Tuesday, December 21, 2010

Passive interface on routing update

Routing update usually updates the nearby routers about the current configuration of a router. There is a way in order not to transmit updates about the status of the router by using passive interface. Passive interface means that the interface will receive the update from other neighboring routers, but will not transmit its routing table configuration.


To apply passive interface use the command:

(config)#router rip // do it on the hub router to be a passive interface
(config-router)#passive-interface

To cancel passive interface then:
(config-router)#no passive-interface

It is possible to send updates to only a specific router neighbor. To do this, the hub router must be set in the passive interface first.
To do this type the command:

(config)#router rip
(config-router)#neighbor // will send the update to the selected neighbor.

To verify this, type the command #show ip route

Posted by at No comments:
Labels: ,

Setting Authentication for routing updates

Authentication in receiving and processing a routing update is important. In this way, the received information is trusted before it is being processed. The authentication method can be done in two ways which is clear text, and MD5. When using clear text, the password that has been set can be clearly seen. When using MD5, the password is encrypted. Therefore, it is recommended to use MD5 authentication.

To set the password in routing updates:
(config)#key chain //word is used to remember the key
(config-keychain)#key //set a key number to be configured later
(config-keychain-key)#key-string //set the password for the key number

Then apply the key to an interface:
(config)# // apply the key to an interface
(config-if)#ip rip authentication mode // choose MD5 or text
(config-if)#ip rip authentication key-chain //the must be the same as the in key chain configuration, not the password

Apply the same commands above (6 commands) to the peer of the interface communicating, including the same authentication mode (md5 or text), else communication will not happen since one of the router asks for authentication and the peer will not give the password since it does not know the password. Therefore, the router will ignore packets from other router since the password is not the same (invalid authentication).

-- 22 December 2010 --
Posted by at No comments:

Distance Vector routing, RIPv1, RIPv2, IGRP, EIGRP

Distance vector routing protocol is a routing protocol that allows the router route an arriving packet to its distance. Distance vector uses Bellman-Ford Algorithm where it uses 2 methods to send the packet:

1. It calculates its distance to the destination by hop counting
2. It uses its vector to direct the router where to send its packet to (the next router or hop) in order to reach the destination

The DV protocol is suitable for smaller and stable environment because a DV protocol takes a long time to converge which is a drawback. Also a drawback is that DV cannot distinguish speeds of the lines. Therefore, a directly connected E1 line or a directly connected 56 kbps line will be considered the same. Another disadvantange is that RIP and IGRP broadcasts its routing table every 30 seconds and 90 seconds whether there is a change in the network topology or not. This behavior will waste unnecessary bandwidth. However, DV has its advantages which is less overhead and less computation.

To shorten the convergence of the networks and possible looping occurrences, route poisoning is applied. By using route poisoning, the maximum hop counts is limited to 15. When the hop count is 16, the packet will be dropped. Also, when a router is down, it will set the destination to it as infinity (16 hops) and will 'poisen' the route to that router.

Protocols that uses distance vector routing is RIPv1, RIPv2, IGRP and EIGRP.

The characteristics of RIPv1 are:

- updates broadcasts every 30 sec to 255.255.255.255 despite there is a change it its topology or not.
- uses classfull protocol thus not supporting VLSM
- equal cost sharing is set as a default feature
- max hop counts = 15 hops (16 hops is considered as infinite)
- does not support clear-text or MD5 authentication
- route max = 25 routes. For more than 25 routes, another packet must be generated.

The characteristics of RIPv2 are:

- updates multicasts every 30 sec to 224.0.0.9 despite there is a change it its topology or not.
- uses classless protocol thus supports VLSM
- equal cost sharing is set as a default feature
- max hop counts = 15 hops (16 hops is considered as infinite)
- does support clear-text or MD5 authentication. MD5 authentication is recommended since the password is encrypted.
- route max = 25 routes. For more than 25 routes, another packet must be generated.

The characteristics of IGRP are:

- updates broadcasts every 90 sec to 255.255.255.255 despite there is a change it its topology or not.
- uses classfull protocol thus not supporting VLSM
- this protocol is Cisco proprietary protocol
- equal cost can be enabled with variance command

The characteristics of EIGRP are:

- updates multicasts to 224.0.0.10. A full routing table multicast will be sent when an adjecency is formed. When there is a change in the network, only the change of the topology will be updated.
- uses DUAL algorithm
- equal cost can be enabled with variance command


-- 22 December 2010 --

Posted by at No comments:
Labels: , , , ,

Administrative Distance Values

Administrative distance are values that are needed to select the best route when there are more than one route to the destination, if the prefix of the route are the same. The AD with the lowest value will be selected first.Here are the administrative distance values of different routing protocols and connected networks.
Protocol Administrative distance
Directly connected route 0
Static route to next-hop address 1
EIGRP summary route 5
External BGP 20
Internal EIGRP 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
EGP 140
ODR 160
External EIGRP 170
Internal BGP 200
DHCP-learned 254
Unknown 255

-- 22 December 2010 --
Posted by at No comments:

Monday, December 6, 2010

DHCP Process

Dynamic Host Configuration Protocol (DHCP) is a protocol to assign an IP address to a client that requests for an IP address.

There are 4 stages in assigning a IP address using DHCP:

1. Client to server --> DHCPDiscover. In this process the client broadcasts a request asking if there are any DHCP servers available.

2. Server to client --> DHCPOffer. Here the server chooses an IP address from its pool and sends the assigned IP address with additional information (gateway, lease time etc) to client. If there are multiple DHCP server, the client will process and accept the first offer it receives. Before the DHCP server offers the address, it will firstly make sure that the IP address is currently not used (or being given by another DHCP server) by sending 2 ping commands to the IP address with an RTO=500 ms (can be modified by the command (config)#ip dhcp ping packets and (config)#ip dhcp ping timeout). If there is no reply the IP address is clear to use, but if there is a reply the address is being used by someone and DHCP server will choose another IP address from its pool and check the ip address again before offering it to the client.

3. Client to server --> DHCPRequest. In this process, the client accepts the IP address by sending packets with the IP address to the DHCP server.

4. Server to client --> Check. If the IP address is the same as given by the server, then the DHCP server will send DHCPAck with additional info. If it is not the same, the DHCP server will take the offered address back to the pool, meaning that the client has already another IP address.

To configure DHCP service on a router type the command:
(config)#service dhcp

This will enable cisco router to do dhcp by being a DHCP server. It does not necessarily acts as a main dhcp server, but the router can act as a secondary/standby dhcp server in case the main DHCP server goes down.

To disable dhcp service simply put the command:
(config)#no service dhcp

There are several DHCP Assignment Methods which are:

1. Dynamic --> This is the default assignment method where the client is assigned an ip address for a given period of time.
2. Manual --> This method uses static mapping/binding ip addresses to mac address
3. Automatic --> In this method DHCP server chooses IP address from pool to a mac address of the client and permanently binding them

The methods of binding itself is divided in 2 ways:

1. Manual binding, where the IP address is binded to the MAC address if the host is found in the DHCP database. The binding info database is kept in the NVRAM, which means it will be kept when the router is reloaded.
2. Automatic binding, where the IP address is binded to the MAC address, but the binding database is kept on a DHCP Database Agent (a remote device e.g. tftp server).

To create binding:
(dhcp-config)#host
(dhcp-config)#hardware-address xxxx.xxxx.xxxx
(dhcp-config)#client-name

To set dhcp server database location use the command
(config)#ip dhcp database

To create dhcp pool type the command:
(config)#ip dhcp pool
(dhcp-config)#network

There is a possibility to exclude an IP range from the subnet mask to prevent that IP address being given as an DHCP ip address by typing the command:
(config)#ip dhcp exluded-address // if single ip, no high ip address required

To set the lease time of the assigned IP address:
(dhcp-config)# lease

The IP helper address is another useful feature. Basically, a host broadcasts its DHCP request to search for DHCP servers. However, routers are L3 devices which do not forward broadcasts. The IP helper is ther to resolve this problem, because the hosts' broadcasts are translated to unicasts and therefore makes it possible for the router to send the packet to the desired DHCP server destination. The router here acts as dhcp relay agent.

To configure on interface of the router of the incoming host/receiving the broadcast:
(config-if)#ip helper-address

For more advanced networks use DHCP relay agent (insert its own router information when forwarding dhcp packages in the network) called option 82:
(config)#ip dhcp relay information option

-- 9 December 2010 --

Posted by at No comments:
Labels: , , ,

ip route, ip default-network, ip default-gateway

There are 3 ways to set a default route which is ip route, ip default-network and ip default-gateway.

ip route is mostly used as the gateway of last resort. When showing the show ip route command, the default route will be marked as S*.

ip default-network is applied for candidate default route. The ip routing must be enabled for this process to work. The command will be applied in the router to the default network. It will then notify other neigboring routers and will appear on the other routers as the default route.

To configure the default network on the main route:
(config)#ip default-network

On the other routers when show ip route, it will show the default route as
R* 0.0.0.0/0 [120/1] ...

Notice that the router will be the default route (R*) not the usual static route (S*)

ip default-gateway is used when IP routing is disabled on the router. It is basically used as a gateway from the host to the outside world.

-- 6 Dec 2010 --

Posted by at No comments:
Labels: , ,

Static Route, Floating Static Route and Default Static Route

Static route is used when one wants to define the routing process manually.

The static route command is as below:

(config)#ip route

On the exit interface of the router part, the interface can be defined as the type of interface (e.g. serial0, fa0/2) or it can be defined as the ip address of the outbound interface of the router. The difference is that when we set it with the type of interface, the route is configured to be directly connected (AD=0), while the option of setting the IP address of the outbound interface will be considered as static route (AD=1)

The example below shows the 2 different configuration, but has actually the same meaning:

(config)#ip route 10.10.10.10 255.255.255.255 172.168.10.10 --> static route AD=1
(config)#ip route 10.10.10.10 255.255.255.255 serial0 --> direct connected AD=0

A floating static route is a route that is used to back up a dynamic protocol. So, the floating static route will take over the routing when the dynamic protocol such as RIP or OSPF goes down for some reason on an interface. The key in setting a floating static route is the same as in configuring a static route, but adding the administrative distance of it. The AD must be higher than the current value of the dynamic protocol. If we use RIP as the protocol we must set the floating route higher than 120. A value lower than 120 will have the opposite effect; the static route will be applied in routing rather than the RIP.

The floating static route can be done with the command:

(config)#ip route

The default static route is used as a gateway of last resort. If the router does not have a routing table of an incoming packet, then the router will send the packet to according to the default static route. If this route is not set, unknown incoming packets will be dropped.


The command for default static route can be shown below:

(config)#ip route 0.0.0.0 0.0.0.0 /

The symbol for default static route will be S* --> AD=0 (directly connected)/1(static)

Sometimes when updating routing policies the routes are not updated directly. A useful way to refresh the changes is to clear the ip route, and let the router discover the table again by applying the command:

RX#clear ip route*


Posted by at No comments:
Labels: , , , ,

Sunday, December 5, 2010

Routing Table Operation

Routers use their routing tables to determine the outgoing route of the incoming packets. The routing table operation goes as follow in the following order:

1. The route with the longest prefix (or the shortest subnet mask) will be prioritized first, despite of its routing protocol. So if there is a RIP route of 172.10.10.0/28 and an OSPF route of 172.10.10.0/29, it will choose the OSPF route when sending outgoing packets because 172.10.10.0/29 (6 hosts) has a longer prefix and thus more specific hosts than the 172.10.10.0/28 (14 hosts) route.

2. If the route has the same prefix length, it will look for its administrative distance (AD) of the connection to the neighboring routes. Administrative distances are distances that are measured based on the reliability of the connection and routing protocol of one router to the other. Routes with a lower AD are considered more reliable and will be chosen over the other routes with a higher AD number.

For example, directly connected routes are considered very reliable and has therefore an AD=0. RIP routes are considered simple and not so reliable and has therefore an AD=120. OSPF are considered more reliable than RIP and is given an AD=110.

3. If (1) and (2) are the same for multiple routes, the router will look for its metrics according to its table. The metric is the cost of a route to go from the source address to the destination address. Metrics are different from each other's routing protocol.

RIP metrics uses hop counts where the path with the lowest hops of routers is considered as the shortest path. OSPF metric uses cost which is the inversely proportional bandwidth of the current connection and gets prioritized. Lower cost means a faster interface with higher speed and gets prioritized. IGRP uses a composite metric, based on a the composite of bandwidth, delay, load, reliability and max. MTU. By default, IGRP chooses its route based on bandwidth and delay only. Lowest composite metric means better connection and gets prioritized.

4. If (1) to (3) has the same values, then equal-cost load sharing will be applied, where the load will be equally shared between the multiple connections.

In any of the 4 cases above, only the best route is shown on the show ip route command. The alternative route is there when the best route is down, but the alternative route configuration will not be shown in the show ip route command.

To show the IP route type the command:
RX#show ip route

It will show the routing configuration. A B[C/D] via E (optional), F, G
where:
A = type of connection (direct, RIP, IGRP etc)
B = the destination group IP address
C = administrative distance
D = metric
E = next hop inbound interface (not the final destination)
F = length of connection
G = interface connected to

for example:

R 172.10.0.0 [120/5] via 10.20.30.40, 0:02:34, serial0

means that the connection uses RIP routing protocol to the destination 172.10.0.0 with the administrative distance of RIP=120 and the metric of 5 hops. 10.20.30.40 is the inline interface of the next hop and the router is already connected for 2 minutes and 34 seconds. The connection is connected to the serial0 of the router.

-- 6 December 2010 --

Posted by at No comments:
Labels: , , , , , , ,

Classfull Routing Protocol vs Classless Routing Protocol

The difference between classfull routing and classless routing lies in VLSM. VLSM (Variable Length Subnet Masking) is an extended version of the standard subnet mask /8, /16, or /24. With VLSM subnet masks such as /22, /26, /27, /28 etc can be applied to the network.

Classfull routing protocol DOES NOT support VLSM. Therefore, routing using a classfull protocol can only be done with routes having standard subnet which is 255.0.0.0/8, 255.255.0.0/16, and 255.255.255.0/24. Routing protocols that use this protocol are RIPv1, IGRP.

Classless routing protocol DOES support VLSM. In this way, routing can be applied into more specific and smaller groups, and is therefore more accurate and distributes less traffic. Routing protocols that uses classless routing protocol is RIPv2, EIGRP and OSPF

-- 6 December 2010 --
Posted by at No comments:

Thursday, December 2, 2010

Routing Protocol vs Routed Protocol

We often hear the term routing protocol and routed protocol. These 2 protocols is sometimes confusing since they sound almost the same but have actually different meanings.

A routing protocol is a protocol that defines how routers should communicate with each other. It will send and receive information from other routers about its connection, metric, etc., in order to make the own router understand how to and where to send packets to and from other routers. The information itself will be updated if there are changes, in order to get the latest configuration system of the network. Examples of routing protocols are RIP, IGRP, EIGRP, and OSPF.

A routed protocol is a protocol that defines the format of a packet and what information it should contain in order to be able to be routed. For example, IP is a routed protocol. In an IP packet, source IP and destination IP should be available in the packet in order to be able to be read by the router, thus can be forwarded. So, a routed protocol is a packet protocol that can be routed by a rounting protocol. Other examples of a routed protocol is IPX, DECnet, Apple Talk, Banyard Vines, and Xerox Network System (XNS).

-- 3 December 2010 --
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)