ACL --access control list. A list kept by routers to control access to or from the router for a number of services (for example, to prevent packets with a certain IP address from leaving a particular interface on the router).
active RP --The RP that controls the system, runs the routing protocols, and presents the system management interface.
adjacency --A relationship formed between selected neighboring routers and end nodes for the purpose of exchanging routing information. Adjacency is based upon the use of a common media segment by the routers and nodes involved.
ARP --Address Resolution Protocol. Internet protocol used to map an IP address to a MAC address. Used to obtain the physical address when only the logical address is known. Defined in RFC 826.
ARPA --Advanced Research Projects Agency. Research and development organization that is part of the Department of Defense (DoD). ARPA is responsible for numerous technological advances in communications and networking. ARPA evolved into DARPA, and then back into ARPA again (in 1994).
Cisco Express Forwarding --A Layer 3 switching technology. Cisco Express Forwarding can also refer to central Cisco Express Forwarding mode, one of two modes of Cisco Express Forwarding operation. Cisco Express Forwarding enables a Route Processor to perform express forwarding. Distributed Cisco Express Forwarding is the other mode of Cisco Express Forwarding operation.
DHCP --Dynamic Host Configuration Protocol. Provides a mechanism for allocating IP addresses dynamically so that addresses can be reused when hosts no longer need them.
hop --Passage of a data packet between two network nodes (for example, between two routers).
IP --Internet Protocol. Network layer for the TCP/IP protocol suite. Internet Protocol version 4 is a connectionless, best-effort packet switching protocol. Defined in RFC 791.
IP datagram --Fundamental unit of information passed across the Internet. An IP datagram contains source and destination addresses along with data and a number of fields that define such things as the length of the datagram, the header checksum, and flags to indicate whether the datagram can be (or was) fragmented.
MAC --Media Access Control. Lower of the two sublayers of the data link layer defined by the IEEE. The MAC sublayer handles access to shared media, such as whether token passing or contention will be used.
MAC address --Media Access Control address. Standardized data link layer address that is required for every port or device that connects to a LAN. Also known as a hardware address, MAC-layer address, and physical address.
MiM --Man-in-the-Middle. A type of ARP attack performed by mimicking another device (for example, the default gateway) in the ARP packets sent to the attacked device so that the end station or router learns counterfeited device identities. This deception allows a malicious user to pose as an intermediary who can launch an ARP-spoofing attack.
proxy ARP --proxy Address Resolution Protocol. Variation of the ARP protocol in which an intermediate device (for example, a router) sends an ARP response on behalf of an end node to the requesting host. Proxy ARP can lessen bandwidth use on slow-speed WAN links. See also ARP.
RP --Route Processor. Processor module in the Cisco 7000 series routers that contains the CPU, system software, and most of the memory components that are used in the router. Sometimes called a supervisory processor.
SSO --stateful switchover. A method of providing redundancy and synchronization for many Cisco IOS applications and features. SSO is necessary for the Cisco IOS firewall to learn about the redundancy state of the network and to synchronize their internal application state with their redundant peers. SSO allows the active and standby routers to share firewall session state information so that each router has enough information to become the active router at any time.
standby RP --The RP that waits in case the active RP fails.
VPN --Virtual Private Network. Framework that consists of multiple peers transmitting private data securely to one another over an otherwise public infrastructure. A VPN protects inbound and outbound network traffic by using protocols that tunnel and encrypt all data at the IP level. This framework permits networks to extend beyond their local topology, while remote users are provided with the appearance and functionality of a direct network connection. A VPN enables IP traffic to travel securely over a public TCP/IP network by encrypting all traffic from one network to another. A VPN uses "tunneling" to encrypt all information at the IP level.
VRF --VPN routing and forwarding instance. A VRF consists of an IP routing table, a derived forwarding table, a set of interfaces that use the forwarding table, and a set of rules and routing protocols that determine what goes into the forwarding table. In general, a VRF includes the routing information that defines a customer VPN site that is attached to a PE router. Each VPN instantiated on the PE router has its own VRF.