Computer Networks and Distributed Systems TFTP Bootstrapping with Cisco Routers

1
Computer Networks and Distributed SystemsTFTP
Bootstrapping with Cisco Routers

• Reto Gantenbein
• Universität Bern

2
Content

• Introduction
• Module Description
• Original Bootstrapping
• Motivation
• Usability/Security Issues
• Bootstrapping with TFTP Server
• Script Changes
• TFTP Server Installation
• Improvements
• Disadvantages
• Summary

3
Introduction

• The TFTP router bootstrapping was realised in the
  network environment of the VITELS IP-Security
  module
• This module is activly used by the
  'Computernetworks' lecture
• Because of several problems a change to new
  hardware was necessary
• The new procedure was implemented during a
  adaption of the original script layer to a new
  installation
• Several security and usability issues could be
  fixed

4
Module Description

• The VITELS IP Security Module
• small independent experiment network
• only accessible through portal server
• no network routing between Internet and module
• provides networking exercises for students
• router configuration
• traffic sniffing
• connection encryption
• shows transparency of normal network traffic

5
Module Description
6
Original Bootstrapping

• reset script hard resets routers
• serial relay card is connected to the router
  power supply
• routers load basic command interpreter (called
  Rommon)
• reset script interrupts boot process and sets
  router configuration registers
• reload of Rommon
• automatic loading of the router operating
  system (IOS)
• IOS is stored on router flash memory
• user gets privileged command line without
  authentication
• user has to delete previous IOS configuration
  files

7
Motivation

• Changed module to new hardware
• Usability issues
• Security issues
• New possibilities with TFTP server as image
  source

8
Usability Issues

• User has to manually delete previous IOS
  configuration (or could use them again for his
  own exercise!).
• Only one IOS version is possible, because of
  limited storage space on router flash memory.

9
Security Issues

• If the user deletes IOS image on router flash
  memory, no further use of the router is possible
  anymore.
• IOS must be manually restored by module
  maintainer.
• Stored files stay on router flash memory even
  after resetting on user change.
• Router bootstrapping can be interrupted by user
  and own file from memory can be selected to load.

10
Bootstrapping with TFTP Server

• reset script hard resets routers
• Rommon is loaded
• reset script interrupts boot process
• sets router configuration registers
• reloads Rommon
• sets basic network configuration for TFTP
  download
• router downloads fresh router IOS from TFTP
  server
• all previous stored files on flash memory are
  overwritten (this includes the IOS configuration
  files)
• Rommon starts confidential IOS image

11
Script Changes

• myport-gtpulse_break_on(1000)
• send_router_command(myport,"confreg
  0x2140\n",1)
• send_router_command(myport,"reset\n",10)
  
• if (myrouter eq RouterLibROUTER1)
• send_router_command(myport,"IP_ADDRES
  S10.2.0.10\n",1)
• else
• send_router_command(myport,"IP_ADDRES
  S10.2.0.20\n",1)
• send_router_command(myport,"IP_SUBNET_MAS
  K255.255.255.0\n",1)
• send_router_command(myport,"DEFAULT_GATEW
  AY10.2.0.1\n",1)
• send_router_command(myport,"TFTP_SERVER1
  0.2.0.1\n",1)
• send_router_command(myport,"TFTP_FILEcur
  rentIOS\n",1)
• send_router_command(myport,"tftpdnld\n",2
  )
• send_router_command(myport,"yes\n",170)
• send_router_command(myport,"boot
  flashcurrentIOS\n",80)
• send_router_command(myport,"no\n",1)

12
TFTP Server Installation

• TFTP Server Daemon tftpd-hpa (Debian)
• enhanced OpenBSD Project
• widely configurable
• permits file uploading (not enabled by default)
• runs via Inet-Daemon
  
  
  BOOT
  Tftp service is provided primarily for booting.
  tftp dgram udp wait root
  /usr/sbin/tcpd /usr/sbin/in.tftpd \ -s
  /tftpboot -u tftpd -a 10.2.0.169

13
Improvements

• provides the same initial state of the routers
  for every user
• router can boot even if a user deletes the
  current IOS
• no dead files on router flash memory
• not possible to load any unwanted code anymore
• in combination with new webportal, a user's
  choice for the wanted IOS image is possible
• the Rommon loads the currentIOS file, which is a
  symlink on the image server directory to a
  default IOS image

14
Disadvantages

• it is still possible to interrupt the
  bootstrapping process by sending BREAK signal via
  Minicom
• only Cisco 2600 Rommon supports bootstrapping via
  TFTP
• Cisco 3600 can only be fully reset by image
  transfer over serial line or after upgrading the
  Rommon-Chip to a newer version.
• a lot of writing cycles on router flash memory

15
Summary

• Router Bootstrapping via TFTP Server
• improves situation for module users
• improves situation for module maintainers
• is simple to use
• clears some security issues
• offers new possibilities for further enhancements