University of Milan1 Routing Essentials E. Damiani

University of Milan 1

Routing Essentials

E. Damiani


Common Routing Configuration

Routing and routing protocolsThree common routing configurations

Minimal routingStatic routingDynamic routing

The minimal Routing table:netstat -rn

Routing tablesDestination Gateway Refcnt Interface127.0.0.1 127.0.0.1 1 lo0172.16.12.0 172.16.12.2 26 1e0


Building a static routing table To reach remote hosts, routes through external gateways must be

added to the routing table. For example, on Solaris

#route add 207.25.98.0 172.16.12.1 1#route add 192.0.2.32/27 somegateway

route [-fnvq] add | delete [-net | -host] destination gateway [args]

or route [-fnvq] change | get [-net | -host] destination gateway [args]

destination is the destination host or network gateway is the next-hop intermediary through which packets

should be routed.


Add a default route on peanut through gateway almond# route -n add default 172.16.12.1 1

Try to ping host on other local host connected to pecan,What will happen?

Example


% ping 172.16.1.2

PING 172.16.1.2: 56 data bytes

ICMP Host redirect from gateway almond.nuts.com (172.16.12.1)

to pecan.nuts.com (172.16.12.3) for filbert.nuts.com (172.16.1.2)

64 bytes from filbert.nuts.com (172.16.1.2): icmp_seq=1. time=30. ms

^C

----172.16.1.2 PING Statistics----

1 packets transmitted, 1 packets received, 0% packet loss

round-trip (ms) min/avg/max = 30/30/30

Example 2


Static routing

ICMP redirect works well for some old models with limited routing functions.

To avoid redirect specific routes can installed for each subnet using individual route statement.

# route -n add 172.16.1.0 172.16.12.3 1add net 172.16.1.0: gateway 172.16.12.3# route -n add 172.16.6.0 172.16.12.3 1add net 172.16.6.0: gateway 172.16.12.3# route -n add 172.16.3.0 172.16.12.3 1add net 172.16.3.0: gateway 172.16.12.3# route -n add 172.16.9.0 172.16.12.3 1add net 172.16.9.0: gateway 172.16.12.3


Installing static routes at startup

Add the desired route statements to a startup file.On Solaris, /etc/init.d/inetinit

route -n add default 172.16.12.1 1 > /dev/console route -n add 172.16.1.0 172.16.12.3 1 > /dev/console route -n add 172.16.6.0 172.16.12.3 1 > /dev/console

For Linux, /etc/rc.d/rc.local

Disable the routing protocol if it was setup running.


Interior Routing Protocol

Interior Protocols:The Routing Information Protocol (RIP)Hello Intermediate System to Intermediate System

(IS-IS)Open Shortest Path First (OSPF)

RIPDelivered with many Unix system, Daemon

routedOn Solaris, if more than two interfaces or

/etc/gateways exists, routed will be started.


Base of RIP: Distance Vector Routing

Limited state information. Just the next hop and cost.

A

B

D

G

F

C

H

E

address Next hop

cost

A A 0

B B 1

C C 1

D D 1

E E 2

F D 2

G B 2

H B 3

A address Next hop

cost

A A 1

B B 1

C A 2

D D 0

E B 2

F F 1

G B 2

H B 3

D


Distance Vector Routing – Dynamic Programming

Suppose a new node comes on line.

A

B

D

G

FC

H

E

I

address Next hop

Cost

A ?

B ?

C ?

D ?

E ?

F ?

G ?

H ?

I I 0

I



Suppose a new node comes on line. Suppose I first talks to A.

A

B

D

G

FC

H

E

I

address Next hop

cost

A A 0

B B 1

C C 1

D D 1

E E 2

F D 2

G B 2

H B 3

A address Next hop

cost

A A 1

B A 2

C A 2

D A 2

E A 3

F A 3

G A 2

H A 2

I I 0

I



Suppose a new node comes on line. Suppose I first talks to A. Next I talks to D.

A

B

D

G

FC

H

E

I

address Next hop

cost

A A 1

B A 2

C A 2

D D 1

E A 3

F D 2

G A 2

H A 2

I I 0

Iaddress Next hop

cost

A A 1

B B 1

C A 2

D D 0

E B 2

F F 1

G B 2

H B 3

D


Distance Vector - Algorithm

Start with all destinations with infinite distance, except for the actual node, which is distance 0.

Every 30 seconds (RIP), or when a change occurs in the table, send table to neighbors.

If the distance to a prefix advertised by a neighbor is less plus the distance to the neighbor is less than known distance, reduce distance to prefix and route packets with that destination prefix to that neighbor.


Count to Infinity ProblemA B C D E

initial

1 1 iteration

1 2 2 iterations

1 2 3 3 iterations

1 2 3 4 4 iterations

A B C D E1 2 3 4 initial

3 2 3 4 1 iteration





Approaches to Mitigate Count to Infinity

Why is count to infinity a problem?It generates tons of routing updates – too much trafficThe network should report that a route is unreachable.

One possible answer: Put upper bound an upper bound the the diameter of the network.

But what is the network grows? (as it did).

Techniques

Split horizon. A router does not report a distance to the neighbor it learned the distance from. Split horizon with poison reverse. If A advertises the best cost to E to B, then B advertises a cost of infinity to E back to A.

This only works for loops that involve two nodes. With larger loops, the mitigation is more difficult and these remedies reduce the rate of convergence.

The way to fix it is to use link state routing.


RIP For non-gateway hosts, prevent advertising routes: -q option /etc/gateways

Additional routing information Define an active default route net 0.0.0.0 gateway 172.16.12.1 metric 1 active

Active route Can be updated by RIP Active gateway is expected to supply routing information Active gateway will be removed if it does not provide routing updates for

a while Passive route

Stay as long as system is up Permanent static route Prevent routing protocol from dynamically updating the route to reflect

the changing network conditions.


RIP Shortcomings:

Limited network diameter 15 hops

Slow convergence Classful routing

Improvement: Split horizon

A router does not advertise routes on the link from which those routes were obtained.

Poison reverse Router should advertise an infinite distance for routes on this

link Triggered update In stead of waiting, a triggered update is send

immediately. RIP2 adds network mask and a next-hop address in original

RIP packets.


Open Shortest Path First

Based on link-state: Each routers shares info about its neighbors with the entire network.

OSPF defines a hierarchy of routing area within an autonomous systems Areas Backbone Stub area

OSPF link-state database can be big Dividing the autonomous system into areas improved

efficiency Use designated router

OSPF is used on dedicated routers, e.g. Cisco. Use Zebra on Linux


Link State Routing (IS-IS and OSPF)

Each router learns the entire network. (Compare to distance vector)

If the entire network is known, the shortest cost routing can be computed.

Each router advertises to its neighbors who it is connected to.

Each router floods any advertisement it receives.


Link State Routing

PHASES:HELLO – Determining who the router

is connected to.Reliable Flooding of LSA (link state

advertisement) and keeping/getting up-to-date information.

Calculate shortest path.


HELLO

Periodically, a node sends a HELLO LSP (Link State Packet) to its neighbors.

The neighbor responds with a HELLO reply.

This way the router can determine which router it is connected to.

The default period is 10 – 30sec.


Reliable Flooding

Each LSP containsThe ID of the node that created the LSP.The list of the neighbors directly

connected to that node with the cost of each link.

A sequence numberA time to live

Each LSP reception is ACKed.


Sequence Number The node that generated the LSA increments the

sequence number for each LSA it sends out. The sequence number is 32 bits long, so wrap around

is not possible. When router receives an LSA, it checks if the seq num

of the received LSA is larger than the LSA in memory. If the LSA has a larger seq. num, it is stored, the old

one discarded and the new LSA is flooded to all neighbors, except the one that sent it.

If the LSA has a smaller or equal seq. no, it is discarded.



Time to Live (TTL)

Each second a LSA sits in memory, its TTL is decremented.

Each time the LSA is transmitted, its TTL is decremented.

When the TTL reaches zero, the LSA is discarded and the router floods the LSA with TTL=0 to tell other routers to delete this information.


OSPF Header

version type length

Source address

Area ID

Checksum Authentication type

Authentication

Type:1=hello2=database description3=link status request4=link state update5=link state ack

Which area the packet originated

Address of the sender


OSPF LSA

LS Age Options Type=1

Link State ID

Advertising Router

Seq. No

Checksum Length

Number of Links

Link ID

Link Data

MetricLink Type Num TOS

Optional TOS

More Links

Like TTL

The same


Managing Rebooting

When a node reboots, it doesn’t know its seq. no. It floods its link state with seq. no. 0. It sends a Link State Request to its neighborsThe neighbors respond with the most up to

date LSA they have. These LSA may contain the LSA of the before it crashed. In this case, the node updates its seq. no.

Remember that every time a router gets a new info, it floods the information.




Security Issues

An attacker could send fake LSAs.Must filter out LSA from any other

source but the neighbor and use authentication.

If a router is compromised, it could advertise a low cost to all nodes. Then all nodes will send packets to this node and the network would stop working.


metrics ARPANET – the link cost included the size of the queue (a

measure of congestion). This does not work..

Static cost – just use delay (Juniper seems to do this) Dynamic cost – must make sure that link costs do not vary

too much. The cost can is restricted to only change slowly over time. The cost between links cannot vary much. There cannot be

more than a factor of 7 difference between the most and least expensive link.

The cost of a link can only vary by a factor of 3. Cost only depends on utilization at moderate or high loads. Only send updates when the cost crosses a threshold. Is this stable?


TOS – Type of Service

A data packet can identify the type of service it wants.

The router can provide different routing according to the TOS.

To support this, OSPF allows the link cost to depend on the TOS.

This is not widely deployed.


Exterior routing protocols

Exchange routing information between autonomous systems Reachability information

Exterior Gateway Protocol (EGP) Acquiring a neighbor: Establish dialog between two EGP

gateways using hello and I-heard-you. Requesting routing information called poll Sending a packet of reachability called update EGP Does not attempt to choose the best route In the old time core gateways were expected to have the

information necessary to choose the best external routes.


Exterior Routing Protocols

Border Gateway Protocol (BGP) Support policy-based routing

No-technical reasons to make routing decisions. Political, organizational, or security

Routing policies are not part of the BGP protocol. Policies are provided externally as configuration information.

Routing Arbiters (RAs) at the NAP can be queries for routing policy information.

Bilateral agreements on private policy between ISPs How BGP uses policy?

Control the routes it announces to others Control the routes it accept form others


BGP

BGP is implemented on TCP, port 179BGP is a path-vector protocol.

Entire end-to-end path of a route in the form of a sequence of autonomous system numbers.

Eliminate the possibility of routing loops and count-to-infinity problems.

Most systems never run exterior protocols Only on gateways that connect AS to

another AS.


Choosing a routing protocol

Local area networks, RIP is the choiceLarger networks, OSPF is the choiceExterior routing protocol, BGP or what the

other part is running.Equipment affects the choices:

Routers support a wide rangeMost Unix systems are delivered with only RIP.Daemon gated give the options of using Unix

System as a router.


Gateway Routing Daemon

Combines several different routing protocols in a single software package.System can run more than one routing

protocol.Routers learned from interior protocol can be

announced via exterior routing protocol.Routing policy can be implementedAll protocols are configured from a single file

( /etc/gated.conf)Constantly upgraded


Gated’s preference value

Routing implementation has two sides: External: exchange routing info Internal: update routing table

Gated can pick the best route from multiple protocols. Metric may be different: hop account, delay, … Gated’s own value: preference

Route Type Default Preferencedirect route 0OSPF 10Internally generated default 20ICMP redirect 30static route 60Hello protocol 90RIP 100OSPF ASE routes 150BGP 170EGP 200


Configuring gated

Available at http://www.gated.org /etc/gated.conf

Multiple protocols are configured in the same file. Sections:

Option statement Interface statement Definition statement Unicast statement Multicast protocol statement Static statements Control statement Aggregate statement

http://www.gated.org/


A host configuration

# enable rip, don't broadcast updates,# listen for RIP-2 updates on the multicast address,# check that the updates are authentic.#rip yes { nobroadcast ; interface 172.16.9.23 version 2 multicast authentication simple "REALstuff" ;

} ;


Interior Gateway configurations

# Don't time-out subnet 9interfaces { interface 172.16.9.1 passive ;} ;# Define the OSPF router idrouterid 172.16.1.9 ;# Enable RIP-2; announce OSPF routes to# subnet 9 with a cost of 5.rip yes { broadcast ; defaultmetric 5 ; interface 172.16.9.1 version 2 multicast authentication simple "REALstuff" ;} ;


Interior Gateway configurations (cont)

# Enable OSPF; subnet 1 is the backbone area;# use password authentication.ospf yes { backbone { authtype simple ; interface 172.16.1.9 { priority 5 ; authkey "It'sREAL" ; } ; } ;} ;


Exterior Gateway Configuration

# Defines the OSPF router idrouterid 172.16.1.1;

# Disable RIPrip no;

# Enable BGPbgp yes { preference 50 ; group type external peeras 164 { peer 10.6.0.103 ; peer 10.20.0.72 ; };};

# Enable OSPF; subnet 1 is the backbone area;# use password authentication.ospf yes { backbone { authtype simple ; interface 172.16.1.1 { priority 10 ; authkey "It'sREAL" ; } ; } ;};


Exterior Gateway Configuration (cont)

# Announce routes learned from OSPF and route# to directly connected network via BGP to AS 164export proto bgp as 164 { proto direct ; proto ospf ;};

# Announce routes learned via BGP from # AS number 164 to our OSPF area.export proto ospfase type 2 { proto bgp as 164 { all ; };};

Documents

University of Milan1 Routing Essentials E. Damiani