receives a packet it know which vlan  / vrf to use.
      • What is the newest vrf technology and what is the difference?
        • EVN (Easy Virtual Network). It uses a  single trunk interface instead of many subnets.
      • How do you set a VRF-Lite globally, for an interface or for OSPF?
        • ip vrf
        • (interface) ip vrf forwarding
        • (interface) encapsulation dot1Q
        • (ospf) router ospf vrf
      • What limitations have OSPF with VRFs?
        • The OSPF process needs to be unique for each VRFs.