Identify Cisco Express Forwarding concepts

CEF maintains 2 tables in the data plane: Forwarding Information Base for Layer 3 information and Adjacency Table with Layer 2 information for next hops listed in the FIB.

ip cef – enables CEF globally
(interface) ip route-cache cef – enables CEF on an interface


attached: represents a network to which the router is directly attached
receive: represents an IP address on one of the router’s interfaces


  • FIB

FIB entries can be check via: show ip cef command

  • Adjacency table

Adjacency entries can be checked via: show adjacency command

Note: Keep in mind CEF when working with load sharing!

Explain general network challenges

  • Unicast
  • Out-of-order packets
    • If an interface has load-balancing enabled, there is a chance that some packets will arrive out of order. TCP solve this by either resequencing the packets to the right order or by requesting retransmission of out -of-order packets.
  • Asymmetric routing
    • The traffic leave through one path and comes back on another path.

Describe IP operations

  • ICMP Unreachable and Redirects
    • Destination Unreachable: If a packet enters a router destined for an address that the router does not know hot to reach, the router can inform the source with Destination Unreachable ICMP packets.
    • Redirect: When a host knows how to reach a network and sends packet to the next-hop. However the network conditions change and a different next-hop need to be used. In this case the original next-hop can notify the source to use a different path, by sending the host a Redirect ICMP message.
  • IPv4 and IPv6 fragmentation
    • If the interface MTU size is smaller than the packet size (L3) than it is going to be fragmented.
      (Layer 2 header size: 14 byte)
  • TTL
    • Time to Live is an 8-bit field in the TCP header. It is decremented by 1 every time the packet passes through a router. If the TTL reaches 0, the packet is discarded. This help preventing routing loops. The initial value can be changed (default 255).

Explain TCP operations

  • IPv4 and IPv6 (P)MTU
    • The Maximum Transfer Unit refers to the largest packet size supported on a router interface (1500 bytes is a common value).
    • If you’re sending data on slower links, large MTU value could cause delay for latency-sensitive traffic.
  • Latency
    • Latency is the time required for a packet to travel from it’s source to destination.
  • Windowing (video)
    • TCP communication uses windowing, meaning that one or more segments are sent at one time and the receiver acknowledges the receipt and tells the next expected packet sequence number.
    • If a packet is dropped in a segment the receiver will acknowledge and ask for the next windows (the next expected packet sequence number is the lost one)
    • If there is a successful acknowledgement of a segment the window size doubles. The window size will exponential increase until the receiver does not acknowledge receipt of all segments within a certain time period (round-trip time).
    • If the TCP flow drops a packet that flow might experience TCP slow start (meaning that the window size is reduced to one segment). The window size then grows exponentially until it reaches one-half of the previous size when drop happened.  At that point the window size begin to grow linearly.
  • Global synchronization
    • If a router interface’s output queue fills, all TCP flows can simultaneously start to drop and all TCP flow does slow start. This is called global synchronization. This is a very inefficient use of bandwidth as all of the TCP flows having reduced window sizes and therefore spending more time waiting for acknowledgements.
    • Prevention: Weighted Random Early Detection (WRED): this will drops packets before the queue fills to capacity so there wont be global synchronization (TCP flows will still do slow start but not all at once)
  • MSS
    • The Maximum Segment Size is the amount of data that can be contained in a single TCP segment. The value is dependent on the current TCP window size.
  • Bandwidth-delay product
    • This is a measurement of the maximum number of bits that can be on a network segment at any one time. It is calculated by multiplying the segment’s bandwidth ( in bits/sec) by the latency packets experience as they cross the segment (in sec).
      bandwidth: 768 kbps
      end-to-end latency: 100 ms
      768000 * 0,1 = 76800 bit
      76800/8=9600 byte (exam)

Describe UDP operations

  • Starvation
    • Low Latency Queuing (LLQ) allows one or more traffic types to be buffered in a priority queue, which is serviced first during times of congestion. Traffic in the priorty queue gets to go ahead of nonpriority traffic however there is a bandwidth limit that traffic in the priority queue cannot exceed. If all bandwidth is used by the priority queue the nonpriority queues will starve.
  • Latency
    • The latency is the end to end delay. As mentioned above, the UDP is connectionless, the real effect of the latency on the UDP stream is that there would be a great delay in between the sender and the receiver. The jitter is the variance in the latency. It causes problems with the UDP stream. The Jiffer can be smoothed by buffering.

Recognize proposed changes to the network

  • Changes to routing protocol parameters
  • Migrate parts of the network to IPv6
    • Check equipment for IPv6 compatibility
    • Run IPv4 and IPv6 concurrently (at the same time), this is called dual-stack.
    • check whether ISP is support IPv6 and what is the routing protocol, or static IPv6 default gateway
    • NAT64: NAT64 allows IPv6 addresses to be translated into corresponding IPv4 addresses so they can communicate. This is a dual stack solution.
    • NTPv6: Network Prefix Translation version 6 – this way the router can translate an IPv6 prefix to another IPv6 prefix
    • IPv6-over-IPv4 tunnel: IPv6 packets can travel through IPv4 tunnel. This allows IPv6 traffic to traverse an IPv4-only portion of the network.
  • What NPTv6 attributes do you know?
    • It is a one-to-one translation
    • It supports only network layer translation; port numbers are not translated.
    • You should avoid rewriting of a higher layer information
    • NPTv6 is checksum-neatural
  • What NAT64 attributes do you know?
    • It doesn’t conserve IPv4 address
    • It provides 1-to-1 translation
    • There is stateful and stateless translation
  • Routing protocol migration
    • Administrative Distance: When you have a routing protocol and you want to use a new one, change the AD of the new routing protocol to be lower than the existing one.This way you can use both of them simultaneously.
    • Redistribution: In case of migration with redistribution you can cut over one section of your network at a time.