Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Routing George Coularis, Jean Dollimore and Tim Kindberg portions from George Blank NJIT
  2. 2. Routing  Except for LANS like Ethernet that provide direct connections between all hosts, networks require a process called routing to identify a path for communications to travel between nodes. In large networks, adaptive routing is used, analyzing the best path between nodes periodically to avoid congestion and faults such as broken connections. Routing on a network is the collective responsibility of the routers located at connection points between networks or subnets.
  3. 3. A Small Personal Router  The Linksys EtherFast® Cable/DSL Router connects the Internet to a home or small office Ethernet LAN of up to 4 computers or other devices. It is combined with an Ethernet connection switch to link the devices. List Price: about $80 in 2006
  4. 4. A Large CISCO Router   The Cisco uBR10012 Universal Broadband Router shown here supports 64,000 subscribers. It is a powerful commercial router that cost about $20,000 in 2006.
  5. 5. Routing Algorithms  Determining the best path between network nodes is done by routing algorithms. A routing algorithm has two parts:  Determine the path taken by each packet in an efficient manner to avoid degrading network performance  Monitor traffic and changes to the network to maintain information on the best paths through the network
  6. 6. Localized Routing   Routing algorithms are distributed through the network. Each router reads the address of each packet and decides where to send that packet next. Locally held information at each router includes the status of its direct links including information on congestion and link failures. Link tables include various routings and their current known cost in terms of the number of hops to get to a particular destination. An algorithm seeking a path to a new destination can request information from other routers.
  7. 7. Timeouts  The Internet uses a timeout mechanism to identify a message connection failure. It uses a default timing such as 256 seconds. The same number may be used as a hop counter. A router decrements a counter by 1 each time a packet passes through a router. If the counter reaches zero the packet is discarded. If the originating system does not receive a response within the designated time, a 404 error is displayed.
  8. 8. Routing on a local sub net  Packets addressed to hosts on the same network are transmitted to the destination in a single hop. Otherwise the packets must be sent to a router for transmission.
  9. 9. Routing Algorithm Example  The Coulouris text shows a sample network (figure 3.7) and routing table (figure 3.8) and discusses a simple routing algorithm in section 3.3. Those slides are shown following this one, but are difficult to use in class because they require frequent switching back and forth between slides to understand the process. Students are expected to understand that example well enough to explain routing algorithms on a test.
  10. 10. Figure 3.7 Network Diagram A Hosts or local networks 1 3 B 2 Links 4 C 5 D 6 E Routers Coulouris et al
  11. 11. Figure 3.8 Link Table Routings from A To Link Cost A local 0 B 1 1 C 1 2 D 3 1 E 1 2 Coulouris et al Routings from B To Link Cost A 1 1 B local 0 C 2 1 D 1 2 E 4 1 Routings from D To Link Cost A 3 1 B 3 2 C 6 2 D local 0 E 6 1 Routings from C To Link Cost A 2 2 B 2 1 C local 0 D 5 2 E 5 1 Routings from E To Link Cost A 4 2 B 4 1 C 5 1 D 6 1 E local 0
  12. 12. Figure 3.9 Routing Algorithm part 1 Send: Each t seconds or when Tl changes, send Tl on each non-faulty outgoing link. Receive: Whenever a routing table Tr is received on link n: for all rows Rr in Tr { if ( | n) { Rr.cost = Rr.cost + 1; = n; if (Rr.destination is not in Tl) add Rr to Tl; // add new destination to Tl (Continued…)
  13. 13. Figure 3.9 Routing Algorithm part 2 else for all rows Rl in Tl { if (Rr.destination = Rl.destination and (Rr.cost < Rl.cost or = n)) Rl = Rr; // Rr.cost < Rl.cost : remote node has better route // = n : remote node is more authoritative } } } Coulouris et al
  14. 14. Routing Table Animation B A C D E F G Routings From A To Link Cost A Local 0∞ B 1∞ B B 2∞ C D E 2∞ E 1∞ E F E 3∞ G E 4∞
  15. 15. Fault Handling  When a router detects a broken link or similar failure, it reacts by setting the cost to reach that link to infinity. This cost will propagate to neighboring nodes until a node is reached where a link is active and therefore has a smaller cost. This will propagate back through neighboring router tables to create a new shortest path to the nodes that were connected through the broken link.
  16. 16. Network Congestion  When the load at any particular link reaches capacity, nodes trying to send traffic through that link will find their traffic blocked. This results in available buffer space filling up until nodes must refuse traffic and discard incoming packets. If this condition is temporary, it is self correcting as dropped packets are retransmitted. However, if congestion is substantial or prolonged, the effect on network performance is catastrophic.
  17. 17. Congestion Control   In general, the approach to controlling congestion is to inform nodes along the route that congestion is occurring and requesting those nodes to reduce their rate of packet transmission. On the Internet, a large portion of packets are derived from human interaction, and people become frustrated and cease making requests to overly busy nodes, which reduces congestion. In some cases, denial of service attacks have deliberately congested prominent Internet sites.
  18. 18. Firewalls  With the Internet consisting of many nodes operated by many people, security problems are inevitable. Commercial enterprises would not wish employees access to gambling and pornography during working hours. Many trade secrets are in company files, and industrial espionage must be discourages. Viruses, denial of service attacks and other threats must be contained. One approach to these problems is to isolate a more trusted domain from the rest of the Internet. This is done with hardware and software “firewalls.”
  19. 19. Firewall Security Policies    Service Control: Permit some Internet services to be accessed and deny others. Behavior Control: Deny activities that violate the organization’s policies or which open the organization to attack or compromise. User Control: Allow only properly identified persons access to the network, ensure that any identified users can only access resources that are permitted to perform their jobs, and keep audit records to identify improper activities.
  20. 20. Implementing a Firewall   Firewalls use different ways to identify threats:  IP Packet Filtering  TCP Gateways  Application Level Gateways Gateways are often implemented on separate computers referred to as bastions.
  21. 21. IP Packet Filters  Packet filters look at address and service fields in packet headers and block packets that are addressed to blocked addresses or are otherwise likely to be problems. They may block particular ports known to be used by problematic services. For example, a firewall may prevent use of NFS servers by external clients by blocking port 2049.
  22. 22. A Software Filter
  23. 23. TCP Gateway  A TCP Gateway process checks all requests to connect or transmit data. It ensures that TCP segments are formatted correctly and that the connections can be controlled. If desired, the connection requests are then passed to an application-level gateway for content checking.
  24. 24. Application Level Gateway  An Application Level Gateway acts as a proxy for an application process. For example, if an application wants to perform an action like making a connection, it can request the Gateway to do that instead. By denying direct access to the activity, the Gateway can verify addresses and data and perform security checks.
  25. 25. Bastions  When gateway processes are required, they are often run on a separate computer called a bastion (i.e. fortress). Where security needs are strict, the bastion can be located in a subnet that controls all access to the protected network, with a router on the protected network and another on the network it is being protected from. This can hide all the addresses and even the existence of the hosts on the protected network from the rest of the world, and also provides a second router if the security on the first fails.
  26. 26. Figure 3.21 Firewalls a) Filtering router Router/ filter Protected intranet Internet web/ftp server b) Filtering router and bastion R/filter Bastion Internet web/ftp server c) Screened subnet for bastion R/filter Internet web/ftp server Coulouris et al Bastion R/filter
  27. 27. Virtual Private Networks (VPN)   The protection of a firewall boundary can be extended beyond the protected network by use of a Virtual Private Network. This combines encryption, tunneling, and secure authentication to create a protected link between secure systems across a public network. A VPN connection increases system overhead and reduces throughput, so it may not be practical if high performance is required.
  28. 28. A VPN Client (details hidden for security purposes)
  29. 29. Classroom Team Exercise A B D C F E 1) Make a routing table for A 2) Revise the link as if the link from C to E was broken
  30. 30. Template for Exercise Routings from A To Link A B C D E F Cost
  31. 31. Bibliography    George Coularis, Jean Dollimore and Tim Kindberg, Distributed Systems, Concepts and Design, Addison Wesley, Fourth Edition, 2005 Figures from the Coulouris text are from the instructor’s guide and are copyrighted by Pearson Education 2005 Router illustrations and product information from CISCO and Linksys Web sites