I P Routing Foundations

1,771 views

Published on

Getting Started with HP ProCurve Switching and Routing, Rev. 9.41

1 Comment
0 Likes
Statistics
Notes
  • gud
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total views
1,771
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
135
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

I P Routing Foundations

  1. 1. ProCurve Networking by HPStudent guideTechnical trainingIP Routing FoundationsVersion 5.21
  2. 2. ContentsOverview Introduction ............................................................................................ Overview–1 Course objectives.................................................................................... Overview–1 Prerequisites ........................................................................................... Overview–1 Course module overviews ...................................................................... Overview–2 Course agenda ........................................................................................ Overview–3 Additional information ........................................................................... Overview–4Module 1: IP Routing Basics Objectives ............................................................................................................. 1–1 General network connectivity goals ..................................................................... 1–2 Scenario: ProCurve University............................................................................. 1–3 Router interfaces and port state ............................................................................ 1–4 Route tables and local address ranges .................................................................. 1–6 The route table...................................................................................................... 1–6 Multinetted interface ............................................................................................ 1–8 When multinetting is appropriate ......................................................................... 1–8 Loopback interface ............................................................................................. 1–10 Learning about remote networks ........................................................................ 1–11 Routing protocol categories................................................................................ 1–12 RIP and OSPF..................................................................................................... 1–13 Standard IGPs for IP networks ........................................................................... 1–14 The disadvantage of RIP .................................................................................... 1–14 Link-state protocols ............................................................................................ 1–15 Router1 RIP update to Router2 .......................................................................... 1–16 Cost..................................................................................................................... 1–16 RIP v2 use of multicast....................................................................................... 1–17 Router2 updates its route table ........................................................................... 1–18 Router2 RIP update to Router1 .......................................................................... 1–19 Router2 RIP update to Router3 .......................................................................... 1–20 Router3 updates its route table ........................................................................... 1–21 Assessing this topology ...................................................................................... 1–22 Providing a routed mesh..................................................................................... 1–23 Split horizon in a routed mesh............................................................................ 1–24 Processing inbound RIP updates ........................................................................ 1–25 Link failure recovery in mesh (1) ....................................................................... 1–27Rev. 5.21 1
  3. 3. IP Routing Foundations Link failure recovery in mesh (2) ....................................................................... 1–28 Link failure recovery in mesh (3) ....................................................................... 1–29 Poisoned Reverse................................................................................................ 1–30 Connecting to a core router ................................................................................ 1–31 Connecting to a core routing switch................................................................... 1–32 Connecting to redundant core............................................................................. 1–33 Routing among locations at ProCurve University.............................................. 1–34 Dynamic route exchange .................................................................................... 1–35 Network summarization ..................................................................................... 1–36 Summarization of address space using static routes........................................... 1–37 Route table lookup.............................................................................................. 1–39 Advertising static routes ..................................................................................... 1–40 Equal cost multipath ........................................................................................... 1–41 Module 1 summary............................................................................................. 1–42Module 2: OSPF Routing Objectives ............................................................................................................. 2–1 OSPF at ProCurve University ...................................................................... 2–2 Basic OSPF interactions ....................................................................................... 2–3 OSPF routing protocol ................................................................................. 2–4 OSPF hierarchy: Routers and networks ....................................................... 2–5 OSPF Router ID .......................................................................................... 2–5 OSPF adjacencies ........................................................................................ 2–5 OSPF network types .................................................................................... 2–6 OSPF area .................................................................................................... 2–7 OSPF hierarchy: Autonomous System ........................................................ 2–9 OSPF router boots up................................................................................. 2–10 Hello messages .......................................................................................... 2–10 Exchanging Hello packets.......................................................................... 2–11 Two-way neighbor recognition .................................................................. 2–13 Designated Router election ........................................................................ 2–14 Exchanging Database descriptions............................................................. 2–15 Link State Request packet.......................................................................... 2–17 Link State Update packet ........................................................................... 2–18 Updating the Link State Database.............................................................. 2–19 Originating new LSAs ............................................................................... 2–20 Flooding LSAs in Link State Update packet ............................................. 2–21 R1A’s LSA ................................................................................................ 2–22 SPF tree and IP route table......................................................................... 2–23 Summary of OSPF packet types ................................................................ 2–25 Summary of OSPF LSA types confined to a single area ........................... 2–272 Rev. 5.21
  4. 4. Contents Distribution of link state changes ....................................................................... 2–28 Impact of link state changes....................................................................... 2–29 Connecting to existing multi-access network ............................................ 2–30 Recognizing a new router on a multi-access network................................ 2–31 Database synchronization .......................................................................... 2–32 Adjacencies established, database synchronized ....................................... 2–33 Flood new LSAs......................................................................................... 2–34 Acknowledging flooded LSAs................................................................... 2–35 Designated Router adjacency responsibilities............................................ 2–36 Designated Router LSA flooding responsibilities ..................................... 2–37 Non-DR LSA flooding responsibilities...................................................... 2–38 OSPF network types................................................................................... 2–39 Finding the shortest path ............................................................................ 2–41 OSPF’s performance in large intranet........................................................ 2–42 OSPF scalability......................................................................................... 2–44 Area Border Router (ABR) ....................................................................... 2–44 Multiple areas and adjacency ..................................................................... 2–45 ABR link state database synchronization................................................... 2–46 LSA flow between areas ............................................................................ 2–47 Flooding Summary LSAs........................................................................... 2–48 Hierarchical addressing enables summarization ........................................ 2–49 Summary of OSPF LSA types ................................................................... 2–50 External route information ................................................................................. 2–51 Redistributing non-OSPF network information ......................................... 2–52 ASBR ......................................................................................................... 2–53 Stub-area type: Injecting the default route ................................................. 2–54 Locating the ASBR .................................................................................... 2–55 Stub and “totally stubby” area ................................................................... 2–56 Not-so-stubby area (NSSA) ....................................................................... 2–57 Module 2 summary .................................................................................... 2–58Module 3: Default Gateway Redundancy Protocols Objectives ............................................................................................................. 3–1 Redundant router interfaces.................................................................................. 3–2 Redundant links: Physical view............................................................................ 3–3 Redundant links: Logical view............................................................................. 3–4 Impact of device failure........................................................................................ 3–5 Edge switch failure ............................................................................................... 3–5 Router failure........................................................................................................ 3–5 Providing a second router..................................................................................... 3–7 Why failover is not automatic (1)......................................................................... 3–8 Why failover is not automatic (2)......................................................................... 3–9 Why failover is not automatic (3)....................................................................... 3–10Rev. 5.21 3
  5. 5. IP Routing Foundations Automatic failover for default gateway.............................................................. 3–11 Common characteristics and operations ............................................................. 3–12 Virtual Router Redundancy Protocol ................................................................. 3–14 Virtual routers in VRRP ..................................................................................... 3–15 VRRP: Actual and virtual IP addresses.............................................................. 3–16 VRRP: Master and Backup states....................................................................... 3–17 VRRP: Virtual MAC address ............................................................................. 3–18 VRRP Master broadcasts “gratuitous ARP” ...................................................... 3–19 Master accepts traffic sent to virtual MAC address ........................................... 3–20 Virtual MAC address enables automatic failover .............................................. 3–21 VRRP advertisements......................................................................................... 3–22 VRRP advertisement packet format ................................................................... 3–23 VRRP support for load sharing .......................................................................... 3–24 Considering link failure vs. device failure ......................................................... 3–25 Mixed virtual router states (1) ............................................................................ 3–26 Mixed virtual router states (2) ............................................................................ 3–27 Proprietary variations and enhancements ........................................................... 3–28 VRRPE: Virtual and actual IP addresses............................................................ 3–29 XRRP.................................................................................................................. 3–30 Module 3 summary............................................................................................. 3–31Module 4: ACL Theory Objectives ............................................................................................................. 4–1 Device security and access control....................................................................... 4–2 Identity-based security.......................................................................................... 4–2 Role-based security .............................................................................................. 4–2 Rule-based security .............................................................................................. 4–3 Basic security principles: Physical security example........................................... 4–4 Security threats ..................................................................................................... 4–5 Basic security principles: Additional layer of physical security .......................... 4–6 Comparing physical and virtual security.............................................................. 4–7 Planning for rule-based access control ................................................................. 4–8 Rule-based access control example .................................................................... 4–10 Selection criteria in IP header............................................................................. 4–11 Determine which port(s) will filter traffic .......................................................... 4–12 A rule that may be applied to ingress or egress ports......................................... 4–13 The implied “deny any” rule .............................................................................. 4–14 Impact of applying Rule 1 at ingress port .......................................................... 4–15 Impact of applying Rule 1 at egress port............................................................ 4–16 Associating users with resource requirements ................................................... 4–17 Inbound ACL recommendations ........................................................................ 4–17 Outbound ACL recommendations...................................................................... 4–184 Rev. 5.21
  6. 6. Contents Define characteristics of resources ..................................................................... 4–19 Strategies for defining inbound ACLs................................................................ 4–20 Access control for faculty users ......................................................................... 4–21 Access control criteria in TCP and UDP headers............................................... 4–22 Permit faculty user access to curriculum server network ................................... 4–24 Permit faculty user access to SMTP services ..................................................... 4–25 Deny faculty user access to administrative servers ............................................ 4–26 Permit faculty user Internet access ..................................................................... 4–27 Access control for student users ......................................................................... 4–28 Permit student access to web registration server................................................ 4–29 Deny student traffic destined for administrative servers.................................... 4–30 Student Internet access ....................................................................................... 4–31 Access control of admin users............................................................................ 4–32 Permit admin user access to web registration server.......................................... 4–33 Permit admin access to HR and admin servers .................................................. 4–34 Access control for guests.................................................................................... 4–35 Deny guest access to intranet destinations ......................................................... 4–36 Permit guest access to Internet destinations ....................................................... 4–37 Module 4 summary............................................................................................. 4–38Learning Check AnswersRev. 5.21 5
  7. 7. IP Routing Foundations6 Rev. 5.21
  8. 8. OverviewIntroduction IP Routing Foundations provides the basic knowledge of routing technologies necessary to prepare for Routing Switch Essentials. Designed to be delivered as a self-paced prestudy or in the classroom, IP Routing Foundations focuses on standards, theories, and technologies and is not dependent on ProCurve products or features. Before taking IP Routing Foundations, students should complete Adaptive EDGE Fundamentals or have attained equivalent background. The topics in Adaptive EDGE Fundamentals include: Basic Ethernet technology IP addressing VLANs Spanning Tree Link Aggregation Fundamentals of switch technology Traffic prioritizationCourse objectives During this course, you will: Learn basic routing and traffic filtering technologies, including redundant default gateway protocols, Router Information Protocol (RIP), Open Shortest Path First (OSPF), and Access Control Lists (ACLs) Prepare for the Routing Switch Essentials instructor-led coursePrerequisites Adaptive EDGE FundamentalsRev. 5.21 Overview – 1
  9. 9. IP Routing FoundationsCourse module overviews Module 1, “IP Routing Basics,” describes RIP, static routes, and other information necessary to develop routed networks in the contemporary enterprise. Module 2, “OSPF Routing,” introduces the basic features and processes of the OSPF routing protocol. Module 3, “Default Gateway Redundancy and Protocols,” describes the Virtual Router Redundancy Protocol and other technologies designed to ensure the availability of default gateways. Module 4, “ACL Theory,” describes the theory and planning for ACLs.Overview – 2 Rev. 5.21
  10. 10. OverviewCourse agenda IP Routing Foundations is designed to be a self-paced prestudy for Routing Switch Essentials. Students should complete each section and its related Learning Check before moving to the next topic.Rev. 5.21 Overview – 3
  11. 11. IP Routing FoundationsAdditional information Additional information • The HP Certified Professional (HPCP) program is a world-class certification program benchmarked around the world to ensure validation of the technical and sales competencies and expertise needed to plan, deploy, support and service HP technology and solutions • ProCurve participates in the Sales and Integration Tracks within HPCP • This course, along with Routing Switch Essentials, prepares you for the required exam for ASE – Routing Switch Essentials • The exam number for this course is HPO-790 • For more information on HPCP, go to www.hp.com/certification • For more information on HP ProCurve Training and Certification, go to http://www.hp.com/rnd/training/certifications.htm Rev 5.21 Student Guide: Overview–4 5 IP Routing Foundations is part of a series of courses on ProCurve products. For more information, visit the ProCurve Web site.Overview – 4 Rev. 5.21
  12. 12. IP Routing Basics Module 1Objectives: After completing this module, you will be able to: Categorize sources of routing information • Static and dynamic • Interior and exterior • Distance vector and link state Describe how a router builds its route table and how it chooses the best match from the tables entries Describe reasons for defining multinetted interfaces Explain the value of a loopback interface Describe the process a router uses to choose a path when its route table includes multiple equal cost paths to the same destinationRev. 5.21 1–1
  13. 13. IP Routing FoundationsGeneral network connectivity goals General network connectivity goals Establish connectivity among clients and resources • Routers must obtain enough information to find the best path to each address range and collect the information in a route table Routing efficiency, economy, scalability • Each route table entry specifies an address range that may represent: – A single network (broadcast domain) – A range of networks whose address space can be expressed as a starting address and mask • Summarize address space whenever possible to minimize the number of route table entries Enable selective forwarding based on resource needs • Arrange clients and addressing scheme to selectively enable access to resources • Goals of limiting resource access may be based on traffic shaping or security requirements • Alternate paths for link failover – Unlike STP, all links active (no blocked links) Rev 5.21 Student Guide: 1–2 3 In general, routers exist to connect clients and resources. Routers learn the most efficient way to reach each address range, collect the information, and organize it in a route table. To enable routers to function efficiently, a medium-to-large enterprise will use a hierarchical addressing scheme. Hierarchical addressing enables an administrator to summarize the address range at remote locations using the smallest number of route table entries. This is only possible when hosts within an IP address range are at the same physical location. A sound IP addressing scheme enables an intranet to scale to a very large size without exceeding the capabilities of its routers. Routers enable any-to-any communication. However, not all users are necessarily able to reach all resources. This is true for two reasons: 1. Users simply don’t need all intranet resources. 2. Some user/resource pairs must be disallowed to conform to security policies. The actual mechanisms used for traffic filtering are beyond the scope of this module and will be discussed later in the course. However, to enable the development of efficient traffic filters, administrators must take great care when planning their IP addressing schemes. Basically, the IP addresses of clients with common resource requirements should be within a range that can easily be expressed by a starting address and mask. This module will provide more detail on this topic.1–2 Rev. 5.21
  14. 14. IP Routing BasicsScenario: ProCurve University Scenario: ProCurve University The university comprises three campuses Each campus supports a variety of users • Students and guests • Faculty and administration Each campus supports a variety of applications, including web, e-mail, and multimedia conferencing 10 GbE 10 GbE Northeast Northwest High-speed campus core campus 10 GbE Southwest campus Rev 5.21 Student Guide: 1–3 4 This module and the rest of IP Routing Foundations will refer to ProCurve University whenever it is useful to illustrate a basic technology principle. The fictional university consists of three campuses connected by a high-speed core. The university supports four types of users—students, guests, faculty, and administrators—and a typical array of enterprise applications. The university will appear more regularly in Routing Switch Essentials, which focuses heavily upon the deployment and configuration of ProCurve routing switches.Rev. 5.21 1–3
  15. 15. IP Routing FoundationsRouter interfaces and port state Router interfaces and port state Every vendor’s router supports one or more of the following interface types: • Physical – Created by assigning an IP address and mask to a physical port – Interface state may be “up” only if the physical port state is “up” • Virtual – Associates IP address and mask with a VLAN – Interface state may be “up” if at least one of the ports in the VLAN is “up” • Loopback – Assigns IP address and mask to an interface whose state is not bound to a physical port state – Interface state is always “up” • Multinetted – Assigns two or more IP address/mask combinations to a physical, virtual, or loopback interface Rev 5.21 Student Guide: 1– 4 5 Every router in an enterprise, regardless of the vendor who provides it, must enable communication among multiple networks. All routers accomplish this by enabling administrators to define one or more of the following types of router interfaces: 1. Physical As its name suggests, the physical interface is created by assigning an IP address and mask to a physical port. The rest of this module will focus heavily on this type of interface, which is the “traditional” router interface. 2. Virtual Common in contemporary enterprises, the virtual interface associates an IP address and mask with a VLAN. This enables packets for multiple broadcast domains to be forwarded through a single port. 3. Loopback The loopback interface defines an IP address and mask that is not bound to any port or VLAN. It is often used as the interface for management communication. 4. Multinetted In a multinetted configuration, two or more IP addresses and masks are assigned to a single port, VLAN, or loopback interface.1–4 Rev. 5.21
  16. 16. IP Routing Basics Whether they are virtual or physical, router interfaces function in the same way in terms of Layer 3 forwarding. Differences among the types of interfaces are confined solely to Layer 2 forwarding issues. The physical interface associates each router port with a different broadcast domain and thus a different address range, while the virtual interface enables you to associate an arbitrary set of ports with a broadcast domain/address range.Rev. 5.21 1–5
  17. 17. IP Routing FoundationsRoute tables and local address ranges Route table and local address ranges • For each interface whose state is “up,” the router derives the local address range by applying the mask to the assigned IP address • Route table entries for local address ranges usually have a cost of “0” • Router forwards traffic destined for local networks using port indicated in route table – Drops traffic destined for address ranges not represented in the table IP Route Table Network address Mask Gateway Port Cost Type 10.1.10.0 255.255.255.0 0.0.0.0 If 1 0 Local 10.1.30.0 255.255.255.0 0.0.0.0 If 2 0 Local If 1 Router1 Port 1: 10.1.10.1/24 Port 2: 10.1.30.1/24 If 2 Switch1: 10.1.10.3/24 Switch2: 10.1.30.3/24 Router forwards traffic Hosts in range 10.1.10.0/24 Hosts in range 10.1.30.0/24 among its local address DG: 10.1.10.1 DG: 10.1.30.1 ranges Rev 5.21 Student Guide: 1–6 6 In this example, a router has two interfaces defined. Because the physical port “If 1” is connected to Switch1, the interface state is up. Because the interface is defined in the router’s configuration as 10.1.10.1/24, the router applies the mask to the address and derives a range of addresses that it expects to find through that port. In this case, the range of local addresses the router puts in the route table is 10.1.10.0 with a mask of 255.255.255.0. When this dotted decimal mask is converted to binary, the mask includes 24 “1” bits and eight “0” bits. In the application of the mask to the address, each of the “1” bits indicates the number of high order—that is, “most significant”—bits in the address that are common to all of the hosts connected to this interface. The “0” bits of the mask represent the low order—that is, “least significant”—bits in each host’s address that may have any value. All of the combinations of these eight bits—from 0000 0000 to 1111 1111—are considered part of the address range. However, lowest value (0) and the highest value (255) are not permissible as addresses for individual hosts. The lowest value is the network address, also known as the “starting address.” The highest value is the broadcast address. The same principles apply to If 2.The route table A router bases forwarding decisions on the content of its route table. While a Layer 2 forwarding device, such as a switch, floods traffic destined for unknown MAC addresses, a router drops traffic whose destination IP address does not match any of the entries in the route table.1–6 Rev. 5.21
  18. 18. IP Routing Basics The graphic on the previous page shows route table entries for two networks— 10.1.10.0 and 10.1.30.0. Although routers from different vendors may display routing information differently, all route tables contain the same basic information. Common fields include: The “Gateway” field for each address range is sometimes labeled as the “Next Hop” field, but its function is to tell the router how to reach the address range. In this case, because all three address ranges are local, this router uses all zeros in dotted decimal format. Once again, different vendors represent this in different ways. The “Port” field indicates which of the router’s interfaces leads toward the best path to the destination. The “Cost” field provides information about the distance to the network. Because the address ranges in the example are local, Router1 records the “Cost” for each route as “0.” Although the end stations in networks 10.1.10.0/24 and 10.1.30.0/24 are connected to a downstream switch, Router1 considers the addresses to be “local” because Router1’s interfaces are in the same broadcast domain as other hosts in the same address range. The switch is transparent from an IP routing perspective because it forwards traffic based on Layer 2 information rather than Layer 3. The switch’s own IP address, which is assigned for management purposes, does not affect this transparency. The “Type” field indicates the source of the routing information. Because all of these address ranges are local, their type is “D” which represents “directly connected.” We will cover other sources of routing information later in this module. Because Router1 provides the default gateway for its local hosts, it can forward traffic on their behalf and also deliver traffic that is destined for those hosts. Because all hosts are local, the router uses ARP to obtain each destination host’s MAC address and encapsulates each forwarded packet with a Layer 2 header that contains its own MAC address in the source address field and the target host’s MAC address in the destination address field. The router does not change the source or destination IP address in the Layer 3 header. The source address field in the IP datagram header contains the address of the sending host and the destination address field contains the address of the target host. The router does not insert its own address into the IP datagram header as it does with the Layer 2 header. In most environments, a router is also required to forward traffic toward remote networks.Rev. 5.21 1–7
  19. 19. IP Routing FoundationsMultinetted interface Multinetted interface • Defined to provide default gateway addresses for hosts that are in same broadcast domain but have different address ranges • Each address range appears as route table entry IP Route Table Network address Mask Gateway Port Cost Type 10.1.10.0 255.255.255.0 0.0.0.0 If 1 0 Local 10.1.30.0 255.255.255.0 0.0.0.0 If 2 0 Local 172.16.150.0 255.255.255.0 0.0.0.0 If 2 0 Local If 1 Router1 Port 1: 10.1.10.1/24 Port 2: 10.1.30.1/24 If 2 Switch1: 10.1.10.3/24 Switch2: 10.1.30.3/24 Hosts in range 10.1.10.0/24 Hosts in range 10.1.30.0/24 DG: 10.1.10.1 DG: 10.1.30.1 Hosts in range 172.16.150.0/24 DG: 172.16.150.1 Rev 5.21 Student Guide: 1–8 7 Multinetting enables an administrator to associate multiple IP addresses with a single broadcast domain that might be physically bounded, using a physical interface associated with a single router port, or virtually bounded, using a virtual interface associated with a VLAN. Multinetting creates routing inefficiencies and should be used only when necessary. In contemporary networks, multinetting is usually not recommended, although it was quite common in earlier periods, when physical router interfaces presented the only router interface option. Furthermore, multinetting can create problems in environments where hosts use DHCP to receive IP configuration information. Hosts in a DHCP network usually will receive addresses in the same range; consequently, hosts in a multinetted network may not receive an address in the intended range.When multinetting is appropriate Multinetting can be necessary when the network includes a collection of hosts, links, and legacy connectivity devices, such as hubs, that do not support VLANs. The graphic above illustrates this point. Suppose that hosts in the 10.1.30.0/24 address range are used by clients who need access to the Internet. Their addresses would be included in a range to be translated by a router, proxy server, or firewall using NAT. However, the hosts in the range 172.16.150.0/24 are special-purpose devices with statically defined addresses. Their access should be restricted. They will never need to browse the Internet. An administrator might specifically omit their address range from the range of addresses to be translated by the proxy, firewall, or other NAT device.1–8 Rev. 5.21
  20. 20. IP Routing Basics Administrators might also implement multinetting as an interim step while changing the IP addressing scheme. Suppose, for example, that an intranet originally was configured to use statically defined public addresses and must now be converted to a private addressing scheme where hosts dynamically obtain their addresses. Enabling multinetting would enable the administrator to continue providing connectivity for hosts whose addresses have not been converted, as well as for those whose addresses have been converted to the new scheme.Rev. 5.21 1–9
  21. 21. IP Routing FoundationsLoopback interface Loopback interface • Address range associated with loopback interface appears as a route table entry • May be used as source and/or destination for router’s host processes such as SNMP, Telnet, and HTTP IP Route Table Network address Mask Gateway Port Cost Type 10.1.0.0 255.255.255.0 0.0.0.0 lb 1 0 Local 10.1.10.0 255.255.255.0 0.0.0.0 If 1 0 Local 10.1.30.0 255.255.255.0 0.0.0.0 If 2 0 Local 172.16.150.0 255.255.255.0 0.0.0.0 If 2 0 Local If 1 Router1 Port 1: 10.1.10.1/24 Port 2: 10.1.30.1/24 If 2 Loopback 1: 10.1.0.1/24 Switch1: 10.1.10.3/24 Switch2: 10.1.30.3/24 Hosts in range 10.1.10.0/24 Hosts in range 10.1.30.0/24 DG: 10.1.10.1 DG: 10.1.30.1 Hosts in range 172.16.150.0/24 DG: 172.16.150.1 Rev 5.21 Student Guide: 1–10 8 A loopback interface is very useful for routers in an intranet that supports redundant links. Because the state of a loopback interface is not dependent on the state of any physical port, its IP address will be reachable if at least one other router interface is up. Consequently, the loopback address often is used for in-band device management. Routers often are configured to use the loopback address for outbound communication with network management stations or other routers. With no loopback defined for this purpose, a router will send the packet through the interface that is “closest” to the destination network; that is, the one that corresponds with the route table’s next hop toward the destination network. In the case of a network management station, administrators often set up filters that allow the station to accept messages only from a set of source address ranges. In a redundant network, one or more routers might choose different paths to the network management station’s address range based on the physical state of some of the intervening links. Consequently, it can be difficult to predict the address from which a router will send a management message. Furthermore, by using the loopback interface for all host-based communication with the router, you can set up traffic filters that prohibit traffic produced by typical management protocols—including HTTP, FTP, TFTP, Telnet and SSH— from reaching any of the physical or virtual interfaces. The traffic can be permitted to reach the loopback interface. All valid administrators would need to configure and monitor the router using the loopback interface as a target address. (Traffic filters will be discussed later in this course.)1 – 10 Rev. 5.21
  22. 22. IP Routing BasicsLearning about remote networks Learning about remote networks A router can learn of the existence of remote networks through any combination of the following: • Dynamic interaction with other routers that follow a common set of rules for exchanging routing information – These rules might include: • Procedures for establishing relationships with neighboring routers • The frequency and format of messages exchanged with other routers • Static route configuration, which requires an administrator to: – Specify an address range, expressed as starting address and mask – Provide “next hop” information that will allow the router to send traffic toward the address range – Supply a cost to be associated with the path to the address range, enabling router to choose the lowest-cost statically defined path Network topology, including Internet and intranet connectivity, determine appropriate methods for each situation Rev 5.21 Student Guide: 1–11 9 A router can only forward traffic toward address ranges that appear in its route table. If a router receives a routable packet with a destination address that does not match with any route table entries, it drops the packet. Routers may learn the information in their route tables dynamically through interaction with other routers with which they share a common set of route exchange rules known as a “routing protocol.” Routing protocols specify the format of the information the routers exchange and the conditions that require a router to send information to a neighboring router. Administrators often choose to augment the dynamically learned information by statically defining information that the router can use to reach specific address ranges. In most contemporary networks, routers must be aware of remote networks because most enterprise users require access to Internet and intranet resources. Usually, route tables are populated with a combination of static and dynamically learned routes. In any case, routers cannot directly deliver traffic to remote hosts. Instead, they deliver traffic destined for remote hosts to neighboring routers that provide the best route to the remote address range.Rev. 5.21 1 – 11
  23. 23. IP Routing FoundationsRouting protocol categories Routing protocol categories Interior Gateway Protocols (IGP) • Facilitate exchange of information among routers under the same organizational control; that is, within the same “autonomous system” • Examples of standard IGPs: – Routing Information Protocol (RIP) – Open Shortest Path First (OSPF) Exterior Gateway Protocols (EGP) • Facilitate exchange of route information among routers in different autonomous systems • Border Gateway Protocol version 4 (BGP4) is current standard EGP for Internet connectivity Rev 5.21 Student Guide: 1–12 10 There are two types of dynamic interaction between routers: 1. Interior Gateway Protocols (IGP) involve communication among routers that are under common administrative control and use the same protocol for exchanging information; that is, in the same autonomous system. 2. Exterior Gateway Protocols (EGP) involve communication among routers that are under different administrative control; that is, in different autonomous systems. An Internet Service Provider is likely to use a combination of interior and exterior gateway protocols to facilitate exchange of routing information among the routers that make up its own internal network as well as with the routers at subscriber locations. Not all Internet subscribers use an exterior gateway protocol; however, a very large subscriber that load balances among multiple ISPs is the most likely candidate for using a formalized exterior gateway protocol. Small-to-medium sized subscribers are likely to use a combination of interior gateway protocols and static routes to facilitate Internet connectivity.1 – 12 Rev. 5.21
  24. 24. IP Routing BasicsRIP and OSPF Several routing protocols have been formalized and are described in various standards documents. In some cases, vendors implement these standards exactly as written; other vendors enhance the protocols to optimize particular aspects or functions. Other protocols are entirely proprietary, with their own reserved port and/or protocol numbers. These protocols operate only with other routers from the same vendor. Two common routing protocols, RIP and OSPF, are both IGPs with the same high- level goal: to enable connectivity within an autonomous system. In general, because RIP and OSPF perform this task in completely different ways, each is best suited for particular topologies. However, there is a large overlapping area of applicability. Many intranets can deploy either protocol effectively. Routing protocols specify the format of messages to be exchanged. As a fairly simple routing protocol, RIP specifies only one type of message. On the other hand, OSPF is a far more complex IGP that specifies several different types and even sub-types of messages, specifying formal procedures for setting up relationships with neighboring routers and types of messages that should be sent in particular circumstances. Routing protocols also specify the conditions that require a router to send an advertisement. While a RIP router periodically sends routing information to its neighbors, an OSPF router sends a particular type of message when it experiences a change in the state of one of its links. RIP will be described in more detail later in this module. A later module will discuss OSPF.Rev. 5.21 1 – 13
  25. 25. IP Routing FoundationsStandard IGPs for IP networks Standard IGPs for IP networks Distance vector: RIP • Each router sends periodic updates containing a subset of its route table entries to directly connected neighbor routers • Information about remote networks is passed from router to router based on each router’s perspective • Time required for each router to find alternate path to an address range after link failure depends on number of routers that separate it from the address range Link state: OSPF • Each router reports to its neighbors the characteristics of its active connections to local networks • Updates are flooded to all routers within administratively defined area, resulting in consistent picture of area’s routers and networks • Each router builds a logical tree that calculates its shortest path to each network address range • Enables faster convergence – detection of alternate paths after link failure – due to possession of first-hand information Rev 5.21 Student Guide: 1–14 11 There are two types of standard IGPs available in IP networks: 1. Distance-vector protocols, such as RIP, require routers to integrate information into their own tables and send the resulting entries, as modified, from their own perspectives. 2. Link-state protocols, such as OSPF, require routers to establish neighbor relationships with adjacent routers. Routers generate updates based on local information and send the updates to neighbors, who then flood updates to all their neighbors. Ideally, within a few milliseconds, every router in an administratively defined area has identical information. Each router builds a logical tree that traces out the shortest path to each advertised destination, using itself as the root. As a result, every router has a consistent picture of the network from its own perspective.The disadvantage of RIP While RIP and other distance-vector protocols are easier to configure than link- state protocols, the distance-vector protocols have one serious disadvantage. Changes in routing topology often propagate slowly because information in a router’s table is acquired from other routers that may be as many as 15 hops away.1 – 14 Rev. 5.21
  26. 26. IP Routing Basics Suppose, for instance, that Router1 is directly connected to Network 1. When Router1 loses its connection to Network 1, it immediately sends its neighbors an update that reports the cost of Network 1 to be 16. In RIP, the cost of 16 represents infinity and indicates the network is unreachable because the maximum number of router hops in RIP is 15. After Network 1 has been marked as unavailable, each router is free to accept advertisements from other neighbors that offer a lower-cost path to Network 1. Because there is a 30-second interval between RIP updates, and because RIP updates move one hop at a time, several minutes may elapse before each router has determined the lowest-cost path between itself and Network 1.Link-state protocols Link-state protocols avoid this issue because they do not rely on second-hand information. A router sends an “advertisement” when it recognizes a link state change. The update does not contain just the change, but the attributes of all of the router’s currently active links. The router sends the advertisement to its immediate neighbors. The neighbors are required by the protocol to immediately flood the advertisement to all of their neighbors. Unlike RIP routers, OSPF routers do not increment the costs as they flood updates. In fact, an OSPF router is not permitted to make any changes to advertisements it receives on one network before sending it out onto another network. As a result, all of the routers in the area have a consistent picture of the connections between all routers and networks in the area. Each router builds a tree based on first-hand information that traces the shortest path between itself and every router and network in the area. When a link state changes, the router recalculates the tree based on the new information. Ideally, less than a second passes between the time the router advertises its new state and the time when all of the routers have found an alternate path, if one existsRev. 5.21 1 – 15
  27. 27. IP Routing FoundationsRouter1 RIP update to Router2 Router1 RIP update to Router2 Ethernet header: Router1 Dest: 01005e-000009 Source: <R1 MAC> IP datagram header: • Advertises entries in its Source: 10.0.64.1 Dest: 224.0.0.9 route table through UDP header: interface 3 Source: 520 Dest: 520 Routing Information Protocol: • Does not include the Command: Response (2) Version: RIPv2 (2) address range associated Network: 10.1.0.0 Mask: 255.255.255.0 Metric: 1 with interface 3 Network: 10.1.10.0 Mask: 255.255.255.0 Metric: 1 Network: 10.1.30.0 Mask: 255.255.255.0 Metric: 1 (10.0.64.0/24) Network: 172.16.150.0 Mask: 255.255.255.0 Metric: 1 Network 10.0.64.0/24 If 3 If 3 10.0.64.1/24 10.0.64.2/24 RIP enabled Loop 1: 10.1.0.1/24 Loop 1: 10.2.0.1/24 R1 R2 If 1 If 2 If 1 If 2 10.1.10.1/24 10.1.30.1/24 10.2.20.1/24 10.2.40.1/24 172.16.150.1/24 S1 S2 S3 S4 10.1.10.3/24 10.1.30.3/24 10.2.20.3/24 10.2.40.3/24 Hosts in Hosts in Hosts in Hosts in 10.1.10.0/24 10.1.30.0/24 10.2.20.0/24 10.2.40.0/24 172.16.150.0/24 Rev 5.21 Student Guide: 1–16 12 When RIP is enabled on an interface, the router prepares an update that advertises the address ranges in its route table. In many cases, including the one above, each address range in the table represents a network, a single broadcast domain. However, this is not always the case. Sometimes the entries represent an address range that includes many networks. In the example above, Router1 advertises all of its connected networks with one notable exception. A RIP advertisement doesn’t include the address range associated with the interface through which the router sends the update. In this case, the advertisement is being prepared for transmission over interface 3 (if 3), which is associated with the address range 10.0.64.0/24. Accordingly, that network is specifically omitted from the advertisement. It is important to note that the update actually includes two distinct steps: the preparation and the sending of the update. By default, this process occurs every 30 seconds; when this interval expires, the router must send advertisements through all of its RIP-enabled interfaces.Cost Note that the cost associated with each of the advertised networks is 1. While Router1 associates a cost of 0 with its locally connected address ranges, it advertises these networks with a cost of 1. In some vendor implementations, the cost used internally will be 1; however, the external cost is reported in the same way by all router vendors.1 – 16 Rev. 5.21
  28. 28. IP Routing BasicsRIP v2 use of multicast The source address in the IP datagram that encapsulates the RIP advertisement is the address of Router1’s interface on the network it shares with Router2. The destination address is a multicast address, which is the requirement in RIP v2. The use of multicast ensures that all routers connected to a network will receive and process the update simultaneously. Routers or other devices on this network that do not support RIP v2 will not process this update because they are not members of the RIP Routers multicast group (224.0.0.9). In the example, Router1 is the only RIP router on network 10.0.64.0. Note that Router2 does not have RIP enabled. This does not affect Router1’s outbound RIP updates. Because RIP is enabled on this interface, Router1 will continue sending updates indefinitely.Rev. 5.21 1 – 17
  29. 29. IP Routing FoundationsRouter2 updates its route table Router2 updates its route table Network Gateway Port Cost Type • Router2 integrates 10.0.64.0/24 0.0.0.0 3 0 D networks from Router1’s 10.1.0.0/24 10.0.64.1 3 2 R RIP update into its route 10.1.10.0/24 10.0.64.1 3 2 R 10.1.30.0/24 10.0.64.1 3 2 R table 10.2.0.0/24 0.0.0.0 Lo 1 0 D • “Gateway” associated with 10.2.20.0/24 0.0.0.0 1 0 D RIP-learned networks is 10.2.40.0/24 0.0.0.0 2 0 D source address from IP 172.16.150.0/24 10.0.64.1 3 2 R datagram header of Router1’s RIP update Network 10.0.64.0/24 If 3 If 3 10.0.64.1/24 10.0.64.2/24 RIP enabled RIP enabled Loop 1: 10.1.0.1/24 Loop 1: 10.2.0.1/24 R1 R2 If 1 If 2 If 1 If 2 10.1.10.1/24 10.1.30.1/24 10.2.20.1/24 10.2.40.1/24 172.16.150.1/24 S1 S2 S3 S4 10.1.10.3/24 10.1.30.3/24 10.2.20.3/24 10.2.40.3/24 Hosts in Hosts in Hosts in Hosts in 10.1.10.0/24 10.1.30.0/24 10.2.20.0/24 10.2.40.0/24 172.16.150.0/24 Rev 5.21 Student Guide: 1–18 13 In this example, RIP has been enabled on Router2’s interface on the 10.0.64.0/24 network. Router2 receives Router1’s RIP update and begins processing it. It doesn’t matter if Router1’s RIP update arrived before Router2 sent any advertisements over the network it shares with Router1 because each router’s sending and receiving actions are independent. When Router2 receives the advertisement, it compares each entry with the entries already in its route table and immediately adds any advertised address range that does not already appear there. In the example above, all of the address ranges are new, so all are added. The cost of the RIP-learned address ranges is one number higher than the cost advertised by Router1. This is only true if Router2’s configured interface cost for interface 3 is at the default setting of “1.” While it is possible to manipulate interface costs for the purpose of favoring one path over another, it is usually not recommended for reasons discussed later in this module. Every address range a router learns from a RIP update is set to type “R” (for RIP) in the route table. The “Port” value is the interface through which Router2 received the update that advertised the address range. In this example, every RIP-learned network in Router2’s route table has the same next hop. This is because Router2 has only one neighbor.1 – 18 Rev. 5.21
  30. 30. IP Routing BasicsRouter2 RIP update to Router1 Router2 updates its route table Network Gateway Port Cost Type • Router2 integrates 10.0.64.0/24 0.0.0.0 3 0 D networks from Router1’s 10.1.0.0/24 10.0.64.1 3 2 R RIP update into its route 10.1.10.0/24 10.0.64.1 3 2 R 10.1.30.0/24 10.0.64.1 3 2 R table 10.2.0.0/24 0.0.0.0 Lo 1 0 D • “Gateway” associated with 10.2.20.0/24 0.0.0.0 1 0 D RIP-learned networks is 10.2.40.0/24 0.0.0.0 2 0 D source address from IP 172.16.150.0/24 10.0.64.1 3 2 R datagram header of Router1’s RIP update Network 10.0.64.0/24 If 3 If 3 10.0.64.1/24 10.0.64.2/24 RIP enabled RIP enabled Loop 1: 10.1.0.1/24 Loop 1: 10.2.0.1/24 R1 R2 If 1 If 2 If 1 If 2 10.1.10.1/24 10.1.30.1/24 10.2.20.1/24 10.2.40.1/24 172.16.150.1/24 S1 S2 S3 S4 10.1.10.3/24 10.1.30.3/24 10.2.20.3/24 10.2.40.3/24 Hosts in Hosts in Hosts in Hosts in 10.1.10.0/24 10.1.30.0/24 10.2.20.0/24 10.2.40.0/24 172.16.150.0/24 Rev 5.21 Student Guide: 1–19 13 When Router2 sends a RIP advertisement through its only RIP-enabled interface, it does not include the address range 10.1.64.0/24 because that address range is associated with interface 3. Because Router2 has already received advertisements from Router1, it follows an additional rule requiring that advertisements a router sends onto a network do not include the address ranges for which the next hop is on that network. In the example, none of the networks that Router2 learned from Router1 are included in the RIP update Router2 sends onto network 10.0.64.0/24. Because 10.1.64.1 is the “next hop” for the address ranges 10.1.0.0/24, 10.1.10.0/24, and 10.1.30.0/24, and because the address range associated with interface 3 contains the next hop address, these are omitted from the update. The set of rules that govern which networks may be advertised is known as “Split horizon.” The primary reason that RIP routers follow Split horizon rules is because a neighbor simply doesn’t need to learn about networks for which it provides the next hop. Other reasons for the Split horizon rules will be discussed later.Rev. 5.21 1 – 19
  31. 31. IP Routing FoundationsRouter2 RIP update to Router3 Router2 RIP update to Router3 IP datagram header: • Router2’s RIP updates Source: 10.0.65.1 Dest: 224.0.0.9 through interface 4 UDP header: include: Source: 520 Dest: 520 Routing Information Protocol: – Locally defined Network: 10.0.64.0 Mask: 255.255.255.0 Metric: 1 networks Network: 10.1.0.0 Mask: 255.255.255.0 Metric: 2 – Routes to address Network: 10.1.10.0 Mask: 255.255.255.0 Metric: 2 Network: 10.1.30.0 Mask: 255.255.255.0 Metric: 2 ranges learned Network: 10.2.0.0 Mask: 255.255.255.0 Metric: 1 from a neighbor on Network: 10.2.20.0 Mask: 255.255.255.0 Metric: 1 interface 3 Network: 10.2.40.0 Mask: 255.255.255.0 Metric 1 Network: 172.16.150.0 Mask: 255.255.255.0 Metric: 2 Network 10.0.65.0/24 If 3 If 4 If 3 10.0.64.2/24 10.0.65.1/24 10.0.65.2/24 RIP enabled RIP enabled Loop 1: 10.2.0.1/24 Loop 1: 10.3.0.1/24 R2 R3 If 1 If 2 If 1 If 2 10.2.20.1/24 10.2.40.1/24 10.3.10.1/24 10.3.30.1/24 Hosts in Hosts in Hosts in Hosts in 10.2.20.0/24 10.2.40.0/24 10.3.10.0/24 10.3.30.0/24 Rev 5.21 Student Guide: 1–20 15 In this example, Router2 has another neighbor that it reaches through a network (10.0.65.0/24) associated with interface 4. Because Router3 does not have RIP enabled, Router2 has not yet received any advertisements from Router3. Still, because RIP is enabled on interface 4, Router2 sends periodic RIP updates regardless of whether it has received any information from Router3. The RIP update that Router2 sends to Router3 contains a completely different set of address ranges than the update it sends to Router1. Following Split horizon rules, the RIP advertisement Router2 sends through interface 4 does not include the address range associated with interface 4, 10.0.65.0/24. However, it does include all address ranges in its route table that are either local or learned from a neighbor connected to an interface other than interface 4. Router2 advertises the cost of these address ranges from its own perspective. In all cases except for local networks, a RIP router advertises the cost that each address range has in its own route table. The “Gateway” or next hop value in the route table is the most important factor in determining which address ranges Router2 will advertise through network 10.0.65.0/24. A RIP advertisement includes all local address ranges except the network address associated with the interface over which the advertisement will be transmitted. A remote address range will be included in the RIP advertisement only if its associated “Gateway” or “next hop” IP address is outside the range of the network associated with the interface over which the advertisement will be transmitted.1 – 20 Rev. 5.21
  32. 32. IP Routing BasicsRouter3 updates its route table Router3 updates its route table • All routes known to Network Gateway Port Cost Type Router3 are either local or 10.0.64.0/24 10.1.65.1 3 3 RIP learned from 10.0.65.1 10.0.65.0/24 0.0.0.0 3 0 Direct 10.1.0.0/24 10.1.65.1 3 3 RIP • Router3’s updates through 10.1.10.0/24 10.1.65.1 3 3 RIP interface 3 include 10.1.30.0/24 10.1.65.1 3 3 RIP networks not learned from 10.2.0.0/24 10.1.65.1 3 2 RIP neighbors on the network 10.2.20.0/24 10.1.65.1 3 2 RIP associated with that 10.2.40.0/24 10.1.65.1 3 2 RIP 10.3.0.0/24 0.0.0.0 Lo 1 0 Direct interface 10.3.10.0/24 0.0.0.0 1 0 Direct 10.3.30.0/24 0.0.0.0 2 0 Direct 172.16.150.0/24 10.1.65.1 3 3 RIP Network 10.0.65.0/24 If 3 If 4 If 3 10.0.64.2/24 10.0.65.1/24 10.0.65.2/24 RIP enabled RIP enabled RIP enabled Loop 1: 10.2.0.1/24 Loop 1: 10.3.0.1/24 R2 R3 If 1 If 2 If 1 If 2 10.2.20.1/24 10.2.40.1/24 10.3.10.1/24 10.3.30.1/24 Hosts in Hosts in Hosts in Hosts in 10.2.20.0/24 10.2.40.0/24 10.3.10.0/24 10.3.30.0/24 Rev 5.21 Student Guide: 1–21 16 In the manner described earlier, Router3 increments the cost of all advertised networks by the cost assigned to the interface through which the update arrives. Everything that was advertised by Router2 with a cost of 1 appears in Router3’s route table with a cost of 2. The address ranges reported with a cost of 2 have a cost of 3 in Router3’s route table. In this example, Router2 is Router3’s only neighbor, so the “Gateway” or next hop router interface for every remote address range in Router3’s route table is 10.0.65.1, which is the IP address of Router2’s interface on the network that connects the two routers. None of Router1’s interfaces appear in Router3’s route table as a next hop because Router3 and Router1 do not share a network. The “Type” column contains “RIP” for all address ranges that Router3 learns from Router2’s advertisements. When Router3 sends an advertisement to Router2, it will follow the Split horizon rules described earlier. In this case, only three address ranges qualify for inclusion in the RIP advertisement sent to Router2: 10.3.10.0/24, 10.3.30.0/24, and 10.3.0.1/24.Rev. 5.21 1 – 21
  33. 33. IP Routing FoundationsAssessing this topology Assessing this topology Some of the problems with this topology include: • Inefficient forwarding paths and potential bottleneck – Traffic between Router1 and Router3 has to go through Router2 • Does not provide backup paths in the event of link failure • Does not scale well If 3 If 4 10.0.64.2/24 10.0.65.1/24 RIP enabled RIP enabled Loop 1 R2 10.2.0.1/24 10.2.20.0/24 10.2.40.0/24 If 3 If 3 10.0.65.2/24 10.0.64.1/24 RIP enabled RIP enabled Loop 1: 10.1.0.1/24 R1 Loop 1 10.3.0.1/24 R3 10.1.10.0/24 10.1.30.0/24 10.3.10.0/24 10.3.30.0/24 172.16.150.0/24 Rev 5.21 Student Guide: 1–22 17 Although this topology is useful for describing RIP operations, it is clearly not an efficient topology. If the links between routers have equal bandwidth, Router2 may become a bottleneck because it must handle traffic between hosts connected to Routers 1 and 3, as well as traffic coming from or destined for its locally connected networks. Furthermore, this topology also does not provide any redundancy. If either of the links between Router2 and its neighbors should fail, many hosts would be isolated. The above deficiencies would be magnified if this intranet needed to support more than three routers. If we continued daisy-chaining routers in this manner, the potential for bottlenecks and traffic delay would increase dramatically. The vulnerability of the connections would also escalate.1 – 22 Rev. 5.21
  34. 34. IP Routing BasicsProviding a routed mesh Providing a routed mesh A routed mesh • Provides a dedicated link between each pair of routers • Provides a backup path in the event of link failure • Does not scale well beyond 3 or 4 nodes 10.0.64.0/24 10.0.65.0/24 Loop 1 R2 10.2.0.1/24 10.2.20.0/24 10.2.40.0/24 Loop 1: 10.1.0.1/24 10.0.66.0/24 Loop 1 10.3.0.1/24 R1 R3 10.1.10.0/24 10.1.30.0/24 10.0.10.0/24 10.3.30.0/24 172.16.150.0/24 Rev 5.21 Student Guide: 1–23 18 Creating a mesh of the routers would solve the problems relating to potential bottlenecks and lack of redundancy. In a mesh, each device is connected to all other devices. Rather than creating a bottleneck at Router2, the topology shown in the example provides Router3 with a direct connection to Router1. If any of the three links should fail, the remaining links would continue to provide connectivity among all three routers. Of course, the potential for a bottleneck would then increase until the mesh was restored. However, the full mesh solution is not scalable. For every node added to the mesh, the number of point-to-point connections increases dramatically. While it only takes three links to create a full mesh among three nodes, six links are required to fully connect four nodes. A full mesh for five nodes requires 10 point-to-point links. A full mesh for 10 nodes requires 45 point-to-point links. The number of links can be calculated using the following formula: L = N(N-1)/2’where “L” represents the number of point-to-point links and “N” represents the number of nodes to be interconnected. The values for 10 nodes are 10*9/2=45.Rev. 5.21 1 – 23

×