1. Trang chủ
  2. » Công Nghệ Thông Tin

Nortel Guide to VPN Routing for Security and VoIP phần 6 docx

77 310 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 77
Dung lượng 5,87 MB

Nội dung

Media Access Control (MAC Addressing) A MAC address is a hardware physical address that identifies the node to the other nodes on the network. MAC addressing is used by layer 2 nodes to iden- tify the device and formulate data traffic paths to that device. Every node in a network has a MAC address. Figure 8-13 shows an example of MAC address- ing of nodes within a LAN segment. Not all networking protocols will use the MAC address, but on broadcast networks, the MAC address allows all of the nodes in the network to be iden- tified and allows delivery of frames intended for a specific destination. MAC addresses are permanently attached to a device and are assigned by product manufacturers. MAC addressing is administered by the IEEE. The IEEE ensures that there is no duplication of MAC addresses, so all Network Interface Cards (NICs) have a unique MAC address that is assigned to it by the manufacturer. Because of this, the end user can install a NIC anywhere within a network and not be con- cerned about duplication of MAC addresses. MAC addresses are 48 bits long. The first 24 bits are known as the Organiza- tion Unique Identifier (OUI) and they identify the manufacturer of the device. The remaining 24 bits make up a unique number that is assigned by the man- ufacturer to identify the individual component. NOTE You can determine the manufacturer’s OUI code by searching on the IEEE Web site. Figure 8-13: MAC addressing MAC 00-00-75-00-00-01 MAC 00-00-75-00-00-02 MAC 00-00-75-00-00-03 350 Chapter 8 11_781274 ch08.qxp 6/22/06 12:39 AM Page 350 Internet Protocol (IP Addressing) An IP address is a unique number that is used by layer 3 nodes to communi- cate with one another in a network. An IP address is assigned to each host interface within a network. To route data between subnets, the IP address of the sending and the receiving nodes must be known. Figure 8-14 shows an example of three subnets, connected with a router and, therefore, capable of communicating with IP addressing. An IP address may be permanently assigned to a node. This type of IP address is known as a static IP address. An IP address may be assigned to a node on a temporary basis and can be reused by other nodes when the node is removed from the network (for example, a PC shut down at the end of the day). This type of an IP address is known as a dynamic IP address. To use dynamic addressing, a server must be available to assign the IP addresses to these nodes. Address Resolution Protocol As mentioned, MAC addresses are assigned to nodes within a LAN. IP addresses are assigning to nodes and can be static or dynamically learned. The Address resolution Protocol (ARP) is used within a LAN to connect a device by assigning IP addresses with its MAC address. Figure 8-14: Example of IP addressing 10.20.20.0 192.168.2.0 49.231.12.0 Overview of Ethernet LANs and Network Routing 351 11_781274 ch08.qxp 6/22/06 12:39 AM Page 351 Because MAC addresses are used by nodes to forward data to other nodes within the same subnet, MAC addresses cannot be used to send data to nodes within other subnets. The only way that data can get to the other subnets is by the IP address of the device within the other subnet. ARP is also used by nodes within the same subnet to discover the MAC address of the other nodes within the subnet. Figure 8-15 shows an example of how ARP works. In Figure 8-15, two subnets (Subnet A and Subnet B) are connected to each other by a router. PC-AA and PC-AB are in Subnet A, while PC-BC and PC-BD are in Subnet B. PC-AA knows the IP address of PC-AB, but does not have the MAC address and will need to get the MAC address to send its data to PC-AB. PC-AA will send out an ARP broadcast to all of the nodes within the subnet. PC-AB will recognize the IP address as its own and will be the only node within the sub- net that responds to the ARP request. The ARP response will contain the MAC address of PC-AB. Now that PC-AA knows the MAC address, it will forward the data to the MAC address of PC-AB. Now, consider that PC-AB wants to send data to PC-BD. PC-AB will send out an ARP request to all of the nodes within the subnet. The router will rec- ognize the IP subnet address for the subnet that PC-BD resides on and will respond to the ARP request. PC-AB will then send all of the data that is des- tined for PC-BD to the MAC address of the router. It is assumed that the router has already learned the MAC address for PC-BD and it will forward the data to its destination. ARP data that is collected by a node is stored in what is known as an ARP cache, or an ARP table. The data resides there unless it is not used for a period of time and then it is cleared out. By maintaining an ARP cache, nodes within a network save time because they do not have to “re-ARP” for nodes that they have already learned. Figure 8-15: An example of ARP PC-AA PC-BC PC-AB PC-BD Router 352 Chapter 8 11_781274 ch08.qxp 6/22/06 12:39 AM Page 352 Reverse Address Resolution Protocol The Reverse Address Resolution Protocol (RARP) performs the opposite function of ARP. It is used to find the IP address of a node by translating the MAC address to the IP address. RARP is mainly used by nodes that do not have a storage medium and cannot store an IP address. To obtain an IP address, the node sends a MAC broadcast, which will be answered by a server that supports RARP. The server will match the MAC address of the node that sent the broadcast and will respond with the IP address of the node. Virtual Local Area Network An Ethernet LAN is simply a flat network that lumps all nodes within the LAN into a single broadcast domain. This is simple to implement, and it allows all nodes to directly speak with each other. These broadcast domains can be split up by introducing routers into the topology. Collision domains are separated by a bridging device, but if there is no router in place, the broadcast domain applies to all nodes within the flat network. Although a flat network is easy to implement, it can create problems within the LAN. Because of the size of many broadcast domains, security is a big con- cern with a flat network. Also, data traffic issues can be a big concern because of the amount of broadcasts that are inevitable in a flat network. A Virtual Local Area Network (VLAN) can be configured to help split up the broadcast domain. VLAN implementation guidelines are outlined in the IEEE 802.1Q standard. Simply put, a VLAN allows an administrator the ability to logically subdivide the flat network. VLANs allow any node within a physical network to be part of any config- ured VLAN. Therefore, a node on the fourth floor of a building can participate in a VLAN no matter where the other nodes physically reside. This allows all of the nodes within a VLAN to send and receive broadcast messages within the VLAN, and to share network resources such as printers. To communicate between VLANs, a router will need to be available to forward the data. Routers enable VLANs to keep broadcasts within the VLAN, and to forward data to other VLANs, when required (see Figure 8-16). Because routing packets is slower than switching them, VLANs will route the first packet and then will switch any additional packets between VLANs. For example, VLAN 1 has to send a packet to a node in VLAN 2. The first packet will pass to the router and then will be handed up to VLAN 2. After that, all subsequent packets (see Figure 8-17) will be passed through a switch between the VLANs. The reason that the first packet has to be routed is so that the VLAN can learn the route to the other VLAN. Overview of Ethernet LANs and Network Routing 353 11_781274 ch08.qxp 6/22/06 12:39 AM Page 353 Figure 8-16: Routing the first packet between VLANs Figure 8-17: Switching packets between VLANs VLANs are normally broken down into groups. They are especially helpful when users of a group are physically located in various locations within the net- work. VLANs allow such users to utilize the resources assigned to their group (such as storage devices and application servers), and to be part of the same broadcast domain—all while being physically located in various locations. When configuring VLANs, the network administrator must decide what type of VLAN to implement. The types of VLANs that are supported by the Nortel VPN Router are as follows: ■■ MAC address-based VLAN: Allows the MAC address of a device to deter- mine VLAN membership. The switch will retain information about MAC addresses and what VLANs the MAC address belongs to. ■■ Port-based VLAN: Groups a series of ports together to form a VLAN. The ports that are within the VLAN can all be part of the same switch, or can be from various switches. V LAN 1 VLAN 1 VLAN 2 Switch VLAN 2 Subsequent Packets VLAN 1 VLAN 1 VLAN 2 Switch Router 1 s t packet VLAN 2 1 st packet 354 Chapter 8 11_781274 ch08.qxp 6/22/06 12:39 AM Page 354 ■■ Protocol-based VLAN: Determines VLAN membership based on the layer 3 protocol assigned to the frame received by the switch. ■■ Subnet-based VLAN: Assigns nodes to a VLAN based on the subnet value of the IP address. Network Routing A LAN is an autonomous system that is controlled by a single administrator for the purposes of providing network users the ability to share and access resources available within the autonomous system. Autonomous systems are often referred to as routing domains. Autonomous systems share information within the users of the domain with an Interior Gateway Protocol (IGP). IGP is a protocol that allows for the exchange of routing information among gateways or hosts within the autonomous system. The Internet is made up of multiple autonomous systems, each controlled by a separate administrator, that connect to one another with routers. Figure 8-18 shows an example of routing information over a WAN among three autonomous systems. Figure 8-18: Routing data between autonomous systems Widgets, Inc – 40.40.23.0 Generic Blvd 192.168.34.0 Nonesuch, LLC 10.10.10.0 Overview of Ethernet LANs and Network Routing 355 11_781274 ch08.qxp 6/22/06 12:39 AM Page 355 These collections of autonomous systems exchange routing information among each other so that all data can be shared within their own autonomous systems. The information is shared between autonomous systems by an Exte- rior Gateway Protocol (EGP). EGP is a protocol that allows for the exchange of routing information between gateways to autonomous systems on the Inter- net. This section discusses the basics of network routing, how routing deci- sions are made, and how information ultimately reaches its destination. Routing Basics Routing is a process of exchanging packets between separate networks that are connected to one another by a router. When a node needs to send a packet to another node within the same subnet, a router is not required because the instruction to get the data to the destination node is learned by ARP and is then retained in the ARP cache of the sending node. When a node needs to send data to another node that is in a different subnet than its own, the send- ing node will forward the data to a router, which will deliver the data to the path destined for the subnet that the destination node belongs to. As shown in Figure 8-19, there are three autonomous systems: ■■ 10.10.10.0 ■■ 192.168.14.0 ■■ 66.74.12.0 Each autonomous system has two workstations. If workstation 10.10.10.1 wants to send data to workstations 10.10.10.2, a router is not required, because by ARP for the destination’s IP, 10.10.10.1 recognizes that 10.10.10.2 is within its autonomous system and it will deliver the data to this workstation directly. Now, imagine that workstation 10.10.10.1 wants to send data to workstation 192.168.14.2. It recognizes that 192.168.14.2 does not reside within its routing domain and will send the data to Router A. Router A refers to its routing table and recognizes a route to the 192.168.14.0 autonomous system. Router Asends the data to that subnet, which will deliver the data to its destination. If workstation 10.10.10.1 wants to send data to workstation 66.74.12.2, it will send the data to Router A. Router A will recognize that the correct course of action would be to forward the data to Router B. Router B will find the appro- priate route and will deliver the data to the autonomous system 66.74.12.0, and ultimately the data will be delivered to workstation 66.74.12.2. Routers make routing decisions by maintaining a routing table. The routing table will provide information on how to get a packet to the next router for delivery to its destination. 356 Chapter 8 11_781274 ch08.qxp 6/22/06 12:39 AM Page 356 Figure 8-19: Routing data between autonomous systems Figure 8-20 shows several routers with multiple paths between PC-A and PC-B. If PC-A wants to deliver data to PC-B, it will forward the packet to its border router, which will then use its routing table to determine which of its neighboring routers it needs to forward the packet to in order to deliver it to PC-B. NOTE Each router does not determine the entire path to a destination. Each router is only aware of (and concerned with) the path to the next router. When building a routing table, a router determines the best path based on several variables. Some of the variables are the shortest path to a destination, if a link is down, if there is congestion on the network, and so on. Additionally, a primary path can be configured by a system administrator by assigning met- rics to define the best path to take. Layer 2 switched networks are limited to growth because of size and node numbering limitations. Routing provides for growth in LANs because it can be used to join subnets within an autonomous system. For Internet data commu- nications, routing is a requirement for allowing multiple autonomous systems to be able to communicate with one another while maintaining the integrity of each individual autonomous system. Router A 10.10.10.0 .1 .2 192.168.14.0 .1 .2 66.74.12.0 .1 .2 Router B Overview of Ethernet LANs and Network Routing 357 11_781274 ch08.qxp 6/22/06 12:39 AM Page 357 Figure 8-20: Choosing paths to a destination Routing Tables Routers retain routing information in a routing table. Routing tables are very important because the basic function of a router is to receive a packet, deter- mine the destination IP address for the packet, look up the routing information in the routing table, and then forward the packet along the correct path toward the destination. Here is an example of a routing table: Active Routes: Ntwk Dest Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 1 Primary PathAlternate Path PC-A PC-B 358 Chapter 8 11_781274 ch08.qxp 6/22/06 12:39 AM Page 358 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 1 Default Gateway: 192.168.1.1 ===================================================================== Persistent Routes: None The routing table will contain the basic information needed to get packets transferred from point to point until the packet reaches its destination. The routing table will contain the following information: ■■ The destination IP (usually a subnet address) ■■ The subnet mask of the destination ■■ The next hop gateway address between the router and the destination ■■ The IP address of the interface to be used to get to the next hop gateway ■■ Routing metric Each router will maintain its own version of the routing table. This is because the routing information will vary from router to router. Keep in mind that each router has a different position in the mesh, and that the path to a given destination will vary from router to router. At one time, all paths in a routers routing table were manually inserted by a system administrator. As networks grew, the need for routing information to be inserted dynamically grew as well. This is not only because of the growth that most networks experience, but also to accommodate failed links and node changes. Routing information is still entered statically in some instances, but for the most part, routing table information is built dynamically. In order for routing tables to be built dynamically, a routing protocol must be used. Routers exchange routing information between one another and update routing tables based on the information that is received. If a link that is connected to a router goes down, the router will recognize this change and will use a routing algorithm to calculate the best new path to get to the destination. The router will then send a routing table update to notify the other routers of the change. A router will also receive routing table updates from other routers, and will perform the same calculations to determine if there are any route path updates that need to be changed and forwarded. Routing Algorithms Routing algorithms are used by routers to calculate the best route path to take to get to a destination. The number of steps that a packet takes to arrive at a des- tination is determined by what is referred to as a hop. A hop count increments each time a router is reached along a data path between two nodes. Overview of Ethernet LANs and Network Routing 359 11_781274 ch08.qxp 6/22/06 12:39 AM Page 359 [...]... EGP routing protocol today Most ISPs use BGP to exchange routing information between the autonomous systems that they connect to Many ISP core routers maintain hundreds of thousands of routes in their routing tables BGP History The predecessor to BGP was the Exterior Gateway Protocol (EGP) EGP performed well and was able to handle most exterior routing services for many years As time passed and autonomous... the router to accept packets, determine where the packets are destined for, and to forward data on toward its destination The router uses a routing protocol to develop and maintain routing information, as well as passing data Overview of Ethernet LANs and Network Routing Routing Protocol Types There are two basic types of routing protocols The first type is known as Interior Gateway Protocol (IGP),... mechanism to use to be able to learn about each other and, therefore, would not be able to send data to and from each other Because Border Router A and Border Router B also must route data within the autonomous systems, they have to be running some type of an IGP routing protocol This allows them to learn of destinations that are needed in order to pass data within the autonomous system 363 364 Chapter... only provide basic routing information to other areas Overall, this reduces the amount of routing updates that occur within the autonomous system OSPF is an IGP and, therefore, routes information within an autonomous system OSPF is also able to route information to other autonomous systems When routing over the Internet, OSPF utilizes the servers of BGP to route information to other autonomous systems... determine the best path to a destination The most common routing protocol that uses distance vector routing is the Routing Information Protocol (RIP), which is discussed later in this chapter The distance-vector routing algorithm in its basic form is used to determine the distance and direction to any known link within the network When using distance-vector routing, routing information is shared between... keeping routing information stored in the RIB Path Vector Routing Algorithm Previously in this chapter, you learned that RIP uses the distance-vector routing algorithm and OSPF uses the link state routing algorithm The routing algorithm that is used by BGP to process routing information is the path-vector routing algorithm Because BGP is an EGP and keeps routing information on multiple autonomous systems,... utilize the information that it receives and learns about to determine the most effective route to a destination Every BGP speaker is required to follow BGP guidelines to manage routing information Routing Information Base BGP routers maintain routing information in the Routing Information Base (RIB), which consists of three sections of information: ■ ■ Adj-RIBs-In: Contains route information that... autonomous system These neighbor relationships are referred to as internal peers A BGP router can also form a neighbor relationship with another BGP router that is not a member of its autonomous system These neighbor relationships are referred to as external peers Routing Information The purpose of BGP is to provide routing information, to receive routing information, and to process the routing information... features and standards that are supported by the Nortel VPN Router Most notably are tunneling protocols and Voice over IP (VoIP) 383 CHAPTER 9 Tunneling, VoIP, and Other Features A VPN tunnel provides a secure method for exchanging information between a corporate LAN and a remote user or group of users The VPN tunnel can do this through the use of a tunneling protocol Understanding how Layer 2 Forwarding... Example of interior and border routers Routing Information Protocol The Routing Information Protocol (RIP) is the most common Interior Gateway Protocol (IGP) used in most LANs today RIP is used to route data by managing the information that is provided to a router in a network Any subnet edge node that supports RIP will send out RIP information to other edge devices The routing information that is sent . Ethernet LANs and Network Routing 363 11_781274 ch08.qxp 6/ 22/ 06 12:39 AM Page 363 Figure 8-22: Example of interior and border routers Routing Information Protocol The Routing Information Protocol (RIP). for, and to forward data on toward its destination. The router uses a routing protocol to develop and maintain routing information, as well as passing data. 362 Chapter 8 11_781274 ch08.qxp 6/ 22/ 06. algorithms and which routing protocols use each algorithm type for routing data in a network. Distance-Vector Routing Distance-vector routing is a routing algorithm type that is used by routing protocols

Ngày đăng: 14/08/2014, 14:20

TỪ KHÓA LIÊN QUAN