IP Routing

Here are my notes on how IP packets get moved around the Internet.

Take the Brainbench certification test on IP Routing & Switching, Cisco Network Design, and Cisco Network Support

Topics this page:

Distance-vector

RIP

IGRP

Link-state

Hybrid EIGRP

OSPF LSAs

IGPs

OSPF areas

EGPs

Site Map  
About this site  

Cisco IOS Router Login

Privileged Mode

Password Commands

Enter into the Global Configuration mode using this Privileged command:

config

To set the login password for the router, first enable entry into Line Configuration mode:


line console 0

Alternately, to set the virtual terminal password for the router, first enable entry into virtual terminal Configuration mode:


line vty 0 4

Next, set the login password for the router:


password [password]

To enable a change to the secret Privileged mode password on the router use this Global configuration command:


enable secret password [password]

Cisco Router Operation

Each router is a stand-alone computer. Instead of a hard drive, Cisco routers use persistent Flash Random Access Memory (RAM) to hold files such as the startup configuration file:

show flash
show startup-config

Cisco developed its IOS (Internet Operating System) to control their routers. New verions of IOS can be remotely installed (using a priviledge Cisco command) by copying an IOS image file from a TFTP server into the router's Flash memory:

copy tftp flash

IOS images from Cisco require registration of a valid service contract number on the Cisco site.

The setup-config file can also be invidually downloaded from a TFTP server:

copy tftp setup-config

This prompt means that the copy was a success:


Writing router name-config. !! [OK]

When a router reboots, its startup-config in Flash memory is loaded into the running-config memory area within NVRAM.


show startup-config
show running-config

To show the version of IOS currently running on the router:


show version

Changes to a router's configuration updates the running configuration. To restore interactive changes from the startup file:


copy startup-config running-config

To make interactive changes permanent, copy the currently running configuration to Flash RAM:


copy running-config startup-config

To remotely backup configuration files to a TFTP server:


copy startup-config tftp
copy running-config tftp

To enable and disable IP routing on the router, use this Global configuration command:

ip routing no ip routing

ipx routing no ipx routing

appletalk routing no appletalk routing

$122 Local Area Networks: A Client/Server Approach, 2nd Edition by James E. Goldman, Phillip T. Rawles (NY:John Wiley, Feb. 2000) 980 pages

This page includes information from Cisco's Internetworking Technology Handbook

Cisco's illustrated explanation of BGP, IGRP, and EIGRP.

For the time and date of a Cisco router:
show clock

To set the time and the date on a Cisco router (using a Privileged command):
set clock

To change the name of a router (using a Global configuration command):
hostname [name]

SolarWinds offers a shareware alternative to the Cisco TFTP server.

Monitoring and Debugging

For CPU utilization experienced by a router:


show processes

To view the routing updates coming in and going out of the router, use this privileged command for protocols ip, ipx, or appletalk:


debug [protocol] routing activity

Netstat in C# (BKNetStat by Bill Koukoutsis) contains classes that wrap iphlpapi.dll to give similar functionality to that found in the netstat.exe command line utility. For XP and 2003, Process ID's are mapped directly to Port numbers. For future updates please feel

Routing Protocol Options Overview

This section describes the various protocols used to connect machines on a network.

Each gateway server has a Routing Table which tells the gateway the route to specific destinations. Traffic is directed through the internet by routers, which uses Routing Table to direct traffic to its ports connected to other routers. Routing tables can be static or dynamic:

Static routing is based on routing tables manually updated by network administrators. To add, change, or remove static routes on a Microsoft NT network use this command:

ROUTE

Routers that do dynamic routing send out special packets to exchange with other routers on their network. Dynamic routers send their routing table to other routers and use route discovery protocols (routing protocols) to request updates from other routers. Dynamic routers use algorithms (a set of rules) to choose the best path to route a packet toward its destination.

The two primary types of dynamic route discovery protocols are: distance-vector and link-state.

If a router cannot find a packet's destination network in its table, as a “last resort” it will use a default route to forward the traffic through a single exit point.

Distance-vector Routing Protocols

Distance-vector protocols -- such as (the most popular) Routing Information Protocol (RIP) for TCP/IP and XNS for IPX -- broadcast to all neighboring routers (typically every 60 to 90 seconds over UDP port 520) routing-update messages containing all or a portion of their routing tables.

This relatively simple algorithm favors the routing path with the shortest number of hops. The hop count is incremented by 1 for each router that must be traversed, with a 15-hop count limit. The number of hops to the destination is considered the router's metric or cost to get to the destination.

Routing protocols using distance-vector are simple to configure and deploy. They are typically used on networks with fewer than 50 routers because they create traffic on the network and their announcements are slow to converge (the time it takes for a network to stabilize after a change in one of the networks). For example, if a router in a 10-hop network goes down, it could take five minutes (30 seconds times 10 hops) for the most distant router to learn of it. All the while, that distant router is trying to send packets.

• RIP (Routing Information Protocol) v1 (developed in the mid-1980s by Cisco) and v2

  A route contained in a RIP router has a maximum lifetime of 3 minutes for convergence to be completed. RIP is also limited by a max 16 hops.

  RIP advertises its routing table every 30 seconds by default.

• IGRP (Interior Gateway Routing Protocol) developed by Cisco uses a single metric calculated from composite metric weights administrators can change to influence route selection:
  • Reliability and load can be any value between 1 and 255;
  • bandwidth capacity can be values reflecting speeds from 1200 bps to 10 Gbps;
  • internetwork delay can be any value from 1 to 224.
  • Variance to support unequal-cost load balancing.

  IGRP enables multipath routing, where lines with equal-bandwidth can run a single stream of traffic in round-robin fashion, with automatic switchover to the other line if one line goes down.

  The update timer that specifies how frequently routing update messages are sent defaults to 90 seconds.

  The invalid timer -- which specifies how long a router should wait in the absence of routing-update messages about a specific route before declaring that route invalid -- defaults to three times the update period.

  The flush timer — the time that passes before a route is flushed from the routing table — defaults to seven times the routing update period.

  For stability, IGRP prevents large routing loops from occurring between nonadjacent routers with these features EIGRP contains

  • holddowns prevent IGRP's interval updates from wrongly reinstating an invalid route until a specified hold-time period has passed. The default period is three times the update timer period plus 10 seconds.
  • split horizons prevent a router from updating neighbors of any routing changes that it originally learned from those neighbors.
  • poison-reverse updates are not limited to use between adjacent routers.

RIP and IGRP are interior routing protocols used within an AS.

To list other routers that are directly connected to a router:
show CDP Neighbor

Before the above, (in config-if Configuration mode) enable an interface to a connected neighbor on the route
enable cdp

For the path (hops) to the ip (or AppleTalk) address of another router or node on the internetwork:
trace [ip address]

To show the RIP or IGRP routing table for a router:
show ip route

To display the IP multicast routing table:
show ip mroute

To list routing protocol updates (such as RIP broadcasts) sent and received by a router:
show ip protocol

To view IP related configuration settings for a router interface:
show ip interface [interface type and number]

To view all parameters related to specific interfaces on a Cisco router:
show interface ethernet [interface number]
show interface serial [interface number]

To view all parameters related to all interfaces on a Cisco router:
show interfaces

For the routing protocols configured on the router:
show protocol

For information relating to the IP routing protocol:
show ip protocol

For route tables maintained by RIP or IGRP:
show ip route

To turn on RIP or IGRP routing:
router rip
router igrp [autonomous system number]

Debugging

To view update messages sent and received by a router using RIP, use this Privileged command:
debug ip rip

To view statistics related to IGRP update messages on the router, use this Privileged command:
debug ip igrp transaction

To turn off debugging, use this Privileged mode command:
no debug all

Link-State Routing Protocols

Link state Routing -- such as Open Shortest Path First (OSPF) for TCP/IP and NetWare Link Services Protocol (NLSP) for IPX -- send (typically every five minutes) Link State Packets (LSPs) that contain information about the networks to which the router is connected. So it is more efficient than distance vector routing.

Link-state routing communicate changes in network topology incrementally.

• OSPF (Open Shortest Path First) [IETF RFC 1247 in 1988] is a link-state routing protocol. OSPF sends Link-State Advertisements (LSAs) to all other routers within the same area (domain) grouping contiguous networks and attached hosts. Routers file link states in a topology database invisible to routers outside its area.

  OSPF uses a more complex algorithm than RIP. It considers multiple factors, including number of hops, cost factor assigned to each segment of the route, line speed, and network traffic.

  OSPF keeps a list of all its neighboring routers with bi-directional communication in its adjacencies database.

  To display OSPF routes:

  show ip route ospf

• the Intermediate System-to-Intermediate System (IS-IS) protocol is a router-to-router protocol that is part of the OSI suite. It uses the Show isis database command to displays its link state database.

• Novell's link-state protocol for IPX networks is the NetWare Link Services Protocol (NLSP). It is based on the ISO IS-IS protocol. NLSP sends updates when the network topology changes or the default setting of every 2 hours.

OSPF configuration on Windows machines used as a router

CIDR (Classless Inter-Domain Routing), documented Sept. 1993 in RFC 1517-1520, provide for arbitrarily sized networks rather than the classful ABC scheme of IPv4.

Link State Advertisements

LSA information include:

• attached interfaces,
• metrics used, and
• other variables

They use the SPF (Dijkstra) algorithm to calculate the shortest path to each node.

To look at the status of interface controllers on a Cisco router:
show controller

Hyrbrid Routing Protocol Enhanced IGRP

EIGRP (Enhanced Interior Gateway Routing Protocol) developed by Cisco, integrates the capabilities of link-state protocols into distance vector protocols. It is more stable and efficient than IGRP.

To allow Enhanced IGRP to be added gradually into an existing IGRP network, an automatic-redistribution mechanism imports IGRP routes into EIGRP, and vice versa.

EIGRP adds the Diffusing update algorithm (DUAL) developed at SRI International by Dr. J.J. Garcia-Luna-Aceves. DUAL enables a router running EIGRP to find alternate paths without waiting on updates from other routers. EIGRP uses DUAL to determine whether a path advertised by a neighbor is looped or loop-free. It can do this because DUAL has a finite-state machine -- it tracks all routes advertised by all neighbors. DUAL uses distance information to select routes for insertion in a routing table based on feasible successors -- a least-cost path to a destination that is guaranteed not to be part of a routing loop. DUAL tests for feasible successors whenever a neighbor's metric changes or when a topology changes.

EIGRP has fast convergence time because DUAL avoids the time to perform diffusing computations routes to determine a new successor. EIGRP recomputes when no feasible successors exist but neighbors still advertise the destination. EIGRP can quickly adapt to alternate routes from its store of all its neighbors' routing tables. If EIGRP can't find an appropriate route, it queries its neighbors to discover an alternate route.

EIGRP consumes less bandwidth than IGRP because it sends to other routers partial updates only when the metric for a route changes. Propagation of partial updates is automatically bounded so that only those routers that need the information are updated.

EIGRP supports multiple network layer protocols because it has a module architecture that redistributes routes learned from many predecessor legacy routing protocols:

• Routing Table Maintenance Protocol (RTMP) in AppleTalk implementations
• OSPF,
• Routing Information Protocol (RIP),
• Novell RIP Service Advertisement Protocol (SAP) in Novell implementations
• Intermediate System-to-Intermediate System (IS-IS),
• Exterior Gateway Protocol (EGP), or
• Border Gateway Protocol (BGP).

EIGRP avoids sending packets to down routers because it uses a neighbor discovery/recovery mechanism to dynamically learn about other routers on its directly attached network. EIGRP discovers when neighbors become unreachable or inoperative with low achieved because it periodically sends small hello packets so that neighboring routers know it's functioning.

This is made more efficient because Enhanced IGRP sends a single multicast hello packet to inform the receivers that the packet need not be acknowledged. This takes advantage of a provision of the Reliable Transport Protocol (RTP) (responsible for guaranteed, ordered delivery of packets)

for sending multicast packets quickly when unacknowledged packets are pending, which helps ensure that convergence time remains low in the presence of varying speed links. RTP is only used for update (used to convey reachability of destinations so neighbor can build up their topology table), and query multicasts and reply unicasts sent to tell the originator not to recompute a destination when no feasible successors are found.

Enhanced IGRP detects out-of-order packets because it uses sequence numbers to match acknowledgments with data packets, examing the last sequence number received from a neighbor against a transmission list is used to queue packets for possible retransmission on a per-neighbor basis. EIGRP can estimate an optimal retransmission interval because it keeps round-trip timers in the neighbor-table.

Enhanced IGRP also supports variable-length subnet mask (VLSM), so it can operate on native Ipv6 networks -- configured to summarize on any bit boundary at any interfaceo.

Autonomous System Partioning

Tools for analyzing Autonomous Systems

An Autonomous System (AS) is a single self-sufficient logical or physical network community operating under a common administration and sharing a common routing strategy. Each AS is usually within a confined geographic area, e.g., a Local Area Network (LAN).

Each AS has an identifying number assigned by the IANA. The public pool enforced by ARIN.NET is between 1 and 64512. The range 64512 through 65535 is reserved for private use within an each AS. A single-homed (aka stub) AS has only one exit point to the internetwork backbone.

Routing within an AS is handled using Interior Gateway Protocols (IGPs).
Routing between ASs is handled using Exterior Gateway Protocols (EGPs) by edge routers (so named because they are at the edge or border of its AS). A nontransit AS does not allow traffic from outside the AS to pass through it.

Border routers (those that run EBGP with other ASs) running OSPF learn about exterior routes through one of the exterior gateway protocols (EGPs):

This Partitioned architecture -- operating on a hierarchy of nodes -- reduces the number of entries in network routers' routing tables. Routers within an AS need to be concerned with routers within its AS and edge routers only know about other edge routers. If every router had to know about the existence of every other router, routing tables could quickly become unmanageable.

Interior Gateway Protocols (IGPs)

Interior Gateway Protocols (IGPs) handle variable-length subnetting.
• (classful) RIP-1 Routing Information Protocol does not support VLSM (Variable Length Subnet Mask).

• (classless) OSPF, I-IS-IS, and RIP-2 [RFC 1388] convey extended network prefix information with each route.

• (classless) BGP-4 (Border Gateway Protocol),

As Areas and OSPF

An AS can be divided into a number of areas (or domains) that group contiguous networks and attached hosts.

OSPF is an intra-AS (interior gateway) routing protocol, although it is capable of receiving routes from and sending routes to other ASs.

Routers using OSPF accumulate link-state information into a topological database. All routers within the same area have identical topological databases.

Routers with multiple interfaces participate in multiple areas.

Traffic between areas are sent through Area Border Routers (ABRs) on the OSPF backbone, which is a separate area. ABRs maintain a separate topological database for each area.

The topology within one area are invisible to routers in other areas. The backbone topology is invisible to all intra-area routers.

ABRs can use virtual links to non-contiguous routers.

Exterior Gateway Protocols (EGPs)

Exterior Gateway Protocols (EGPs) are used primarily on the Internet and in larger campus networks which span several autonomous systems (ASs).

• Exterior Gateway Protocol (EGP) -- (EGP-2 being the latest version) polls its neighbor at intervals between 120 to 480 seconds and the neighbor responds by sending its complete routing table.

  The acronym “EGP” is used to denote both a type of protocol (Exterior Gateway Protocols) as well as a specific protocol (the Exterior Gateway Protocol).

  The National Science Foundation Network (NSFNET) used EGP to exchange reachability information between the backbone and the regional networks.

  BGP is an IP exterior routing protocol defined in RFCs 1163, 1267, 1654, and 1655. BGP guarantees a loop-free interdomain routing system through the exchange of routing information between ASs.

• Border Gateway Protocol (BGP) -- the most recent among EGPs -- sends updated router table information only when a host has detected a change. Then only changes to the routing table is sent. BGP needs connection-oriented TCP connections to exchange routing updates.

  BGP routers inside the autonomous network maintain two routing tables: one for the interior gateway protocol and one for Internal BGP (IBGP) communication with autonomous (local) networks.

  BGP-4 (aka BGP4, without the hyphen) allow adminstrators to configure cost metrics based on policy statements. Indeed, BGP is required when an ISP you are connecting to has different policies than your ISP.

  BGP-4 also makes it easy to use Classless Inter-Domain Routing (CIDR) so more addresses can be assigned.

• through configuration information.

Windows Router Configuration

Routing should not be enabled for servers with a single NIC. If there are multiple Cisco routers, employ HSRP (Hot Standby Routing Protocol) between routers.

Windows 2000

Unlike previous versions, Windows 2000 supports both RIP and OSPF dynamic routing protocols.

On Windows 2000, start the RIP service from the Management Console for RRAS. OSPF runs natively on Windows 2000.

To eliminate routing loops that occur between two adjacent routers, specify split-horizon so that routes are not sent back to the same router which initially advertised the route.

Specify the poison-reverse methods of updates to temporarily inactivating routes that have increased in hop count by more than 1. An increasing hop count for the same route indicates a routing loop, and temporarily removing or inactivating the route will stop the looping. If the route continues to loop, then the route is declared invalid and is not used. This eliminates routing loops that can occur with too many routers.

Windows NT4

OSPF can be run on NT 4 after downloading and running an NT4 RRAS update from Microsoft.

Flood Insurance

Products such as FloodGuard from Reactive (in Redwood City, CA) and StormWatch from Okena (of Waltham, MA) stop DDoS (Distributed Denial of Service) attacks by having a detector using network taps on remote routers to read traffic patterns. It then sends a messages to actuators which dynamically establish filters on routers.

Network administrators can craft their own detection rules.

Access Lists

Access lists filter traffic flow in to and out of a router, including controlling user access to a router via Telnet. Each access list contains permit and deny statements specific to each interface (unique combination of protocol and port) supported by the router. Packets which satisfy any deny statement are dropped. After that, packets which satisfy any permit statement are forwarded into the LAN.

A sample list command:


sh access-list 1

To create an IP Access list:


access-list [list #] permit [ip address] [wildcard mask]
access-list [list #] deny [ip address] [wildcard mask]

Wildcard masks are not subnet masks. Wild card masks are only used in Access lists and their purpose is to let the router know which bits it needs to check in the source IP address of packets to determine whether they should be filtered by the Access list.

Protocol	Access List # Range	.
IP	1-99	[ip address] [wildcard mask]
AppleTalk	600 to 699	zone [zone name] cable-range [cable range]
IPX	800-899	[source network address] [destination network address]

To group an access list:


ip access-group [list number] [out or in]
appletalk access-group [list number] [out or in]
ipx access-group [list number] [out or in]

OSPF configuration on Windows machines used as a router

CIDR (Classless Inter-Domain Routing), documented Sept. 1993 in RFC 1517-1520, provide for arbitrarily sized networks rather than the classful ABC scheme of IPv4.

WAN Router Configuration

On a WAN, a router is Data Terminal Equipment (DTE). So a DTE cable is used to connect a router to a Data Circuit-termination Equipment (DCE) device such as a modem. DCE devices provide a signal clock to determine the speed of the link. To set the speed when the router is used as a DCE device:

clock rate [clockrate]

for setting the bandwidth of a serial interface. To set the bandwidth of a serial interface, use this config-if command:


bandwidth [bandwidth]

To set the encapsulation type for a specific LAN or serial interface on the router:


encapsulation [encapsulation type]

Encapsulation type can be PPP, HDLC, X.25, etc.

For X.25 encapsulation

To set the data link address for X.25, use this config-if command:

x25 address [data link address]

To set the input packet size for an X.25 interface, use this config-if command:


x25 ips [bits]

To set the input window size for an X.25 interface, use this config-if command:


x25 win [number of packets]

To set the output packet size for an X.25 interface, use this config-if command:


x25 ops [bits]

To set the output window size for an X.25 interface, use this config-if command:


x25 wout [number of packets]

Frame relay router commands

The frame relay protocol is run between a customer's FRAD router (Frame Relay Access Device) and a service provider's local frame relay switch. The customer purchases a Committed Information Rate (CIR) for each Permanent Virtual Circuit (PVC) providing inter-site connectivity. The header of traffic transmitted at rates exceeding the CIR are marked "Discard Eligible". Frame relay allows for multiple devices to use one network segment, but switching devices cannot broadcast to other devices on the Frame Relay network.

To set the DLCI number for a Frame-Relay configured interface, use this config-if command:


frame-relay interface-dlci [dlci #]

To set the LMI type for a Frame-Relay configured interface, use this config-if command:


frame-relay lmi-type [LMI type]

To show invalid messages sent or received via a router's Frame-Relay connection:


show frame-relay lmi

To show the DLCI mapping to a router's interfaces:


show frame-relay map

Cisco ISO commands for ISDN