Steps involved for packet transit from Router Ingress to Router Egress interface

Question

I am looking to better understand, what happens within the router when an L3 packet arrives at a router interface and egresses via the exit interface.

For e.g consider the below, assume Hundred Gig 3/1 is ingress interface, while Hundred Gig 3/2 is the egress interface. What are sequence of steps that are actually performed , from ingress till egress.

Some of the things, that i have read about are

1. Performing IPv4 Header checksum
2. If header checksum is correct, decrement the TTL.
3. check if TTL is > 0. if not, drop the packet.
4. Compute and update the new IP header checksum.

but i am looking to understand. more details, in terms of internal transition/sequence of steps/flow diagram that happens within the router. Different vendors/OEMs may have different implemenations, but is there anything generic that i can follow. One of the references i found here, but is there more generic implemenation, that gives a uber level view.

Answer 1

I'm deliberately ignoring L2 details here for simplicity.

A basic router takes the destination IP address and matches it to its routing table, longest prefix first, shortest prefix last. It takes the interface and next-hop gateway from the matched routing table entry and then forwards the packet that way.

A more complex router may do some additional processing, including but not limited to, and not in any particular order

• source-route checking
• ingress ACL checking
• ingress firewall policy checking
• IP and/or port translation (NAPT)
• policy routing (based on source, protocol)
• complex queueing for QoS
• egress ACL checking
• egress firewall policy checking
• encapsulate for tunneling, possibly encrypt

Also, when the ingress packet is addressed to the router itself, it may

• process by device management
• decapsulate from tunneling, possibly decrypt

Answer 2

In general the following happens:

1. Find the ingress interface based on VLAN + ingress port. If there is no match, drop the packet.

2. L2 header processing:

• lookup in L2 MAC address database if L2 header termination will be needed. This is in case packet's destination MAC == MY MAC.

• lookup in L2 MAC address table (key is VSI_ID + MAC address - lookup result is output interface) to forward the frame based on L2 address. (In case of switching/L2VPN service)

2.5. If L2 header was terminated perform MPLS header processing. Here MPLS tunnels are being terminated, or MPLS LFIB lookup is performed to do MPLS label swaps.

3. L3 header processing: In case L2 header termination took place (+maybe also MPLS tunnel termination took place) perform L3 lookup in the IP routing database. The lookup is based on: VRF + IP address key, will give egress interface + L2 encapsulation info (to construct the appropriate L2 header for the next hop router/host). In this stage also TTL is updated (in case of 0, packet is dropped) + L3 header checksum is verified and re-calculated.

4. Egress packet processing - according to data provided by L2 frame/L3 packet lookup, in case of L3, attach the new L2 header, perform L2 header checksum calculation and send the packet out of the previously found egress interface.