IP Routing Routing PRINCIPLES – DISTANCE VECTOR RIPv2 – EIGRP – APPLICATIONS

advertisement
IP Routing
PRINCIPLES – DISTANCE VECTOR
RIPv2 – EIGRP – APPLICATIONS
Routing
„
Guide packets through the
network from sender to
recipient
„
Which path to choose?
o
o
o
o
o
o
o
The fastest path?
The shortest path?
The cheapest path?
The most reliable path?
The least congested path?
Any path that doesn’t go into
China?
This particular path?
That’s the problem!
1
Static vs Dynamic
Static routing
„
Paths are hard-coded
„
Unresponsive to changes
„
Extremely reliable
„
Simple
Dynamic routing
Paths are computed
„
Responsive to changes
„
Maintenance-free
„
„
Complex
AA key
key feature
feature of
of aa network
network with
with redundancy
redundancy is
is the
the ability
ability to
to
re-route
re-route packets
packets around
around an
an outage.
outage. This
This requires
requires rapid
rapid
responses
responses to
to changes
changes in
in network
network topology.
topology.
Internal vs External
Internal routing
„
Routing within an AS
„
Based on technical merit
„
Uses an IGP
External routing
„
Routing between AS-es
„
(Partly) based on policy
„
Uses an EGP
AS 1
AS 2
AS 1
AS 3
2
RIB and FIB
RIB/FIB/Cache
Routing Information Base
„
Populated by routing protocols
etc
„
Used to compute FIB
„
Routing protocol specific
Forwarding Information Base
„
Used to deliver packets
„
One destination per prefix
„
Protocol-independent
Route cache
Recently resolved routes
„
Fast hash lookup of destinations
„
Not necessary if FIB is fast enough
„
3
RIB/FIB Model (Simplified)
Dynamic Routing Protocols
Static
Import Policies
Connected
Route Information Base (RIB)
Export Policies
Route Selection
Dynamic Routing Protocols
Forwarding Information
Base (FIB)
RIB/FIB Model (Complexified)
OSPF
RIPv2
ISIS
Import Policies
OSPF
RIB
RIPv2
RIB
ISIS
RIB
RIPv2
Connected
RIB
Route Selection
Export Policies
OSPF
Static
RIB
ISIS
Forwarding Information Base (FIB)
4
Example RIB/FIB interaction
1.
2.
3.
4.
5.
6.
7.
130.236.189.0/24 heard from
130.236.178.12 with RIPv2
Check import policies – OK
Install route in RIPv2 RIB
Apply route selection – OK
Install route in FIB
Check export policies
Announce 130.236.189.0/24 via
RIPv2
1.
2.
3.
4.
5.
Packet arrives for
130.236.189.22
Look up destination in route
cache – not found
Match destination prefixes
against FIB – found next
hop 130.236.178.12
Send packet to
130.236.178.12
Add 130.236.189.22/32 via
130.236.189.17 to route
cache
Simplified FIB Structure
Destination prefix
Gateway
Interface
130.236.178.0/24
130.236.189.17
hme0
130.236.189.16/28
0.0.0.0
hme0
130.236.189.32/28
0.0.0.0
le1
130.236.189.1/32
130.236.189.17
hme0
127.0.0.0/8
0.0.0.0
lo
0.0.0.0/0
130.236.189.17
hme0
Longest prefix match: Find the longest prefix in the FIB that matches
the destination of the packet being forwarded and use that
forwarding rule
5
Longest Prefix Match
Prefixes in FIB
A.
B.
C.
D.
E.
F.
G.
130.236.189.0/24
130.236.189.16/28
130.236.189.3/32
130.236.0.0/16
130.236.224.0/12
130.236.176.0/20
0.0.0.0/0
Addresses
1.
2.
3.
4.
5.
6.
7.
8.
9.
130.236.189.1
130.236.189.12
130.236.189.19
130.236.189.3
130.236.178.12
130.236.188.23
130.236.240.6
130.220.12.8
64.23.12.1
Match addresses to nex-hop gateways in FIB using
the longest prefix match principle.
Example: 1-A
Routing Table Tricks
Default Route
„
A catch-all route
„
Only one rule in FIB
Answer: 0.0.0.0/0
„
This is the only prefix that
matches all addresses.
„
Default route is just an
application of longest prefix
match!
sedd bbyy
ssuuaallllyy uuse ctio
u
e
n ttoo
u
r
a
e
r
s
a
e
rouuttes
ccoonnnneection
e
n
e
o
n
e
o
v
DDeeffaauulltt ro only
ha ve
ewaayy..
at only ha
ic ggaattew hhoossttss tthhat ougghh aa ssppeeccifific
harrddthrrou
uussuuaallllyy ha
tthhee nneett,, th t roouuttee is
is
ul t r
ibuutteedd
isttrrib
TThhee ddeeffaaulit ccaann bbee ddis
ut it
otooccool.l.
ccooddeedd,, bbut routtin
ingg pprrot
u
o
a
r
h
a
g
tthhrroouugh
6
Unicast Reverse Path Filtering
Example packets
Procedure
„
„
Check that FIB lookup of source
address matches the incoming
interface
Drop packets that come in on
the wrong interface
„
„
„
„
From 10.0.2.4 on le0
From 10.0.2.6 on le0
From 64.2.6.8 on le1
From 14.120.5.1 on le0
Used for
„
„
Prevent address spoofing
Block flows at the network edge
Example FIB
10.0.2.0/24
10.0.2.6/32
0.0.0.0/0
What about asymmetric routing?
le0
le1
le1
URPF Example
Routing table
10.1.2.0/24 gw 10.0.1.1 dev le0
10.0.1.0/31 dev le0
10.0.2.0/31 dev le2
0.0.0.0/24 dev le1
10.1.2.3/32 gw 10.0.2.1 dev le2
INTERNET
le1
le0
le2
le0
le1
le0
Routing table
10.1.2.0/24 dev le0
10.0.1.0/31 dev le1
0.0.0.0/24 gw 10.0.1.0 dev le1
10.1.2.3/32 gw 10.0.1.0 dev le1
Routing table
10.1.2.0/24 gw 10.0.2.0 dev le0
10.0.2.0/31 dev le0
0.0.0.0/24 gw 10.0.2.0 dev le0
10.1.2.3/32 dev null0
Inject route 10.1.2.3/32 dev null0
Packets from 10.1.2.3 on
le0 no longer pass RPF
test and are dropped
10.1.2.3
This computer gets infected
with Slammer and starts
merrily pinging away.
7
Anycast (IPv4)
Definition
up
ro
tg
as
„
Send traffic to the closest of a group of
equivalent destinations
”Point to (any) point”
yc
An
„
Uses
„
„
„
Divert high-volume traffic early
Redundancy (high availability)
Load balancing
Real-life examples
„
„
192.175.48.0/24
192.5.4.0/23
Member 1
Anycast Example
X reaches member 1 through A
Y reaches member 2 through B
A
up
ro
tg
as
o
o
yc
An
Anycast group: 10.1.2.0/24
„
Each member is a separate
physical network
„
A, B and C announce
reachability to 10.1.2.0/24
C
X
Member 3
B
Link A to member 1 is lost
„
A now reaches 10.1.2.0/24 through B or C
and chooses C
o
o
X reaches member 3 through A
X never notices the outage
Member 2
Y
8
Real Anycast Example (2005)
traceroute 192.5.5.241
From IDA (Linköping, Sweden)
1
2
3
4
5
6
7
8
9
idagw-fastether20.ida.liu.se
b-ida.ida.liu.se
g-b.net.liu.se
ybliu2-g-2.net.liu.se
linkoping2-SRP2.sunet.se
stockholm1-POS2.sunet.se
kthnoc5-SRP4.sunet.se
Stockholm-GE-SOL-IX.p80.net
blackhole-1.iana.org
From Olivant (Faroe Islands)
1
2
3
4
5
6
7
8
9
feth1-0-0.bone2.olivant.fo
212.55.32.98
ser1-0-1-2-3-3-1.kdnxd4.ip.tele.dk
fe1-0-0.100M.kdnxt1.ip.tele.dk
pos0-3.155M.kd4nxg2.ip.tele.dk
so-0-1-0.2488M.kd4nxu1.ip.tele.dk
so-1-0-0.2488M.arcnxu1.ip.tele.dk
pos8-0.2488M.arcnxg1.ip.tele.dk
blackhole-1.iana.org
From Pacific Supernet (Hong Kong)
1
2
3
4
5
6
7
8
9
rsm-vl1.pacific.net.hk
ciscol6.pacific.net.hk
a8-0-0-6a.yckbr01.net.reach.com
i-6-0.tmhstcbr01.net.reach.com
i-3-1.sjc-core01.net.reach.com
i-13-0.paix-core01.net.reach.com
i-3-1.paix04.net.reach.com
paix-gw3.isc.org
blackhole-1.iana.org
From Casa Byers (Linköping, Sweden)
1
2
3
4
5
6
7
8
9
10
11
12
212.214.112.1
foo126-145.visit.se
foo126-130.visit.se
rif6-cr1-png-lnk.se.sn.net
rif2.cr1.png.nrk.se.sn.net
rif5.cr2.png.nrk.se.sn.net
rif17-rs2-t4-sto.se.sn.net
rif1-cr3-t4-sto.se.sn.net
ge0-0.tg4-p1.sto.se.sn.net
pos2-0.tg4-peer1.sto.se.sn.net
ge-2-1-4470.byb-gw.sth.netnod.se
blackhole-1.iana.org
Dynamic Routing
9
Major Algorithm Families
Link State Algorithms (LSA)
„
Broadcast information on entire
topology
„
Examples: OSPF, IS-IS
Path-Finding Algorithms (PFA)
„
DVA variant
„
Exchange information about
predecessor and cost
„
Examples: RIPv2, EIGRP
Path-Vector Algorithms (PVA)
DVA variant
„
Exchange information on
complete path to destination
„
Examples: BGP
„
Link Vector Algorithms (LVA)
„
Research topic
Distance Vector Examples
RIP/RIPv2
„
Open standard
„
Based on Distributed BellmanFord (DBF)
„
Not loop-free
„
Rapid convergence (v2)
„
Full CIDR support (v2)
„
Multiprotocol support
EIGRP
„
Cisco-proprietary protocol
„
Based on DUAL
„
Loop-free by design
„
Rapid convergence
„
Full CIDR support
„
Multiprotocol support
10
Naïve Distance-Vector
Example
1.
2.
3.
Keep a table with an entry for each
destination. The entry contains the
destination, the first router on the path
to the destination and the cost (metric)
associated with the path
Periodically send the table to all
neighbords
When an update arrives, add the cost
of the incoming link, then adopt those
routing entries that have a lower metric
than the corresponding entries in the
current routing table
Dest
A
B
Router
X
Y
Metric
10
10
Incoming table
Dest
Router
A
Q
B
Z
Metric
12
8
New table
Dest
Router
A
X
B
Z
Metric
10
9
Naïve Operation
B
B
A
C
1 gw Y
1 gw Z
B: 1
A: 2
B: 1
A: 2
A: 1
A: 1
A
B
C
C
C: 1
B: 2
C: 1
A: 2
B: 2
C
A: 2
A
B
1 gw Y
1 gw X
1 gw X
1 gw Z
A
11
Naïve Problems
A
B
1
1
A
B;3
B;3
C;4
C;5
C;6
C;7
C;8
C;9
C;10
C;11
C;12
1
C
1
10
D
1
Target Network
AA
BB
CC
D
D
route
route via
via B,
B, metric
metric 33
route
route via
via D,
D, metric
metric 22
route
route via
via B,
B, metric
metric 33
directly
directly connected
connected
B
D;2
UNR
C;4
C;5
C;6
C;7
C;8
C;9
C;10
C;11
C;12
Poison reverse
„
Include above routes, but with a
metric of infinity
Breaks loops faster
D
–
–
–
–
–
–
–
–
–
–
–
Although B withdraws the route to
the target network, traces of the
route exist in A and C
Network A
Preventing Loops
Split horizon
„
Do not claim reachability to a
network in updates to the
router through which the
network is reached
Prevents some loops
C
B;3
A;3
A;4
A;5
A;6
A;7
A;8
A;9
A;10
A;11
D;11
Q
A: Q;3
B: Y;3
X
metric 33
A,A,metric
B, metric 16
B, metric 2
B,
metric162
A metric
B: W;2
A: X;4
Y
W
Network B
12
Network A
Preventing Loops
Hold-Downs
„
After losing a route, don’t listen
to just any updates for it
„
Allows routes others have
through this router to time out
Slows convergence
Can prevent some loops
metric 4
A:A,X;4
B,
metric
4
B: X;4
Q
A: Q;3
B: Y;3
X
A, metric 3
A, metric
B, metric
3 3
B, metric 2
Y
B: W;2
A: X;4
W
Network B
Network A
Speeding Convergence
Route poisoning
„
Q
Send negative updates to explicitly
withdraw routes
Speeds convergence
A: Q;3
B: Y;3
X
A,
B, metric
metric 316
A, metric
3
B, metric
3
Triggered updates
„
Send an update as soon as
something changes
Speeds convergence
A: X;4 A, metric 4
B: X;4 B, metric 4
B,
B,metric
metric16
2
B: W;2
A: X;4
Y
W
Network B
13
RIP
„
„
„
„
„
Command: request or response
Version: RIP version number
AFI: Address family
Address: IP address for the entry
Metric: Distance to destination (legal values
are 1-15; 16 for unreachable)
RIP header
Version
Command
RIP 1 Entry
AFI
Address
Metric
RIPv2
„
RIP header
Command
Version
„
RIP 2 Authentication (optional)
0xFFFF
Authentication type
„
„
Authentication data (16 octets)
„
RIP 2 Entry
„
AFI
Route tag
„
Address
„
Subnet mask
Authentication type: type of authentication
used
Authentication data: Authentication-type
specific data
AFI: Address family
Route tag: For distinguishing sources of
route information
Address: Address for the entry
Subnet mask: Netmask for the entry
Next hop: Where packets to the destination
should be forwarded
Metric: Distance to destination (legal values
are 1-15; 16 for unreachable)
Next hop
Metric
14
RIP Operations
Metric
„
„
Number of hops to destination
Infinity equals 16
RIP Hacks
„
„
„
o
o
o
Timers
„
„
„
Every 30 seconds – send an
update to all neighbors
(multicast in RIPv2)
Routes time out after 180
seconds without updates
Withdrawn routes are deleted
after another 120 seconds
Split horizon mandated
Poison reverse recommended
Triggered updates
Mandated for deleted routes
Permitted for new routes
Rate-limited
„
Hold-downs
„
Route poisoning
o
o
Not in standard
Not in standard
EIGRP
The Good
„
Provably loop-free
„
Distributed computation
„
Rapid convergence
„
Easily configured
„
Support for link weights
„
Multipath support
„
Multiprotocol support
The Bad
„
Patented algorithm (Cisco)
o
„
US Patent #5,088,032
Only available from Cisco
The Ugly
„
15
EIGRP Terminology
„
„
„
„
„
„
„
Successor
Successor graph
Upstream/downstream
Distance
Reported Distance (RD)
Feasible Distance (FD)
Topology Table
B
X is downstream of Y
with respect to B
20
X
Y
10
5
A
Successor of A
with respect to B
EIGRP Principle
Loop-freeness
„
Never select a neighbor that might
cause a loop
3
5
Observation
„
5
If the reported distance from a
neighbor to the destination is
smaller than the feasible distance
from me to the destination, then
selecting that neighbor cannot
result in a loop
5
8
10
5
5
X
16
EIGRP Example (1)
„
Reported distances:
„
Feasible distance:
Feasible successors:
„
Cost CSA changes to 20
„
o
o
„
RDAD = 10
RDCD = 5
RDBD = 20
FDD = 15
A, C
RDAD < FDD and DSAD < DSCD
A is retained as successor
50
5
5
RDCD < FDD and DSCD < DSAD
S chooses C as successor
S
50
520
50
C
Cost CSA changes to 50
o
o
5
B
A
1. Cost CSA changes to 20
2. Cost CSA changes to 50
D
EIGRP Example (1)
„
Reported distances:
RDAD = 55
RDCD = 5
RDBD = 20
FDAD = 15
A, C
„
Feasible distance:
Feasible successors:
„
S changes successor from A to C
„
o
o
o
„
Sends update RD = 55 to B
B can change successor
RDCD < FDBD so C is chosen
5
B
50
C
S
50
50
5
A
5
Convergence!
D
17
EIGRP Example (2)
„
A has no feasible successor
o
o
Sets FD and RD to +INF
Sends update and query to S
„
S has C as feasible successor
„
A now sets S as successor
„
B changes successor
o
o
o
„
5
B
Sends RD=20 to A and B
15
S
5
15
FD is set to 25
C
5
C is feasible (S is not)
A
C to A is lost
Convergence!
5
D
More EIGRP
Transport Mechanisms
„
„
Reliable Transport Protocol
Unreliable multicast
Neighbor discovery
„
„
Metric
„
„
Periodic multicast hello packets
Unreliable multicast transport
256*((K1*Bw)+
(K2*Bw)/(256-Load) +
(K3Delay)*K5/Reliability+K4)))
Default K2=K4=K5=0, K1=K3=1
Gives: 256 * (Bw + Delay)
Protocol-Dependent Modules
Updates
„
„
Only when required
Reliable unicast transport
„
„
„
„
Encoding/decoding of packets
Interfacing DUAL to the routing
table
Metric conversions
Route aggregation
18
Grab Bag of Topics
Redistribution and filtering
„
„
„
„
What routes should A take from
OSPF and distribute to B via EGP?
What routes should B accept via
EGP from A and distribute with
RIP?
What routes should B accept via
EGP from C and distribute with RIP
or EGP to A?
Should B distribute routes from D
via EGP to A? Should they also be
distributed with RIP internally?
C
OSPF
A
D
EGP
B
RIP
19
Redistribution and filtering
„
Source of routes
o
o
o
o
o
o
o
o
o
Connected interfaces
Static routes
RIPv2
EIGRP
OSPF
BGP
IPX RIP
AppleTalk RIP
…
„
Input filtering
„
Output filtering
„
Redistribution
o
o
o
o
What routes do we accept?
What routes do we export?
What routes do we take from
one routing protocol and export
with another
How are those routes changed?
Layer 3 Switching
„
Pushing routing functions
further into hardware
„
Less expensive equipment
„
Less flexible equipment
o
o
„
Fewer protocols
Fewer interface options
Faster
But really, ”layer 3 switching” is just
marketspeak for ”routing”
20
Layer 4-7 Switching
„
Routing is usually at layer 3
o
„
Decisions based on IP address
only
What if decisions are based on
layer 4 information, or even
higher-level information?
A
B
Internet
Src
Src
147.12.1.3
147.12.1.3
62.8.1.45
62.8.1.45
Sport
Sport
45502
45502
34110
34110
Dst
Dst
81.0.0.1
81.0.0.1
81.0.0.1
81.0.0.1
Dport
Dport
80
80
80
80
Proto
Proto
TCP
TCP
TCP
TCP
Next-hop
Next-hop
A
A
BB
147.12.1.3
62.8.1.45
The End
Topics covered
„
Routing principles
„
Distance-vector algorithms
o
o
o
„
Problems and solutions
RIP and RIPv2
EIGRP
Tricks of the trade
o
o
o
Reverse path filtering
IPv4 Anycast
Default route
Topics not covered
„
Routing and policy
„
Practical configuration
Future topics
„
Label Switching
„
Multicast routing
„
BGP (Path-Vector)
„
OSPF (Link-State)
21
Download