Routing Basicswiki.netseclab.mu.edu.tr/images/c/cc/Routing.pdf · Protocol •Dynamic Routing Protocol Types •Distance Vector •Routing Information Protocol(RIP) •Interior Gateway

Routing Basics

1

Small additions by Dr. Enis Karaarslan, 2014

Purdue - Aaron Jarvis (Network Engineer)

Routing Concepts

• IPv4• Routing• Forwarding• Some definitions• Policy options• Routing Protocols

3

IPv4

• Internet uses IPv4– Addresses are 32 bits long– Range from 1.0.0.0 to

223.255.255.255– 0.0.0.0 to 0.255.255.255 and

224.0.0.0 to 255.255.255.255 have “special” uses

• IPv4 address has a network portion and a host portion

4

IPv4 address format

• Address and subnet mask– written as– 12.34.56.78 255.255.255.0 or– 12.34.56.78/24– mask represents the number of

network bits in the 32 bit address– the remaining bits are the host bits

5

What does a router do?

7

A day in a life of a router

find pathforward packet, forward packet,

forward packet, forward packet...find alternate pathforward packet, forward packet,

forward packet, forward packet…repeat until powered of

8

Routing versus Forwarding

• Routing = building maps and giving directions

• Forwarding = moving packets between interfaces according to the “directions”

9

IP Routing – finding the path

• Path derived from information received from a routing protocol

• Several alternative paths may exist– best path stored in forwarding table

• Decisions are updated periodically or as topology changes (event driven)

• Decisions are based on:– topology, policies and metrics (hop count,

filtering, delay, bandwidth, etc.)

10

1: How Does Routing Work?

• Internet is made up of the ISPs who connect to each other’s networks

• How does an ISP in Kenya tell an ISP in Japan what customers they have?

• And how does that ISP send data packets to the customers of the ISP in Japan, and get responses back– After all, as on a local ethernet, two way

packet flow is needed for communication between two devices

11


• ISP in Kenya could buy a direct connection to the ISP in Japan– But this doesn’t scale – thousands of ISPs,

would need thousands of connections, and cost would be astronomical

• Instead, ISP in Kenya tells his neighbouring ISPs what customers he has– And the neighbouring ISPs pass this

information on to their neighbours, and so on

– This process repeats until the information reaches the ISP in Japan

12


• This process is called “Routing”• The mechanisms used are called

“Routing Protocols”• Routing and Routing Protocols

ensures that the Internet can scale, that thousands of ISPs can provide connectivity to each other, giving us the Internet we see today

13


• ISP in Kenya doesn’t actually tell his neighbouring ISPs the names of the customers– (network equipment does not understand names)

• Instead, he has received an IP address block as a member of the Regional Internet Registry serving Kenya – His customers have received address space from

this address block as part of their “Internet service”

– And he announces this address block to his neighbouring ISPs – this is called announcing a “route”

14

Routing Protocols

• Routers use “routing protocols” to exchange routing information with each other– IGP is used to refer to the process

running on routers inside an ISP’s network

– EGP is used to refer to the process running between routers bordering directly connected ISP networks

15

IGP x EGP

An Interior Gateway Protocol (IGP) is a type of protocol used for exchanging routing information between gateways (commonly routers) within an Autonomous System

• Exterior gateway protocols (EGP) are

used to exchange routing information between Autonomous Systems and rely on IGPs to resolve routes within an AS.

What Is an IGP?

• Interior Gateway Protocol• Within an Autonomous System• Carries information about

internal infrastructure prefixes• Two widely used IGPs:

– OSPF– ISIS

17

Why Do We Need an IGP?

• ISP backbone scaling– Hierarchy– Limiting scope of failure– Only used for ISP’s infrastructure

addresses, not customers or anything else

– Design goal is to minimize number of prefixes in IGP to aid scalability and rapid convergence

18

What Is an EGP?

• Exterior Gateway Protocol• Used to convey routing

information between Autonomous Systems

• De-coupled from the IGP• Current EGP is BGP

19

Why Do We Need an EGP?

• Scaling to large network– Hierarchy– Limit scope of failure

• Define Administrative Boundary• Policy

– Control reachability of prefixes– Merge separate organizations– Connect multiple IGPs

20

Interior versus ExteriorRouting Protocols

• Interior– automatic

neighbour discovery

– generally trust your IGP routers

– prefixes go to all IGP routers

– binds routers in one AS together

• Exterior– specifically

configured peers– connecting with

outside networks– set

administrative boundaries

– binds AS’s together

21

Interior versus ExteriorRouting Protocols

• Interior– Carries ISP

infrastructure addresses only

– ISPs aim to keep the IGP small for efficiency and scalability

• Exterior– Carries customer

prefixes– Carries Internet

prefixes– EGPs are

independent of ISP network topology

22

Hierarchy of Routing Protocols

23

BGP4

BGP4and OSPF/ISIS

Other ISPs

CustomersIXP

Static/BGP4

BGP4

FYI: Cisco IOS Default Administrative Distances

24

Connected Interface Connected Interface 00Static RouteStatic Route 11Enhanced IGRP Summary RouteEnhanced IGRP Summary Route 55External BGPExternal BGP 2020Internal Enhanced IGRPInternal Enhanced IGRP 9090IGRPIGRP 100100OSPFOSPF 110110IS-IS IS-IS 115115RIP RIP 120120EGPEGP 140140External Enhanced IGRPExternal Enhanced IGRP 170170Internal BGPInternal BGP 200200UnknownUnknown 255255

Route SourceRoute Source Default DistanceDefault Distance

Dynamic Routing Slide

26

Basics of Dynamic Routing

Presented by Aaron Jarvis Network Engineer

Agenda

•Introduction to Dynamic Routing

•Choosing the Right Protocol

•Configuring Dynamic Routing

•How the ITaP Production Data Network uses dynamic routing

Agenda





Introduction to Dynamic Routing

•What is routing?•How data is forwarded between subnets•Network Layer or Layer 3 in the OSI Model•Provides end-to-end reachability

Introduction to Dynamic Routing

•How are routing decisions made?•Forwarded based on the destination IP address•Router builds/maintains a routing table

•Current view of the network•Populated either dynamically or manually

router#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.5.40.54 to network 0.0.0.0

69.0.0.0/19 is subnetted, 1 subnetsO E2 69.51.160.0 [110/1] via 192.5.40.54, 6d21h, Port-channel61O E2 199.233.104.0/24 [110/1] via 192.5.40.54, 3w4d, Port-channel61 192.5.40.0/24 is variably subnetted, 19 subnets, 4 masksD 192.5.40.238/32 [90/131328] via 192.31.0.13, 2d16h, Vlan4094 [90/131328] via 192.31.0.113, 2d16h, Vlan4084O IA 192.5.40.225/32 [110/2] via 192.5.40.54, 3w4d, Port-channel61O IA 192.5.40.227/32 [110/4] via 192.5.40.54, 3w4d, Port-channel61C 192.5.40.240/28 is directly connected, Vlan898D 192.5.40.168/29 [90/3072] via 192.31.0.113, 7w0d, Vlan4084 [90/3072] via 192.31.0.13, 7w0d, Vlan4094Snip……

Agenda





Choosing the Right Protocol

•Interior Routing Protocols•Used within an autonomous system•Used within an area of administrative control

•Exterior Routing Protocols•Used between autonomous systems•Used to peer with networks in which you have no administrative control


•Interior Routing Protocols•Static•RIP•OSPF•EIGRP•ISIS

•Exterior Routing Protocols•BGP

NOTE: This is not an exhaustive list of protocols available but merely a list of those commonly used.


•Static Routing•May be suitable on small networks•Administration intensive as changes have to be made on each router•Commonly used for default routing

•0.0.0.0/0 Next Hop Router


•Dynamic Routing Protocol Types•Distance Vector

•Routing Information Protocol(RIP)•Interior Gateway Routing Protocol(IGRP)•Enhanced Interior Gateway Routing Protocol(EIGRP)

•Link State•Open Shortest Path First(OSPF)•Intermediate System to Intermediate System(ISIS)

•Path Vector•Border Gateway Protocol(BGP)


•Routing Information Protocol(RIP)•RFC 1058(RIPv1), 1988

•Classful, no support for VLSM•No support for authentication

•RFC 2453(RIPv2), 1998•Classless, support for CIDR•Support for authentication

•Uses hop count as routing metric•Slow to converge•Not very scalable

•Limited to 15 hops


•Interior Gateway Routing Protocol(IGRP)•Invented by Cisco to overcome limitations of RIP•Allows for hop count up to 255•Allows for multiple route metrics

•Bandwidth•Delay•Load•MTU•Reliability

•Classful, no support for VLSM


•Enhanced Interior Gateway Routing Protocol(EIGRP)

•Replaced IGRP•Maintains a Topology table

•Successors, feasible successors•Allows for multiple route metrics•Classless, support for CIDR•Very fast to converge•Maintains neighbor relationships•Difusing Update Algorithm(DUAL)•Not as CPU intensive as OSPF

CIDR (Classless Inter-Domain Routing, sometimes known as supernetting) is a way to allocate and specify the Internet addresses used in inter-domain routing more flexibly than with the original system of Internet Protocol (IP) address classes.


•Open Shortest Path First(OSPF)•RFC 2328(OSPFv2), 1998•Maintains neighbor relationships•Concept of Areas

•Diferent areas can be used to control flooding of routing information

•Classless, supports VLSM•Fast to converge•CPU Intensive Dijkstra Algorithm•Designing can be complicated


•Intermediate System to Intermediate System(ISIS)

•RFC 1142, 1990•Dijkstra Algorithm•Mainly used by large service providers•Does not use IP to carry routing information

•Uses ISO addresses•Level Concept

•Level 1 or Intra Area•Level 2 or Inter Area•Level 1/2 or Both

•Classless, supports VLSM


•Border Gateway Protocol(BGP)•RFC 4271(BGPv4), 2006•Peers manually defined•Used typically for multi-homing to ISP(s)•Very scalable•Makes decisions based upon AS Path•Lots of policy options•Very granular control

Agenda





Configuring Dynamic Routing

•How to configure dynamic routing?•Choose a protocol that meets your needs•Each vendor has specific commands but should have a configuration guide available to assist•Plan well to ensure a functional network

•Create a diagram•Consider high availability technologies

HSRP VRRP

HSRP - Hot Standby Router Protocol (HSRP) is a Cisco proprietary redundancy protocol for establishing a fault-tolerant default gateway,

The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides for automatic assignment of available Internet Protocol (IP) routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork.


•Best Practices•Only enable a routing protocol for interfaces you intend on using

•If compromised can cause a lot of problems

•Enable authentication(if available)•Use authentication to ensure that the remote routers are valid peers


•Best Practices Cont…•Control Network Advertisements

•Only allow networks to be advertised that should be

•Private Address Space•Use only within your organization

•Private AS Numbers•Strip before sending to ISP

End of Inserted Slide

IP route lookup

• Based on destination IP address• “longest match” routing

– More specific prefix preferred over less specific prefix

– Example: packet with destination of 10.1.1.1/32 is sent to the router announcing 10.1/16 rather than the router announcing 10/8.

49

IP route lookup

• Based on destination IP address

50

10/8 announced from here

10.1/16 announced from here

Packet: DestinationIP address: 10.1.1.1

10/8 R310.1/16 R420/8 R530/8 R6…..

R2’s IP routing table

R1 R2

R3

R4

IP route lookup:Longest match routing


51R2’s IP routing table

10.1.1.1 && FF.0.0.0 vs.10.0.0.0 && FF.0.0.0

Match!10/8 R310.1/16 R420/8 R530/8 R6…..



R1 R2

R3

R4




52

10.1.1.1 && FF.FF.0.0 vs.10.1.0.0 && FF.FF.0.0

Match as well!

10/8 R310.1/16 R420/8 R530/8 R6…..




R1 R2

R3

R4




53

10.1.1.1 && FF.0.0.0 vs.20.0.0.0 && FF.0.0.0

Does not match!

10/8 R310.1/16 R420/8 R530/8 R6…..




R1 R2

R3

R4




54

10.1.1.1 && FF.0.0.0 vs.30.0.0.0 && FF.0.0.0

Does not match!

10/8 R310.1/16 R420/8 R530/8 R6…..




R1 R2

R3

R4




55

10/8 R310.1/16 R420/8 R530/8 R6…..


Longest match, 16 bit netmask



R1 R2

R3

R4


IP Forwarding

• Router decides which interface a packet is sent to

• Forwarding table populated by routing process

• Forwarding decisions:– destination address– class of service (fair queuing, precedence,

others)– local requirements (packet filtering)

• Forwarding is usually aided by special hardware

56

Routing Tables Feed the Forwarding Table

57

BGP 4 Routing Table

OSPF – Link State Database

Static RoutesRou

tin

g I

nfo

rmati

on

Base (

RIB

)

Forw

ard

ing

In

form

ati

on

Base

(FIB

)

Connected Routes

RIBs and FIBs

• FIB is the Forwarding Table– It contains destinations and the interfaces to get

to those destinations– Used by the router to figure out where to send the

packet– Careful! Some people still call this a route!

• RIB is the Routing Table– It contains a list of all the destinations and the

various next hops used to get to those destinations – and lots of other information too!

– One destination can have lots of possible next-hops – only the best next-hop goes into the FIB

58

Packet-switched networks• Packet-switched networks are built on

mesh topologies in which multiple paths to a destination exist. The links in the mesh are point-to-point links joined by routers.

Packet-switched networks

A path to a destination may go through any number of routers, and the path may change at any time due to traffic problems or failed links. In this environment, there are two possible packet-routing methods:- Hop-by-hop, destination-based routing

- Explicit routing

Hop-by-hop, destination-based routing

• This scheme is like getting directions along the way. A packet has a destination address. Each router looks at the address and makes a routing decision about how to forward the packet. Thus, decisions are made on a hop-by-hop basis in the network until the packet reaches its destination.

Explicit routing

• This scheme relies on a network made of switch routers or ATM switches. A predefined path is specified in advance for a packet. This is a virtual circuit in the ATM world. Since the path is predefined, the packet is switched at each node, thus eliminating the need to make routing decisions at every node along the path.

Explicit routing

Explicit routing is useful for traffic engineering, QoS (Quality of Service), and the prevention of routing loops. It requires path setup in advance, something that can be done in IP networks with MPLS (Multiprotocol Label Switching). Source routing is a form of explicit routing in which end systems discover a path through the network in advance of sending packets. Constraint-based routing is a related technique that builds paths based on various constraints programmed into the network, such as bandwidth requirements for specific types of traffic.

Explicit versus Default Routing

• Default:– simple, cheap (cycles, memory,

bandwidth)– low granularity (metric games)

• Explicit (default free zone)– high overhead, complex, high cost, high

granularity• Hybrid

– minimise overhead– provide useful granularity– requires some filtering knowledge

64

Egress x Ingress

• Egress Traffic: Network traffic that begins inside of a network and proceeds through its routers to a destination somewhere outside of the network.

• Ingress Traffic: Network traffic that originates from outside of the networks routers and proceeds toward a destination inside of the network.

Egress Traffic

• How packets leave your network• Egress traffic depends on:

– route availability (what others send you)

– route acceptance (what you accept from others)

– policy and tuning (what you do with routes from others)

– Peering and transit agreements

66

Ingress Traffic

• How packets get to your network and your customers’ networks

• Ingress traffic depends on:– what information you send and to

whom– based on your addressing and AS’s– based on others’ policy (what they

accept from you and what they do with it)

67

BGP and AS

• Internet is a network of interconnected networks.

• Border Gateway Protocol (BGP) is widely used for routing in the backbone of the Internet. BGP identifies networks which are under a common management as Autonomous Systems (AS).

• Each AS uses a unique Autonomous System Number (ASN) in BGP routing.

• According to CAIDA dataset, there are 45658 different (2014) ASN worldwide.

Autonomous System (AS)

• Collection of networks with same routing policy

• Single routing protocol• Usually under single ownership, trust and

administrative control69

AS 100

Caida As-rank http://as-rank.caida.org/

http://as-rank.caida.org/

NSP – IXP - Tier1

Network Service Providers (NSP) are organizations which provides direct access to the Internet. The biggest transit-free NSPs that can reach all other networks are called Tier-1. Tier-1 networks peer with every other Tier-1 network.

• Internet Exchange Points (IXP) are the aggregation points where networks peer with each other and high rate of network traffic is present. As an example, LINX is an IXP which has aggregated traffic up to 1.194 Tbps. There are 125 known IXPs in Europe.

Definition of terms

• Neighbours– AS’s which directly exchange routing information– Routers which exchange routing information

• Announce– send routing information to a neighbour

• Accept– receive and use routing information sent by a

neighbour

• Originate– insert routing information into external

announcements (usually as a result of the IGP)

• Peers– routers in neighbouring AS’s or within one AS

which exchange routing and policy information76

Routing flow and packet flow

For networks in AS1 and AS2 to communicate:AS1 must announce to AS2AS2 must accept from AS1AS2 must announce to AS1AS1 must accept from AS2

77

routing flowacceptannounce

announceaccept

AS 1 AS 2packet flow

packet flow

Routing flow and Traffic flow

• Traffic flow is always in the opposite direction of the flow of Routing information– Filtering outgoing routing

information inhibits traffic flow inbound

– Filtering inbound routing information inhibits traffic flow outbound

78

Routing Flow/Packet Flow:With multiple ASes

• For net N1 in AS1 to send traffic to net N16 in AS16:– AS16 must originate and announce N16 to AS8.– AS8 must accept N16 from AS16.– AS8 must announce N16 to AS1 or AS34.– AS1 must accept N16 from AS8 or AS34.

• For two-way packet flow, similar policies must exist for N1

79

AS 1

AS 8

AS 34

AS16

N16

N1

Routing Flow/Packet Flow:With multiple ASes

• As multiple paths between sites are implemented it is easy to see how policies can become quite complex. 80

AS 1

AS 8

AS 34

AS16

N16

N1

Routing Policy

• Used to control traffic flow in and out of an ISP network

• ISP makes decisions on what routing information to accept and discard from its neighbours– Individual routes– Routes originated by specific ASes– Routes traversing specific ASes– Routes belonging to other groupings

• Groupings which you define as you see fit81

Routing Policy Limitations

• AS99 uses red link for traffic to the red AS and the green link for remaining traffic

• To implement this policy, AS99 has to:– Accept routes originating from the red AS on the

red link– Accept all other routes on the green link

82

red

green

packet flow

Internetred

green

AS99

Routing Policy Limitations

• AS99 would like packets coming from the green AS to use the green link.

• But unless AS22 cooperates in pushing traffic from the green AS down the green link, there is very little that AS99 can do to achieve this aim

83

packet flow

red

green

red

green

InternetAS22 AS99

Routing Policy Issues

• Late May 2012:– 410000 prefixes

• Not realistic to set policy on all of them individually

– 42000 origin AS’s• Too many to try and create individual

policies for• Routes tied to a specific AS or path may

be unstable regardless of connectivity• Solution: Groups of AS’s are a natural

abstraction for filtering purposes

84

Routing Basics

End

85

Documents

Routing Basicswiki.netseclab.mu.edu.tr/images/c/cc/Routing.pdf · Protocol •Dynamic Routing Protocol Types •Distance Vector •Routing Information Protocol(RIP) •Interior Gateway