To troubleshoot TCP/IP connectivity problems, it is important to understand how packets are forwarded from a source to a destination node on an Internet Protocol (IP) internetwork. For data to be exchanged between any two nodes, each must be reachable from the other. For universal reachability, a forwarding path between any two nodes must exist in both directions. The forwarding paths are determined by the contents of local IP routing tables and the nature of the IP routing infrastructure.
IP routing is the process of forwarding unicast IP traffic to its destination in an IP internetwork with an arbitrary topology. Specifically, IP routing is the process of forwarding packets from the sending host through a series of intermediate routers. To facilitate the forwarding process, the sending host and each router make a forwarding decision based on the contents of their local IP routing table. For hosts and routers running a member of the Microsoft Windows Server 2003 family, the IP routing table entries are created based on the TCP/IP configuration, static routing table entries, Internet Control Message Protocol (ICMP) Redirect, or routing protocols.
For discussion in this chapter, a node is a network device running the TCP/IP protocol, a host is a TCP/IP node that does not have routing capability, and a router (or gateway) is a TCP/IP node that does have routing capability. Both hosts and routers are considered nodes.
When forwarding an IP datagram, the sending host performs either a direct or indirect delivery to the destination. If the destination is directly reachable—on a directly attached network segment—the forwarding node performs a direct delivery by resolving the destination node's media access control (MAC) address and sending the frame to the destination. If the destination is not directly reachable—not on a directly attached network segment—the host uses its IP routing table to determine an intermediate router's next-hop IP address. The forwarding node performs an indirect delivery by resolving the intermediate router's MAC address and sending the frame to the intermediate router.
The IP routing process is a series of direct and indirect deliveries, as shown in Figure 7-1. For Host A and Host B, on the same network segment, Host A performs a direct delivery when sending packets to Host B. For Host A and Host C, on different network segments separated by a single IP router, Host A performs an indirect delivery to the router. The router then performs a direct delivery to Host C.
Figure 7-1: IP forwarding showing direct and indirect delivery.
For more details on the behavior of the Address Resolution Protocol (ARP) during direct and indirect deliveries, see Chapter 3, "Address Resolution Protocol (ARP)."
The IP forwarding process and IP routing table entries vary depending on the type of link over which the packet is being forwarded. The following are the three types of links:
The broadcast link type is characterized by its ability to have more than two nodes on the same network segment, and each frame sent is received at the Network Interface Layer by all of the network segment's nodes. Ethernet, Token Ring, and Fiber Distributed Data Interface (FDDI) are examples of broadcast links. In each case, one of the possible multiple nodes on the network segment must be distinguished using a Network Interface Layer address. For Ethernet, Token Ring, and FDDI, the Network Interface Layer address is the destination MAC address. ARP is used to resolve the destination MAC address for a given next-hop IP address.
The broadcast link type supports the ability to multicast to a group of hosts on the network segment or to broadcast to all hosts on the segment. Routing protocols such as Routing Information Protocol (RIP) or Open Shortest Path First (OSPF) use the ability to multicast to propagate routing information. RIP routers can use either subnet broadcastsor the 22.214.171.124 multicast address. OSPF routers use the multicast addresses of 126.96.36.199 and 188.8.131.52. Figure 7-2 shows Ethernet, an example of a broadcast link.
Figure 7-2: A broadcast link such as Ethernet where a single packet is received by multiple nodes.
To forward an IP datagram on a broadcast network, knowledge of the next-hopIP address is required.
The point-to-point link type is characterized by its ability to support only two IP nodes. Examples of point-to-point links are typical leased-line and circuit-switched wide area network (WAN) links such as analog phone lines, T-Carrier (including T1/E1 and T3/E3), and Integrated Services Digital Network (ISDN). For point-to-point links, there is only one possible node that receives the forwarded IP datagram. Therefore, ARP is not used to resolve a Network Interface Layer address and the next-hop IP address is irrelevant.
Routing protocols such as RIP and OSPF work over point-to-point links without modification. For broadcast RIP announcements, the two routers' IP addresses on the point-to-point link network segment must be from the same IP network ID. If the IP addresses of the two routers' interfaces on the point-to-point link are from different network IDs, the receiving router does not process broadcast RIP requests or announcements. If this is the case, use RIP version 2 and multicast announcements.
For OSPF, the router interfaces are configured for the OSPF point-to-point network type. In this configuration, OSPF routers always use the multicast address of 184.108.40.206. Figure 7-3 shows a leased-line connection between two routers using T1, an example of a point-to-point link.
Figure 7-3: A point-to-point link such as a T1 leased line contains a maximum oftwo nodes.
The non-broadcast multiple access (NBMA) link type is characterized by its ability to support more than two IP nodes; however, this link type cannot multicast or broadcast. Examples of NBMA links are packet-switched WAN technologies such as X.25, frame relay, and Asynchronous Transfer Mode (ATM). In each of these technologies, a single WAN adapter can support multiple virtual circuits. However, with the exception ofrecent developments in frame relay, NBMA links have no capability to send a single packet that is copied to all the configured virtual circuits.
For X.25, frame relay, and ATM adapters operating in NBMA mode, the next-hop IP address is relevant. However, because there is no multicast or broadcast facility, ARP is not used. Inverse ARP can be used to discover the IP addresses of the routers on the other end of the virtual circuit. The next-hop IP address from the route in the routing table is mapped to the appropriate virtual circuit identifier using a table maintained by the adapter.
For RIP and OSPF operation over an NBMA network, instead of broadcasting or multicasting, RIP or OSPF neighbors are configured. Each neighbor is a unicast location to which RIP or OSPF traffic is sent. Figure 7-4 shows a frame relay spoke and hub configuration, an example of an NBMA link.
Figure 7-4: An NBMA link such as frame relay, where a single interface supports multiple virtual circuits without a broadcast facility.
For X.25, frame relay, and ATM adapters operating in multi- or subinterface mode, each virtual circuit is represented as a separate logical adapter. Each logical adapter is the equivalent of a point-to-point adapter. RIP and OSPF are configured the same way as a point-to-point link.
The IP routing table is a database of routes present in memory on all IP nodes. Each entry, or route, in the routing table contains forwarding information for a range of destination IP addresses. The level of detail for destination IP addresses—the number of routes in the routing table—depends on whether the IP node is a host or a router. Typically, IP hosts have few entries and IP routers have many.
It is common on IP internetworks to configure IP hosts with a default gateway. This configuration creates a default route that effectively summarizes all destinations. For IP routers, it is common for the routing table to contain an entry for every reachable network on the IP internetwork, although route summarization and default routing are also commonly used.
In each case, the IP routing table's purpose is to yield two values for the destination IP address of each packet being forwarded:
A route in the IP routing table contains enough information to identify the destination, identify the next-hop interface and IP address, and distinguish the best route to use when multiple routes to the destination are found.
Typical IP routing tables contain the following fields for each route:
To determine whether the destination IP address of an IP datagram being forwarded matches a route, the destination IP address is bit-wise logically ANDed with the Network Mask. The result is compared with the value of the Destination field for the route. If they match, the route matches the destination IP address for the packet and the corresponding next-hop IP address is used.
Due to the ANDing process used between the Network Mask field and the Destination field, the Destination field cannot be more specific than the Network Mask field. In binary terms, the Destination field cannot have bits set to 1 in bit positions where the Network Mask field has bits set to 0. Because the logical ANDing of a 1 and a 0 is always a 0, the ANDing of the Network Mask field with any IP address never results in a match to the Destination field. This is a useless route because it never matches any destination. Computers running a member of the Windows Server 2003 family do not allow such a route to be added to the IP routing table. To test whether a destination and network mask combination is invalid, perform a bit-wise logical AND of the destination and the network mask. If the result is not the destination, the combination is invalid.
A route in the IP routing table is one of the following types (in order of most to least specific):
Each network ID route can be either a directly attached network ID route or a remote network ID route. A directly attached network ID route is a route fora network segment on which the router has an interface. Routes for directly attached network IDs might not have a value for the next-hop IP address. A remote network ID is a network ID that is available across another router.For remote network ID routes, the next-hop IP address is an intermediate router's IP address. The next-hop IP address must be directly reachableusing the interface in the Interface field.
For any IP datagram being forwarded, a single route in the routing table must be chosen to determine the next-hop interface and IP address for the forwarding process. To determine the single best route for forwarding, IP uses the following process:
The end result of the route determination process is the choice of a single route thatis the most specific route to the destination with the lowest metric. The single route chosen yields the next-hop IP address and the interface over which to forward the IP datagram.
If no matching route is found, IP indicates a routing error. For a sending host, an internal IP routing error informs the upper layer protocol. For a router, the IP datagram is discarded and an ICMP Destination Unreachable-Host Unreachable message is sent back to the sending host.
The closest matching route process favors routes matching the destination in the following order:
The IP routing table for the Windows Server 2003 family (for a single interface host with the IP address 220.127.116.11, subnet mask 255.255.240.0, and default gateway 18.104.22.168), as displayed with the route print command, is shown here:
F:>route print =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x10003 ...00 04 5a 56 0f 5b ...... Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4) #2 =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 22.214.171.124 126.96.36.199 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 188.8.131.52 255.255.240.0 184.108.40.206 220.127.116.11 20 18.104.22.168 255.255.255.255 127.0.0.1 127.0.0.1 20 22.214.171.124 255.255.255.255 126.96.36.199 188.8.131.52 20 184.108.40.206 240.0.0.0 220.127.116.11 18.104.22.168 20 255.255.255.255 255.255.255.255 22.214.171.124 126.96.36.199 1 Default Gateway: 188.8.131.52 =========================================================================== Persistent Routes: None
This example of an IP routing table for the Windows Server 2003 family consists of the following routes:
The closest matching route when there are no other matches. If the default route is chosen, the packet is forwarded to the default gateway's IP address (184.108.40.206) using the interface assigned to the IP address 220.127.116.11.
Matches any IP address in the range 127.0.0.0 through 127.255.255.255. AllIP addresses beginning with 127 are reserved for loopback. All IP datagrams addressed in this range are forwarded to the reserved loopback address 127.0.0.1 using the loopback interface.
A route to the locally attached subnet. When this route is chosen, the IP datagram is forwarded to the destination IP address using the interface assigned the IP address 18.104.22.168.
A host route for the assigned IP address. All traffic addressed to the local host IP address is forwarded to the reserved loopback address 127.0.0.1 using the loopback interface.
A host route for the all-subnets-directed broadcast address for the class B network ID 22.214.171.124/16. Packets addressed to the all-subnets-directed broadcast address are sent as MAC-level broadcasts, using the interface assigned the IP address of 126.96.36.199. An all-subnets-directed broadcast route is present only if the locally attached network segment is subnetted. For more information on the all-subnets-directed broadcast, see Chapter 6, "Internet Protocol (IP)Addressing."
Used to match all class D addresses reserved for IP multicast traffic. IP multicast packets are sent as MAC-level multicasts, using the interfaceassigned the IP address of 188.8.131.52.
A host route for the limited broadcast address. Datagrams addressed to the limited broadcast address are sent as MAC-level broadcasts using the interfaceassigned the IP address 184.108.40.206.
These are the routes in the IP routing table created based on the common configuration of an IP address, a subnet mask, and a default gateway. Additional routes can be added through static routes, the receipt of ICMP Redirect messages, or a routing protocol.
The IP routing table for the Windows Server 2003 family differs from the IP routing table for Microsoft Windows 2000 in the following ways:
For multihomed nodes—nodes with more than one IP address—additional entries for the local host route, the directly attached network ID route, the multicast route, and the limited broadcast address are present for each IP address added. An example is shown here:
F:>route print =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x10003 ...00 04 5a 56 0f 5b ...... Linksys LNE100TX Fast Ethernet Adapter (LN0TX v4) #2 0x10004 ...00 04 5a 56 0f 62 ...... Linksys LNE100TX Fast Ethernet Adapter (LN0TX v4) =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 220.127.116.11 18.104.22.168 20 10.117.94.0 255.255.255.0 10.117.94.30 10.117.94.30 30 10.117.94.30 255.255.255.255 127.0.0.1 127.0.0.1 30 10.255.255.255 255.255.255.255 10.117.94.30 10.117.94.30 30 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 22.214.171.124 255.255.240.0 126.96.36.199 188.8.131.52 20 184.108.40.206 255.255.255.255 127.0.0.1 127.0.0.1 20 220.127.116.11 255.255.255.255 18.104.22.168 22.214.171.124 20 126.96.36.199 240.0.0.0 10.117.94.30 10.117.94.30 30 188.8.131.52 240.0.0.0 184.108.40.206 220.127.116.11 20 255.255.255.255 255.255.255.255 10.117.94.30 10.117.94.30 1 255.255.255.255 255.255.255.255 18.104.22.168 22.214.171.124 1 Default Gateway: 126.96.36.199 =========================================================================== Persistent Routes: None
In this example, the Linksys LNE100TX Fast Ethernet Adapter #2 is configured with the IP address 188.8.131.52, the subnet mask 255.255.240.0, and the default gateway of 184.108.40.206. The Linksys LNE100TX Fast Ethernet Adapter is configured with the IP address 10.117.94.30 and the subnet mask 255.255.255.0. The Linksys LNE100TX Fast Ethernet Adapter is plugged into a 10-Mbps Ethernet hub, and the routes corresponding to this interface have an automatically determined routing metric of 30. The Linksys LNE100TX Fast Ethernet Adapter #2 is plugged into a 100-Mbps Ethernet hub, and the routes corresponding to this interface have an automatically determined routing metric of 20.
You maintain the IP routing table for the Windows Server 2003 family with the Route command-line utility. With Route, you can view the routing table and add, change, and delete routes. The IP routing table is stored in random access memory (RAM) and is not preserved when the computer is restarted. It rebuilds a default routing table based on the TCP/IP configuration when TCP/IP is initialized.
To make additional static routes persistent so that they are always added when TCP/IP is initialized, add the routes using the route add command with the -p option. Routes added with the -p option are stored in the registry under the following key:
For a computer running a member of the Windows Server 2003 family and the Routing and Remote Access service, the IP routing table also can be maintained from the Routing and Remote Access administrative tool. Use shortcut menu options available from the IP RoutingStatic Routes object to view the IP routing table and add static routes. Figure 7-5 shows the IP routing table as it appears in the Routing and Remote Access administrative tool.
Figure 7-5: The IP routing table as viewed from the Routing and Remote Access administrative tool.
The IP Routing Process for the Windows Server 2003 Family
The IP routing process for the Windows Server 2003 family is as follows:
The result of the IP routing process for the Windows Server 2003 family is theIP address of the interface over which the packet is to be forwarded (the Interface field's IP address) and the next-hop IP address (either the IP datagram's destination IP address or the Gateway field's value). This result is then passed to the ARP module to determine the following:
For more details on how ARP resolves the unicast MAC address of the node to which the datagram is being forwarded, see Chapter 3, "Address Resolution Protocol (ARP)."
Examples of Route Determination for the Windows Server 2003 Family
A host running a member of the Windows Server 2003 family has the following IP routing table:
F:>route print =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x10003 ...00 04 5a 56 0f 5b ...... Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4) #2 =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 172.16.1.1 172.16.1.99 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 172.16.1.0 255.255.255.0 172.16.1.99 172.16.1.99 20 172.16.1.99 255.255.255.255 127.0.0.1 127.0.0.1 20 172.16.255.255 255.255.255.255 172.16.1.99 172.16.1.99 20 220.127.116.11 240.0.0.0 172.16.1.99 172.16.1.99 20 255.255.255.255 255.255.255.255 172.16.1.99 172.16.1.99 1 Default Gateway: 172.16.1.1 =========================================================================== Persistent Routes: None
The following are examples of how this routing table is used to determine the next-hop IP address and interface for several different destinations:
When sending traffic to the unicast destination IP address 172.16.1.47 (local subnet traffic), the matching routes are the default route (0.0.0.0 with 0.0.0.0) and the local subnet route (172.16.1.0 with 255.255.255.0). Because the local subnet route is a closer match to the destination IP address (the first 24 bits in the Network Destination matched rather than 0 bits for the default route), the directly attached network ID route is chosen. Because the Gateway and Interface fields are set to the same value, the next-hop IP address for the datagram is set to 172.16.1.47. The IP datagram, the next-hop IP address (172.16.1.47), and the interface (172.16.1.99) are passed to ARP to perform a direct delivery.
When sending traffic to the unicast destination IP address 192.168.0.79 (remote traffic), the only matching route is the default route (0.0.0.0 with 0.0.0.0). Because the Gateway and Interface fields are different, the next-hop IP address for the datagram is set to 172.16.1.1. The IP datagram, the next-hop IP address (172.16.1.1), and the interface (172.16.1.99) are passed to ARP to performan indirect delivery.
When sending traffic to the multicast destination IP address 18.104.22.168, the matching routes are the default route (0.0.0.0 with 0.0.0.0) and the multicast route (22.214.171.124 with 240.0.0.0). Because the multicast route is a closer match to the destination IP address (the first 4 bits in the Network Destination matched rather than 0 bits for the default route), the multicast route is chosen. Because the Gateway and Interface fields are set to the same value, the next-hop IP address for the datagram is set to 126.96.36.199. The IP datagram, the next-hop IP address (188.8.131.52), and the interface (172.16.1.99) are passed to the ARP module. However, for multicast traffic, the corresponding Network Interface Layer address for 184.108.40.206 isdetermined (for Ethernet and FDDI, the MAC address is 01-00-5E-00-00-01)and the packet is sent without performing address resolution.
When sending traffic to the subnet broadcast destination IP address 172.16.1.255, the matching routes are the default route (0.0.0.0 with 0.0.0.0) and the local subnet route (172.16.1.0 with 255.255.255.0). Because the local subnet route is a closer match to the destination IP address (24 bits in the Network Destination matched rather than 0 bits for the default route), the directly attached network ID route is chosen. Because the Gateway and Interface fields are set to the same value, the next-hop IP address for the datagram is set to 172.16.1.255. The IP datagram, the next-hop IP address (172.16.1.255), and the interface (172.16.1.99) are passed to the ARP module. However, for broadcast traffic, the corresponding Network Interface Layer address for broadcast traffic is determined (for Ethernet, Token Ring, and FDDI, the MAC address is FF-FF-FF-FF-FF-FF) and the packet is sent without performing address resolution.
When sending traffic to the unicast destination IP address 172.16.1.99, thematching routes are the default route (0.0.0.0 with 0.0.0.0), the local subnetroute (172.16.1.0 with 255.255.255.0), and the local host route (172.16.1.99 with 255.255.255.255). Because the local host route is the closest possible match to the destination IP address (all 32 bits in the Network Destination matched rather than 24 bits for the local subnet route and 0 bits for the default route), the local host route is chosen. The next-hop address is 127.0.0.1 and the next-hop interface is the loopback adapter. The packet is forwarded to the internal loopback adapter without performing address resolution.
To fully understand IP routing, we must examine the series of forwarding processes that occur at the sending host, the intermediate routers, and the destination host. The following processes assume an IP header without Loose Route, Strict Route, or Record Route IP options.
When the sending host (a computer running a member of the Windows Server 2003 family) forwards an IP datagram, IP performs the following steps:
This sending process assumes that there are no Internet Protocol Security (IPSec) rules that either modify the packet or prevent its sending and that there are no Routing and Remote Access service IP filters that prevent its sending.
When a computer running a member of the Windows Server 2003 family acting as an IP router receives an IP datagram, IP performs the following steps:
This forwarding process is repeated at each intermediate router in the path between the sending host and the destination host.
This forwarding process assumes that there are no IPSec rules thateither modify the packet or prevent its forwarding and that there are no Routing and Remote Access service IP filters that prevent its forwarding.
When the final intermediate router performs a direct delivery to the destination host, IP on the destination host performs the following steps:
This receiving process assumes that there are no IPSec rules, TCP/IPprotocol filters, or Routing and Remote Access service IP filters that prevent its reception.
For the successful delivery of IP datagrams to an arbitrary location in an IP internetwork, you must employ an IP routing infrastructure. Hosts and routers must have the supporting routes in their routing table to forward unicast traffic to any reachable location. Typically for hosts, all destinations are either directly reachable or reachable through a default route pointing to their default gateway. Routers, however, have either explicit routes for each network segment in the IP internetwork, summarized or aggregated routes, or a default route. The combination of the host's routing table entries and the routers comprise the IP routing infrastructure.
The type of IP routing infrastructure that you deploy can have the following characteristics:
For a single-path routing infrastructure, IP traffic can only travel a single path between any source and any destination. Single-path infrastructures are simple but they are intolerant of network faults. A downed link or a downed router creates physically separate portions of the internetwork that are unreachable for the duration of the fault.
For a multipath routing infrastructure, IP traffic can travel different paths between any source and destination. Typically, a multipath environment forwards IP traffic along a single path until the network topology changes. When coupled with dynamic routing, multipath routing infrastructures can be fault-tolerant. Multipath infrastructures are more complex to plan and implement and there is a possibility that, either because of misconfiguration or a period when the internetwork topology is changing, a routing loop can form. A routing loop is a path through the routing infrastructure that loops back on itself, which occurs when routers forward traffic in a loop that does not include the network segment of the destination. Traffic caught in a routing loop is forwarded between the routers of the loop until the TTL in the IP header becomes 0. Figure 7-6 shows a routing loop created by misconfiguration of the default route (0/0) among three routers (Router B, Router D, and Router C).
Figure 7-6: A default routing loop among Router B, Router D, and Router C.
One way to detect routing loops in your internetwork is to use the Ping command-line utility with the -i option set to 255. The -i option sets the TTL in the ICMP Echo message. If the Ping utility displays "TTL Expired In Transit," there is a good chance you have a routing loop. To ensure that you do have a routing loop, use the Tracert command-line utility to trace the route to the destination. In the Tracert display, look for a set of router IP addresses or names that repeats.
Your routing infrastructure can be either class-based or classless. Although originally a class-based routing infrastructure, address allocation and routing on the modern Internet is classless.
Class-based routing is the determination of the network ID based on the IP address classes. Class-based routing protocols such as RIP version 1 do not advertise a subnet mask when advertising routes. You can subnet with class-based routing protocols; however, there are limitations to the types of addresses and configurations that are permitted.
For example, when subnetting a class-based network ID, all of the subnets of the class-based network ID must be contiguous. Class-based routing protocols do not advertise the subnets of a class-based network ID on network segments that are not a subnet of the class-based network ID. Rather, on network segments that are not a subnet of the class-based network ID, they advertise the summarized class-based network ID. Class-based IP routers summarize the subnets of a class-based network ID by advertising the class-based network ID. Because of this behavior, all subnets must be contiguous. Two different subnets of the same class-based network ID in different parts of the IP internetwork (discontiguous subnets) both separately advertise the summarized class-based network ID. With two routes to the same class-based network ID, routers use the one with the lowest metric. Regardless of which route is chosen, because of proximity to the advertising router, incorrect routing occurs. The locations on both subnets are not reachable by all hosts on the IP internetwork. Because routes learned from neighboring routers are received without a network mask, the class-based router must assume the subnet mask based on the following:
With classless routing, routers never assume that the network mask is based on address classes. Classless routing protocols such as RIP version 2 and OSPF advertise the network mask with the network ID. Because no mask assumptions are made, classless routing allows discontiguous subnets of a network ID, variable-length subnetting, CIDR blocks, and route aggregation. In today's classless world, IP internetworks should be using classless routing with an appropriate routing protocol. Class-based routing should be used only in networks that require compatibility with legacy routing protocols such as RIP version 1.
For a flat routing infrastructure, each separate network segment is represented as a single route in the IP routers' routing table (assuming no use of default routing). The entire internetwork is a collection of IP network segments with no structure. Although a flat routing infrastructure can work well for small- to medium-sized internetworks, flat routing, when scaled to large networks, produces a large number of routes in routing tables. Consider the example of the Internet. The Internet Network Information Center (InterNIC) at one time allocated class-based network IDs to organizations on request, creating a flat routing infrastructure on the Internet. As the number of allocated network IDs grew, so did the number of routes in the routing tables of Internet backbone routers. Today, Internet backbone routers have more than 80,000 routes in their routing tables.
For a hierarchical routing infrastructure, ranges of network IDs are collapsed to a single network ID and, therefore, a single route through the use of route aggregation techniques. Also, in a hierarchical routing infrastructure, IP network segments that share a common network ID prefix are grouped together and have a network/subnetwork/sub-subnetwork structure. With a hierarchical routing infrastructure, routers at the border of a region of network segments sharing the same set of network ID prefixes advertise a single route that summarizes or aggregates all of the network IDs of the region. In this way, routing information propagated outside the region is highly simplified. Very few routes exist on the backbone of a properly configured hierarchical internetwork.
There are many advantages to hierarchical routing infrastructures, but they require proper planning and an addressing scheme that allows groups of network IDs to be grouped together. Figure 7-7 shows an example of a hierarchical routing infrastructure based on the private network ID 10.0.0.0/8. The arrows and routes represent the summarized route that is advertised outside the region by the router(s) at the region's border.
Figure 7-7: A hierarchical addressing and routing scheme showing routing regions and route summarization at region borders.
For a variety of reasons involving the impracticality of renumbering the IP internetwork, some IP internetworks have a combination of flat and hierarchical routing infrastructures. Before the development of CIDR, the Internet had a flat routing infrastructure. Post-CIDR, IP addresses are allocated using a hierarchical global addressing scheme. However,because of the difficulty of reallocating public network IDs to existing organizations, today's Internet remains a mixed flat and hierarchical routing infrastructure.
The ongoing maintenance of routing tables can be done either manually through static routing or automatically using dynamic routing.
Static routing relies on manually configured routes. It supports classless routing because each route must be added with a network mask, making the destination unambiguous. Static routing can work well for small internetworks but it does not scale well because of the manual administration involved. Static routing can also work well in branch office scenarios where, rather than using a routing protocol across the WAN link to the branch office, static routes are added to the branch office and hub office routers to make the locations on each other's network segments reachable.
Ideally, an IP router has explicit knowledge of each network ID in the internetwork, either through an explicit or aggregated route. Default routing is used when connecting a smaller set of network segments to a much larger set of network segments and the creation of explicit or aggregated routes is impractical or impossible. Static routes are often used to connect to the Internet. It is impractical to add the Internet's 80,000 routes to the routing table of the static router; therefore, add a single default route pointing to the downstream Internet service provider (ISP) router.
Static routing is not fault tolerant. A static router cannot sense that a neighboring router is no longer available (if the link to the neighboring router remains operational) or that a remote network segment is no longer reachable and make adjustments to its routing table.
The Windows Server 2003 Family as a Static IP Router
A computer running a member of the Windows Server 2003 family can act as a static IP router by installing multiple network adapters, creating a multihomed computer. A separate IP address and subnet mask is configured for each network adapter, defining routes for the directly attached networks. It is natural to want to configure a default gateway, but this creates a default route, and a default route on a static router is based on a design decision of your static routing environment.
If you use default routing, it is also natural for you to configure a default gateway for each network adapter. However, you must configure a default gateway for a single network adapter corresponding to the network adapter attached to the network segment of the router you want to use for your default route. If you configure a default gateway for more than one network adapter, a default route with an interfaced-based metric is added for each default gateway. This can lead to multiple default routes in the routing table with the same metric. In this situation, TCP/IP for the Windows Server 2003 family picks a default route based on the first network adapter binding. This can lead to undesired behavior if TCP/IP for the Windows Server 2003 family chooses a less than optimal default route.
Once the network adapters are configured, enable IP routing for computers running a member of the Windows Server 2003 family by configuring and enabling the Routing and Remote Access service. For computers running Microsoft Windows XP, set the following registry value to 1:
After you enable IP routing, add the appropriate specific or aggregated routes of your internetwork using either the Routing and Remote Access administrative tool or the ROUTE ADD command at a command prompt.
Dynamic routers rely on routing protocols—protocols used by routers to communicate routing information—to maintain IP routing tables. Routes for remote network IDs are learned through routing protocol traffic and added or removed from IP routing tables. When all of the IP internetwork routers have received all the information needed to create routes that reflect the internetwork's current topology, the internetwork has converged.
Dynamic routing in a multipath routing infrastructure can provide fault tolerance. When a route becomes unreachable, it is removed from the routing table and its unreachability is conveyed to neighboring routers. When a link or router goes down, routes are adjustedfor a new path to the network segments affected by the network fault. Routing protocols can be either class-based or classless depending on how the route is advertised.
The two most common IP routing protocols for private IP internetworks are RIP and OSPF, both of which are supported by the Windows Server 2003 family.
RIP is a distance vector routing protocol. Distance vector routing protocols propagate routing information in the form of a network ID and its "distance" or hop count. RIP has a maximum distance of 15 hops. Locations 16 or more hops away are considered unreachable. The original version of RIP, known as RIP version 1, described in RFC 1058, is a class-based routing protocol. The network ID is announced without its network mask. Therefore, the restrictions of class-based routing apply. A newer version of RIP, RIP version 2, described in RFC 1723, is a classless routing protocol. The RIP version 2 announcement includes a network ID and a subnet mask.
RFCs 1058 and 1723 describe RIP versions 1 and 2. These RFCs can be found in the Rfc folder on the companion CD-ROM.
RIP is a simple routing protocol with a periodic route-advertising mechanism designed for use in small- to medium-sized IP internetworks. RIP does not scale well to large or very large IP internetworks.
When a RIP router is initialized, it announces the appropriate routes in its routing table on all interfaces. The RIP router also sends a RIP General Request message on all interfaces. All neighboring routers—those on the same network segments as the router sending the request—send the contents of their routing tables in response; those responses build the initial routing table. Learned routes are given a three-minute lifetime (by default) before being removed by RIP from the IP routing table.
After initialization, the RIP router periodically announces (every 30 seconds, by default) the appropriate routes in its routing table for each interface. The exact set of routes being announced depends on whether the RIP router is implementing split horizon (where routes are not announced over the interfaces on which they were learned) or split horizon with poison reverse (where routes learned on interfaces are announced as unreachable).
Fault tolerance for RIP internetworks is based on the time-out of RIP-learned routes. If a change occurs in the internetwork topology, RIP routers can send a triggered update—a routing update, sent immediately—rather than waiting for a scheduled announcement.
OSPF is a link state routing protocol. Link state routing protocols propagate routinginformation in the form of link state advertisements (LSAs) that contain the connected networks and their cost. The cost of each router interface is a unitless number that the network administrator assigns, and it can include delay, bandwidth, and monetary cost factors. The accumulated cost among network segments in an OSPF internetwork must be less than 65,535. OSPF is a classless routing protocol; OSPF LSAs contain the network ID and subnet mask for routes. OSPF is described in RFC 2328.
Each router has an LSA that describes its current state. The LSA of each OSPF router is efficiently propagated throughout the OSPF internetwork through logical relationships between neighboring routers called adjacencies. When the propagation of all current router LSAs is complete, the OSPF internetwork has converged.
Based on the collection of OSPF LSAs—known as the link state database—OSPF calculates the lowest cost path to each route, and those paths become OSPF routes in the IP routing table. To keep the size of the link state database down, OSPF allows the creation of areas. An OSPF area is a grouping of contiguous networks. In all OSPF networks, there is at least one area called the backbone area. OSPF areas allow the summarization or aggregation of routing information at the boundaries of an OSPF area. A router at the boundary of an OSPF area is known as an area border router (ABR).
Figure 7-8 shows an example of a multiple-area OSPF internetwork. Area 1 consists of a series of variable-length subnetted network segments from the address space 10.47.0.0/16. By default, the ABR for Area 1 propagates routing information in the form of LSAs for each separate network segment within Area 1. Using route summarization, the ABR is configured to propagate only the single route 10.47.0.0/16. All of the destinations within Area 1 are reachable outside of that area using this route. Areas and route summarization allow OSPF internetworks to scale to large organizational IP internetworks.
Figure 7-8: A multiple-area OSPF internetwork showing the route summarization of Area 1.
The Windows Server 2003 Family as a Dynamic Router
A computer running a member of the Windows Server 2003 family can act as a dynamic router supporting RIP and OSPF by installing multiple network adapters and enabling and configuring the Routing and Remote Access service. A separate IP address and subnet mask is configured for each network adapter, defining the directly attached network ID routes. In the case of dynamic routing, default routes are less typically used so a default gateway need not be configured for any network adapter.
After the Routing and Remote Access service is enabled, static IP routing is enabled. Using the Routing and Remote Access administrative tool, add the RIP for IP or OSPF routing protocols and then enable them on your installed network adapters by adding your network adapters to the appropriate routing protocol. The detailed configuration of RIP and OSPF options is beyond the scope of this book. For more information, see theWindows Server 2003 family online Help and the Microsoft Windows Server 2003 Resource Kit Internetworking Guide.
A computer running Microsoft Windows XP Professional can use the RIP protocol to listen to RIP traffic using the RIP Listener, a service installed as a separate networking component. A computer using the RIP Listener service is known as a silent RIP host. The RIP Listener service listens for all RIP version 1 broadcast traffic on the local network segment and maintains routes in the IP routing table.
Very large IP internetworks such as the Internet are divided into regions called autonomous systems (ASs). An AS is a contiguous region of the internetwork under the same administrative control. Administrative control is typically defined by an organization such as an institution or corporation. Within an AS, one or more Interior Gateway Protocols (IGPs) are used. Examples of IGPs include RIP and OSPF. Between autonomous systems, Exterior Gateway Protocols (EGPs) are used. An example of an EGP is the Border Gateway Protocol version 4 (BGP-4). EGPs used between autonomous systems are independent of the IGPs used within the AS.
For most organizations, a single AS is often sufficient. The Internet, however, is a multiple-AS environment composed of a somewhat hierarchical organization of ASs using BGP-4 as the EGP. As seen with OSPF, each AS can be subdivided into areas or domains (if you are using multiple IGPs) to define a hierarchical structure within the AS. If you are an ISP, you might need to implement BGP-4 to communicate routing information to other Internet ASs. The Windows Server 2003 family does not provide support for BGP-4.
The Windows Server 2003 family provides the following command-line utilities for maintaining and testing routing functionality:
For more information about how Ping, Tracert, and Pathping work, see Chapter 8, "Internet Control Message Protocol (ICMP)."
IP routing is a combination of direct and indirect delivery processes that forward an IP datagram from the source node to the destination node. At each hop, a local IP routing table is consulted to determine how the datagram is delivered to the next hop or the final destination. The route determination process results in a next-hop interface and IP address. The routing infrastructure of an IP internetwork provides reachability between any source and destination node and can be class-based or classless, flat or hierarchical, and static or dynamic, and can consist of a single AS or multiple ASs. The Windows Server 2003 family supports static routing and dynamic routing using RIP version 1, RIP version 2, and OSPF.
Part I - The Network Interface Layer
Part II - Internet Layer Protocols
Part III - Transport Layer Protocols
Part IV - Application Layer Protocols and Services