Cisco Operations Order

Details the order of operations for a Cisco. This is the most complete list I've seen anywhere, and as you can see, it's compiled from multiple sources.

General Areas	Inside Cisco IOS Software Architecture, posted here	NAT order of Operations	QoS order of Operations
Input	Compression / Decompression	If IPSec then check input Access list	QoS Policy Propagation through Border Gateway Protocol (BGP) (QPPB) Input common classification
	Encryption	decryption - for CET (Cisco Encryption Technology) or IPSec
	Check inbound/input access-list
	Unicast reverse path check		Input marking (class-based marking or Committed Access Rate (CAR)) Input policing (through a class-based policer or CAR) IP Security (IPSec) Cisco Express Forwarding (CEF) or Fast Switching
	Check input rate limits
	Physical broadcast: ip helper addresses etc. Decrement TTL - if not already done	input accounting
	Inspection subsystem (firewall features)
	Inbound: NAT outside to inside (global to local translation)
Routing	Handle the router alert flags in the IP header Search for outbound interface in the routing table
	Policy routing
		Routing
Web cache redirect
Output	Outbound: NAT inside to outside (local to global translation)		CEF or Fast Switching Output common classification
	Encryption	Crypto (check map and mark for encryption)
	Check output access-list (packet filters)
	Inspection subsystem final checks (firewall features)		Output marking Output policing (through a class-based policer or CAR) Queueing (Class-Based Weighted Fair Queueing (CBWFQ) and Low Latency Queueing (LLQ)), and Weighted Random Early Detection (WRED)
	TCP intercept processing
		Encryption

On the inbound path, a packet is classified before it is switched. On the outbound path, a packet is classified after it is switched.

Note: Input Network-Based Application Recognition (NBAR) happens after ACLs and before policy-based routing.