Routing and Remote Access

Using the Routing and Remote Access Microsoft Management Console (MMC) on a Windows Server 2003 system, you can manually add a static route by expanding the server in the left pane that will host the static route.

Under IP Routing, right-click Status Routes to create a new static route entry (see Figure 4.2).

If you need to delete this static route later, simply right-click it in the right pane of the Routing and Remote Access MMC, and choose Delete from the shortcut menu.

With Windows 2000 and 2003 servers, you can enable the Routing and Remote Access Service and configure the server with routing protocols that can dynamically update routing information so that static entries do not have to be manually maintained . If a route changes for any reason ”a temporary hardware failure, the removal or addition of another routing device, and so on ”and static route entries are being performed, a network administrator must manually update the routing information wherever static records are stored.

To choose a new routing protocol, such as Open Shortest Path First (OSPF) or Routing Information Protocol (RIPv2), go to the Routing and Remote Access MMC and expand the server in the left pane that will function as the dynamic router. Under IP Routing, right-click General, and choose New Routing Protocol. You can then add a new protocol in the New Routing Protocol dialog box (see Figure 4.3).

Dynamic routing protocols, such as RIP versions 1 and 2 and OSPF, exchange information about their networks with other routers using the same dynamic routing protocols. RIP versions 1 and 2 are best used on medium- sized networks with about 50 routers maximum, and the maximum number of routers (hops) that any IP packet must cross is less than 16. Destination addresses that are 16 or more hops away are unreachable from RIP routers.

Routing update announcements generated by RIP routers can cause unacceptable levels of network traffic when more than 50 RIP routers are in use. RIP routers maintain a routing table and periodically send updates to other RIP routers on the network with their routing information. RIPv1 uses IP broadcast packets for its announcements, and RIPv2 uses IP multicast packets for its announcements.

OSPF is a link-state protocol based on an algorithm that determines the shortest path between source and destination nodes on a routed network. OSPF routers maintain the routed network information in a link state database. As updates to information in the database and routing table are made, they are synchronized between other OSPF routers.

OSPF protocol is a better choice than either version of RIP when the network is designed with redundant paths between locales or when the number of subnets in the overall design is more than 50 routers. With Windows Server 2003, both RIPv2 and OSPF can be installed on a server running RRAS.

On RIPv2 networks, routers broadcast their routing tables to other RIPv2 routers at predefined intervals via broadcast or multicast. RIPv2 supports simple password authentication, multicast announcements, CIDR, and VLSM. To configure RIPv1 or 2, set the outgoing packet protocol on the General tab to one of these options, depending on your design:

• RIP version 1 broadcast

• RIP version 2 broadcast

• RIP version 2 multicast

• Silent RIP

To complete the configuration, set the incoming packet protocol on the General tab to one of these, depending on your needs:

• Ignore incoming packets

• RIP version 1 and 2

• RIP version 1 only

• RIP version 2 only

If you need to enable authentication for your routers, select the Activate Authentication check box, and enter a password in the Password text box. All routers using RIPv2 to update each other must be configured in this way with the same password; otherwise , the route updates fail.

You can also configure additional security for RIP routers by setting the appropriate filters in the Security tab of the router's Properties dialog box. Select the appropriate radio button to accept all routes, to accept all routes from a given range of IP addresses that have been entered, or to ignore all routes from a given range of IP addresses that have been entered for incoming routes.

For outgoing routes, you can configure RIPv2 to announce all routes, to announce all routes from a given range of IP addresses that have been entered, or to not announce routes from a given range of IP addresses that have been entered (see Figure 4.5).

You can configure how this router responds to neighboring routers in the Neighbors tab of the RIP Properties dialog box. You can configure it to function by using broadcast and multicast only, using specific neighbors (notated by entering their IP addresses) in addition to broadcast and multicast, or by using only neighboring routers via the entered IP addresses.

In the Advanced tab, you can set timers for periodic updates by specifying the announcement interval in seconds (see Figure 4.6). You can also set the time before routes expire and the time before a route is removed by entering numeric values that denote seconds.

Notice that the following options are enabled by default:

• Split-horizon processing ” This route-advertising method prevents advertising routes in the same direction in which they were learned, which avoids routing loop situations.

• Poison-reverse processing ” This option is used with split-horizon processing to improve RIP convergence by advertising all network IDs.

• Triggered updates ” These route advertising methods advertise changes in the network topology as they occur, instead of waiting for the next scheduled interval.

• Clean-up updates ” These updates are set when subnet summarization is being stopped and disabled.

The following options can also be set, if needed:

• Process Host Routes in Received Announcements

• Include Host Routes in Sent Announcements

• Process Default Routes in Received Announcements

• Include Default Routes in Sent Announcements

With OSPF, administrators can create an OSPF area by installing the OSPF protocol and then installing a new interface. To do this, right-click OSPF in the Routing and Remote Access MMC and choose New Interface, which enables OSPF for the selected network connection (see Figure 4.7).

OSPF is not available on Windows XP 64-bit edition and the 64-bit versions of Windows Server 2003. After all available interfaces on a system have been configured for OSPF, you will receive an error message if you attempt to choose New Interface again.

In the General tab, you can set the level of logging for the protocol with one of the following radio buttons :

• Log Errors Only

• Log Errors and Warnings

• Log the Maximum Amount of Information

• Disable Event Logging

To create an OSPF area, right-click OSPF and choose Properties to open the OSPF Properties dialog box. In the Areas tab, click the Add button to add an IP address. (Notice that the Enable Plaintext Password check box is selected by default.) Enter a destination IP address and a network mask in the Ranges text box.

You can enable the OSPF area as a stub area by selecting the corresponding check box in the General tab. You cannot configure the default area ID of 0.0.0.0 as a stub area, and you cannot configure virtual links through stub areas.

To configure OSPF as an autonomous system boundary router that connects this router to another autonomous system or the Internet, select the Enable Autonomous System Boundary Router check box in the General tab of the OSPF Properties dialog box.

After you change this setting, the External Routing tab is enabled. Select the Accept routes from all route sources except those selected radio button or the Ignore routes from all route sources except those selected radio button (see Figure 4.8), depending on your requirements.

To enable route filters, click the Route Filters button in the External Routing tab. In the OSPF External Route Filters dialog box, select the Ignore Listed Routes radio button or the Accept Listed Routes radio button and enter the appropriate IP addresses in the Destination and Network Mask text boxes.