Analysis of Cisco network device IOS Operation Sequence

The Operation Sequence of Cisco network device IOS is essential to understand how communications in routers are transmitted and how to control these communications. We will show you two operation tables in different order: NAT Operation Sequence and QoS operation sequence. The Cisco IOS operation sequence plays an important role in how routers handle communications. The Operation Sequence tells the router how to handle communication based on the configurations of different router features. If we only use the most basic features of a vro, we may never focus on the operation sequence. However, when configuring features such as network address translation (NAT), service quality (QoS), and encryption, you must first understand the operation sequence to successfully configure these features. Cisco IOS actually includes two different operation sequence tables: NAT Operation Sequence and QoS operation sequence. Let's learn one by one. Before understanding the NAT Operation Sequence List, you must first understand the NAT operation sequence. The most basic form is that NAT converts an IP address to another IP address. When the router uses this operation sequence, it moves the inbound package down from the top of the list. If a data packet comes from an internal interface specified by NAT, it uses an internal/external list. If a packet comes from an external interface, it uses a list of Outgoing Operations. This is the operation order from the internal and external list: If it is IPSec, check the input access list encryption-Cisco encryption technology (CET) or IPSec detection input access list detection input rate limit input audit routing policy route redirection to Web buffer from inside/outside NAT (Local to external conversion) password system (check and identify as encrypted) check output access list check context-based access control (CBAC) TCP Intercept encryption this is a list of outgoing and inner operation orders: If it is IPSec, detection input access list encryption-Cisco encryption technology (CET) or IPSec detection input access list detection input rate limit input audit from external to internal NAT (external to local conversion) routing Policy Routing is redirected to the Web buffer password system (checked and identified as encrypted). The output access list is checked. cbac tcp Intercept encryption. We assume that we receive an IP packet for a free outbound interface. When parsing this package, we want to use an access control list to block communication from a specific IP address. Which IP address should be put into the ACL? Is it the IP address before package resolution (such as the Public IP address) or the IP address after package resolution (such as the private IP address )? By viewing the operation sequence, you can determine that the "from external to internal NAT" operation takes place after the "check input access list" task. Therefore, the public IP address will be used in the ACL, because the packet does not pass through NAT. What should I do if I want to create a static route for the communication through NAT? Should I use public or private IP addresses? In this case, you should use a private (internal) ip address because NAT has been used when the "Route" operation is started. QoS Operation Sequence service quality (QoS) operation sequence is another important list to be understood. Here is the operation order of the inbound communication to the router: Through the Border Gateway Protocol (BGP) or QPPB's QoS policy propagation input public classification input ACL input identity-classification-based identity or commitment access rate (CAR) input policy-use a classification-based policy or CAR IPSec Cisco Express Forwarding (CEF) or quick switch. Here the operation order for outbound communication from the router is as follows: CEF or quick switch output public classification output ACL output identity output policy-queue by a classification-based policy or CAR-class-based weighted fair queue (CBWFQ) and low-latency Queue (LLQ)-and weighted Random Early Detection (WRED) When understanding how communications in a vro are transmitted and how to control these communications, first, it is essential to familiarize yourself with the Operation Sequence of Cisco IOS. Based on experience, when using any combination of NAT, password system, ACL, route, or other features in the list, the NAT operation sequence is the most important. If you do not understand the operation sequence correctly, you have to spend a long time searching and processing a basic problem of combining NAT and ACL. Therefore, understanding the operation sequence is indeed crucial.