8 Routing

Thursday,May4,2017 1:11PM

1. IntroducingRouters
WhatifIwanttoconnecttwonetworks(withtheirownNetworkIDs)?

WeneedtouseaRouter!

ArouterisaboxthatconnectsNetworkIDs.
RoutersfilterandforwardbasedonIPaddress.
(remember:switchesfilterandforwardbasedonMACaddress)

Mostrouterstodayhavebuiltinswitches,WAPs,etc.inthem.

Network+ Page 1
HereisaCisco2811Router(onlyarouter,nothingelse):

ExampleofhowtointerconnecttwoNetworks:

Runacablefromtheswitchonthe192.168.15/24networktotherouterandrunanothercable
fromtheswitchonthe232.25.201/24network.

EveryrouterhassomewayforyoutogivetheseportsanIPaddress:

Network+ Page 2
Onahomerouteritmaylooksomethinglikethis:

Onamoreadvancedrouteritmaylooksomethinglikethis:

Network+ Page 3
Herecomesapacketheadingto192.168.15.30from232.25.201.191:

Routersdon'tcareaboutethernetsothatinfoisstrippedawayfromthepacket.
Routersalsodon'tcareaboutwhatportanythingcomesin.Itjustseesthefirstinfothatcomes
in(192.168.15.30)andcomparesittoitsroutingtable:

Routersusethe".0"(asin192.168.15.0)toknowthatitisacertainnetworkwithasubnetof
255.255.255.0

Agatewayof0.0.0.0meanstherouterisdirectlyconnectedtothisnetwork.Senditouton
interfacewhateveritmightbe.

Mostrouters'routingtablesaregeneratedautomatically.

Weneedsomewayforaroutertoconnecttomorethanjust2networkIDsintheuniverse to

Network+ Page 4
connect"upstream"intothecloudifnecessary.Theinternetiscomposedtothousandsof
networkIDs.Todothis,everyrouterhasa"defaultroute"builtin.

NetworkisconnectedtoanISP'supstreamrouter

ISPIPaddressis232.25.201.11
OthercustomersoftheISPare.2,.3,.100,etc

Howdoweknowthattheupstreamrouter'sIPaddressis232.25.201.11?

Network+ Page 5
Almosteveryrouterinexistencehassomewayforyoutogoinandquerywhatit'supstream
router/defaultgateway is.

Thedefaultroutemeansifitdoesn'tmeetanyothercriteria,alwayssendithere:

Defaultroutesarereallyobvious.It'salwaysgoingtostartwithanaddressof0.0.0.0andsubnet
0.0.0.0

DefaultRoute:
Address:0.0.0.0
Subnet:0.0.0.0
Gateway:232.25.201.11(IPaddressoftheISP)

Routingtable:

Therearetworoutesthatgo232.25.201.1:

1. IfIgetapacketthatneedstogoto232.25.201.66,what'sgoingtohappenistherouter

Network+ Page 6
 willlookatit'sroutingtable.BecauseitseesthattheGatewayisall0s,thattellstherouter
itisdirectlyconnectedto232.25.201.66.Soyourrouterknows becausethegatewayis
0s thatitcanARPthatsystem.ItwillARPthedeviceforitsMACaddress.Yourrouter
knowsiftheGatewayis0.0.0.0itcanARPthesystemyouaretryingtocommunicatewith.
SoitARPsthesystemtoaskforitsMACaddress.TheroutercanthenputontheEthernet
informationandshootitout232.25.201.1andthatcomputergetsthepacket.

2. Let'ssayyourroutergetsapacketfor3.4.5.6.Theonlyroutethatisgoingtoworkinthis
caseisthedefaultroute.Yes,itwillsendthepacketouton232.25.201.1butitwillARP
theGateway.ItwillARP232.25.201.11(causethat'swhatintheroutingtable)andask
whatit'sMACaddressis.Thatupstreamrouter'sgoingtorespond,sendhimhisMAC
address.Nowitknowshowtosenditanditshootsituptotherouter.

Ingeneral,theonlythingroutersdoisreadthedestinationIPaddressandthenchangetheMAC
addressdependingonwheretheywanttosenditto.

Homeroutersoftenonlyhave2connections:onetoyourLANandonetoyourISP.ALAN
addressandaWANaddress.It'sactingjustlikeagatewaytotheinternet.Wetendtocallthese
routersGatewayRouters,buttheycandoalotmore.

Mike'sworkRouterhasthreeconnections:onetohisLANandoneconnectiontoacableISP,
oneconnectiontoaDSLISPincasehisinternetgoesdown(asabackup!).Thisiswhererouters
reallygetpowerful!

LAN:192.168.15/24
CableISP:232.25.201/24
DSLISP:75.29.6/24

Needtogivethethirdinterface(DSLISP)anIPaddress.Here'showeverythingisconnectedto
therouter:

Network+ Page 7
75.29.6.144isconnectedupstreamto75.29.6.1

Howthisworksonourrouter:
1. Addthisthirdconnection:75.29.6.144.Onmoreadvancedrouters,it'sreallyeasytobuy
anextraEthernetconnectionandjustscrewitin.

2.

3. HowdoIknowwhichofthetwodefaultroutestouse?:
a. Gateway:232.25.201.11
b. Gateway:75.29.6.1
TheMetric.Isadefaultvaluethatgivesyourrouterandideaifithasmorethanonechoice
todosomething,whichwaydoesitgo?

Network+ Page 8
 NoticeintheroutingtablebelowhegavetheCableconnectionalowermetricvalue(10)
thantheDSLconnection(11).ThatishowtherouterknowstousetheCableconnection
first,overtheDSLconnection,second.Itwillswitchovertothesecondarydefaultrouteif
theprimarydefaultroutegoesdown.

4.

Routersdon'tcarewhereapacketcamefrom onlywhereit'sgoing.
RoutersarenottiedtoEthernet.ItcanhaveaDSLconnection,opticalconnection,etc.Itdoesn't
care.RoutersonlycareabouttheIPpacket.AndinmostcasestheIPpacketneverchanged.

What'sthedifferencebetweenaDefaultRouteandDefaultGateway?

DefaultRoute:definesthe packet forwardingruletousewhennospecificroutecanbe

determinedforagiven IPdestinationaddress.Allpacketsfordestinationsnot
establishedinthe routingtable aresentviathedefaultroute.
ThedefaultrouteinIPv4is0.0.0.0(subnetmask/0)
ThedefaultrouteinIPv6is::/0
Administratorsgenerallypointthedefaultrouteforagivenhosttowardstherouter
thathasaconnectiontoa networkserviceprovider.Therefore,packetswith
destinationsoutsidetheorganization's localareanetwork,typicallydestinationson
the Internet ora wideareanetwork,areforwardedtotherouterwiththeconnection
tothatprovider.
Thedefaultroutegenerallypointstoanotherrouter,whichtreatsthepacketthe
sameway:ifaroutematches,thepacketisforwardedaccordingly,otherwisethe
packetisforwardedtothedefaultrouteofthatrouter. Theprocessrepeatsuntila
packetisdeliveredtothedestination.Eachroutertraversalcountsasonehopinthe
distancecalculationforthetransmissionpath.

DefaultGateway:isthe node thatisassumedtoknowhowtoforwardpacketsonto

othernetworks.Typically,ina TCP/IP network,nodessuchasservers,workstationsand
networkdeviceseachhaveadefined defaultroute setting,(pointingtothedefault
gateway),definingwheretosendpacketsforIPaddressesforwhichtheycandetermine
nospecificroute.Thegatewayisbydefinitiona router.

From<https://en.wikipedia.org/wiki/Default_gateway>

SingleRouterexample:

Network+ Page 9
 ThefollowingareIPaddressesthatmightbeusedwithanofficenetworkthatconsistsofsix
hostsplusarouter.Thesixhostsaddressesare:

192.168.4.3
192.168.4.4
192.168.4.5
192.168.4.6
192.168.4.7
192.168.4.8

Therouterinsideaddressis:
192.168.4.1

Thenetworkhasa subnetmask of:

255.255.255.0(/24in CIDR notation)

Theaddressrangeassignabletohostsisfrom192.168.4.1to192.168.4.254.TCP/IPdefinesthe
addresses192.168.4.0and192.168.4.255forspecialfunctions.

Theoffice'shostssendpacketstoaddresseswithinthisrangedirectly,byresolvingthe
destinationIPaddressintoa MACaddress withthe AddressResolutionProtocol (ARP)
sequenceandthenencapsulatestheIPpacketintoaMACframeaddressedtothedestination
host.

Apacketaddressedoutsideofthisrange,forthisexample,addressedto192.168.12.3,cannot
traveldirectlytothedestination.Insteaditmustbesenttothedefaultgatewayforfurther
routingtotheirultimatedestination.Inthisexample,thedefaultgatewayusestheIPaddress
192.168.4.1,whichisresolvedintoaMACaddresswithARPintheusualway.Thedestination
IPaddressremains192.168.12.3,butthenexthopphysicaladdressisthatofthegateway,
ratherthanoftheultimatedestination.

From<https://en.wikipedia.org/wiki/Default_gateway>

2. UnderstandingPorts

Network+ Page 10
MikeisaWindowscomputerontheinternet:

Hisuserisopeningupawebbrowserandwantstoopenawebpage.TheIPaddressforthe
webpageis144.22.17.191.

ThePC'sjobistotakethatrequestandcreateapacketsotheusercangettheinformationthat
he/sheisaskingfor.

Packet:

Network+ Page 11
Data Sequencing# SourcePort DestinationPort SourceIP DestinationIP
3218 80 32.44.17.231 144.22.17.191

We'retryingtogetawebpage.SoourwebclientknowstoputPort80asthedestinationport.

WellKnownPortshavefixedapplicationsandareprettymuchlockedinstone.

SourcePortnumberisgeneratedbythecomputeritself.CalledanEphemeralport.Itis
incrementallygeneratedandhastobeanumberwellpast1024.DependingonwhatOS,this
valuecouldbeupto65k.

Theimportantthingtonoteisthatthewebclient generatestheSOURCEPORT,andtheweb
server generatestheDESTINATIONPORT.

ThepacketgoestolowerlevelsoftheOSandthentothewebserver.

Thewebserver'sjobistolistenforincomingrequestsofwebpagesandtoprocessthem.

WebservergettingarequestfromlowerlayersoftheOSIandTCP/IPmodel:

Network+ Page 12
Hesendsthedataandsequencingnumberuptothewebserveritself:

He'llusethesequencingnumbertokeeptrackoftheindividualpieces.

Nowheneedstoreassemblethepacketsoitcangetbacktothecustomer.Todothis,hepretty
muchjustreversedeverything.

ThenhesendsitofftothelowerlayersoftheOSIandTCP/IPmodel.

Thewebclientgetsthepacketback.

Network+ Page 13
Youcanseethattheportnumbersarereversed.

3. NetworkAddressTranslation

Network+ Page 14
Whatatypicalsmallnetworkattachedtotheinternetlookslike:

Triangle=router

AlldevicesthatgetontheinternetmuchhavealegitimateIPaddress.

Inthe1990stheyrealizedwewerestartingtorunoutofIPaddresses.Sotheycameupwith
somethingcalledNAT.

EverySOHOrouterhasNATbuiltin.You'dbehardpressedtofindonethatdoesn'thaveit
turnedon.

PretendthatoneofthesecomputerswantstogettoGoogle.Here'sthepacket:

Data InternalIPaddresstomydevice IPaddresstoGoogle

NOTE:PrivateIPaddressesarenevertobeputoutontheinternet!!!

TheNAT'edrouterlooksattheinternalIPaddressandautomaticallyplugsinHIS(therouter's)IP
addressontheWANside:

(seehowthegreenblockwaschangedoutwiththeblueblock?)

Therouterputstheinfointoatablesoitknowswhotosendtheinfobacktowheninfocomes

Network+ Page 15
backforthedevicethatsentitout.

NATallowsustohavelotsofdevicesontheinternetwithouthavingtouselegitimateIP
addresses.

"RegularNAT"=PortAddressTranslation(PAT).TranslatesinternalIPaddressestoaninternet
addressandtracksthepackets.

OneofthebigdownsidesofNATisthatsomebodyhastostartaconversationsotherouter
knowswhotosenditbackto.That'sfinefornormalcomputers,butwhatifoneofthedevicesis
awebserverorsomethinglikethat?

Answer:WeusedifferentversionsofNAT:

Network+ Page 16
StaticNAT(SNAT):SendsspecifictraffictooneinternalIPaddress.Forexample:Iamgoingto
assignoneIPaddress.SoanyonewhocomesinoneaparticularIPaddressisalwayssenttothis
particularguy.AKA:Portforwarding.AllincomingIPaddressforaparticularIParealwayssent
toaparticulardevice.

Anotherwaytodoit(althoughthisislesscommon):

DynamicNAT(DNAT):alsocalled"PooledNAT."Hasalimitedpoolofinternetaddressestogive
toanumberofinternaldevices.Forexample:Ihave4devicesthatmayormaynotwanttoget
outtotheinternet.IgettwoIPaddressesfortherouter.SothedevicessharethoseIPaddresses

Network+ Page 17
togetouttotheinternet.TheproblemwithDNATisyouhaveafixednumberofIPaddresses,so
ifathirddevicewantstogettotheinternetitcan't.

4. ImplementingNAT
HowNATcanbeimplementedinahomerouterscenario:

NOTE:
VirtuallyallhomeroutershaveNATturnedonbydefault.
EnterprisegraderoutersalmostneverhaveNATturnedon.

Example1:
StartingwithaLinksysE2500routerthathasNATturnedon.Wewillturnitoffandthenback
on.

InternetSetup:
InternetIPAddress:161.16.5.13(WANaddressthatcamefromhisISP)

Network+ Page 18
NetworkSetup:
IPAddress:192.168.13.1(LANsideofthings)
DHCPServer:Enabled
StartIPAddress:192.168.13.100(incrementingupfromtheretoalltheclientsontheLANside)

TurningNAToffisdifferentforeveryrouter.Forthisone,yougotoAdvancedRouting>NAT.On
otherroutersitmaysay"Gateway"enabledordisabled.

HeclickedonNAT>Disabled>SaveSettings

5. PortForwarding
SOHOroutersonlyletyougettotheWANaddressoftherouter.TheIPaddressprovidedbythe
ISP.

Network+ Page 19
YoucangiveabunchofdevicesonyournetworkpublicIPaddressestheoldfashionedway
(EXPENSIVE):
1. CallyourISPandgetpublicIPaddressesforeachofyourdevicesyouwantthemfor
2. TurnNAToffonyourrouter.SetitfromGatewaytoRouter.
3. Configureeverythingproperly.

IfyouwantaccesstooneormoredevicesontheLANsideofyourNATtednetwork.Todothat,
weusePortForwarding.

ThiswebcamhasaprivateIPaddressof192.168.15.204.ButIcan'tgettothisfromtheinternet.
Iwanttowatchmypets(orsomethingsimilar).Youneedtotakeadvantageofportforwarding
togettoit.Toaccessthiscamerawithinthesamenetwork,it'sveryeasy:Ijustopenaweb
browser,typeinitsIPaddress,andIcanseewhateverisonthecamera.Hewantstobeableto
dothisfromoutsidehishousethough.

Network+ Page 20
Thebluecable:webcamispluggedintohisrouter.
Theredcable:laptopisalsopluggedintohisrouter.Hecanconfigureitfromthis.
Thegreycable:ispluggedintohiscablemodem(soitisconnectedtotheinternet).

Network+ Page 21
Tosetthisupwithportforwardingsohecanaccessthecamerafromanywhereontheinternet:
Allroutersaredifferent,buthereishowhisworks
1. Opensabrowserandgoestohisrouter'sIPaddress
2. GoestoNAT/QoStab>PortForwarding
3. Addsaportforward:
a. Application:Camera(cangiveitanynameyouwant)
b. Protocol:Both(canbeTCPorUDPorboth.Youhavetoknowwhattheprotocolis.
ThisisawebserverwhichusesHTTP,whichisaTCPprotocol.Whenindoubtuse
Both)
c. SourceNet:[leftblank](isthereaparticularIPaddress/networkIamallowedto
allowportforwarding?Ifyouputnothinginthere,itmeansanybodycanmakethis
request)
d. PortFrom:80
e. IPAddress:192.168.15.104(internalIPaddressofthecamera.Gotthiswhenhe
configuredthecamera)
f. Portto:80(Portnumberthatthecamerauses)

HedisconnectshislaptopfromtheLAN.Hetethersittohisphone(cell)network.
HeneedsthepublicWANaddressforhisLANnetwork.Thiscanbefoundinthe
Administrationpage(orsomethingsimilar)ofhisrouter.ItgivesthePublicIPAddress.

Tocheckthatheisontheinternet,andnotusingcacheddata,hegooglescheese

TheWANsideofhisrouter(PublicIP)is202.13.212.101 hetypesthisinhisbrowser
HeisineffectsendingaPort80requesttohisrouter,andPortForwardingsaysthatany

Network+ Page 22
Port80requestsgotohiscamera:

Theproblemwehavenowisanyonewhoaccesseshisrouterusingawebbrowserisgoing
togettohiscamera.Hiscameradoeshaveausernameandpassword,sothatishelpful,
buthecanmakethingsalittlebittrickier.

Heplugsintohisrouter,goesintotheconfigurationpage,

Bydefault,allwebclientswillrequestonPort80.

HechangedittoPortfrom12001(anonstandardvalue).Anythingfrom12001willbe
sentto192.168.15.104andbechangedtoPort80.

Totestthis,heopensawebbrowserwhileusinghisiPhone'shotspotinternetandtriesto
gotothePublicIPaddress.

Network+ Page 23
Itdoesn'tworkbecauseincomingPort80isblocked.

Headds:12001

This,ineffect,tellsthewebclienttosendoutawebrequestonport12001(notport80)

Tada!Theloginforthewebcam

Network+ Page 24
 6. DMZ,PortRangeForwarding,andPortTriggering
Inthisepisode,Mikeexplainstheneedforwaystoconfigurearouter,includingDMZ,portrange
forwarding,andporttriggering.

From<https://hub.totalsem.com/content/2257#path=2257,2422,2428>

Counterstrikeusesanumberofports.Friendsneedtobeabletoaccesshisserver.1200,3478,
4379,4380,needs27,00027,050.

PortRangeForwarding

DMZ=DemilitarizedZone

IfIsetupaDMZ,IamexposingoneparticularcomputertotheInternet.Anythingcomingin
fromtheInternetisgoingtoberedirectedtothisoneparticularmachine.

Network+ Page 25
AnythingcominginthroughtheinternetgoesthroughtheDMZ.

DonotdoDMZ!!!Justknowwhatitisfortheexam.

Instead,let'susePortRangeForwarding.Youcandoindividualportsorarange.

HeputsintheIPaddressofhisCounterStrikeserveronPort1200:

Healsoputsintherange27000 27050

ChecktheEnableboxes.

Portrangeforwardingletsyouopenawholerangeofportsinsteadofaddingthemoneata
time.

FTPisanoldfashionedwaytotransferfilesfromonecomputertoanotherovertheinternet.
TheproblemwithFTPisthatifmycomputerwantstoaccessanFTPserver,itwillsendouta
requestonPort21,buttheFTPserverwillreportbackonPort20.That'sabigproblemforyour
routerbecauseyourrouterisreadytohearstuffcomingbackfromPort21.Soweneedtotell
therouter,"IfI'msendingstuffoverport21,bereadytolistenbackonport20aswellasport
21."That'swhatwecallPortTriggering.Thisrouterdoesthat,too.

Example:Ifanybodyonournetworkissendingoutinfoonport21,therouterwillneedto
respondtoanythingcominginfromport20ontheinternet.

Network+ Page 26
Makesureyouunderstandthedifferencebetweenporttriggeringandportrangeforwardingas
wellasDMZ.

7. TourofaSOHORouter

Network+ Page 27
Inthisepisode,MikewalksyouthroughsettingupaSOHOrouter.He'slikeatalkinguser's
manual!

From<https://hub.totalsem.com/content/2257#path=2257,2422,2429>

Documentationthatcomeswiththeroutercontains:
DefaultIPAddressfortheRouter(on90%ofthemitis192.168.0.1or192.168.1.1)
Defaultusernameandpasswordtologintotherouter

Alsocomeswithinstallationmedia.Inmostcasesyoudon'tneedit.Youcanusuallyjustdothe
samethingbyloggingintoawebbrowserandgoingtothedefaultIPaddressoftherouter.

Ifyouforgetit,youcangooglethedefaultusernameandpasswordfortherouter.

Inordertostartconfiguringit,plugacomputerintooneoftheLANsideports.

AssumingtherouterispassingoutDHCP(whichitusuallyis),you'llgetanIPaddress.
RunipconfigandyoucanseewhatyourIPaddressis.Hisis192.168.15.103andhisdefault
gatewayis192.168.15.1

Here'swhatitlookslike.ThisisaCiscoLinksysE2500Routerbutitisusingathirdpartyfirmware
calledDDWRT.Helikestousethisbecauseitgiveshimafewmorefeatures,butitisalittle
risky/alittleunstable.

Network+ Page 28
ThisrouterisalsoaWAPbuthehasthatturnedoffrightnow.

TheyallhavesomekindofBasicsetup:

Network+ Page 29
WANconnection:DHCP(arouterdoesnotneedallstaticIPaddresses.Littlegatewayrouterson
theWANsideareinvariablyDHCP)

Here'shisWANIPaddress,givenbyDHCP

YoucanchangeittoStaticIPAddressconnectiontypeifyouwant,andenterinalltheinfo:

HechangedtheLocalIPaddressto192.168.15.1becausepeopleknowthatthedefaultisusually

Network+ Page 30
192.168.1.1or192.168.0.1.Oneofthewaysthatrouterscanbehackedisifsomeoneknows
whatourinternalnetworkIDis.

There'sawaytoturnon/offaDHCPserver:

YoucansetupMACaddressclone.Particularlygoodforcablemodemsbecausethemomentyou
plugyourcomputerintoacablemodemitmemorizesyourMACaddress.Soifyouplugit,
unplugit,thenpluginarouter,itcancauseallsortsofproblems.Thecablecompanycanresetit
foryou.ButyoucanavoidthehasslebygettingtheMACaddressofyourPCandtypingitin
here.

Network+ Page 31
Wirelessaccesscanbesetup:

YoucanturnonthingslikeSSHandTelnetwiththismoreadvancedrouterinterface(butyou
can'twiththeLinksysrouterinterface):

MakesureyousetyourownusernameandpasswordupforAdministration!!ItisCRITICALthe
minuteyougetarouterunderyourcontroltochangetheusernameandpasswordtosomething
differentthaneverybodyknows.

Canyouconfigureyourrouter'swebinterfaceremotely?Yes,technicallyyoucanconfigureyour
router'sinterfaceremotely.Butdon'tdothisunlessyouabsolutelyhaveto!Inotherwords,do
NOT enablethewebGUIport!!!Thisallowspeopletoaccessthisinterfacefromthepublic

Network+ Page 32
internet.You'llbeaskingforalotoftrouble!!!!

Stoppedat8:26

Whenyouturnthisfirewallon,it'sgoingtoblockanykindofincomingconnectionthatwasn't
startedbysomebodyinsideyournetwork.

YoucanalsodoAccessControlLists.Thesecansetupthingslike,"Iwanttopreventcomputers
fromaccessingtheinternetoncertaindays/times,Iwantcertainapplicationstobeblocked,I
wantcertainwebpagestobeblocked,Iwantcertainkeywordstobeblockednomatterwhat
typeofapplicationitis."Thisvariesalotfromroutertorouter.

Network+ Page 33
Somewhereonherethereisgoingtobeafirmwareupgradecapability.

Toupgradeyourfirmware,youdownloadafilefromtheroutercompanyorathirdparty.You
chooseafileandthenyougoaheadandloadit.
*IFYOUFAILONTHIS,YOUWILLTURNYOURROUTERINTOANASHTRAY.
*WEUPGRADEOURROUTERS(FIRMWARE)BECAUSETHEREISACOMPELLINGREASONTODO
IT,NOTJUSTBECAUSE.

Therearetimeswhenyou'regoingtomessup.Inthiscase,youneedtodoahardreset.

Todoahardreset:

1. Unplugallthecablesoutoftherouter:

Network+ Page 34
2. Dothe30/30/30Rule:
a. Hittheresetbuttonontherouterfor30seconds.
b. Withoutlettinggooftheresetbutton,unplugtherouter.

c. Leaveitunpluggedforanother30seconds.
d. Thenwithoutlettinggooftheresetbutton,plugitbackin.
e. Holdtheresetbuttonforanother30seconds.

Network+ Page 35
 Why? Thereasonweusethe30/30/30rule isbecausetherearefewdifferentways
tohardresetarouter,andthe30/30/30rulecoversallofthem.
Allofyourconfigurationsaresetbacktotheiroriginaldefaults(i.e.therouter'sIP
addressgoesbackto192.168.1.1orwhateveritis,yourusernameandpasswordare
goingtoreturntothefactorydefaults).Ahardresetisalittlebitpainfulbecauseit
meansyouhavetoreconfigureeverythingonemoretimeagain.However,italways
worksandisgoodifyou'vemadeanyscrewups.

8. IntroductiontoRoutingProtocols
Mikeintroducesyoutoroutingconceptssuchasmetricsandlatency.Theepisodealsodiscusses
typesofroutingprotocols,suchasdistancevectorandlinkstate.

From<https://hub.totalsem.com/content/2257#path=2257,2422,2430>

Network+ Page 36
Theinternetisalotofrouterscarryingalotofdataforawholebunchofcomputers.

Theproblemis,routersgodown.Interconnectionsbetweenroutersgoupinflames.Lightening
strikeshitpolesandtakedownthepower.

Wedon'thaveconvergence,whereeverybodyknowswhereeverybodyisandeverythingis
working.Soit'sadynamicprocess,andthatbecomesabitofaproblem.

Theotherfunctionofroutersistobeabletohandledynamicproblemswithroutesandtore
routetrafficontheflysoitcangettothecustomersthatneedit.

Interconnectedrouters:

RatherthanStaticRouting,weuseDynamicRouting whichputssome"smarts"intotherouters
sotheycanliterallyrewritetheirownroutingtablesontheflytoadjustforchanges,andto
bringalltheroutersbackintoaworldofconvergence.

Howcanwehaverouterstalktoeachothertoactuallygetworkdone?Routersusemetrics(in
theroutingtable).Themetricvalueisusedifwehavemorethanoneroutetogettoaparticular
NetworkID.Themetricvaluethat'sthesmallestvaluewillbeusedtosendthedatathat
direction.

Themetricvalueletsarouterchoosewhichpathitwouldprefertousetogettoaparticular
place.

Network+ Page 37
Metricsaredeterminedby:

1. HopCount
Intheearlydays,themetricwasbasedontheHopCount (thenumberofroutersittakes
togettoaparticularnetworkID).Forexample,ifonehadahopcountof2andtheother
hadahopcountof7youwouldgowiththeonewhowas2.

2. MaximumTransmissionUnit(MTU):Inaparticularframe,howmuchdataitcanhaul.
Forexample,EthernethasadefaultMTUof1,500bytes.Theinternetcontainsthingslike
cablemodemsrunningDOSIS,DSL,SONET,ATM,etc.allofthesearelayer1and2
protocolsthathaulthingsindifferentways.IfyoutakeEthernetframestoasmallertype
ofnetworkprotocol,theyhavetobechoppedup.Thismightmakefor2x,5x,10xasmuch
traffic!SoMTUcanbeabigissue.

1. Bandwidth:56klineand10GBline10GBisfaster/better!

5. Cost:Iwanttousethelinethatislessexpensive.

6. Latency:HowlongdoesittakethisparticularroutetoreacttowhateverIhavetodo.For
example,aSatellitelinkhasahighlatency.

Themetricvalueisanarbitraryvalueanddifferentdynamicroutingprotocolsuseitindifferent
waystogetwherevertheywanttogowithit.

HowamIgoingtogetinformationbetweenrouters?That'swhereyougetthebigseparation
betweendynamicroutingprotocols.Theycanbeputinbasically2groups:DistanceVectorand
LinkState

Network+ Page 38
 1. DistanceVector:isthegranddaddyofprotocols.NameslikeRIP.Sendsentirerouting
tablestoallofitsneighbors(alloftheonesthatareconnectedinthephotobelow).They
compareittotheirownroutingtablesanddeterminethebestroutetouse.

Problemswithdistancevector:
Leansheavilyontheconceptofhopcount.
Sendsthingsatagiveninterval(soifoneguygoesdownyouhavetowait5minor
whatevertogetbackinconvergence)

2. LinkState:moremodern.ALinkStatedynamicprotocolrouterwillsend"hello"orlink
stateadvertisements.Likeaping,justtomakesuretheotherrouteristhere.Ifthey
detectdifferences,theywillthenadvertisethatsomethinghaschangedintermsofhow
they'reconnected."Hey,I'veupdatedmyroutingtable,areyouinterested?"Itdoesn't
updateentireroutingtables,justpartsatatime.Theyletpeopleknowwhenthingshave
changed.Alltakingplaceonthefly.Getsbackintoconvergencemuchfasterthandistance
vector.

Network+ Page 39
Alldynamicroutingprotocolscanbebrokenupintooneoftwogroups:
InteriorGatewayProtocol(IGP)andExteriorGatewayProtocol(EGP)

EGPistheideathatifIamanISPIcontrolalotofrouters.Wecallthisgroupinganautonomous
system:oneorganizationthathascontroloftheirownparticularrouters.Anytimeyouwantto
communicateoutsideofthisautonomoussystem,youuseanEGP.Otherwiseyou'reusingan
IGP.

ThereisonlyoneEGP:BorderGatewayProtocol(BGP).IfyouareoneISPandyouwanttotalkto
anotherISPyouwilluseBGPbecausethat'stheonlyprotocolthereis.Youhaveanautonomous
systemnumberandyouusethatinyourrouters.Whenyousenddatafromyourroutersto
otherrouters,you'rereallynotevenusingIPaddresses.You'reusingtheseASnumberstosend
datafromonetotheother.

Network+ Page 40
 9. RIP
RoutingInformationProtocol=RIP.
- Oneoftheolderdynamicroutingprotocolsaround.
- Usedinsmallnetworks/onesthatdon'tchangeveryoften.
- Interiorgatewayprotocol(you'renotgoingtouseittoconnectautonomoussystems).
- Distancevectorprotocol

RIPv1

Example:
3routers:X,Y,Z
3networks:A,B,C

Astheseroutersconnect(inorderforRIPtowork,theyneedtobeconfiguredforRIP/beRIP
capable)eachoneoftheseroutershasoneroutebuiltintoit(YhasaroutetoB,Xhasaroute
toA,ZhasaroutetoC)
Overagivenfixedintervaltheywillbegintospeak.
RouterZknowshowtogettonetworkC.RouterZisgoingtosendthisconnectiontotheother
routers.Inturntheotherroutersaregoingtosendtheirconnectionstotheotherrouters.
Inthefirstsequence,RouterZgets3routesbuiltin(togettonetworksA,B,C)

Network+ Page 41
ThenexttimetheycommunicatetheyfindthatRouterZhas2differentwaystogettoNetwork
BhecandoitthroughXorY.Thisiswherehopcountcomesintoplay.WithRIPtherouter
takesalookandseesthatitcangettonetworkBthroughrouterYinonestep.Therouter
deletestheroutewiththehigherhopcount(throughrouterX).

ThedownsidetoRIPisittakesawhiletogetconvergence.Ithasafixedtimeintervalthatthe
routerscompareroutes.

RIPv1hadsomereallimitations:itcouldonlyworkwithclassfulnetworks ClassA,B,orC
networks(CIDRwouldnotworkwithit).

RIPv2tookcareof2bigproblems:
1. ItcanhandleCIDRbasednetworks(forexample:/28,/29,etc)
2. Ithassecuritybuiltintoit

RIPhadamaxhopcountof15hops.

10. OSPF
OpenShortestPathFirst(OSPF)is:
- thenumberoneinteriorgatewayprotocol(IGP).
- ItusesLinkStateProtocol.
- Dynamicroutingprotocol.
- Itispainfultoconfigurethisonarouter.ThisisNOTontheNetwork+

Example:
- Wehave3routersthathavejustbeenconnectedtoeachother:X,Y,andZ
- Eachrouterknowsabout1NetworkID(i.e.ZknowsaboutC)buttheydon'tknow
anythingelse.
- TheminuteyouplugOSPFrouterstogether,theybeginsendingLinkState
Advertisements.Sothey'recalculatingtheirlinks(i.e.ZtoXandY).Thelinkisbasedon

Network+ Page 42
 bandwidthmorethananythingelse.Thentheybegintotalkaboutwhataretheother
networksthatthey'reconnectedto.
- Thedownsidetothisiswehavetosetuponeboss,oradesignatedrouter.Inthis
example,Xisthedesignatedrouter.
- EachrouterisconfiguredtobewithinaparticularAreaID(whenyou'resettingeachofthe
routersupyouhavetogivethemeachanAreaID).Wackycoincidence:AreaIDsinOSPF
functionsimilartoIPaddresses(theylooklikeIPaddresses).OncetheyhavetheirAreaIDs
theystarttalkingtoeachotherandknowwhattosay(i.e.I'mRouterXandI'mconnected
toNetworkA).Theyelectoneroutertobethedesignatedrouterandanotherroutertobe
thebackupdesignatedrouter.Youcansetthismanuallybutmostpeopledon't theylet
theroutersfigureitoutautomatically.
- BigimprovementofOSPFoverRIP:Insteadofsendingouttheentireroutingtable,they
justsendoutindividuallinkstates (i.e.I'mRouterXandI'mconnectedtoNetworkA)so
everybodycanquicklyupdate.Convergencecanhappeninseconds.

- CompatiblewithCIDRbasedIPaddresses.
- Relativelyeasytoconfigureonceyouunderstandhowitworks.
- Compatiblewiththebigkahuna,BGP.

Network+ Page 43
11. BGP
MikeexplainstheBorderGatewayProtocol

From<https://hub.totalsem.com/content/2257#path=2257,2422,2526>

BorderGatewayProtocol(BGP):

Beenaroundforalongtime
Hybridprotocol(hasaspectsofdistancevectorandlinkstate)
ItisthecornerstoneofhowthebigISPsconnectonthehugenetworkcalledtheInternet

Theinternetcanbedividedinto:
1. LANs
2. Routernetworks

LANs:

Network+ Page 44
Routernetworks:groupsofhighlyconnectedrouters,ownedbyasingleISP,oftenmanymiles
apart,thatcarrythedatafromLANtoLAN

LANsandRouterNetworks:

Forexample:
LANs=circles
Routernetworks=lines
Thethreecolorsrepresent3routernetworks(andmanyLANs)

Network+ Page 45
TherearealsoplaceswheretheseroutersinterconnectsoISPscanshareconnectionstoget
completetrafficacrosstheinternet:

OSPFisnotdesignedtohandleroutingtablesthathave10millionentriesinthem!Ifevery
routerneededtoknowthepathtoeveryLANontheinternet,itwouldsimplyfail.

Network+ Page 46
Weneedsomethingbetter:BGP.BGPbreakstheentireinternetdowntojustover20,000
autonomoussystems.

AnASisagroupofoneormorerouternetworksunderthecontrolofasingleentity (i.e.abig
ISP,abranchofthefederalgovernment,abiguniversitysystem,etc.).AnAShasdirector
indirectcontrolofallthenetworks,routers,subnetswithintheirownAS.

HereistheUSbrokendownto3AutonomousSystems:

EveryASontheinternethasa32bitAutonomousSystemNumber.Thatnumberisbetween1
and4Billion.

Formanyyears,ASeswereonly16bitnumbersfrom1to65,535.SothevastmajorityofAses

Network+ Page 47
outtheregofrom150,000:

CanroutebetweentheirownAS,usuallydoneviaOSPF.

Asfarastheinternetisconcerned,wedon'tcare:

WhentheseASesconnect,though,THEYMUSTUSEBGP!!!!!!!!

BPG isaheavydutyroutingprotocoldesignedtodoonething:routedatabetween
Autonomoussystems.

Network+ Page 48
AroutersendingachunkofdataouttotheinternetonlyneedstoknowwhereitsownBGP
routerislocated.

ThatBGProuterattheedgeoftheautonomoussystemonlyneedstoknowtheASnumberof

Network+ Page 49
wherethatdataisgoing.

Andinessence,itgreatlyreducestheloadonallBGProuters.

Onceyouunderstandthis,youcangetaCiscocertificationtoactuallystartconfiguringthisstuff!

Network+ Page 50
Network+ Page 51