Details the order of operations for a Cisco. This is the most complete list I've seen anywhere, and as you can see, it's compiled from multiple sources.
| General Areas |
Inside Cisco IOS Software
Architecture, posted |
|
|
| Input |
Compression / Decompression |
If IPSec then check input Access list |
QoS Policy Propagation through Border Gateway Protocol (BGP) (QPPB)
Input common classification
|
| Encryption |
decryption - for CET (Cisco Encryption Technology) or IPSec |
| Check inbound/input access-list |
| Unicast reverse path check |
|
Input marking (class-based marking or Committed Access Rate (CAR))
Input policing (through a class-based policer or CAR)
IP Security (IPSec)
Cisco Express Forwarding (CEF) or Fast Switching
|
| Check input rate limits |
|
Physical broadcast: ip helper addresses etc.
Decrement TTL - if not already done
|
input accounting
|
| Inspection subsystem (firewall features) |
| Inbound: NAT outside to inside (global to local translation) |
| Routing |
Handle the router alert flags in the IP header
Search for outbound interface in the routing table
|
|
| Policy routing |
|
Routing |
| Web cache redirect |
| Output |
Outbound: NAT inside to outside (local to global translation) |
CEF or Fast Switching
Output common classification
|
| Encryption |
Crypto (check map and mark for encryption) |
| Check output access-list (packet filters) |
| Inspection subsystem final checks (firewall features) |
Output marking
Output policing (through a class-based policer or CAR)
Queueing (Class-Based Weighted Fair Queueing (CBWFQ)
and Low Latency Queueing (LLQ)), and
Weighted Random Early Detection (WRED)
|
| TCP intercept processing |
|
Encryption |
On the inbound path, a packet is classified before it is switched.
On the outbound path, a packet is classified after it is switched.
Note: Input Network-Based Application Recognition (NBAR) happens after ACLs and before policy-based routing.
