Introduction to IP Routing

Routing is the process of forwarding a packet based on the packet's destination address. Routing can occur at the sending host, which is known as host routing, and at a router, which is known as router routing. In both casesat a sending host and at a routera decision has to be made about to where the packet is to be forwarded.

To make these decisions, the IP layer consults a routing table stored in the memory of the routing device. Routing table entries are created by default when TCP/IP initializes, and additional entries are added either manually by a system administrator or automatically through communication with routers.

But what exactly is a router? In its simplest form, a router is any device that forwards packets from one interface to another. This is a simple description for a complex process, as you will see as you get further into routing later in this chapter.

Routers come in two basic types: software and hardware.

A software router is a computer running an operating system (for this discussion, that operating system is Windows Server 2003) and multiple services, including a routing service. Some benefits of software routers include the following:

• Tight integration with the operating system The routing service is frequently integrated with the operating system and other services.

• Consistent/easy-to-use user interface No retraining is required on a new interface/operating system because the routing functions are configured through the standard user interface.

• Low cost Typically software routing is done on multipurpose systems and does not utilize dedicated hardware. This reduces the overall cost, although if you were to dedicate a software router for just routing, any cost savings would be negligible.

• Flexibility Software routers allow you to configure and run multiple services on a single platform.

Note: When Do You Use a Software Router?

Typically you find software routers in small offices that are looking for an inexpensive, easy-to-manage solution. Although there are a number of benefits to software-based routers, the drawbacks frequently outweigh them during the selection process. A hardware router is not typically affected by viruses or prone to performance problems due to runaway processes.

Although there are benefits to using software routers, there are also some pretty significant drawbacks compared to using hardware routers. They include the following:

• Slower Due to the additional overhead associated with the operating system and any additional services that are running, software routers are typically slower than hardware routers.

• Less reliable Due to the potential for server problems with the operating system and other running services, as well as the greater number of hardware components compared to in a hardware router, software routers are typically less reliable than hardware routers.

• Limited scalability Scaling a software router to multiple high-speed interfaces (Gigabit Ethernet, for example) is subject to the limitations of the computer hardware. Because most PC-based servers are not designed to route multiple high-speed network interface cards (NICs), software routers generally do not scale as easily or as well as hardware routers. Also, adding additional services, such as access control lists or firewall services, affects a software router's performance to a greater degree than it would the performance of a comparable hardware router.

• Limited protocol support Software routers typically do not support anywhere near the number of routing protocols hardware routers do. Windows Server 2003 is limited to using the IP routing protocols RIPv2 and OSPF, and it does not presently support any of the more advanced IP-based routing protocols, such as Border Gateway Protocol (BGP) version 4.

In years past, a hardware router was a dedicated hardware device whose main function was to route packets. Many of today's hardware routers are multifunction devices, having additional functionality such as DHCP, firewall, caching, and in some cases, even intrusion detection services. The benefits of hardware routers include the following:

• Higher performance than software routers Hardware routers run on custom-built, single-purpose hardware platforms, with highly optimized operating systems.

• Highly reliable Hardware routers are typically more reliable than their software counterparts, due in large part to the limited software capabilities and dedicated hardware. A hardware router typically has higher modularity than a software router.

• Wide protocol support You can typically configure hardware routers to route any routable protocol from AppleTalk to XNS, as long as you buy the proper software. They also support a greater number of routing algorithms than do software routers. In a large network environment, this can be critical.

Although there are benefits to using hardware routers, there are also some drawbacks to using them compared to using software routers. They include the following:

• Higher cost Hardware routers are typically dedicated platforms, which tends to make them more expensive than software routers that are also providing other services. This line is blurring, however, as additional features continue to become available on hardware routers.

• Less user friendly Hardware routers are typically configured using a telnet or serial-based command line. There is typically a completely new operating system for each new hardware router, and all new commands are involved in installing and maintaining hardware routers.

• More complex Although an individual router may not be more complex than its software-based counterpart, as you scale to large networks and begin running multiple protocols and routing algorithms, a hardware router environment can rapidly become very complex.

The hardware versus software router argument is typically more clear-cut in the real world than it is in a book or on a Microsoft exam. In most network environments, hardware routers are used almost exclusively, with software routers being reserved for only the smallest networks or locations, or used in conjunction with demand-dial network connections (discussed later in this chapter, in the section "Windows Server 2003 Routing Interfaces").

Host Routing

Now that you have an idea of what routers do and the types of routers you might run into, let's talk about the simplest form of routinghost routing.

For a host (known as the sending host) to successfully communicate across a shared network to another host (known as the destination host), it needs to have the address of the remote host. For a more real-life example of this mechanism, think about the last time you wanted to call your manager to tell her you were too sick to come in to work. You (the sending host) wanted to communicate with your manager (the destination host) to tell her you were going to be out sick (the data). Before you could call your manager, you needed to have a phone number (address) and access to the public phone network (the shared network). To send the data across the network, you needed the address of your manager's phone for the transaction to be completed. Sending data across a data network works according to the same basic principles.

On an IP-based network, the IP address of the remote host is the address you need to communicate successfully. As you learned in Chapter 1, "Configuring and Troubleshooting TCP/IP Addressing" an IP address is a series of numbers that act as a computer's address on the network. An example of an IP address is 172.16.68.4; this is actually a decimal representation of the actual binary address, which is made up of 4 octets of binary data. An octet is an 8-bit binary number. For ease of use, octets are typically represented in what is known as "dotted-decimal notation," as in 172.16.68.4.

To understand how IP routing works, you also need to understand the two components of an IP address. Each IP address is made up of two componentsthe network address and the host address. The network address identifies what network the host is on, and the host address is the specific address of the host itself. To expand on our earlier addressing example, you can think of the network address as the area code (it lets you know what part of the network the host is on) and the host address as the seven-digit local phone number. This is a high-level explanation of IP addressing, which is covered in detail in Chapter 1.

Note: Do I Really Need to Remember All Those IP Addresses?

A computer host needs to use IP addresses to find another computer on the network, but a typical user finds remembering all those addresses to be a bit problematic. For that reason, a number of services exist to make this process easier for the computer user. On most of today's networks, there are address resolution mechanisms such as Domain Name System (DNS) that can be used to translate an easy-to-remember host name, such as www.quepublishing.com, to the host IP address. (See Chapter 3, "Implementing and Managing DNS," for more information.)

After the sending host has determined the IP address of the destination host, the next step is to determine whether the sending host can send directly to the destination or whether it needs to forward the data to a router that can deliver the data to the destination host. The sending host makes this decision by comparing the network address of the source with the network address of the destination. If the two network addresses are the same, the sending host knows that the destination host is on the same network segment and addresses the packet to the destination's address directly. In Figure 7.1, you can see an example of a small routed network that we'll use to help explain this concept a little more clearly.

Figure 7.1. This is an example of a small routed network.

If the sending host in Figure 7.1 needs to send data to destination host 1, it does the following:

If the two network addresses do not match, the host must forward the message on to a router so that it can try to send the packet to the destination on the sending host's behalf. Based on the destination address, the router then uses its routing table to determine the best interface for sending the packet out to reach its destination. Each router along the path repeats this process until the destination host finally receives the packet. If routers determine that the destination host is unreachable, a destination unreachable packet is sent back to the host. For example, if the sending host in Figure 7.1 were to send data to destination host 2, the process would go like this:

Note: Numbering Conventions

Wherever possible, you should address router interfaces by using a standard numbering convention. This not only makes finding a router on a subnet much easier, but also assists in troubleshooting. One fairly common convention is to reserve addresses at the top or the bottom of the subnet. Thus, on a network segment with one router, you know the address will be 172.16.74.1 (or .254). You can number segments with multiple routers upward (or downward) in sequential order.

Another useful convention (where possible) is to use the same host address on each interface of a router. For example, in Figure 7.1, each router interface has a host address of .1.

These examples are highly simplified, for clarity's sake. The rest of this chapter looks at the underlying principles involved with this process in great detail.

Note: The Real System Address

The IP address is not actually the address used on the local network to deliver data. When the data reaches the destination network, the router looks to the Address Resolution Protocol (ARP) cache to translate the IP address to a Media Access Control (MAC) address for the system. The MAC address is the physical address of the NIC in the host, and it allows for the actual delivery of the data.

How does a sending host know where the router is to use it to forward data to a destination host on another network? This can be accomplished using one of the following methods:

• The default gateway address is configured (either statically or via DHCP), and the host's local ARP cache is queried to identify the physical address of the router interface.

• An Internet Control Message Protocol (ICMP) redirect message is sent by an IP router to the sending host, informing it of a better route to a destination host. The better route becomes a host route in the routing table.

• A TCP/IP host can "listen" to the routing protocol traffic used by routers. This is known as RIP listening or passive RIP. A RIP listening host has the same information in its local routing table as the RIP routers on the network, but it does not broadcast any routing updates. Windows Server 2003 implements eavesdropping through a feature called silent RIP.

Exam Alert: RIP Listening and Windows Server 2003

You cannot configure RIP listening on Windows Server 2003 because all routing on Windows Server 2003 is done using Routing and Remote Access Service (RRAS).

In Step by Step 7.1, we look at how to enable RIP listening on a Windows XP Professional host. We enable this on a Windows XP system to illustrate how you might configure a workstation to take advantage of local routing information. In a production environment, you might do this to ensure that workstations on a network have the ability to continue to function in the event of a network outagethis would require that at least two routers be available on that network.

Step By Step

7.1. Enabling RIP Listening on a Windows XP Professional Computer

Router Routing

So far in this chapter, we have discussed what is commonly considered the easy piece of the routing puzzlegetting the data off the host and onto the network. In this section, we look at how the data moves from router to router and is ultimately delivered to its destination.

When a router receives a packet that must be forwarded to a destination host, the router has to make a decision. It needs to determine whether it can deliver the packet directly to the destination host or whether it needs to forward the packet to another router. To make this decision, the router examines the destination network address. If the router has an interface that is connected to the same network as the destination host, it can deliver the packet directly. This process gets interesting when the router is not connected to the same network as the destination host and it needs to determine the best route to the destination host so that it can forward the packet correctly. As mentioned earlier in this chapter, this is known as router routing.

Exam Alert: What's in a Name?

You will not typically hear the phrase router routing outside a textbook or an exam guide such as this one. The reason is that the phrase router routing is used only to differentiate between routing that is done by the host and routing that is done by the router. You need to be familiar with this terminology for the exam, but in the real world, you will generally use the term routing to refer to the process of getting a packet from a sending host to a destination host.

When a router needs to forward a packet to another router, it uses the information in its routing tables to choose the best path for forwarding the packet. The decision about the router to which to forward the packet is determined by a number of variables related to each of the network paths to the destination host, including the number of hops and the cost of each hop.

Windows Server 2003 supports routing using RRAS. To enable RRAS within Windows Server 2003, follow the procedure described in Step by Step 7.2.

Note: You Must Have Permissions

If the server with which you are working is a member of a Windows Active Directory domain, you need to have domain administrator permissions to install RRAS. You also need the server to be added to the domain's RAS and IAS Servers security group.

Exam Alert: Installing RRAS

If you run across a question on the exam that deals with installing RRAS, it's a trick question. RRAS is installed with the Windows Server 2003 operating system, and it needs to be configured only if you are going to use it. It is not active on the system until it is configured, but it does not need to be installed.

Step By Step

7.2. Enabling RRAS

1.	Open the Routing and Remote Access console by selecting Start, Control Panel, Administrative Tools, Routing and Remote Access. By default, the local computer is listed as a server, as seen in Figure 7.4. Notice the arrow; it indicates that RRAS is not presently enabled. Figure 7.4. The Routing and Remote Access console is used to configure RRAS for a variety of functions, including acting as a router.
2.	Right-click the name of the server you want to configure and select Configure and Enable Routing and Remote Access. The Routing and Remote Access Server Setup Wizard starts.
3.	Click Next to start configuring RRAS. The Configuration page of the wizard appears, as seen in Figure 7.5. Figure 7.5. The Configuration page of the Routing and Remote Access Server Setup Wizard includes the most common configuration options to make the configuration process as easy as possible.
4.	Select the Secure connection between two private networks option and click Next to continue. The Demand-Dial Connections dialog box opens, as seen in Figure 7.6. Figure 7.6. Demand-dial routing allows you to open connections between routers when traffic needs to pass through the router and to disconnect when the router is not needed.
5.	In the Demand-Dial Connections dialog box, select No and click Next to continue. The Completing the Routing and Remote Access Server Setup Wizard dialog box opens.
6.	Click Finish to complete the enabling of routing services.

Now that you have enabled routing services on a Windows Server 2003 system, we need to discuss what interfaces can be used to perform this routing.

Windows Server 2003 Routing Interfaces

Windows Server 2003 supports three types of routing interfaces:

• LAN A LAN interface is a physical connection to the LAN. Most commonly an Ethernet connection (although there are other LAN media, such as Token Ring, 100VGAnyLAN, and ARCNet still in use in older networks), the LAN interface is the router's connection to a constantly active network connection. If you are using a Windows Server 2003 host as a WAN router with a Frame Relay adapter, the Frame Relay interface will commonly appear as a LAN interface because of its always-active nature. LAN interfaces generally do not require authentication, as do the other interface types.

• Demand-dial The demand-dial connection is a WAN connection that is more commonly supported in Windows Server 2003 than in LAN connections. The interface for this connection is a logical interface representing the point-to-point path of two routing devices across an analog phone line or point-to-point VPN connection. Unlike LAN connections, demand-dial connections are either on-demand (that is, established when needed) or persistent (that is, established once and then remaining active). Also unlike LAN connections, a demand-dial interface usually requires authentication. Demand-dial interfaces are supported by routing ports within RRAS. We discuss these later in this chapter in the section "Managing Routing Ports."

• IP-in-IP tunnel An IP-in-IP tunnel interface is a logical interface that represents a tunneled point-to-point connection. IP-in-IP tunnel interfaces do not require an authentication process to become connected. This type of interface sends IP packets through the tunnel by encapsulating them with an additional IP header. This allows IP packets that would not ordinarily traverse a network to be routed from one part of the network to another.