2. Background and Review 15 1. Review of TCP/IP Networking
2.4. Basic Router Functional Architecture
2.4.1. Why Have a Special Purpose Router?
What are some or the motivations for using a dedicated, purpose-built router rather than a general purpose machine with a “standard” operating system (OS)? What justifies this expense, and what justifies the bother of learning yet another system?
The answer is partly that a special purpose router can have much higher performance than if router functionality were merely tacked onto a general purpose machine that might also be performing other functions. Also, one can potentially add more network connections to a machine designed for that purpose, because it can be designed to support more interface card slots. Thus, a special purpose device will probably be a lower cost solution for a given level of functionality. But there are also a number of security benefits to a special purpose router.
For one thing, a specialized router operating system (like Cisco’s Internetwork Operating System or IOS) can be smaller, better understood, and more thoroughly tested than a general purpose OS. (Note that for brevity, the term IOS will be used in this document to refer the router’s operating system and associated software, but hardware other than Cisco would run similar software.) This means that it is potentially inherently less vulnerable. Also, the mere fact that it is different means that an attacker has one more thing to learn, and that known vulnerabilities in other systems are of no help to the router attacker. Also, for security reasons it is desirable to have the access control list (ACL) up and running before enabling any interfaces or drivers. Finally, specialized routing software enables a fuller and more robust implementation of filtering. Filtering is useful as a “firewall” technique, and can also be used to partition networks and prohibit or restrict access to certain networks or servers. Using filtering, some routing protocols can prohibit the advertisement of routes to neighbors, thus helping protect certain parts of the network.
2.4.2. Description of Typical Router Hardware
A router is essentially just another computer. So, similar to any other computer, it has a central processor unit (CPU), various kinds of memory, and connections to other devices. Generally, a router does not have a hard disk, floppy drive, or CD-ROM drive.
There are typically a number of types of memory in a router possibly including:
RAM, NVRAM, Flash, and ROM (PROM, EEPROM). These are listed roughly in order of volatility. The mix of types and the amount of each type are determined on the basis of: volatility, ease of reprogramming, cost, access speed, and other factors.
ROM is used to store a router’s bootstrap software. Non-volatile RAM (NVRAM) is used to store the startup configuration that the IOS reads when the router boots. Flash memory stores the IOS (or other router OS), and if there is enough flash it may store more than one version of IOS. Figure 2-4 shows a simple representation of a notional router’s hardware structure.
Figure 2-4: A Notional Router’s Hardware
Interfaces provide the physical connections from a router to networks. Interface types include Ethernet, fast Ethernet, token ring, FDDI, low-speed serial, fast serial, HSSI, ISDN BRI, etc. Each interface is named and numbered. Interface cards fit into slots in a router, and an external cable of the appropriate type is connected to the card. In addition to a number of interfaces, almost all routers have a console port providing an asynchronous serial connection (RS-232). Also, most routers have an auxiliary port, which is frequently used for connecting a modem for router management. These hardware ports should not be confused with the concept of software ports, such as the
“well known” port associated with a protocol or service, e.g. port 23 is Telnet.
2.4.3. Description of Typical Router Software
Similar to any other computer, a router will run control program or operating system (OS). Each router vendor supplies their own router OS. In the case of Cisco routers, they run Cisco’s Internetwork Operating System (IOS). It is the IOS that interprets the Access Control List (ACL) and other commands to the router.
The startup or backup configuration is stored in NVRAM. It is executed when the router boots. As part of the boot process a copy of this configuration is loaded into RAM. Changes made to a running configuration are usually made only in RAM and generally take effect immediately. If changes to a configuration are written to the startup configuration, then they will also take effect on reboot. Changes made only to the running configuration will be lost upon reboot.
Router
Interface 0 Interface 1 Interface n
Routing Fabric
CPU
Configuration
Console
Network 0 Network 1 Network n
. . . . . .
A running router will have a large number of processes executing. There are
generally a number of router commands that give information on what processes are running and what resources, such as CPU time and memory, they are consuming.
Each router should have a unique name to identify it, and each interface should have a unique network address associated with it. This is discussed in more detail later in this document.