Routing Essentials

1
Routing Essentials

• E. Damiani

2
Common Routing Configuration

• Routing and routing protocols
• Three common routing configurations
• Minimal routing
• Static routing
• Dynamic routing
• The minimal Routing table

netstat -rn Routing tables Destination
Gateway Refcnt Interface 127.0.0.1
127.0.0.1 1 lo0 172.16.12.0
172.16.12.2 26 1e0
3
Building a static routing table

• To reach remote hosts, routes through external
  gateways must be added to the routing table.
• For example, on Solaris
• route add 207.25.98.0 172.16.12.1 1
• route add 192.0.2.32/27 somegateway
• route -fnvq add delete -net -host
  destination gateway args
• or
• route -fnvq change get -net -host
  destination gateway args
• destination is the destination host or network
• gateway is the next-hop intermediary through
  which packets should be routed.

4
Example
Add a default route on peanut through gateway
almond route -n add default 172.16.12.1 1 Try
to ping host on other local host connected to
pecan, What will happen?
5
Example 2

• ping 172.16.1.2
• PING 172.16.1.2 56 data bytes
• ICMP Host redirect from gateway almond.nuts.com
  (172.16.12.1)
• to pecan.nuts.com (172.16.12.3) for
  filbert.nuts.com (172.16.1.2)
• 64 bytes from filbert.nuts.com (172.16.1.2)
  icmp_seq1. time30. ms
• C
• ----172.16.1.2 PING Statistics----
• 1 packets transmitted, 1 packets received, 0
  packet loss
• round-trip (ms) min/avg/max 30/30/30

6
Static routing

• ICMP redirect works well for some old models with
  limited routing functions.
• To avoid redirect specific routes can installed
  for each subnet using individual route statement.
• route -n add 172.16.1.0 172.16.12.3 1
• add net 172.16.1.0 gateway 172.16.12.3
• route -n add 172.16.6.0 172.16.12.3 1
• add net 172.16.6.0 gateway 172.16.12.3
• route -n add 172.16.3.0 172.16.12.3 1
• add net 172.16.3.0 gateway 172.16.12.3
• route -n add 172.16.9.0 172.16.12.3 1
• add net 172.16.9.0 gateway 172.16.12.3

7
Installing static routes at startup

• Add the desired route statements to a startup
  file.
• On Solaris, /etc/init.d/inetinit
• route -n add default 172.16.12.1 1 gt /dev/console
• route -n add 172.16.1.0 172.16.12.3 1 gt
  /dev/console
• route -n add 172.16.6.0 172.16.12.3 1 gt
  /dev/console
• For Linux, /etc/rc.d/rc.local
• Disable the routing protocol if it was setup
  running.

8
Interior Routing Protocol

• Interior Protocols
• The Routing Information Protocol (RIP)
• Hello
• Intermediate System to Intermediate System
  (IS-IS)
• Open Shortest Path First (OSPF)
• RIP
• Delivered with many Unix system, Daemon routed
• On Solaris, if more than two interfaces or
  /etc/gateways exists, routed will be started.

9
Base of RIP Distance Vector Routing

• Limited state information. Just the next hop and
  cost.

A
D
A
D
F
C
B
H
G
E
10
Distance Vector Routing Dynamic Programming

• Suppose a new node comes on line.

I
11
Distance Vector Routing Dynamic Programming

• Suppose a new node comes on line.
• Suppose I first talks to A.

A
I
12
Distance Vector Routing Dynamic Programming

• Suppose a new node comes on line.
• Suppose I first talks to A.
• Next I talks to D.

I
D
13
Distance Vector - Algorithm

• Start with all destinations with infinite
  distance, except for the actual node, which is
  distance 0.
• Every 30 seconds (RIP), or when a change occurs
  in the table, send table to neighbors.
• If the distance to a prefix advertised by a
  neighbor is less plus the distance to the
  neighbor is less than known distance, reduce
  distance to prefix and route packets with that
  destination prefix to that neighbor.

14
Count to Infinity Problem
15
Approaches to Mitigate Count to Infinity

• Why is count to infinity a problem?
• It generates tons of routing updates too much
  traffic
• The network should report that a route is
  unreachable.
• One possible answer Put upper bound an upper
  bound the the diameter of the network.
• But what is the network grows? (as it did).
• Techniques
• Split horizon. A router does not report a
  distance to the neighbor it learned the distance
  from.
• Split horizon with poison reverse. If A
  advertises the best cost to E to B, then B
  advertises a cost of infinity to E back to A.
• This only works for loops that involve two nodes.
  With larger loops, the mitigation is more
  difficult and these remedies reduce the rate of
  convergence.
• The way to fix it is to use link state routing.

16
RIP

• For non-gateway hosts, prevent advertising
  routes -q option
• /etc/gateways
• Additional routing information
• Define an active default route
• net 0.0.0.0 gateway 172.16.12.1 metric 1 active
• Active route
• Can be updated by RIP
• Active gateway is expected to supply routing
  information
• Active gateway will be removed if it does not
  provide routing updates for a while
• Passive route
• Stay as long as system is up
• Permanent static route
• Prevent routing protocol from dynamically
  updating the route to reflect the changing
  network conditions.

17
RIP

• Shortcomings
• Limited network diameter
• 15 hops
• Slow convergence
• Classful routing
• Improvement
• Split horizon
• A router does not advertise routes on the link
  from which those routes were obtained.
• Poison reverse
• Router should advertise an infinite distance for
  routes on this link
• Triggered update
• In stead of waiting, a triggered update is send
  immediately.
• RIP2 adds network mask and a next-hop address in
  original RIP packets.

18
Open Shortest Path First

• Based on link-state Each routers shares info
  about its neighbors with the entire network.
• OSPF defines a hierarchy of routing area within
  an autonomous systems
• Areas
• Backbone
• Stub area
• OSPF link-state database can be big
• Dividing the autonomous system into areas
  improved efficiency
• Use designated router
• OSPF is used on dedicated routers, e.g. Cisco.
• Use Zebra on Linux

19
Link State Routing (IS-IS and OSPF)

• Each router learns the entire network. (Compare
  to distance vector)
• If the entire network is known, the shortest cost
  routing can be computed.
• Each router advertises to its neighbors who it is
  connected to.
• Each router floods any advertisement it receives.

20
Link State Routing

• PHASES
• HELLO Determining who the router is connected
  to.
• Reliable Flooding of LSA (link state
  advertisement) and keeping/getting up-to-date
  information.
• Calculate shortest path.

21
HELLO

• Periodically, a node sends a HELLO LSP (Link
  State Packet) to its neighbors.
• The neighbor responds with a HELLO reply.
• This way the router can determine which router it
  is connected to.
• The default period is 10 30sec.

22
Reliable Flooding

• Each LSP contains
• The ID of the node that created the LSP.
• The list of the neighbors directly connected to
  that node with the cost of each link.
• A sequence number
• A time to live
• Each LSP reception is ACKed.

23
Sequence Number

• The node that generated the LSA increments the
  sequence number for each LSA it sends out.
• The sequence number is 32 bits long, so wrap
  around is not possible.
• When router receives an LSA, it checks if the seq
  num of the received LSA is larger than the LSA in
  memory.
• If the LSA has a larger seq. num, it is stored,
  the old one discarded and the new LSA is flooded
  to all neighbors, except the one that sent it.
• If the LSA has a smaller or equal seq. no, it is
  discarded.

24
(No Transcript)
25
Time to Live (TTL)

• Each second a LSA sits in memory, its TTL is
  decremented.
• Each time the LSA is transmitted, its TTL is
  decremented.
• When the TTL reaches zero, the LSA is discarded
  and the router floods the LSA with TTL0 to tell
  other routers to delete this information.

26
OSPF Header
Type 1hello 2database description 3link
status request 4link state update 5link state
ack
version
type
length
Source address
Address of the sender
Area ID
Checksum
Authentication type
Authentication
Which area the packet originated
27
OSPF LSA
Like TTL
LS Age
Options
Type1
Link State ID
The same
Advertising Router
Seq. No
Checksum
Length
Number of Links
Link ID
Link Data
Metric
Link Type
Num TOS
Optional TOS
More Links
28
Managing Rebooting

• When a node reboots, it doesnt know its seq. no.
  
• It floods its link state with seq. no. 0.
• It sends a Link State Request to its neighbors
• The neighbors respond with the most up to date
  LSA they have. These LSA may contain the LSA of
  the before it crashed. In this case, the node
  updates its seq. no.
• Remember that every time a router gets a new
  info, it floods the information.

29
(No Transcript)
30
(No Transcript)
31
Security Issues

• An attacker could send fake LSAs.
• Must filter out LSA from any other source but the
  neighbor and use authentication.
• If a router is compromised, it could advertise a
  low cost to all nodes. Then all nodes will send
  packets to this node and the network would stop
  working.

32
metrics

• ARPANET the link cost included the size of the
  queue (a measure of congestion).
• This does not work..
• Static cost just use delay (Juniper seems to do
  this)
• Dynamic cost must make sure that link costs do
  not vary too much.
• The cost can is restricted to only change slowly
  over time.
• The cost between links cannot vary much. There
  cannot be more than a factor of 7 difference
  between the most and least expensive link.
• The cost of a link can only vary by a factor of
  3.
• Cost only depends on utilization at moderate or
  high loads.
• Only send updates when the cost crosses a
  threshold.
• Is this stable?

33
TOS Type of Service

• A data packet can identify the type of service it
  wants.
• The router can provide different routing
  according to the TOS.
• To support this, OSPF allows the link cost to
  depend on the TOS.
• This is not widely deployed.

34
Exterior routing protocols

• Exchange routing information between autonomous
  systems
• Reachability information
• Exterior Gateway Protocol (EGP)
• Acquiring a neighbor Establish dialog between
  two EGP gateways using hello and I-heard-you.
• Requesting routing information called poll
• Sending a packet of reachability called update
• EGP Does not attempt to choose the best route
• In the old time core gateways were expected to
  have the information necessary to choose the best
  external routes.

35
Exterior Routing Protocols

• Border Gateway Protocol (BGP)
• Support policy-based routing
• No-technical reasons to make routing decisions.
• Political, organizational, or security
• Routing policies are not part of the BGP
  protocol. Policies are provided externally as
  configuration information.
• Routing Arbiters (RAs) at the NAP can be queries
  for routing policy information.
• Bilateral agreements on private policy between
  ISPs
• How BGP uses policy?
• Control the routes it announces to others
• Control the routes it accept form others

36
BGP

• BGP is implemented on TCP, port 179
• BGP is a path-vector protocol.
• Entire end-to-end path of a route in the form of
  a sequence of autonomous system numbers.
• Eliminate the possibility of routing loops and
  count-to-infinity problems.
• Most systems never run exterior protocols
• Only on gateways that connect AS to another AS.

37
Choosing a routing protocol

• Local area networks, RIP is the choice
• Larger networks, OSPF is the choice
• Exterior routing protocol, BGP or what the other
  part is running.
• Equipment affects the choices
• Routers support a wide range
• Most Unix systems are delivered with only RIP.
• Daemon gated give the options of using Unix
  System as a router.

38
Gateway Routing Daemon

• Combines several different routing protocols in a
  single software package.
• System can run more than one routing protocol.
• Routers learned from interior protocol can be
  announced via exterior routing protocol.
• Routing policy can be implemented
• All protocols are configured from a single file (
  /etc/gated.conf)
• Constantly upgraded

39
Gateds preference value

• Routing implementation has two sides
• External exchange routing info
• Internal update routing table
• Gated can pick the best route from multiple
  protocols.
• Metric may be different hop account, delay,
• Gateds own value preference

40
Configuring gated

• Available at http//www.gated.org
• /etc/gated.conf
• Multiple protocols are configured in the same
  file.
• Sections
• Option statement
• Interface statement
• Definition statement
• Unicast statement
• Multicast protocol statement
• Static statements
• Control statement
• Aggregate statement

41
A host configuration

• enable rip, don't broadcast updates,
• listen for RIP-2 updates on the multicast
  address,
• check that the updates are authentic.
• rip yes
• nobroadcast
• interface 172.16.9.23
• version 2
• multicast
• authentication simple "REALstuff"

42
Interior Gateway configurations

• Don't time-out subnet 9
• interfaces
• interface 172.16.9.1 passive
• Define the OSPF router id
• routerid 172.16.1.9
• Enable RIP-2 announce OSPF routes to
• subnet 9 with a cost of 5.
• rip yes
• broadcast
• defaultmetric 5
• interface 172.16.9.1
• version 2
• multicast
• authentication simple "REALstuff"

43
Interior Gateway configurations (cont)

• Enable OSPF subnet 1 is the backbone area
• use password authentication.
• ospf yes
• backbone
• authtype simple
• interface 172.16.1.9
• priority 5
• authkey "It'sREAL"

44
Exterior Gateway Configuration

• Defines the OSPF router id
• routerid 172.16.1.1
• Disable RIP
• rip no
• Enable BGP
• bgp yes
• preference 50
• group type external peeras 164
• peer 10.6.0.103
• peer 10.20.0.72
• Enable OSPF subnet 1 is the backbone area
• use password authentication.
• ospf yes
• backbone

45
Exterior Gateway Configuration (cont)

• Announce routes learned from OSPF and route
• to directly connected network via BGP to AS 164
• export proto bgp as 164
• proto direct
• proto ospf
• Announce routes learned via BGP from
• AS number 164 to our OSPF area.
• export proto ospfase type 2
• proto bgp as 164
• all