Showing posts with label Routing. Show all posts
Showing posts with label Routing. Show all posts

Thursday, April 2, 2009

The OSPF Process

So, whats OSPF?
OSPF stands for Open Shortest Path First, its a link-state routing protocol. Link-state protocols don't exchange routers or metrics, they exchange the state of the links
and their costs (metric) associated with those links (LSA packets).
A link is actually a router's interface, and the state is few parameters regarding that link, including: IP of the interface, subnet mask, type of network (Ethernet / NBMA Frame-Relay..), the routers that connected to that link.

Each router collects link-state information (like routing updates in RIP) to construct its own loop-free paths to every network in the same area.

OSPF is based on the Dijkstra Shortest Path First (SPF) algorithm (a complex mathematical calculations) and it builds 'SPF tree' which is how the router see's the network topology from its point-of-view, or an overall picture of all the routers in the same area.

Link-state protocols remove the limit of hop count in distance vector protocols (RIP). actually, OSPF got infinite hop count!

As networks grows real fast, routing protocols must be able to react quickly to topology changes, and converge the network quick so there will be almost no interruptions.



The Advantages of OSPF:
- Supports VLSM / CIDR
- Infinite hop count
- Allows scalability
- Multi-Vendor (can work on NON-Cisco routers)
- Minimize routing updates
- Converge REAL quick
- Allow authentication
- Using areas

What & Why are we using areas in OSPF?
Areas actually allows you to use an hierarchical network design, seperate your whole network into smaller groups, which makes network convergence faster and delimit network instability to a single area in your network, prevent it from propagating to the whole production network.

For example, if the 'Sales Dept.' having a problem with their router, and they are in their own area, it won't affect 'Marketing Dept.' at all.

The topology of an area is unkown outside of the area, this decreases the routing overhead and saves uneeded SPF calculations by the router and additional bandwidth.
Each area has its own link-state database, its own picture of the inside area network.

- What is the backbone area? this area known as area 0 (or 0.0.0.0) and thats the core of the OSPF network. All other areas are connected to it (might be more than a single link to the backbone), and routing between different areas must go through the backbone area routers.

OSPF router types:
Backbone Router: the backbone router provides connectivity between areas. routers that belongs only to area 0, are the backbone routers.
Area Border Router (ABR): those are multiple areas routers. routers that are connected to more than 1 area.
Internal Router: routers that are not connected directly to the backbone. means, routers that are part of only single area, and this area is different than 0 (the backbone area).
Autonomous System Boundary Router: router that is also connected to external AS or routing domain.

Lets demonstrate it:


All the interfaces are in area 0, besides the link that marked in RED, which is part of area 1
So, all the routers expect router 1 are backbone routers - because they are connected only to the backbone!
Router 1 is a ABR, becuase it connected to more than a single area. its like a border between the backbone to area 1.

How do our routers become adjacencies?
For OSPF routers to become adjacencies and exchange LSA's they must agree upon two parameters.
both the subnet address and the subnet mask must match. if they dont match, the routers won't become adjacencies
they also must match hello & dead timers. both values has to be the same on both routers.
- pay attention: ospf defaults hello & dead timers is different on ethernet and nbma networks. make sure the network type is configured correctly.
after routers become neighbors, they start to exchange LSA's. the Hello packets are used to maintain that neighborship.
Also, if there is a OSPF authentication requirement, the password also must match ofcourse.

Whats RID?
The router ID is a number that uniquely identifies the router. The highest
IP address on an active interface is chosen by default, unless a loopback interface or the router
ID is configured; This identification is important in establishing and troubleshooting neighbor relationships.
So, the RID will be chosen by: The RouterID command, if not set -> by the highest loopback interface ip address, and last by the highest physical interface ip.

Why loopback interface is stronger than regular interface? and what is it anyway?
The main reason loopbacks are used in OSPF is - reliability.
OSPF is more reliable with loopback interfaces configured because loopback interfaces are always active and cannot be in a down state like a physical interfaces can.
Also it ease the process of troubleshoting and debugging the network when there is a problem.
It is nuch easier recongize and figure which router is 2.2.2.2 rather than 192.168.1.10.. right?

Whats costs and how they are calculated?
Costs is the metric of OSPF. like we got hopcount on RIP, OSPF uses cost to measure the link priority. the lower the cost, the shorter the destination is.
Costs are figured by the interface bandwidth, so the higher the bandwidth will be - the lower the cost of it.
The SPF algorithm runs a series of calculations with each router as the root of the SPF tree, and finds the shortest path to each destination on the area.
LSA's are flooded all over the network to make sure all the routers have the same SPF database, the same topology picture of the network.
Although all the routers have the same database, each router has its own view of the network, and his routing table built upon that.
Here's an example of how costs are calculated:



Router1 cost to router0 is 10 (10Mbps link), and Router0 cost to Router3 is 64 (T1 link).
so in the routing table of router1, we will see an entry to reach router3 with the cost of 10+64 = 74. thats the cost of R1 to reach R3.



The DR / BDR election process!
a DR (Designated Router) and BDR (Backup Designated Router) routers are elected on multi-access networks, such as Ethernet, Frame-Relay, etc..
Its job is to maintain the OSPF database and inform everyone when there is a topology change.
Instead of everyone will forward LSA's to everyone, and when there is a change everyone will update the rest of the routers in the network about that change,
OSPF chose one router to do that. This saves alot of bandwidth.

It works like that:
a DR router is elected, all other routers sends LSA's only to him (and to the BDR ofcourse). when there is a topology change (lets say one of the routers link went down)
that router will send LSA only to the DR router! (the destination IP is a multicast IP that accepted only at the DR router) then, the DR router will process the LSA
and send an update to the rest of the network, with the changes occured.
The BDR is actually the backup of the DR. so if the DR goes down, there won't be a new election that will take time and resources and OSPF gives a fast solution to that issue,
by 'promoting' the BDR to the DR state. OSPF then making a new election, only to the BDR this time.
The election won by the router with the highest priority, and if priority is equal the RID is used as a tiebreaker.
- Note that there will NOT be a DR election on point-to-point networks!

EXAMPLE:



In our example we will choose Router0 as the DR router of the network.
The network includes 2 Ethernet links - to Router1 and Router2
and 1 Point-To-Point link to Router3
We've 2 options to do so,
The first option is to simply use the "ip ospf priority" and set it to a higher number than the default (which is 1), and this will affect the DR election process to elect
Router0 as our DR for the 2 Ethernet segments (links to R1 and R2). NOTE that on the link to R3 there won't be any DR or BDR! Routers are equal on that link and they
exchange LSA's with each other, just like they both are the DR.
The second option we have is to set Router0 with the highest IP address. so, we will configure all the routers with loopback IP's now:
Router0:

Router0(config)#int loopback0

%LINK-5-CHANGED: Interface Loopback0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
Router0(config-if)#ip address 11.1.1.1 255.255.255.255

I used an host subnet mask of 255.255.255.255 because we actually got only one device on that 'network'. you can use whatever subnet mask you want,
but remember using 255.255.255.255 actually saves you IP's.

Router1:

Router1(config)#int loopback0

%LINK-5-CHANGED: Interface Loopback0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
Router1(config-if)#ip address 2.2.2.2 255.255.255.255

Router2:

Router2(config)#int loopback0

%LINK-5-CHANGED: Interface Loopback0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
Router2(config-if)#ip address 3.3.3.3 255.255.255.255


Now if all the priorites are equal on all the routers (if you didnt change it, they are equal by default) - the DR will be elected upon the highest IP.
Router1's IP is the highest 11.1.1.1 is bigger than 2.2.2.2 or 3.3.3.3, so Router1 will be elected as the DR on both Ethernet network segments!

Lets sum the OSPF PROCESS:
- HELLO packets are sent between neighbors to form adjancy
- Routers verifing conditions that must match [hello and dead timers + subnet network + mask]
- DR election starts ONLY on Broadcast & NBMA networks. In case of PTP networks there won't be a DR election.
- to influence the DR election - use the "ip ospf priority" on the interface level
- On NBMA (Frame-Relay) remember the "neighbor " needs to be typed on the router's prompt (config-rtr).
- OSPF outside area learned routes aren't calculated for cost by SPF, and their metric is [110/1]
Read more...
Posted by Chen at 9:31 PM Comments
Labels:

Saturday, March 21, 2009

Understanding the Routing Information Protocol ( RIP)

• RIP is a dynamic routing protocol, Its a protocol that advertise the routes you arespecifying with the network command, and populate them to the routing tables of other routers in your network.

• RIP is a Distance-Vector protocol. It uses uses a single routing metric (hop count) to measure the distance between the source and a destination network.Every router between the source network and destination network is considered as 1 hop count.

• RIP uses AD (Administrative distance) of 120.

• RIP has 2 versions, RIPv1 and RIPv2.




** LABS included!


Comparing the advantages and disadvantages of RIP:

Advantages:
- RIP is very easy to implement, and is the prefered routing protocol across small LANs.
- The RIP process is simple, therefore it doesn't consume much of the router resources.

Disadvantages:
- RIPv1 is a classful routing protocol. therefore it doesn't send the subnet mask in its routing updates.
- RIPv1 and v2 has maximum hop count of 15. IT means that , if a packet has to go through more than 15 routers, it is NOT possible with RIP. because after 15 hops, the packet is discarded (16 hops specify the network is not reachable).
- RIP has very, very slow convergence time in network terms. (you will see how slow that is when compared to other routing protocols like EIGRP & OSPF
- RIP doesn't really have a mechanism to detect routing loops.

Issues with RIP
The main issue with RIP is routing loops.Which are averted using techniques like : Maximum hop count,Split-Horizon,Route-poisoning,Poison reverse and RIP timers.

Split-horizon

RIP prevents the routing-loops to occur by implementing the split-horizon rule. The idea is to prevent a router from advertising a route back out of the interface which it was learned from. If router B learns about a route from A ,it will forward this advertisement to C but not A.





Example:

CCNA-R1 advertise the route 100.0.0.0 to CCNA-R2 (marked by Blue arrows), R2 adds the new route entry to its routing table, and send an update to all its neighbors with the new change.



Now, when CCNA-R2 sends an update to CCNA-R1 (through int fa0/0), it will include all its RIP enabled networks and routes besides the routes that was learned on the interface fa0/0! That means, CCNA-R2 will advertise only the networks 101.0.0.0, 102.0.0.0 and 192.168.1.0, and without split-horizon rule it may send R1's 100.0.0.0 network back to it.

Route poisoning

In route poisoning, when CCNA-R1 detects the 100.0.0.0 as down ,it will add /16 as a metric and wait for its update timer to expire to send this information about a networking being down with (/16 as metric) to all its neighbour.This will help other routers see this network as unreachable and will avoid any router from sending a packet to this network which is down.

Poison reverse

It is the process of breaking the split-horizon rule to indicate to other routers that a route is no longer reachable and should be removed from their routing tables.When a route is detected as invalid ( through an advertisment from a neighbour router), the router starts to advertise the route to all routers (including the router it received the route information about the dead network from) with a metric of 16 (also called infinity metric) which means that route is not-reachable. Other routers in the network update their routing-table, and the invalid route appears as "possibly down".





This mechanism prevents from routers from updating each other with invalid route enteries.

The Timers of RIP:

This is a part most of us get confused. ok so we know what the update timer is for, but what about invalid and hold-down?and why do we need to wait an extra 60 secs (240 seconds total) before a route is flushed from the routing table?

Ok so, the timers work like this:

* Timers by default are: update 30, invalid 180, hold-down 180, flushed 240.

* when an update packet is received, the route timer is being reset. RIP counters are presenting the time that the last update packet has been received, so the timers are increasing and not decreasing.

* so when you see the counter go above 30 - that means something goes wrong. When everything goes well, you should not see the RIP counter go above 29, because it suppose to receive an update every 30 seconds,if it doesn't, the counter keeps increasing til it gets to 180 seconds (the invalid timer). then, the router decides that something is wrong here, and mark the route as invalid. The status of the route is changed to "possibly down",and the router starts to advertise that route with a metric of 16 (infinity), thats how the router informs its neighbors that the link is invalid.

The route is retained in the table for a period of time (60 secs by default) and not flushed immedietly, so that the neighbors can be notified about the route being dropped.

Last, there is the flush-timer. the flush timer is how long it takes til the route is completely dropped from the routing table - the next step after the "possibly down" status. If it takes 180 seconds for a route to become invalid, it will take 60 seconds more for the route to be completely dropped from the table.

So again, as long as your counter is under 30, everything works fine. If the counter goes above 30, there is a problem.. if it gets to 180, it gets invalid (appears in the routing table as possibly-down). and after 240 seconds, only the route is completely flushed from the routing table.

The differences between RIPv1 and RIPv2:

- v1 doesn't support VLSM / CIDR .. v2 supports both
- v1 doesn't support authentication .. v2 has an authentication option
- v1 broadcast its routing updates .. v2 multicast them to 224.0.0.9

** Get the LABs for practice - RIP Labs

** Practice questions available! - CCNA-QAn1
Read more...
Posted by Chen at 6:57 PM Comments
Labels:

Thursday, March 19, 2009

Understanding how packets transverse in a network

One of the first things you have to know on your way to CCNA is what really happens inside a network,how packets transverse e.t.c. I won’t talk a lot about the OSI model and layers, there are plenty of articles about that - but I'll focus on the last 3 layers: Network, Data link and Physical layer.





** LAB included!



As your data goes down in the OSI model layers in PC-0, from the application layer to the transport layer it arrives at the 3rd layer the NETWORK layer. The network layer takes the transport layer SEGMENT (that’s how the data called after it passes at the transport layer) and encapsulates that segment with a header and it becomes a PACKET.



The packet header includes, information that is relative to the Layer 3 (Routers and Layer 3 Switches) devices. Layer 2 devices (Switches, Bridges) have nothing to do with that information.





The packet header includes many options that aren't really relative to your CCNA studies, so I'll not cover them all and stick to those that are related to the CCNA course.

  • Version: the version of the IP, currently we are using v4 while v6 is being implemented too.
  • Total length: This field includes the length of the IP datagram, included the IP header.
  • TTL (Time to Live): this field indicates how many hops a data packet should be transmitted across the network before it is discarded. Each successful route by a router, decrease this value by 1. When it gets to 0, the packet is discarded.
  • Protocol: These fields specify which protocol is used in the segment. TCP identified by the number 6, UDP is 17.
  • Destination IP address: This is the destination IP address of the packet. (the IP of the receiving host). It is used by the Layer 3 device to route the packet to its particular destination, and assure that only the destination device receives that packet.
  • Source IP address: the opposite of the destination IP. This field holds the IP of the sending device, so when the receiving host would want to reply it will know to whom it should send the packet.
  • Data: this field carries the data that being sent in the packet.

Then, after all the IP packet fields are filled, the packet moves down to Layer 2 - the Data Link layer and being encapsulated by ARPA protocol and becomes a FRAME. The frame is used to transmit files on the local LAN or between two nodes in physical address environment. The frame includes source and destination MAC addresses - a MAC address is the PHYSICAL ADDRESS (hard coded) of a device. It is a unique address for each device in Ethernet network! The frame also has a FCS trailer, that's for error-detection.

After that, the Data Link layer passes the FRAME to the PHYSICAL layer, there the frame is translated into bits - 0's and 1's - and being transmitted over the cable.That was a brief overview of the process, to make it easier for you.


Now what is happening when a packet is received on a ROUTER?

  • The router collects the streaming bits and reassemble them, that's make a FRAME. Then, the FRAME is given to the Layer2.

  • The router then checks the DEST. MAC address in the frame, if the frame DEST. MAC address is the MAC address of the receiving interface, router actually STRIPS the Layer2 encapsulation - and we are left with the PACKET which contains layer 3 details, and that is handed over to Layer3.
  • The router looks at the DEST. IP address in the PACKET, and then looking for a route for it in its ROUTING TABLE. If the router finds a route entry for the destination route, it forwards it out of the right interface. Else, it will discard the packet.

Now what is happening when a packet is received on a SWITCH?


Well switches doesn't really receives packets, they receives FRAMES. The switch reassembles the bits into FRAME. Now, this is how a switch handles FRAMES:

  • The switch actually first CHECK THE SOURCE MAC ADDRESS of the frame! Why it does that? That's how switches build their MAC address table. If the switch has the source MAC of the frame in its table, it goes to step 2. else, it adds the SOURCE MAC address with the RECEIVED port on the switch to its MAC address table.

  • Then, the switch checks the DEST. MAC address and looks if it fits to one of its MAC address table entry. If its finds a fit, the switch will FORWARD the frame - it will send the frame out the specific port. If it has not found a match in its MAC table, that frame actually called "unknown unicast frame" - and what the switch does with those kind of frames is FLOODING it out ALL OF ITS PORTS except the port it received it. (The originator of the frame).

Note: The switch doesn't even get to the point of a PACKET. Switches DON’T check or modify a packet! They mess only with the FRAME itself!

Switches also DON’T change the Source & Destination of the MAC ADDRESSES! What switches actually do is receiving a frame, checking where it supposes to be forwarded, and forward it AS IT IS to the right destination depending upon its internet table called as the CAM ( content addressable memory ) table.

For routers, routers just CHECK the IP addresses in the packet. PACKETS source & destination addresses are not being CHANGED / MODIFIED by the router, the router is only a station on the way of the packet!

But what routers do is CHANGING the SOURCE & DESTINATION of the MAC addresses in the FRAME!

MAC addresses are used to forward frames over a local LAN. Now if a packet arrived on the router, that means it needs to be forwarded to other local LAN, so it is outside of the LAN of the originator of the packet. So, the router change's the SOURCE MAC address to its FORWARDING port MAC address, and the DESTINATION MAC address is changed to the next station along the way! (It might be another router or the destination device)

Let's illustrate a way packet goes from PC 0 to PC1.



Let’s say PC0 sends traffic to PC1. PC0 will look for the MAC address of PC1 in its mac-address table. (I'll not get into the ARP process here, so let’s assume ARP process already done).

PC0 will send the packet as follows: SOURCE IP - 10.0.0.2, DESTINATION IP - 20.0.0.2
And regarding the MAC address in the frame, what would it be? - SOURCE MAC - aaaa:aaaa:aa10, and DESTINATION MAC - oooo:oooo:oo10 !

Next, the router receives the packet on its E0/0 interface, it compares the destination mac address in the frame to its own mac address of the interface that received the frame, and it founds a match. That means this frame destinated to him, so it will decapsulate the frame and forwards the packet to the layer3 process.

At layer 3, the router will look at the destination IP address of the packet. Then it will look for a match for it in its routing table. It will find one, thru the network 30.0.0.0! So, the router will encapsulate the packet into frame again, but this time with that MAC information:

Source MAC - oooo:oooo:oo30
Destination MAC - rrrr:rrrr:rr30

You got the point? The MAC addresses are used to forward traffic across a LAN, and IP is used across different LANs and WANs!

R1 will do the same process as R0 did, and will forward out this packet thru its E0/0 interface right to the destination! So,

Source MAC address is - rrrr:rrrr:rr30
Destination MAC address is - bbbb:bbbb:bb20.

To sum it all up: Note that the IP's remained the same through the whole process! The packet at PC1 still has the same source and destination IP addresses in it. The MAC addresses are always changed when crossing through devices, except switches!!!

** Get the LAB and start practicing! - Packet LAB
Read more...
Posted by Chen at 12:50 AM Comments
Labels: , ,
Subscribe to: Posts (Atom)