Section 12: The Life of a Packet

  ICND1 CCENT

31% Complete

63: Introduction

https://www.udemy.com/cisco-icnd1/learn/lecture/8601662?start=0#content

 

64: DNS The Domain Name System

https://www.udemy.com/cisco-icnd1/learn/lecture/8601682#content

The Domain Name System

  • The Domain Name System resolves a Fully Qualified Domain Name (FQDN) such as www.cisco.com to an IP address.
  • Enterprises will typically have an internal DNS server which can resolve the IP address of internal hosts
  • Hosts will send their DNS queries to this server
  • If the internal DNS server cannot resolve a query, it will forward the request out to Public DNS servers on the Internet.
  • DNS requests are sent using UDP port 53 (and can fail over to TCP port 53)

65: DNS on Cisco Routers

https://www.udemy.com/cisco-icnd1/learn/lecture/8601694#content

Router DNS Commands

It is not requires to setup a router to act as a dns client if you’re only configuring via IP addresses.  This is only required if you intend to setup the router using host names / domain names.

DNS Client Commands

You must be in Configuration Mode to run these commands!

ip domain lookup

  • Enables the ability to look up domain names.
  • no ip domain lookup

ip name-server IP.ADD.RE.SS

  • Defines where the DNS server is (even if it is itself)

ip domain-name DOMAIN.COM

  • This will be appended to any subdomain lookups?
  • This works if a FQDN  is entered in the ip host sub.domain.tld IP.ADD.RE.SS.  If you only enter `ip host sub …` the lookups from external servers will not work.

ip domain-list SUB.DOMAIN.COM

  • Additional DNS suffices to search

DNS Server Commands

You should also run the DNS Client Commands on the DNS Server

ip dns server

  • Enables the router to function as a DNS server

ip host SUB.DOMAIN.TLD IP.ADD.RE.SS

  • Adds an entry to the DNS database.
    • Using the fully qualified domain name will allow you to access the host using only the subdomain
    • Using only the subdomain will not allow you to ping the FQDN
r1(config)#ip host pi3b.tas.lab 10.0.0.10
r1(config)#do ping pi3b
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
r1(config)#ip host r2 10.10.10.2

r1(config)#do ping r2.tas.lab
Translating "r1.domain.local"...domain server (10.0.0.1) 
% Unrecognized host or address, or protocol not running.

DNS Lab

This was a little lame. He didn’t explain how different networks were able to reach each other.

66: ARP Address Resolution Protocol

https://www.udemy.com/cisco-icnd1/learn/lecture/8601696#overview

IP to MAC Address Resolution

  • The sender needs to know the receiver’s IP address and MAC address to form the packet it is going to send.
  • We can point the sender directly at the destination IP address or at a user friendly FQDN such as www.cisco.com
  • DNS Domain Name System maintains a mapping of FQDNs to IP addresses
  • ARP Address Resolution Protocol is used to map the IP address ot MAC address

  • FFFF:FFFF:FFFF is the MAC Broadcast Address
  • The Switch will notice this is a broadcast and will send it out all ports.

  • Since this was a Unicast message and the switch already has the Sender’s MAC address (gathered from the original ARP), it only sends the reply to the Sender’s port.

ARP Commands

  • View ARP cache
    • Linux: arp -n
    • Windows: arp -a
    • Cisco: show arp
  • Clear ARP cache
    • Linux: ip -s -s neigh flush all
    • Windows: netsh interface ip delete arpcache
    • Cisco: clear arp-cache

67: ARP for Routed Traffic

https://www.udemy.com/cisco-icnd1/learn/lecture/8601704#overview

Routed Traffic

  • When the Sender and Receiver are pm different IP subnets, the traffic must be forwarded by a router.
  • In the following example, 172.23.4.1/24 wants to send a packet to 192.168.10.1/24

  • The Sender knows it must send the request to its Default Gateway in order to discover the Receiver’s location since it is on a different network.
  • Therefore, the first ARP request is for the Default Gateway’s MAC.

  • Now that the Sender knows the Default Gateway’s MAC, it will use:
    • The Receiver’s IP (actual destination) as the Destination IP
    • The Router’s MAC as the Destination MAC

  • Since the Router does not know the MAC address of the Receiver yet, it will hold the packet (frame??) and send an ARP request on the interface that connects to that network.

  • The Router can now send the packet.
    • The Source and Destination IPs never change!  Only the MAC addresses change as a Packet is transferred over a Router.

 

68: Life of a Packet Part 1 – DNS

https://www.udemy.com/cisco-icnd1/learn/lecture/8601712#content

 

Process

  • HA (Host A) will ARP for the MAC of its Default Gateway (RA-P1)
    • ARP Request Packet:
      • S IP = HA’s IP, D IP = RA-P1’s IP
      • S MAC = HA’s MAC, D MAC = FFFF.FFFF.FFFF.FFFF
    • Sw1 (Switch 1) records the MAC of HA on Sw1-P1 (Port 1)
    • Sw1 will broadcast the ARP request on all ports except Sw1-P1
  • RA (Router A) will see the request matches its IP and will reply with its MAC for RA-P1
    • ARP Reply Packet:
      • S IP = RA-P1’s IP, D IP = HA’s IP
      • S MAC = RA-P1’s MAC, D MAC = HA’s MAC
    • Sw1 records the MAC of RA-P1 on Sw1-P2
    • Sw1 sends RA’s ARP Reply to HA via Sw1-P1
    • HA now knows the MAC for RA-P1, its Default Gateway
  • HA send a DNS request to the DNS server to get the IP of the Recipient FQDN, www.flackbox.com
    • DNS Request Packet:
      • S  IP = HA’s IP, D IP = DS’s IP (DNS Server)
      • S MAC = HA’s MAC, D MAC = RA-P1’s MAC
    • Sw1 knows RA-P1’s MAC is on Sw1-P2, so only routes the traffic that port (unicast).
    • RA receives the packet on RA-P1
  • RA does not know the MAC for DS, so will hold the DNS request packet and ARPs for DS’s MAC.  It knows from its routing table that it can find DS’s IP’s MAC via RA-P2, so it sends the ARP request out RA-P2.
    • RA’s ARP Request Packet:
      • S IP = RA-P2’s IP, D IP = DS’s IP
      • S MAC =  RA-P2’s MAC, D MAC = FFFF.FFFF.FFFF.FFFF
    • Sw3 maps RA-P2’s MAC to Sw3-P1
    • Sw3 will broadcast that ARP on all ports except Sw3-P1
    • DS receives the request and stores RA-P2’s MAC in its ARP cache
    • DS sends an ARP reply with its MAC to RA-P2’s MAC
      • DS’s ARP Reply Packet:
        • S IP = DS’s IP, D IP = RA-P2’s IP
        • S MAC =  DS’s MAC, D MAC =  RA-P2’s MAC
    • Sw3 maps DS’s MAC to Sw3-P2
    • Sw3 forwards the ARP reply via Sw3-P1 to RA-P2
    • RA-P2 records DS’s MAC in its ARP cache
  • RA changes the S MAC for the DNS packet to RA-P2’s MAC (its own) and the D MAC to DS’s MAC
    • DNS Request Packet:
      • S IP = HA’s IP, D IP = DS’s IP
      • S MAC = RA-P2’s MAC, D MAC = DS’s MAC
  • Sw3 knows DS’s MAC maps to Sw3-P2, so only sends the request there.
  • DS receives the request and replies with the IP of the FQDN
    • DNS Reply Packet:
      • S IP = DS’s IP, D IP = HA’s IP
      • S MAC = DS’s MAC, D MAC = RA-P2’s MAC
  • Sw3-P2 receives the packet and forwards it only out Sw3-P1
  • RA-P2 receives the packet and sees the D IP does NOT match it’s own, but knows it can reach it from RA-P1 so it changes the Source and Destination MACs and sends it out RA-P1
    • DNS Reply Packet:
      • S IP = DS’s IP, D IP = HA’s IP
      • S MAC =  RA-P1’s MAC, D MAC = HA’s MAC
  • Sw1-P2 receives the packet, see’s HA’a MAC on Sw1-P1 and sends it out that port.
  • HA receives the packet and now knows the IP for www.flackbox.com is 10.10.12.10

Find the location of the Default Gateway

(I’m just going to break down this step so  you get the idea.  This should correlate with the steps outlined above.  All remaining steps will be very similar)

  • Host A (10.10.10.10/24) wants to send a packet to FQDN www.flackbox.com, but it does not know the destination IP address.
  • It will hold the packet and send a DNS request to its DNS server at 10.10.100.10
  • Host A compares its IP address and subnet mask to the destination address of the DNS server and sees it is on a different subnet, so the DNS request needs to be sent via its Default Gateway.
  • Host A will hold the DNS request and send a broadcast ARP for its Default Gateway’s MAC at 10.10.10.1

  • The ARP request will be received by Switch 1
  • Switch 1 will add an entry in its MAC address table mapping Host A’s MAC address to Port 1
  • Switch 1 will flood the broadcast traffic out all ports apart from the one it was received on.

  • The ARP request will hit Router A’s interface 10.10.10.1
  • Router A will process the ARP request and see it is for itself.
  • Router A will add an entry for Host A mapping IP 10.10.10.10 to MAC 1111.2222.3333 to its ARP cache
  • Router A will send an ARP reply to Host A with its MAC address

  • Switch 1 will add an entry in its MAC address table mapping Router A’s MAC 4444.5555.6666 to Port 2
  • Since Switch 1 already knows which port the Destination MAC belong to, it will only send the ARP reply out only Port 1.

  • Host A will an entry for Router A mapping IP address 10.10.10.1 to MAC 4444.5555.6666 to its ARP cache.
  • It will now use this whenever it needs to send traffic outside of its local network.

69: Life of a Packet Part 2 –  HTTP

https://www.udemy.com/cisco-icnd1/learn/lecture/8601718#content

My Attempt

  • HA sends TCP/HTTP GET request to Flackbox via RA-P1 (Default Gateway)
    • GET PACKET
      • SIP:HA, DIP:flackbox
      • SMAC:HA, DMAC: RA-P1
  • Sw1 rcvs packet on Sw1-P1 and connects it directly to Sw1-P2 because it has the DMAC in its MAC table
  • RA-P1 rcvs packet and sees it needs to be forwarded to a network it is not connected to, so needs to find its default gateway @ RB-.11.2
    • RA-.11.1 sends ARP to RB-.11.2
      • SIP RA-.11.1, DIP RB-.11.2
      • SMAC RA-.11.1, DMAC FFFF.FFFF.FFFF
    • RB-.11.2 Adds RA-.11.1 MAC to MAC cache
    • RB-.11.2 replies with its MAC
    • RA-.11.1 records RB-.11.2’s MAC
  • RA-.11.1 updates the packet with RB-.11.2’s MAC
    • GET PACKET
      • SIP:HA, DIP:flackbox
      • SMAC:HA, DMAC: RA-P1
  • RB-.11.2 rcvs packet and sees it needs to go to subnet .12.0, which it is a part of on RB-.12.1
  • RB-.12.1 does not know the MAC for .12.10, so it stores the HTTP packet and sends an ARP for 12.10’s MAC
    • ARP Packet:
      • SIP RB-.12.1, DIP .12.10
      • SMAC RB-.12.1, DMAC FFFF.FFFF.FFFF
  • Sw3 sees the request on Sw3-P1 and records RB-.12.1’s MAC in it’s MAC table.
  • Sw3 forwards the ARP request out all ports except Sw3-P1
  • FlackBox sees the request is for it (based on the destination IP)
    • It records the MAC for RB-.12.1 in its MAC cache
    • Sends an ARP reply with its MAC
      • SIP .12.10. DIP .12.1
      • SMAC FlackBox, DMAC RB-.12.1
  • Sw3-P2 sees the ARP reply and records FlackBox’s MAC in its MAC table for Sw3-P2
  • Sw3 forwards the ARP reply through Sw3-P1 to RB-.12.1, which it already has in its MAC table
  • RB-.12.1 rcvs the ARP reply and records .12.10’s MAC in its ARP cache.
  • RB-.12.1 Sends the HTTP packet with the updated MAC
    • SIP HA, DIP FlackBox
    • SMAC RB-.12.1, DMAC FlackBox
  • Sw3-P1 rcvs the HTTP packet and sends it out Sw3-P2 because it already knows P2 is assigned to FlackBox
  • FlackBox Rcvs the HTTP Packet!

70: Life of a Packet Lab Exercises

https://www.udemy.com/cisco-icnd1/learn/lecture/8601734#overview

12 The Life of a Packet Lab Exercise

12 The Life of a Packet Answer Key

 

LEAVE A COMMENT