Gregg: We're back! In order to get to the point where we can discuss one of the main ideas of the book -- IP Network Traffic Planes -- we need to first examine little bit about how routers handle various packets found in IP networks. By the way, this information is in Chapter 1 of the book!

Dave: Right. Legacy network like ISDN, Frame Relay, and ATM define separate data and control channels. But IP networks carry all packets within a single pipe. So, IP network devices such as routers and switches must be able to distinguish between the packets they receive in order to treat them appropriately. At the most basic level, there are three groups of packet types that network devices deal with. And it's important to understand what these packet types are, and then why they are handled differently.

Gregg: Exactly. So the three basic categories of packets are:

Transit packets -- These include well-formed IP packets that are subjected to the standard, destination IP address-based forwarding processes of the network device. That is, no extra processing is required to forward these packets. In addition, the destination IP address of these packets is located downstream from the network device and thus, the packet is forwarded out an egress interface. In most networks and under normal operating conditions, transit packets handled by high speed processing, which for Cisco routers would be Cisco Express Forwarding (CEF), and typically by specialized forwarding hardware. The term "fast path" is used in Cisco documents to describe this type of forwarding.

Receive packets -- These include control plane and management plane packets that are destined to the network device itself. The term "receive" is related to the way addresses belonging to the network device itself are marked in the CEF table. Receive packets must be handled by the route processor CPU since they ultimately destined for and handled by applications running at the process level within the software - Cisco IOS in the case of a router. The term "punt" is often used in Cisco documents to describe the action of moving a packet from the fast path to the "punt path" in order to move the packet to the route processor for handling.

Exception IP and Non-IP packets - Two special sets of packets include 'exception IP' packets as well as non-IP packets. Exception IP packets include, for example, IPv4 packets containing IP header options, IP packets with expiring TTLs, and certain transit IP packets under specific conditions, such as the first packet of a multicast session or a new NAT session. Layer 2 keepalives, ISIS packets, Cisco Discovery Protocol (CDP) packets, and PPP Link Control Protocol (LCP) packets are examples of non-IP packets. All of the packets in this set must be handled by the route processor.

Dave: Wow. That's a lot to keep in mind. But unless we have a detailed understanding of how each packet type affects a network device, we'll never be able to adequately secure it.

Gregg: Definitely. And that's not all. This also plays a role in securing various services such as MPLS or IPsec VPNs (for example) that the device might be supporting.

Dave. Great. Ok. Now we're at the point where we can describe IP Network Traffic Planes. That's the topic for the next blog.

Gregg: Bye for now!