Chapter 1: Internet Protocol Operations Fundamentals

Cisco Press

1 2 3 4 5 6 7 8 9 10 Page 10
Page 10 of 10

Line cards are classified by their "engine type," referring to the generation of the forwarding engine included on the card. The first line cards, known as Engine 0 and Engine 1, are CPU-based forwarding engines and thus behave like other CPU-based routers. The next generation, Engine 2, included an early version of an ASIC within the line card to offload some of the forwarding functions from the line card CPU. Higher-speed versions with true ASIC support followed in the Engine 4 and Engine 4+ line cards. The newest line cards are the Engine 3 and Engine 5 families. These line cards use the latest generation of dedicated ASICs, which incorporate very high-speed memory known as Ternary Content Addressable Memory (TCAM) that enables all features such as the application of ACLs, QoS, policy routing, and so forth to be performed simultaneously, while maintaining high-performance forwarding. The programmability of the ASIC allows them to support feature enhancements rather easily, as well. The Engine 3 line card, also known as the IP Services Engine, is shown in Figure 1-17 to illustrate this type of distributed ASIC-based router architecture.

On the GSR, line cards are responsible for making all packet-forwarding decisions. Because the FIB is predefined and loaded on each line card, each line card has all of the information necessary to forward any packet. If the destination address is not in the FIB, the packet is simply discarded. Distributed CEF (dCEF) is the only switching method available, and fast switching and process switching are not available as fallbacks for unresolved destinations (there are not any). There are, of course, receive packets and the exception packets to consider as well, however. Packets with a "receive" adjacency are punted to the PRP for handling. These are mainly control plane and all management plane packets, which are all handled by the PRP. Other exception packets, such as TTL expires, ICMP echo requests, IP options, and so on, are handled in various ways. Some of these packets are capable of being handled directly by the line card CPU. Technically, although still considered a punt because the line card ASIC does not support processing these packets, they are still capable of being handled locally, thus protecting the RP from unnecessary packet processing. ICMP unreachable generation, for example, is handled directly by the line card CPU. Other exception packets can be handled only by the PRP. Too many or inappropriate packets punting to either the line card CPU or the PRP can be detrimental to the platform. Again, IP traffic plane security mechanisms must be provided to control how various packets affect the platform.

The newest router in the Cisco family, the CRS-1, requires its own discussion here, as it brings both evolutionary and revolutionary changes to previous router technologies. Four key elements define these architectural advances, including: 40-Gbps line cards, advanced Route Processors, a service-intelligent switch fabric, and Cisco IOS XR Software. Some of these elements are illustrated in Figure 1-18 and described next.

Figure 1.18

Figure 1-18

CRS-1 Router Architecture and 40-Gbps Line Card

Note - This is not meant to be a detailed review of the CRS-1. Such a task requires a book in itself. Additional citations to relevant CRS-1 and IOS XR documents are given in the "Further Reading" section at the end of this chapter.

The first key feature illustrated in Figure 1-18 is the new 40-Gbps line card design. Each line card is separated by a midplane into two main components: the interface module (IM) and the modular services card (MSC). The IM provides the physical connections to the network, including Layer 1 and 2 functions (POS and Gigabit Ethernet). The MSC is the high-performance Layer 3 forwarding engine and is equipped with two high-performance Cisco Silicon Packet Processor (SPP) 40-Gbps ASIC devices, one for ingress and one for egress packet handling. You may also see the SPP referred to as the Packet Switching Engine (PSE) ASIC in Cisco documentation and in the output of certain router commands. Each Cisco CRS-1 line card maintains a distinct copy of the adjacency table and forwarding information databases, enabling maximum scalability and performance.

The second key feature involves the Route Processors (RP). Unlike previous routers that can have only a single active route processor, even if multiple devices are included for redundancy, the CRS-1 is able to use multiple active RPs to execute control plane features, system management, and accounting functions. Allowing multiple route processors also provides service separation capabilities through control plane (routing) segmentation, providing simplified migration paths for network convergence.

The third key feature, the service-intelligent switch fabric, provides the communications path between line cards. In brief, the switch fabric is designed with separate priority queues for unicast and multicast traffic and control plane messages. Further details are outside the scope of this book.

The last key feature for CRS-1 is the use of the new Cisco IOS XR Software. Traditional Cisco IOS is a modular, cooperative, multitasking operating system where processes execute in a shared memory space and feature sets are defined at system build time. IOS implements a single-stage forwarding architecture where forwarding decisions are made only on ingress ports or line cards. This architecture provides the appropriate performance and resource footprint for the broadest set of platforms and markets. Cisco IOS XR uses a memory-protected, micro-kernel-based software architecture designed to take advantage of the multi-CPU architecture found in the CRS-1. This micro-kernel architecture allows for maximum resource usage, no resource bottlenecks, and excellent control plane performance. Processes such as routing and signaling protocols can run on a single route processor or be distributed over multiple route processors. In addition, IOS XR implements a two-stage forwarding architecture where forwarding decisions are made on both the ingress and egress line cards, providing tremendous performance and scaling advantages. (The ingress line card FIB simply has destination addresses paired with the outgoing line card only. There is no binding to Layer 2 addresses at this point. The egress line card does a second lookup to determine Layer 2 header details.)

Note - The Cisco 12000 GSR is also able to run Cisco IOS XR Software with appropriate route processor and line card hardware installed.

It is worth noting that the CLI is different for IOS XR as compared with the traditional IOS CLI. In addition, the feature set available within IOS XR, including many of the security mechanisms, is also different than with traditional IOS. To aid in this transition, Appendix C provides a side-by-side comparison of the main security features found in the IOS version 12.0(32)S against the IOS XR equivalent features where applicable.

The CRS-1 must handle receive packets and exception packets, as any IP router is required to do. In a similar manner as the ASIC-based line cards for GSR, CRS-1 line cards are capable of handling certain packets within their SPP ASIC or local line card CPU. Receive packets in the control plane and management plane are punted to the RP for handling. Certain exception packets can be handled locally, while others can be handled only by the RP. Unlike traditional IOS, the IOS XR Software provides automatic mechanisms, such as dynamic control plane protection, for handing these packets to prevent resource abuse. Other unique mechanisms and the more familiar ones can also be used to secure IP traffic planes. Detailed descriptions of some of these mechanisms are covered in later chapters as appropriate.

Note - Many excellent references cover in more detail the significant Cisco router architectures. One such reference, Inside Cisco IOS Software Architecture, provides excellent coverage of the Cisco 7500 and Cisco 12000 GSR. A list of suggested references is provided in the "Further Reading" section at the end of this chapter.

In summary, the following can be stated about all the router architectures described in this chapter:

  • Data plane packet handling depends on the switching mode enabled and the router architecture. Despite the switching mode, however:

  • — IP options are always process switched (or handled in the slow path in the case of the GSR).

    — TTL expiry packets are always process switched path (or handled in the slow path in the case of the GSR).

    — The first packet of a multicast stream is always punted to create the multicast routing state on the route processor (see Chapter 2).

  • Control plane and management plane packets are always handled by the CPU on the route processor within the software slow path.

  • — ICMP replies may be handled on distributed line cards, but always by a CPU and never by an ASIC.

  • Services plane packets impact routers in varying ways. The specific router architecture must be considered to determine their overall impact.


This chapter introduced the concepts of IP traffic planes and their relationship to IP protocol and IP network operations. IP traffic planes were segmented into four logical groups:

  • Data plane: User and customer traffic

  • Control plane: Routing protocol and other router state traffic

  • Management plane: Network operations traffic

  • Services plane: Customer or application traffic with specialized traffic handling requirements

The basics of IP network forwarding architectures were then reviewed, with specific focus placed on how each of the IP traffic planes interact with these forwarding concepts. Finally, router hardware architecture and packet processing concepts were reviewed to illustrate how IP traffic planes can impact various platforms through resource abuse, and why IP traffic plane security is so vital for network stability and operations.

Review Questions

  1. Name three distinguishing characteristics of the IP protocol.

  2. What are the main challenges when services are converged on a common IP core network?

  3. Name the four distinct types of packets seen by a router, and give an example of each.

  4. Identify the three common switching methods used by Cisco routers when forwarding IP packets.

  5. True or False: Data plane traffic includes all customer traffic that is subject to the standard forwarding process and includes only transit IP packets.

  6. True or False: Control plane traffic typically includes packets generated by network elements themselves.

  7. What are the main functions supported by the management plane?

  8. How does the forwarding of services plane traffic differ from data plane traffic?

  9. Identify the four basic router architecture types.

Further Reading

Bollapragada, V., C. Murphy, and R. White. Inside Cisco IOS Software Architecture. Cisco Press, 2000. ISBN: 1-57870-181-3.

Stevens, W. Richard. TCP/IP Illustrated, Volume 1. Addison-Wesley Professional, 1993. ISBN: 0-20163-346-9.

"Cisco 12000 Series Internet Router Architecture: Line Card Design." Cisco Tech Note. (Doc. ID: 47242.)

"Cisco 12000 Series Internet Router Architecture: Packet Switching." Cisco Tech Note. (Doc. ID: 47320.)

"Cisco Catalyst 6500 Supervisor Engine 32 Architecture." Cisco white paper.

"Cisco CRS-1 Carrier Routing System Security Application Note." Cisco white paper.

"IP Services Engine Line Cards." Cisco Documentation.

"Parallel Express Forwarding on the Cisco 10000 Series." Cisco white paper.

"Switching Path." Section in "Performance Tuning Basics." Cisco Tech Note. (Doc. ID: 12809.)

"Tracing a Packet from Network Ingress to Egress, or 'The Life of a Packet.'" Cisco Tech Note. (Doc. ID: 13713.)

Copyright © 2007 Pearson Education. All rights reserved.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

1 2 3 4 5 6 7 8 9 10 Page 10
Page 10 of 10
SD-WAN buyers guide: Key questions to ask vendors (and yourself)