IP Routing
I have alluded to routing repeatedly in this chapter but have not really explained the
routing process in detail and why it is important to us. Routing is nothing more than
taking the data from a host and transmitting it across the network to a host on a different
subnet. To do this, routers (and firewalls) need to be able to determine what network the
data needs to be delivered to. We have already established how an IP address can be
configured with different network IDs, which is what routers use to determine what
specific subnets exist.
Routers collect this information regarding the subnets that exist and store it in what is
known as a routing table. The routing table consists of the following information:
• Network IDs (and thus subnets) that the router is aware of.
• IP address of the gateway or router that can be used to deliver data to the
corresponding subnet. This is the actual route to the subnet, and the router may
have multiple routes to a given subnet.
Routers can build and maintain this routing table information in one of two methods. The
first is for the data to be manually updated and maintained by an administrator. The
second is to use routing protocols to actively interrogate the network and determine all
subnets, routers, and the routes that exist so that the protocol can use that information to
successfully transmit data to the appropriate subnet.
As you would expect, in large networks the process of manually updating and
maintaining this routing information is practically impossible. Therefore, in large or
complex networks it is recommended to implement routing protocols to automatically
take care of all the processes related to the building of the routing table, the maintenance
of the routing table, the verification of the routing table, and the determination of which
route is the best route to take.
Types of Routing
Fundamentally, there are three types of routing:
• Static routing
• Default routing
• Dynamic routing
Static routing is the process of an administrator manually entering, maintaining, updating,
and removing the routes that a router is configured with. Static routing is a time-
consuming process and in most cases should not be used. Notable exceptions to this are
in small networks or in the network perimeter, as discussed in Chapter 9
, "Where
Firewalls Fit in a Network."
Default routing, also known as the route of last resort, provides a mechanism to configure
a client or router with what is known as its default gateway. Default routing essentially
says, "If you cannot figure out how to route this packet to the appropriate network, send it
to the default gateway." Default routing is typically implemented on host systems
because they generally do not need to know about every subnet on the network. In
addition, default routing is commonly used on routers within an organization to point to
the router that provides Internet connectivity. This ensures that all data destined for a
network that is not defined on the internal network is directed to the Internet, without the
organization needing to have routes to the entire Internet on all of their internal routers.
Dynamic routing functions almost exactly like static routing does, but the information is
automatically provided through the use of routing protocols. These routing protocols
replace all the manual requirements of static routing, which makes dynamic routing the
routing method of choice for large or complex network environments. We will look at
dynamic routing in more detail in a later section of this chapter.
How the IPRouting Process Works
For all the apparent complexity involved in routing, the routing process itself is a pretty
simple and straightforward process. In fact, when you understand the routing process
fundamentals, it does not matter how large or small the network is; the process is the
exact same. To illustrate the routing process, look at Figure 3-15
.
Figure 3-15. Routing Process
[View full size image]
This example shows two hosts, Host A and Host B, on two separate networks. Host A has
an IP address of 10.1.1.100 and a MAC address of 00:05:9A:3C:78:50. Host B has an IP
address of 10.1.2.100 and a MAC address of 00:05:9A:3C:78:30. When Host A
determines that it needs to communicate with Host B it will perform the appropriate name
resolution to determine what the IP address of Host B is. When it receives the IP address
of 10.1.2.100, Host A determines that Host B is on a remote network (through a process
known as AND'ing) and thus that the data must be routed to Host B.
To do this, Host A builds an IP header with a source IP address of 10.1.1.100 (its own IP
address) and a destination IP address of 10.1.2.100 (the IP address of Host B). This
allows for each host to be logically identified by any device that receives the packet.
When Host A builds the frame at Layer 2, however, it does something different with the
source and destination MAC addresses. Physically, Host A cannot communicate directly
with Host B. Instead, Host A has to physically communicate with something that can
successfully route the data to Host B. In this case, that is the default gateway for Host A,
which happens to be the E0 interface of the router. Host A uses the IP address for its
default gateway (10.1.1.1) to ARP and resolve the MAC address for the E0 interface
(00:05:9A:3C:78:00). After this has been determined, Host A builds the frame with a
source MAC address of 00:05:9A:3C:78:50 and a destination MAC address of
00:05:9A:3C:78:00. At this point, the data is put on the network, where it is received by
the router.
The router processes the frame, where it discovers that the frame is addressed to it. This
causes the router to begin processing the IP header. When it does that, the router
discovers that the packet is actually addressed to 10.1.2.100. In most cases, this causes
the packet to be dropped, but routers first attempt to determine whether they have a route
for the destination network or a default router. In this case, because the router is also
connected to network 10.1.2.0/24, it determines that it can directly route the packet to the
logical destination (Host B).
The router then rebuilds the frame, but it changes the source and destination MAC
address. For the source MAC address, the router uses the MAC address of the interface
that is connected to network 10.1.2.0/24 (in this case, 00:05:9A:3C:78:01). Because the
router can directly communicate with Host B, it uses the MAC address
00:05:9A:3C:78:30 as the destination MAC address and sends the data across the
network to be received by Host B.
When Host B processes the frame, it discovers that the frame is addressed to it. This
causes Host B to begin processing the IP header, where it discovers not only that the
packet is addressed to it but also the IP address of the source address (in this case,
10.1.1.100, the IP address of Host A). Therefore, Host B knows exactly what IP address
it should address any responses to, repeating the routing process to ensure that the data
eventually arrives at Host A.
Routing works the exact same way in larger networks, the only difference is the number
of hops that a packet may traverse before ultimately arriving at its logical destination.
Because the IP address of the packet is never changed, the logical destinations are always
able to communicate with each other. The physical address of the frame changes every
time a router rebuilds the frame, replacing whatever the source and destination MAC
address with its own MAC address for the source and the MAC address of the next router
or the final destination as the destination.
Different Classes of Routing Protocols
Although each routing protocol has its own specific functionality, they can all be
generally classified as falling into three categories:
• Distance vector Distance vector routing protocols are relatively simplistic in
design and tend to use a "distance" to determine the best path. The distance is
measured by counting how many times a packet goes through a router, known as a
hop, until it arrives at the destination network. The smaller the hop count, the
shorter and better the route. Distance vector routing protocols receive routing
information from neighbors that they believe to be correct but do not verify. If a
neighbor router claims that it can deliver data to a network, it is accepted as being
accurate and correct. Because the source router has not independently verified the
accuracy of this information, distance vector protocol routing is frequently
referred to as "routing by rumor."
• Link state Link-state routing protocols are more complex than distance vector
protocols and can take into account information such as the network topology,
bandwidth between routers, and congestion. Whereas distance vector protocols
know only what they are told, link-state routing protocols typically build routing
tables consisting of information about the entire topology, allowing each router to
know how every other router is interconnected, thus allowing that information to
be used for routing decisions. Because of this additional information, link-state
routing protocols are known as being more intelligent than distance vector
protocols, but they typically require more CPU and memory resources than
distance vector protocols.
• Hybrid Hybrid routing protocols use functionality from both distance vector and
link-state routing protocols, attempting to leverage the best aspects of each while
eliminating the drawbacks. Hybrid routing protocols are typically proprietary
protocols such as the Cisco Enhanced Interior Gateway Routing Protocol
(EIGRP).
Common Routing Protocols
There are a number of common routing protocols that most environments use.
Routing Information Protocol
RIP is a distance vector routing protocols that uses the hop count exclusively to make
routing decisions. RIP supports a maximum hop count of 15 hops, making any
destination that requires more than 15 hops to be unreachable. Therefore, RIP is suited
for small and relatively simple network environments.
RIP has two different versions: 1 and 2. RIPv1 is a classful routing protocol, which
means that it can only route between networks that are using the default subnet
information. Because most networks today implement some form of CIDR, RIPv1 1 is
typically no longer used. RIPv2 supports classless routing information, multicasts rather
than broadcasts for communications, and provides the ability to ensure that routing data is
only exchanged between hosts that can be authenticated. Because of the classless
functionality and increased security of RIPv2, if you need to use RIP you should only use
RIPv2.
N
ote
RFC 1058 defines RIPv1. RFC 2453 defines RIPv2.
Open Shortest Path First
Open Shortest Path First (OSPF) is a link-state routing protocol that uses the Dijkstra
algorithm to determine the shortest path through the network. OSPF is a much more
robust and scalable protocol than RIP, taking into account factors such as adjacency,
neighbor information, link information, and bandwidth in making routing decisions.
Because each router running OSPF has a table that contains the entire topology of the
OSPF network, each router can determine the true best route through the network, taking
into account things such as network speeds. For example, OSPF can determine that
traversing three gigabit hops to access a network is faster than traversing two 1.544-Mbps
hops.
Like RIP, OSPF also includes additional authentication mechanisms to ensure that only
permitted routers and hosts can exchange routing information. Because of the increased
functionality and scalability of OSPF, many networks have elected to use OSPF as the
routing protocol.
N
ote
OSPFv2 is defined in RFC 2328. OSPFv1 is defined in RFC 1131, but it never made it to
an operational status and therefore was never really used.
Border Gateway Protocol
OSPF and RIP are both routing protocols that were designed to primarily route data
among systems that share a common administrative authority, typically referred to as an
autonomous system. Autonomous systems tend to be smaller in size and easier to
manage. For example, even a global company may only have 200 subnets that need to be
routed. For that reason, OSPF and RIP are typically referred to as interior gateway
protocols, because they are really designed for routing of data within a given
environment, or autonomous system.
Border Gateway Protocol version 4 (BGPv4) provides for the routing of data between
autonomous systems and does so on a scale of magnitude that interior gateway protocols
cannot touch. For that reason, BGPv4 is referred to as an exterior gateway routing
protocol. Because of this, BGPv4 is the standard method of routing data across the
Internet. After all, the Internet is really just a collection of independently managed and
maintained subnets and autonomous systems. Although OSPF and RIP can be used
internally, most companies that need to connect to the Internet and share routing
information with other routers on the Internet do so through the implementation of
BGPv4.
N
ote
The following RFCs define BGP:
• RFC 1267
• RFC 4271
. take.
Types of Routing
Fundamentally, there are three types of routing:
• Static routing
• Default routing
• Dynamic routing
Static routing is the. Host A builds an IP header with a source IP address of 10.1.1.100 (its own IP
address) and a destination IP address of 10.1.2.100 (the IP address of Host