A “debug ip cef input” on R2 shows how forwarding is done (not only routing information if we debug RIB. An added routing information does not necessary hint on the effective forwarding of the packet itself). We check that the packet (ping echo) send by PC1 (ip address 12.0.0.1) towards PC2 (ip address 23.0.0.1)
The same debug on R3 shows that received the same packet from PC1 to PC2
The same thing done on R1 shows that the packets from R2 and R3 are being received by R1 too
the debug commands showed us CEF in action and that packets from PC1 to PC2 were processed but does not hint on the order. We have two possibilities: 1) the packet travelled from R2 to R1 and then to R3 doing 3 hops, or 2) the packet travelled from R2 to R1 and R3 before it reaches PC2 doing only 2 hops. Let’s confirm using a packet capture tool (Wireshark)
Packet capture
we need to know more details about this traffic to answer the previous question whether the packet from PC1 to PC2 has done 2 or 3 hops before reaching its destination. For this purpose let’s find what ethernet mac addresses were used.
in vlan204, in the packet from PC1, the source mac address is set to R1
in the packet from pc-2, the destination mac is set to R1 too
The ARP table of R1 shows the mac address ip address correspondence in vlan 204 and confirms our findings that the packet goes through R1 and thus our first scenario. Let’s recall that ARP is the procedure in Ethernet network by which hosts, routers, etc. learns the MAC addresses match to the IP addresses they use to reach their destinations. This information is crucial to encapsulate at layer two the IP packet into the Ethernet frame.
