IP Routing

Download Report

Transcript IP Routing 

CIT 384: Network Administration
Routing Protocols
CIT 384: Network Administration
Slide #1
Topics
1. Routing Protocols
2. Loop Prevention
1. Counting to Infinity
2. Split Horizon
3. Poison Routes
3. OSPF
4. EIGRP
1. Metrics
2. Successors
3. DUAL
CIT 384: Network Administration
Slide #2
Routing Protocols
Routing protocols allow routers to learn.
– Routers start knowing only connected routes.
– Routers advertise routes to other routers.
• Connected routes.
• Learned routes from other router’s advertisements.
– Routing protocol must avoid loops.
– Routers must choose best route when presented
with multiple routes for the same subnet.
CIT 384: Network Administration
Slide #3
CIT 384: Network Administration
Slide #4
Interior and Exterior
Interior Gateway Protocols (IGPs)
– Used inside a single autonomous system.
– Examples:
• RIP
• IGRP
• OSPF
Exterior Gateway Protocols (EGPs)
– Used between different autonomous systems.
– Identify with autonomous system numbers (ASN)
– Border Gateway Protocol (BGP)
CIT 384: Network Administration
Slide #5
Usage of IGPs and EGPs
CIT 384: Network Administration
Slide #6
Routing Protocol Algorithms
Distance vector: counts number of routers (hops)
between a router and destination subnet.
Link state: sum of interface cost settings for all links
in route, defaulting to interface bandwidth.
Algorithm Type
IGPs
Distance vector
RIPv1, RIPv2, IGRP
Link state
OSPF
Balanced hybrid
EIGRP
CIT 384: Network Administration
Slide #7
CIT 384: Network Administration
Slide #8
Convergence
Convergence is the process by which routers
collectively realize network has changed, advertise
information about changes to other routers, and all
routers choose the current best routes for each
network. Occurs when:
• A link goes down.
• A link bcomes available.
CIT 384: Network Administration
Slide #9
Other Differences
How are routing updates sent?
– Broadcast (RIPv1)
– Multicast
Authentication
– Prevents routing update spoofing.
– Attackers could change routes to:
• Sniff packets from networks they don’t have a
machine located on.
• Launch DoS attacks against routing infrastructure.
CIT 384: Network Administration
Slide #10
IGP Comparison
Feature
RIPv1
RIPv2
EIGRP OSPF
Classless
n
y
y
y
VLSM support
n
y
y
y
Sends subnet mask in update
n
y
y
y
Distance vector
y
y
n
n
Link state
n
n
n
y
Autosummarization support
n
y
y
n
Manual summarization support
n
y
y
y
Proprietary
n
n
y
n
Uses multicast for updates
n
y
y
y
Authentication support
n
y
y
y
Convergence
Slow
Slow
Fast
Fast
CIT 384: Network Administration
Slide #11
Administrative Distance
Metrics aren’t comparable between IGPs.
– RIP values are small hop counts.
– EIGRP values involve large bandwidth numbers.
Use AD values to determine which to use.
– Low AD values indicate better routes.
– Connected, then static are the best.
CIT 384: Network Administration
Slide #12
Default Administrative Distances
Route Type
Administrative Distance
Connected
0
Static
1
BGP (external routes)
20
EIGRP (internal routes)
90
IGRP
100
OSPF
110
IS-IS
115
RIP
120
EIGRP (external routes)
170
BGP (internal routes)
200
Unusable
255
CIT 384: Network Administration
Slide #13
Route Poisoning
To inform routers of a down route, distance
vector protocols use route poisoning.
– Spread routes with infinite metric.
– For RIP, infinity is 16.
CIT 384: Network Administration
Slide #14
Counting to Infinity
1.
2.
3.
4.
R2 fa0/1 interface fails, R2 removes C route
R2 sends poison route to R1, R1 sends update to R2 with metric of 2
R2 adds metric 2 route since it has no route to 172.30.22.0/24
R1 gets poison route to 172.30.22.0/24
CIT 384: Network Administration
Slide #15
Counting to Infinity
1.
2.
3.
R1 advertises poison route, R2 sends metric 3 route
R2 receives poison route, can’t send to 172.30.22.0/24
R1 receives and uses metric 3 route to 172.30.22.0/24
CIT 384: Network Administration
Slide #16
Counting to Infinity
Metric increments each cycle until
– Both routers have infinite metric routes.
– May take several minutes.
Problems
– Packets will loop for several minutes.
CIT 384: Network Administration
Slide #17
Split Horizon
Split horizon: do not advertise back out the
interfaces through which they were learned.
• Prevents R1 from advertising R2’s routes back to it,
which stops counting to infinity in above case.
CIT 384: Network Administration
Slide #18
Loop Prevention
Triggered Updates: When a route fails, send
an update immediately with poison route
instead of waiting until next update time.
Poison Reverse: When learning of a failed
route, suspend split-horizon rules for that
route and advertise poisoned route.
CIT 384: Network Administration
Slide #19
Counting to Infinity in a
Redundant Network
CIT 384: Network Administration
Slide #20
Counting to Infinity in a
Redundant Network
1. fa0/1 (172.30.22.0/24) fails on R2
2. R2 sends triggered update with poison
route for 172.30.22.0/24 through S0 and S1
3. R3 updates table with poison route
4. R1 sends periodic route update to R3,
listing 172.30.22.0/24 metric 2.
5. R1 receives update with poison route.
6. R3 receives update from R1, updating
routing table with metric 2 route.
CIT 384: Network Administration
Slide #21
Counting to Infinity in a
Redundant Network
CIT 384: Network Administration
Slide #22
Holddown
Holddown: After hearing a poisoned route,
start a holddown timer for that route. Until
timer expires, do not believe any other
routing information for the failed route in
order to avoid loops.
– Prevents R3 from listening to R1’s update.
CIT 384: Network Administration
Slide #23
Distance Vector Topology Updates
1. If route fails, router sends triggered updates with
poison route (infinite metric.)
2. Routers that hear poison route also send triggered
updates with poison route.
3. Routers suspend split-horizon rules for failed
route by sending poison reverse.
4. All routers place poison route in holddown state
and start holddown timer for that route, ignoring
new updates until timer expires unless that update
comes from same router that originally advertised
the good route to that subnet.
CIT 384: Network Administration
Slide #24
OSPF
Link-state protocol.
– Each router builds link state database (LSDB).
– Routers advertise link state through LSAs until every
router has topology.
– LSAs are large but sent infrequently (30 minute)
CIT 384: Network Administration
Slide #25
Shortest Path First Algorithm
1. Compute all possible
routes from LSDB.
2. Select route with
lowest sum of costs.
Route
Loc
Cost
R1-R7-R8
Left
200
R1-R5-R6-R8
Mid
100
R1-R2-R3-R4-R8 Right
125
CIT 384: Network Administration
Slide #26
EIGRP Advantages
Loop-free
– No need to workarounds like RIP, IGRP.
Fast convergence
– Much faster than RIP, IGRP.
Incremental update
– Only transfers routing changes.
Uses multicast
– Only EIGRP-enabled devices process updates.
CIT 384: Network Administration
Slide #27
EIGRP Operation
1. Neighbor Discovery
Routers send Hello messages to find neighbors.
2. Topology Exchange
Exchange full topology on discovery.
Exchange partial updates as network changes.
3. Choosing Routes
Choose lowest-metric route from topology.
CIT 384: Network Administration
Slide #28
EIGRP Neighbors
Neighbors are other EIGRP routers that are
– Connected to a common subnet
– Sending EIGRP Hello messages to 224.0.0.10
Setting checks
– EIGRP authentication
– Same configured AS number
– Source IP of Hello must be on same subnet.
CIT 384: Network Administration
Slide #29
Neighbor Example
Router_B#show ip eigrp neighbor
IP-EIGRP neighbors for process 7
H Address Interface Hold Uptime SRTT RTO Q
(sec)
(ms)
Cnt
2 170.170.3.4 Et0 10 00:15:39
12 200 0
1 170.170.3.3 Et0 11 00:15:55
15 200 0
0 170.170.1.1 Se0 14 00:16:27
9
200 0
CIT 384: Network Administration
ASN
Seq
Num
8
18
17
Slide #30
show ip eigrp fields
Field
Address
Description
IP address of EIGRP neighbor
Interface
Hold Time
Interface receiving hello packets on
If no hellos for Hold Time, neighbor will be
declared down.
Uptime
SRTT
Time since router last heard from neighbor
Smooth round trip time (#ms for EIGRP
packet sent + EIGRP ack received)
Time to wait before retransmitting EIGRP pkt
RTO
Q Count
Seq Num
# of EIGRP packets router is waiting to send
Sequence number of last EIGRP packet
CIT 384: Network Administration
Slide #31
Reliable Transport Protocol (RTP)
Provides guaranteed in-order pkt delivery.
CIT 384: Network Administration
Slide #32
Metric
Metric = (107/(Min bw) + total delay)*256
– Minimum bandwidth (kpbs)
– Total Delay (in 10 microsecond units)
Metric can also include
– Load of interface
– Reliability of interface
CIT 384: Network Administration
Slide #33
Metric Calculation Example
Metric = (107/1544 + (10+20000) ) * 256
= 2,172,416
CIT 384: Network Administration
Slide #34
Load Balancing
EIGRP load balances via equal cost routes
– Formula rarely leads to equal cost routes
– Want to balance across nearly equal routes.
Variance
– Multiplier for best metric.
– Nearly equal means metric < best * variance
CIT 384: Network Administration
Slide #35
Variance Example
Example metrics
Path 1: 1000
Path 2: 1000
Path 3: 2100
Path 4: 4500
If variance is 1 (default), balances across
Paths 1 and 2
If variance is 3, router balances across
Paths 1, 2, and 3 since 2100 < 3 * 1000
CIT 384: Network Administration
Slide #36
Distances
Feasible Distance (FD): Metric of the best
route to reach a subnet.
Reported Distance (RD): Metric as calculated
on a neighboring router and learned via an
EIGRP update.
Feasibility Condition: If a neighboring router
advertises a RD less than the FD on the local
router, then the neighbor lies on a loop-free
route to the destination.
CIT 384: Network Administration
Slide #37
Successors
Successor: for each subnet, the route with the
best metric to that subnet.
Feasible Successor: Route with higher
distance than successor to same subnet,
which can be used if successor fails.
CIT 384: Network Administration
Slide #38
Successor Topology
Router_A#show ip eigrp topology
IP-EIGRP Topology Table for process 7
P 170.170.1.0/24, 1 successors, FD is 20256000
via Connected, Serial0
P 170.170.2.0/24, 1 successors, FD is 5025536
via Connected, Serial1
P 170.170.3.0/24, 1 successors, FD is 5281536
via 170.170.2.3 (5281536/281600), Serial1
via 170.170.1.2 (20281600/281600), Serial0
P 170.170.4.0/24, 1 successors, FD is 5307136
via 170.170.2.3 (5307136/307200), Serial1
via 170.170.1.2 (20307200/307200), Serial0
CIT 384: Network Administration
Slide #39
Topology Changes
1. If a router loses its successor, the router
looks at its topology table for feasible
successors.
2. If a feasible successor is available, it is
promoted to a successor and EIGRP
informs neighbors about the change.
3. If there is no feasible successor, EIGRP
uses a distributed algorithm (DUAL) to
find a replacement route.
CIT 384: Network Administration
Slide #40
Diffusing Updated ALgorithm
1. Router queries neighbors for lost route.
2. Neighbors respond by
1. If neighbors have route, send reply with route.
2. If neighbors don’t have route, they send
queries to their neighbors.
3. If neighbors have no neighbors, they send
rpely with metric set to infinity.
3. Querying route waits for all neighbors to
reply, then chooses best metric route.
CIT 384: Network Administration
Slide #41
DUAL Example
1. B sends query,
asking for new
route to A.
2. D searches for
feasible succesors,
and finds C.
CIT 384: Network Administration
Destination
Router
Slide #42
EIGRP Authentication
Ensures routing updates are legitimate.
Configuration MD5 authentication
1. Create authentication key chain
1. Create chain with key chain name
2. Create key numbers with key number
3. Create key values with key-string value
2. Enable EIGRP MD5 auth on interface
ip authentication mode eigrp asn md5
3. Configure key chain for interface
ip authentication key chain eigrp asn chain
CIT 384: Network Administration
Slide #43
EIGRP Authentication Example
key chain carkeys
key 1
key-string fred
accept-lifetime 08:00:00 Jan 11 2005 08:00:00 Feb 11 2005
send-lifetime 08:00:00 Jan 11 2005 08:00:00 Feb 11 2005
key 2
key-string wilma
accept-lifetime 08:00:00 Feb 10 2005 08:00:00 Mar 11 2005
send-lifetime 08:00:00 Feb 10 2005 08:00:00 Mar 11 2005
interface FastEthernet0/0
ip address 172.31.11.1 255.255.255.0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 carkey
CIT 384: Network Administration
Slide #44
Key Points
Distance vector loop problems
– Split horizon
– Poison routes
EIGRP
–
–
–
–
–
Neighbors
Metric combining bandwidth + delay
Feasible and Reported Distance
Successor and Feasible Successor routes
DUAL
CIT 384: Network Administration
Slide #45
References
1.
2.
3.
4.
5.
6.
James Boney, Cisco IOS in a Nutshell, 2nd edition,
O’Reilly, 2005.
Cisco, Cisco Connection Documentation,
http://www.cisco.com/univercd/home/home.htm
Cisco, Internetworking Basics,
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc
/introint.htm
Ravi Mahotra, IP Routing, O’Reilly, 2002.
Wendell Odom, CCNA Official Exam Certification
Library, 3rd edition, Cisco Press, 2007.
Faraz Shamim et. al., Troubleshooting IP Routing
Protocols, Cisco Press, 2002.
CIT 384: Network Administration
Slide #46