How I may help
LinkedIn Profile Email me!
Call me using Skype client on your machine

Reload this page IP Routing

Here are my notes on how IP packets get moved around the Internet.

Take the Brainbench certification test on IP Routing & Switching, Cisco Network Design, and Cisco Network Support


Topics this page:

  • Router Login

  • Routers

  • Dynamic Routing

  •     Distance-vector
            RIP, IGRP
        Hybrid EIGRP
            OSPF LSAs
  • AS Partioning

  •     IGPs
            OSPF areas
  • Flood Insurance

  • Access Lists

  • WAN Router Config.

  • Site Map List all pages on this site 
    About this site About this site 
    Go to first topic Go to Bottom of this page


    Go to top of page Cisco IOS Router Login

      Privileged Mode

      Password Commands

      Enter into the Global Configuration mode using this Privileged command:

      To set the login password for the router, first enable entry into Line Configuration mode:

        line console 0

      Alternately, to set the virtual terminal password for the router, first enable entry into virtual terminal Configuration mode:

        line vty 0 4

      Next, set the login password for the router:

        password [password]

      To enable a change to the secret Privileged mode password on the router use this Global configuration command:

        enable secret password [password]


    "Bridge, 2003" (Watercolor) by Sean Scully

    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Set screen Cisco Router Operation

      Each router is a stand-alone computer. Instead of a hard drive, Cisco routers use persistent Flash Random Access Memory (RAM) to hold files such as the startup configuration file:
        show flash
        show startup-config

      Cisco developed its IOS (Internet Operating System) to control their routers. New verions of IOS can be remotely installed (using a priviledge Cisco command) by copying an IOS image file from a TFTP server into the router's Flash memory:

        copy tftp flash

      IOS images from Cisco require registration of a valid service contract number on the Cisco site.

      The setup-config file can also be invidually downloaded from a TFTP server:

        copy tftp setup-config

      This prompt means that the copy was a success:

        Writing router name-config. !! [OK]

      When a router reboots, its startup-config in Flash memory is loaded into the running-config memory area within NVRAM.

        show startup-config
        show running-config

      To show the version of IOS currently running on the router:

        show version

      Changes to a router's configuration updates the running configuration. To restore interactive changes from the startup file:

        copy startup-config running-config

      To make interactive changes permanent, copy the currently running configuration to Flash RAM:

        copy running-config startup-config

      To remotely backup configuration files to a TFTP server:

        copy startup-config tftp
        copy running-config tftp

      To enable and disable IP routing on the router, use this Global configuration command:

        ip routing
        no ip routing
        ipx routing
        no ipx routing
        appletalk routing
        no appletalk routing


    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Go to top of page Monitoring and Debugging

      For CPU utilization experienced by a router:

        show processes

      To view the routing updates coming in and going out of the router, use this privileged command for protocols ip, ipx, or appletalk:

        debug [protocol] routing activity


      tool Netstat in C# (BKNetStat by Bill Koukoutsis) contains classes that wrap iphlpapi.dll to give similar functionality to that found in the netstat.exe command line utility. For XP and 2003, Process ID's are mapped directly to Port numbers. For future updates please feel

    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Go to top of page Routing Protocol Options Overview

      This section describes the various protocols used to connect machines on a network.

      Each gateway server has a Routing Table which tells the gateway the route to specific destinations. Traffic is directed through the internet by routers, which uses Routing Table to direct traffic to its ports connected to other routers. Routing tables can be static or dynamic:

      Static routing is based on routing tables manually updated by network administrators. To add, change, or remove static routes on a Microsoft NT network use this command:

      Routers that do dynamic routing send out special packets to exchange with other routers on their network. Dynamic routers send their routing table to other routers and use route discovery protocols (routing protocols) to request updates from other routers. Dynamic routers use algorithms (a set of rules) to choose the best path to route a packet toward its destination.

      The two primary types of dynamic route discovery protocols are: distance-vector and link-state.

      If a router cannot find a packet's destination network in its table, as a “last resort” it will use a default route to forward the traffic through a single exit point.

      Go to top of page Distance-vector Routing Protocols

      Distance-vector protocols -- such as (the most popular) Routing Information Protocol (RIP) for TCP/IP and XNS for IPX -- broadcast to all neighboring routers (typically every 60 to 90 seconds over UDP port 520) routing-update messages containing all or a portion of their routing tables.

      This relatively simple algorithm favors the routing path with the shortest number of hops. The hop count is incremented by 1 for each router that must be traversed, with a 15-hop count limit. The number of hops to the destination is considered the router's metric or cost to get to the destination.

      Routing protocols using distance-vector are simple to configure and deploy. They are typically used on networks with fewer than 50 routers because they create traffic on the network and their announcements are slow to converge (the time it takes for a network to stabilize after a change in one of the networks). For example, if a router in a 10-hop network goes down, it could take five minutes (30 seconds times 10 hops) for the most distant router to learn of it. All the while, that distant router is trying to send packets.

      • RIP (Routing Information Protocol) v1 (developed in the mid-1980s by Cisco) and v2

        A route contained in a RIP router has a maximum lifetime of 3 minutes for convergence to be completed. RIP is also limited by a max 16 hops.

        RIP advertises its routing table every 30 seconds by default.

      • IGRP (Interior Gateway Routing Protocol) developed by Cisco uses a single metric calculated from composite metric weights administrators can change to influence route selection:

        • Reliability and load can be any value between 1 and 255;
        • bandwidth capacity can be values reflecting speeds from 1200 bps to 10 Gbps;
        • internetwork delay can be any value from 1 to 224.
        • Variance to support unequal-cost load balancing.

        IGRP enables multipath routing, where lines with equal-bandwidth can run a single stream of traffic in round-robin fashion, with automatic switchover to the other line if one line goes down.

        The update timer that specifies how frequently routing update messages are sent defaults to 90 seconds.

        The invalid timer -- which specifies how long a router should wait in the absence of routing-update messages about a specific route before declaring that route invalid -- defaults to three times the update period.

        The flush timer — the time that passes before a route is flushed from the routing table — defaults to seven times the routing update period.

        For stability, IGRP prevents large routing loops from occurring between nonadjacent routers with these features EIGRP contains

        • holddowns prevent IGRP's interval updates from wrongly reinstating an invalid route until a specified hold-time period has passed. The default period is three times the update timer period plus 10 seconds.
        • split horizons prevent a router from updating neighbors of any routing changes that it originally learned from those neighbors.
        • poison-reverse updates are not limited to use between adjacent routers.

      RIP and IGRP are interior routing protocols used within an AS.


      To list other routers that are directly connected to a router:
      show CDP Neighbor

      Before the above, (in config-if Configuration mode) enable an interface to a connected neighbor on the route
      enable cdp

      For the path (hops) to the ip (or AppleTalk) address of another router or node on the internetwork:
      trace [ip address]

      To show the RIP or IGRP routing table for a router:
      show ip route

      To display the IP multicast routing table:
      show ip mroute

      To list routing protocol updates (such as RIP broadcasts) sent and received by a router:
      show ip protocol

      To view IP related configuration settings for a router interface:
      show ip interface [interface type and number]

      To view all parameters related to specific interfaces on a Cisco router:
      show interface ethernet [interface number]
      show interface serial [interface number]

      To view all parameters related to all interfaces on a Cisco router:
      show interfaces

      For the routing protocols configured on the router:
      show protocol

      For information relating to the IP routing protocol:
      show ip protocol

      For route tables maintained by RIP or IGRP:
      show ip route

      To turn on RIP or IGRP routing:
      router rip
      router igrp [autonomous system number]


      To view update messages sent and received by a router using RIP, use this Privileged command:
      debug ip rip

      To view statistics related to IGRP update messages on the router, use this Privileged command:
      debug ip igrp transaction

      To turn off debugging, use this Privileged mode command:
      no debug all

    Go to Top of this page.
    Previous topic this page
    Next topic this page

      Go to top of page Link-State Routing Protocols

      Link state Routing -- such as Open Shortest Path First (OSPF) for TCP/IP and NetWare Link Services Protocol (NLSP) for IPX -- send (typically every five minutes) Link State Packets (LSPs) that contain information about the networks to which the router is connected. So it is more efficient than distance vector routing.

      Link-state routing communicate changes in network topology incrementally.

      • OSPF (Open Shortest Path First) [IETF RFC 1247 in 1988] is a link-state routing protocol. OSPF sends Link-State Advertisements (LSAs) to all other routers within the same area (domain) grouping contiguous networks and attached hosts. Routers file link states in a topology database invisible to routers outside its area.

        OSPF uses a more complex algorithm than RIP. It considers multiple factors, including number of hops, cost factor assigned to each segment of the route, line speed, and network traffic.

        OSPF keeps a list of all its neighboring routers with bi-directional communication in its adjacencies database.

        To display OSPF routes:

          show ip route ospf

      • the Intermediate System-to-Intermediate System (IS-IS) protocol is a router-to-router protocol that is part of the OSI suite. It uses the Show isis database command to displays its link state database.

      • Novell's link-state protocol for IPX networks is the NetWare Link Services Protocol (NLSP). It is based on the ISO IS-IS protocol. NLSP sends updates when the network topology changes or the default setting of every 2 hours.


    Go to Top of this page.
    Previous topic this page
    Next topic this page

      Go to top of page Link State Advertisements

      LSA information include:

      • attached interfaces,
      • metrics used, and
      • other variables

      They use the SPF (Dijkstra) algorithm to calculate the shortest path to each node.


      To look at the status of interface controllers on a Cisco router:
      show controller

    Go to Top of this page.
    Previous topic this page
    Next topic this page

      Go to top of page Hyrbrid Routing Protocol Enhanced IGRP

      EIGRP (Enhanced Interior Gateway Routing Protocol) developed by Cisco, integrates the capabilities of link-state protocols into distance vector protocols. It is more stable and efficient than IGRP.

      To allow Enhanced IGRP to be added gradually into an existing IGRP network, an automatic-redistribution mechanism imports IGRP routes into EIGRP, and vice versa.

      EIGRP adds the Diffusing update algorithm (DUAL) developed at SRI International by Dr. J.J. Garcia-Luna-Aceves. DUAL enables a router running EIGRP to find alternate paths without waiting on updates from other routers. EIGRP uses DUAL to determine whether a path advertised by a neighbor is looped or loop-free. It can do this because DUAL has a finite-state machine -- it tracks all routes advertised by all neighbors. DUAL uses distance information to select routes for insertion in a routing table based on feasible successors -- a least-cost path to a destination that is guaranteed not to be part of a routing loop. DUAL tests for feasible successors whenever a neighbor's metric changes or when a topology changes.

      EIGRP has fast convergence time because DUAL avoids the time to perform diffusing computations routes to determine a new successor. EIGRP recomputes when no feasible successors exist but neighbors still advertise the destination. EIGRP can quickly adapt to alternate routes from its store of all its neighbors' routing tables. If EIGRP can't find an appropriate route, it queries its neighbors to discover an alternate route.

      EIGRP consumes less bandwidth than IGRP because it sends to other routers partial updates only when the metric for a route changes. Propagation of partial updates is automatically bounded so that only those routers that need the information are updated.

      EIGRP supports multiple network layer protocols because it has a module architecture that redistributes routes learned from many predecessor legacy routing protocols:

      • Routing Table Maintenance Protocol (RTMP) in AppleTalk implementations
      • OSPF,
      • Routing Information Protocol (RIP),
      • Novell RIP Service Advertisement Protocol (SAP) in Novell implementations
      • Intermediate System-to-Intermediate System (IS-IS),
      • Exterior Gateway Protocol (EGP), or
      • Border Gateway Protocol (BGP).

      EIGRP avoids sending packets to down routers because it uses a neighbor discovery/recovery mechanism to dynamically learn about other routers on its directly attached network. EIGRP discovers when neighbors become unreachable or inoperative with low achieved because it periodically sends small hello packets so that neighboring routers know it's functioning.

      This is made more efficient because Enhanced IGRP sends a single multicast hello packet to inform the receivers that the packet need not be acknowledged. This takes advantage of a provision of the Reliable Transport Protocol (RTP) (responsible for guaranteed, ordered delivery of packets)

      for sending multicast packets quickly when unacknowledged packets are pending, which helps ensure that convergence time remains low in the presence of varying speed links. RTP is only used for update (used to convey reachability of destinations so neighbor can build up their topology table), and query multicasts and reply unicasts sent to tell the originator not to recompute a destination when no feasible successors are found.

      Enhanced IGRP detects out-of-order packets because it uses sequence numbers to match acknowledgments with data packets, examing the last sequence number received from a neighbor against a transmission list is used to queue packets for possible retransmission on a per-neighbor basis. EIGRP can estimate an optimal retransmission interval because it keeps round-trip timers in the neighbor-table.

      Enhanced IGRP also supports variable-length subnet mask (VLSM), so it can operate on native Ipv6 networks -- configured to summarize on any bit boundary at any interfaceo.

    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Go to top of page Autonomous System Partioning

      An Autonomous System (AS) is a single self-sufficient logical or physical network community operating under a common administration and sharing a common routing strategy. Each AS is usually within a confined geographic area, e.g., a Local Area Network (LAN).

      Each AS has an identifying number assigned by the IANA. The public pool enforced by ARIN.NET is between 1 and 64512. The range 64512 through 65535 is reserved for private use within an each AS. A single-homed (aka stub) AS has only one exit point to the internetwork backbone.

      Routing within an AS is handled using Interior Gateway Protocols (IGPs).
      Routing between ASs is handled using Exterior Gateway Protocols (EGPs) by edge routers (so named because they are at the edge or border of its AS). A nontransit AS does not allow traffic from outside the AS to pass through it.

      Border routers (those that run EBGP with other ASs) running OSPF learn about exterior routes through one of the exterior gateway protocols (EGPs):

      This Partitioned architecture -- operating on a hierarchy of nodes -- reduces the number of entries in network routers' routing tables. Routers within an AS need to be concerned with routers within its AS and edge routers only know about other edge routers. If every router had to know about the existence of every other router, routing tables could quickly become unmanageable.

    Go to Top of this page.
    Previous topic this page
    Next topic this page

      Go to top of page Interior Gateway Protocols (IGPs)

      Interior Gateway Protocols (IGPs) handle variable-length subnetting.

      • (classful) RIP-1 Routing Information Protocol does not support VLSM (Variable Length Subnet Mask).

      • (classless) OSPF, I-IS-IS, and RIP-2 [RFC 1388] convey extended network prefix information with each route.

      • (classless) BGP-4 (Border Gateway Protocol),


    Go to Top of this page.
    Previous topic this page
    Next topic this page

      Go to top of page As Areas and OSPF

      An AS can be divided into a number of areas (or domains) that group contiguous networks and attached hosts.

      OSPF is an intra-AS (interior gateway) routing protocol, although it is capable of receiving routes from and sending routes to other ASs.

      Routers using OSPF accumulate link-state information into a topological database. All routers within the same area have identical topological databases.

      Routers with multiple interfaces participate in multiple areas.

      Traffic between areas are sent through Area Border Routers (ABRs) on the OSPF backbone, which is a separate area. ABRs maintain a separate topological database for each area.

      The topology within one area are invisible to routers in other areas. The backbone topology is invisible to all intra-area routers.

      ABRs can use virtual links to non-contiguous routers.

    Go to Top of this page.
    Previous topic this page
    Next topic this page

      Go to top of page Exterior Gateway Protocols (EGPs)

      Exterior Gateway Protocols (EGPs) are used primarily on the Internet and in larger campus networks which span several autonomous systems (ASs).

      • Exterior Gateway Protocol (EGP) -- (EGP-2 being the latest version) polls its neighbor at intervals between 120 to 480 seconds and the neighbor responds by sending its complete routing table.

        Reminder The acronym “EGP” is used to denote both a type of protocol (Exterior Gateway Protocols) as well as a specific protocol (the Exterior Gateway Protocol).

        The National Science Foundation Network (NSFNET) used EGP to exchange reachability information between the backbone and the regional networks.

          BGP is an IP exterior routing protocol defined in RFCs 1163, 1267, 1654, and 1655. BGP guarantees a loop-free interdomain routing system through the exchange of routing information between ASs.


      • Border Gateway Protocol (BGP) -- the most recent among EGPs -- sends updated router table information only when a host has detected a change. Then only changes to the routing table is sent. BGP needs connection-oriented TCP connections to exchange routing updates.

        BGP routers inside the autonomous network maintain two routing tables: one for the interior gateway protocol and one for Internal BGP (IBGP) communication with autonomous (local) networks.

        BGP-4 (aka BGP4, without the hyphen) allow adminstrators to configure cost metrics based on policy statements. Indeed, BGP is required when an ISP you are connecting to has different policies than your ISP.

        BGP-4 also makes it easy to use Classless Inter-Domain Routing (CIDR)another page on this site so more addresses can be assigned.

      • through configuration information.

    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Go to top of page Windows Router Configuration

      Routing should not be enabled for servers with a single NIC. If there are multiple Cisco routers, employ HSRP (Hot Standby Routing Protocol) between routers.

      Windows 2000

      Unlike previous versions, Windows 2000 supports both RIP and OSPF dynamic routing protocols.

      On Windows 2000, start the RIP service from the Management Console for RRAS. OSPF runs natively on Windows 2000.

      To eliminate routing loops that occur between two adjacent routers, specify split-horizon so that routes are not sent back to the same router which initially advertised the route.

      Specify the poison-reverse methods of updates to temporarily inactivating routes that have increased in hop count by more than 1. An increasing hop count for the same route indicates a routing loop, and temporarily removing or inactivating the route will stop the looping. If the route continues to loop, then the route is declared invalid and is not used. This eliminates routing loops that can occur with too many routers.

      Windows NT4

      OSPF can be run on NT 4 after downloading and running an NT4 RRAS update from Microsoft.

    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Go to top of page Flood Insurance

      Products such as FloodGuard from Reactive (in Redwood City, CA) and StormWatch from Okena (of Waltham, MA) stop DDoS (Distributed Denial of Service) attacks by having a detector using network taps on remote routers to read traffic patterns. It then sends a messages to actuators which dynamically establish filters on routers.

      Network administrators can craft their own detection rules.

    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Go to top of page Access Lists

      Access lists filter traffic flow in to and out of a router, including controlling user access to a router via Telnet. Each access list contains permit and deny statements specific to each interface (unique combination of protocol and port) supported by the router. Packets which satisfy any deny statement are dropped. After that, packets which satisfy any permit statement are forwarded into the LAN.

      A sample list command:

        sh access-list 1

      To create an IP Access list:

        access-list [list #] permit [ip address] [wildcard mask]
        access-list [list #] deny [ip address] [wildcard mask]

      Wildcard masks are not subnet masks. Wild card masks are only used in Access lists and their purpose is to let the router know which bits it needs to check in the source IP address of packets to determine whether they should be filtered by the Access list.

      ProtocolAccess List # Range .
      IP 1-99 [ip address] [wildcard mask]
      AppleTalk 600 to 699 zone [zone name]
      cable-range [cable range]
      IPX 800-899 [source network address] [destination network address]

      To group an access list:

        ip access-group [list number] [out or in]
        appletalk access-group [list number] [out or in]
        ipx access-group [list number] [out or in]


    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Go to top of page WAN Router Configuration

      On a WAN, a router is Data Terminal Equipment (DTE). So a DTE cable is used to connect a router to a Data Circuit-termination Equipment (DCE) device such as a modem. DCE devices provide a signal clock to determine the speed of the link. To set the speed when the router is used as a DCE device:
        clock rate [clockrate]

      for setting the bandwidth of a serial interface. To set the bandwidth of a serial interface, use this config-if command:

        bandwidth [bandwidth]

      To set the encapsulation type for a specific LAN or serial interface on the router:

        encapsulation [encapsulation type]

      Encapsulation type can be PPP, HDLC, X.25, etc.

      Set screen For X.25 encapsulation

      To set the data link address for X.25, use this config-if command:
        x25 address [data link address]

      To set the input packet size for an X.25 interface, use this config-if command:

        x25 ips [bits]

      To set the input window size for an X.25 interface, use this config-if command:

        x25 win [number of packets]

      To set the output packet size for an X.25 interface, use this config-if command:

        x25 ops [bits]

      To set the output window size for an X.25 interface, use this config-if command:

        x25 wout [number of packets]

      Set screen Frame relay router commands

      The frame relay protocol is run between a customer's FRAD router (Frame Relay Access Device) and a service provider's local frame relay switch. The customer purchases a Committed Information Rate (CIR) for each Permanent Virtual Circuit (PVC) providing inter-site connectivity. The header of traffic transmitted at rates exceeding the CIR are marked "Discard Eligible". Frame relay allows for multiple devices to use one network segment, but switching devices cannot broadcast to other devices on the Frame Relay network.

      To set the DLCI number for a Frame-Relay configured interface, use this config-if command:

        frame-relay interface-dlci [dlci #]

      To set the LMI type for a Frame-Relay configured interface, use this config-if command:

        frame-relay lmi-type [LMI type]

      To show invalid messages sent or received via a router's Frame-Relay connection:

        show frame-relay lmi

      To show the DLCI mapping to a router's interfaces:

        show frame-relay map


    Practical Cisco Routers by Habraken, Joseph W. (Indianapolis, Ind.:Que, 1999)

    Cisco ISO commands for ISDN

    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Portions ©Copyright 1996-2010 Wilson Mar. All rights reserved. | Privacy Policy |

    another page on this site Datacom Equipment
    another page on this site TCP Addressing

    How I may help

    Send a message with your email client program

    Your rating of this page:
    Low High

    Your first name:

    Your family name:

    Your location (city, country):

    Your Email address: 

      Top of Page Go to top of page

    Thank you!