IP Routing

Previous page
Table of content
Next page

I have alluded to routing repeatedly in this chapter but have not really explained the routing process in detail and why it is important to us. Routing is nothing more than taking the data from a host and transmitting it across the network to a host on a different subnet. To do this, routers (and firewalls) need to be able to determine what network the data needs to be delivered to. We have already established how an IP address can be configured with different network IDs, which is what routers use to determine what specific subnets exist.

Routers collect this information regarding the subnets that exist and store it in what is known as a routing table. The routing table consists of the following information:

  • Network IDs (and thus subnets) that the router is aware of.

  • IP address of the gateway or router that can be used to deliver data to the corresponding subnet. This is the actual route to the subnet, and the router may have multiple routes to a given subnet.

Routers can build and maintain this routing table information in one of two methods. The first is for the data to be manually updated and maintained by an administrator. The second is to use routing protocols to actively interrogate the network and determine all subnets, routers, and the routes that exist so that the protocol can use that information to successfully transmit data to the appropriate subnet.

As you would expect, in large networks the process of manually updating and maintaining this routing information is practically impossible. Therefore, in large or complex networks it is recommended to implement routing protocols to automatically take care of all the processes related to the building of the routing table, the maintenance of the routing table, the verification of the routing table, and the determination of which route is the best route to take.

Types of Routing

Fundamentally, there are three types of routing:

  • Static routing

  • Default routing

  • Dynamic routing

Static routing is the process of an administrator manually entering, maintaining, updating, and removing the routes that a router is configured with. Static routing is a time-consuming process and in most cases should not be used. Notable exceptions to this are in small networks or in the network perimeter, as discussed in Chapter 9, "Where Firewalls Fit in a Network."

Default routing, also known as the route of last resort, provides a mechanism to configure a client or router with what is known as its default gateway. Default routing essentially says, "If you cannot figure out how to route this packet to the appropriate network, send it to the default gateway." Default routing is typically implemented on host systems because they generally do not need to know about every subnet on the network. In addition, default routing is commonly used on routers within an organization to point to the router that provides Internet connectivity. This ensures that all data destined for a network that is not defined on the internal network is directed to the Internet, without the organization needing to have routes to the entire Internet on all of their internal routers.

Dynamic routing functions almost exactly like static routing does, but the information is automatically provided through the use of routing protocols. These routing protocols replace all the manual requirements of static routing, which makes dynamic routing the routing method of choice for large or complex network environments. We will look at dynamic routing in more detail in a later section of this chapter.

How the IP Routing Process Works

For all the apparent complexity involved in routing, the routing process itself is a pretty simple and straightforward process. In fact, when you understand the routing process fundamentals, it does not matter how large or small the network is; the process is the exact same. To illustrate the routing process, look at Figure 3-15.

Figure 3-15. Routing Process


This example shows two hosts, Host A and Host B, on two separate networks. Host A has an IP address of 10.1.1.100 and a MAC address of 00:05:9A:3C:78:50. Host B has an IP address of 10.1.2.100 and a MAC address of 00:05:9A:3C:78:30. When Host A determines that it needs to communicate with Host B it will perform the appropriate name resolution to determine what the IP address of Host B is. When it receives the IP address of 10.1.2.100, Host A determines that Host B is on a remote network (through a process known as AND'ing) and thus that the data must be routed to Host B.

To do this, Host A builds an IP header with a source IP address of 10.1.1.100 (its own IP address) and a destination IP address of 10.1.2.100 (the IP address of Host B). This allows for each host to be logically identified by any device that receives the packet. When Host A builds the frame at Layer 2, however, it does something different with the source and destination MAC addresses. Physically, Host A cannot communicate directly with Host B. Instead, Host A has to physically communicate with something that can successfully route the data to Host B. In this case, that is the default gateway for Host A, which happens to be the E0 interface of the router. Host A uses the IP address for its default gateway (10.1.1.1) to ARP and resolve the MAC address for the E0 interface (00:05:9A:3C:78:00). After this has been determined, Host A builds the frame with a source MAC address of 00:05:9A:3C:78:50 and a destination MAC address of 00:05:9A:3C:78:00. At this point, the data is put on the network, where it is received by the router.

The router processes the frame, where it discovers that the frame is addressed to it. This causes the router to begin processing the IP header. When it does that, the router discovers that the packet is actually addressed to 10.1.2.100. In most cases, this causes the packet to be dropped, but routers first attempt to determine whether they have a route for the destination network or a default router. In this case, because the router is also connected to network 10.1.2.0/24, it determines that it can directly route the packet to the logical destination (Host B).

The router then rebuilds the frame, but it changes the source and destination MAC address. For the source MAC address, the router uses the MAC address of the interface that is connected to network 10.1.2.0/24 (in this case, 00:05:9A:3C:78:01). Because the router can directly communicate with Host B, it uses the MAC address 00:05:9A:3C:78:30 as the destination MAC address and sends the data across the network to be received by Host B.

When Host B processes the frame, it discovers that the frame is addressed to it. This causes Host B to begin processing the IP header, where it discovers not only that the packet is addressed to it but also the IP address of the source address (in this case, 10.1.1.100, the IP address of Host A). Therefore, Host B knows exactly what IP address it should address any responses to, repeating the routing process to ensure that the data eventually arrives at Host A.

Routing works the exact same way in larger networks, the only difference is the number of hops that a packet may traverse before ultimately arriving at its logical destination. Because the IP address of the packet is never changed, the logical destinations are always able to communicate with each other. The physical address of the frame changes every time a router rebuilds the frame, replacing whatever the source and destination MAC address with its own MAC address for the source and the MAC address of the next router or the final destination as the destination.

Different Classes of Routing Protocols

Although each routing protocol has its own specific functionality, they can all be generally classified as falling into three categories:

  • Distance vector Distance vector routing protocols are relatively simplistic in design and tend to use a "distance" to determine the best path. The distance is measured by counting how many times a packet goes through a router, known as a hop, until it arrives at the destination network. The smaller the hop count, the shorter and better the route. Distance vector routing protocols receive routing information from neighbors that they believe to be correct but do not verify. If a neighbor router claims that it can deliver data to a network, it is accepted as being accurate and correct. Because the source router has not independently verified the accuracy of this information, distance vector protocol routing is frequently referred to as "routing by rumor."

  • Link state Link-state routing protocols are more complex than distance vector protocols and can take into account information such as the network topology, bandwidth between routers, and congestion. Whereas distance vector protocols know only what they are told, link-state routing protocols typically build routing tables consisting of information about the entire topology, allowing each router to know how every other router is interconnected, thus allowing that information to be used for routing decisions. Because of this additional information, link-state routing protocols are known as being more intelligent than distance vector protocols, but they typically require more CPU and memory resources than distance vector protocols.

  • Hybrid Hybrid routing protocols use functionality from both distance vector and link-state routing protocols, attempting to leverage the best aspects of each while eliminating the drawbacks. Hybrid routing protocols are typically proprietary protocols such as the Cisco Enhanced Interior Gateway Routing Protocol (EIGRP).

Common Routing Protocols

There are a number of common routing protocols that most environments use.

Routing Information Protocol

RIP is a distance vector routing protocols that uses the hop count exclusively to make routing decisions. RIP supports a maximum hop count of 15 hops, making any destination that requires more than 15 hops to be unreachable. Therefore, RIP is suited for small and relatively simple network environments.

RIP has two different versions: 1 and 2. RIPv1 is a classful routing protocol, which means that it can only route between networks that are using the default subnet information. Because most networks today implement some form of CIDR, RIPv1 1 is typically no longer used. RIPv2 supports classless routing information, multicasts rather than broadcasts for communications, and provides the ability to ensure that routing data is only exchanged between hosts that can be authenticated. Because of the classless functionality and increased security of RIPv2, if you need to use RIP you should only use RIPv2.

Note

RFC 1058 defines RIPv1. RFC 2453 defines RIPv2.


Open Shortest Path First

Open Shortest Path First (OSPF) is a link-state routing protocol that uses the Dijkstra algorithm to determine the shortest path through the network. OSPF is a much more robust and scalable protocol than RIP, taking into account factors such as adjacency, neighbor information, link information, and bandwidth in making routing decisions. Because each router running OSPF has a table that contains the entire topology of the OSPF network, each router can determine the true best route through the network, taking into account things such as network speeds. For example, OSPF can determine that traversing three gigabit hops to access a network is faster than traversing two 1.544-Mbps hops.

Like RIP, OSPF also includes additional authentication mechanisms to ensure that only permitted routers and hosts can exchange routing information. Because of the increased functionality and scalability of OSPF, many networks have elected to use OSPF as the routing protocol.

Note

OSPFv2 is defined in RFC 2328. OSPFv1 is defined in RFC 1131, but it never made it to an operational status and therefore was never really used.


Border Gateway Protocol

OSPF and RIP are both routing protocols that were designed to primarily route data among systems that share a common administrative authority, typically referred to as an autonomous system. Autonomous systems tend to be smaller in size and easier to manage. For example, even a global company may only have 200 subnets that need to be routed. For that reason, OSPF and RIP are typically referred to as interior gateway protocols, because they are really designed for routing of data within a given environment, or autonomous system.

Border Gateway Protocol version 4 (BGPv4) provides for the routing of data between autonomous systems and does so on a scale of magnitude that interior gateway protocols cannot touch. For that reason, BGPv4 is referred to as an exterior gateway routing protocol. Because of this, BGPv4 is the standard method of routing data across the Internet. After all, the Internet is really just a collection of independently managed and maintained subnets and autonomous systems. Although OSPF and RIP can be used internally, most companies that need to connect to the Internet and share routing information with other routers on the Internet do so through the implementation of BGPv4.

Note

The following RFCs define BGP:

  • RFC 1267

  • RFC 4271




Previous page
Table of content
Next page
Firewall Fundamentals
Firewall Fundamentals
ISBN: 1587052210
EAN: 2147483647
Year: 2006
Pages: 147
Authors: Wes Noonan, Ido Dubrawsky
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
Adobe After Effects 7.0 Studio Techniques
GO! with Microsoft Office 2003 Brief (2nd Edition)
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
Java Concurrency in Practice
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy