Add to collection(s) Add to saved
  1. No category
Uploaded by yunsong yang

SYS4 LAB 08 Broadcast Multicast & Routing Protocols

advertisement 
Systems and Devices - Networks
1
SYS4 Laboratory 8 : Broadcast, Multicast & Routing Protocols
The aim of this lab is to look in more detail at how packets are routed across a network. In the last
lab we saw how manual routing rules could be used to define specific routes e.g. routing the internal
loopback IP addresses across tun0 and tun1. This type of manual configuration is fine for small
systems, but for larger systems becomes impractical. Therefore, we need automatic routing
protocols that allow routers to inform other routers about the routes they know about i.e. allow
routers to expand their routing tables beyond what they can “see” on their local network. As you
probably guessed routing packets between the network of networks that is the Internet is a little
complex i.e. here be dragons :). However, these routing protocols fall into two general categories:
Exterior Gateway Protocols (EGP) and Interior Gateway Protocols (IGP). EGPs are used to
exchange routing information between Autonomous Systems (AS) i.e. different networks. IGPs are
used to exchange routing information within an AS. To keep things simple we are going to limit our
investigation to IGPs i.e. to networks like those you are using in the computer science building.
Therefore, to do this we will need to jump back up the Internet protocol stack to the Application
layer and look at two routing protocols. We will first examine the Routing Information Protocol
(RIPv1) and consider how routing information is transferred between routers. Next, we will
consider the limitations of this protocol and see how its functionality can be improved by using
RIPv2 or Open Shortest Path First (OSPF) routing protocols. At the end of this practical you will
understand how :
•
•
•
•
•
direct and local broadcast addresses are used.
routing protocols can be used to update a router’s routing table.
to configure the Quagga software suite to implement a router on a Raspberry Pi.
to use different routing protocols on the Mikrotik router.
5 : Network processes and user applications
4 : Host-to-host connectivity and reliability
3 : Path determination and logical addressing
2 : Physical addressing
1 : Communications media, signals and hardware
Figure 1 : The Internet protocol stack
Task 1
The RIP protocol (RFC 1058: https://datatracker.ietf.org/doc/html/rfc1058) was developed in 1988,
using UDP as its transport protocol and port number 520. Routing calculations are performed using
a distance-vector routing algorithm i.e. routes are selected on the basis of how many routers a
packet has to pass through to get from A to B (number of hops). Neighbouring routers share their
Mike Freeman 23/11/2022
Systems and Devices - Networks
2
routing tables, allowing each router to work out the shortest, lowest cost path. For more
information on this algorithm refer to:
http://en.wikipedia.org/wiki/Distance-vector_routing_protocol/
This raises the question: how should routers share (communicate) this routing information? Since a
router may not be aware of other routers on a network, therefore, unicast transmission i.e. peer-topeer communications may not be possible. Solution: broadcast, as shown in figure 2.
Figure 2 : unicast (left): one-to-one, broadcast (right): one-to-many
Now, rather than using a router’s IP address (unicast), the transmitting router uses the network
broadcast IP address. Any router receiving a network packet with this destination address will
process this packet as if it was its own IP address.
To calculate the network, or direct broadcast address of each NIC, we need to know that network’s
network mask. The NIC’s address is bitwise ANDed with its the network mask, bit positions in the
network mask that were 0’s are set to 1’s in the broadcast address, as shown in figure 3.
NIC addr : 192.168.100.3
Network mask : 255.255.0.0
Broadcast addr : 192.168.255.255
11000000 10101000 01100100 00000011
11111111 11111111 00000000 00000000
11000000 10101000 11111111 11111111
Host addr : 172.16.100.5
Network mask : 255.255.255.252
Broadcast addr : 172.16.100.7
10101100 00010000 01100100 00000101
11111111 11111111 11111111 11111100
10101100 00010000 01100100 00000111
Figure 3 : direct broadcast network calculation
As usual we will be using Wireshark to capture network packets on our Pi system. To connect to the
VNC server running on Raspberry Pi-1 click on the start button and select : VNC Viewer.
-> VNC Viewer
This software should remember the required settings from the previous labs, if needed refer back to
lab 1. To start Wireshark on the Raspberry Pi, click on the menu icon and select :
-> Internet -> Wireshark (GTK+)
This will open the Wireshark GUI. Left click on (highlight) the Ethernet 1 (eth1) icon
in
Mike Freeman 23/11/2022
Systems and Devices - Networks
3
the Interface list. Next enter the packet protocol filter :
udp
and click on the Apply button (this will remove most of the network “noise”), then click on the
Start icon
on the top toolbar in Wireshark. You should now be able to capture two broadcast
addresses from two different servers on two different subnets:
• Bob says : 192.168.255.255
• RTS Cat facts : 192.168.10.255
Can you see these broadcast packets? Have a look at their payloads i.e. data, for some “interesting”
facts :). What netmasks are these two servers using?
Figure 4 : broadcast ping
In addition to the network broadcast address, the IPv4 standard also defines the IP address:
255.255.255.255 as a local broadcast address. To see these broadcast addresses in action we can
ping these broadcast addresses. On the PC click on the start button and select the command prompt.
-> Command Prompt
Next, at the command prompt enter the following command :
ssh pi@192.168.X.1
(IP address will vary, X=Desk)
This will open an SSH terminal on Pi-1. However, before we can ping these addresses we must first
temporarily remove the security block to enable broadcast pings i.e. if enabled its very easy to
flood a network with ping packets :). Therefore, in the SSH terminal enter the following command:
sudo sysctl net.ipv4.icmp_echo_ignore_broadcasts=0
Repeat this on Pi-2 and Pi-3 i.e. enable broadcast pings on all Raspberry Pis. Then in the Pi-1 SSH
terminal enter the following command:
ping -c 5 -b 192.168.255.255
Mike Freeman 23/11/2022
Systems and Devices - Networks
4
If all is configured correctly you should see multiple ping response packets, as shown in figure 4.
Repeat this broadcast ping test, but this time use the 255.255.255.255 broadcast address. Why do
you get a different response i.e. no DUP!s? Check your suspicions in WireShark.
Task : test your understanding of broadcast addresses by answering assessed question Q1.
IMPORTANT : make sure you understand the difference between these two broadcast addresses
before continuing and how they are routed.
192.168.100.1
172.16.100.5
Mikrotik
192.168.100.254
172.16.100.6
192.168.100.2
172.16.100.9
172.16.100.10
172.16.100.14
192.168.100.3
172.16.100.13
Figure 5 : “new” example Raspberry Pi network configuration
Task 2
Before starting this task check if the RIP routing protocol has been accidentally left enabled from a
previous session / group i.e. needs to be turned off before starting the next section. In the SSH
terminal running on Pi-1 enter the command:
cd /etc/quagga
Then to list the files in this directory enter the command :
ls
If the files zebra.conf or repd.conf are present remove these by entering the command:
sudo rm *.conf
Then start Pi-1 by entering the command:
sudo reboot
Repeat this process on Pi-2 and Pi-3 i.e. SSH into each Pi, if the configuration files from previous
labs / groups were not removed you should delete these on each Pi, then restart each Pi. In its
present configuration the Raspberry Pi system only has a single router i.e. the Mikrotik. However,
each Raspberry Pi can also be configured as a router using the Quagga software suite, (Appendix
Mike Freeman 23/11/2022
Systems and Devices - Networks
5
A for “what is a Quagga”). For more information on these software packages refer to:
https://www.quagga.net/docs.html
Using this software we can now reconfigure our Raspberry Pi system as shown in figure 5. Each
Raspberry Pi is now a router that can be configured to use the RIP protocol to broadcast its routing
table to other routers.
To enable the RIP daemon (service) on each Pi you will need to create the following files:
/etc/quagga/ripd.conf
/etc/quagga/zebra.conf
To edit these files we can again use either vi or nano as described in laboratory 6. To create/edit
each file enter the following command:
sudo nano /etc/quagga/ripd.conf
(or zebra.conf)
Then update these files to match figures 6 and 7.
Note, comments are indicated by a “!”. Indentations can be spaces or tabs, refer back to laboratory 6
if you need more information on using nano etc.
Repeat this process for each Pi i.e. add the files ripd.conf and zebra.conf to Pi-2 and Pi-3.
! -*- rip -*hostname ripd
!password zebra
!
router rip
version 1
network eth0
redistribute static
redistribute kernel
redistribute connected
timers basic 10 15 30
no passive-interface eth0
!
log file ripd.log
Figure 6 : ripd.conf version 1
! -*- zebra -*hostname Router
password zebra
enable password zebra
!
log file ripd.log
Figure 7 : zebra.conf version 1
Mike Freeman 23/11/2022
Systems and Devices - Networks
6
Note, for more information on these config files refer to:
https://www.quagga.net/docs/docs-multi/RIP.html#RIP
Finally, we need to configure the Microtik router. As described in laboratory 7, to access the router’s
web interface on the PC we will need to create an SSH tunnel to connect to one of the MikroTik’s
interfaces e.g. 172.16.X.6. On the PC click on the start button and select the command prompt.
-> Command Prompt
Then enter the command :
ssh -L 8000:172.16.X.6:80 pi@192.168.X.1
This will create an SSH tunnel to the router’s HTTP port i.e. port 80. To connect to this port, open a
browser on the PC and enter the following URL:
http://127.0.0.1:8000
In the web interface, click on the WebConfig tab. Then to enable the RIP routing protocol click on
the left hand panel, selecting:
Routing -> RIP
Next, click on the ADD icon and enter the routing rule shown in figure 8 and click OK. Finally,
click on the Network tab and click on the Add New button to update the advertised networks to
0.0.0.0/0 i.e. all interfaces.
Before starting the RIP daemon on each Pi, examine their routing tables i.e. the routing table state
before these are updated by RIP. In each SSH terminal i.e. for Pi-1, Pi-2 and Pi-3, enter the
following command:
route -n
Make a note of these routing table or take a screen capture for future reference.
Close and restart Wireshark on Pi-1, click on the menu icon and select :
-> Internet -> Wireshark (GTK+)
This will open the Wireshark GUI. Left click on (highlight) the Ethernet 0 (eth0) icon
the Interface list. Next enter the packet protocol filter :
in
rip
and click on the Apply button (this will remove most of the network “noise”), then click on the Start
icon
on the top toolbar in Wireshark.
Mike Freeman 23/11/2022
Systems and Devices - Networks
7
Config
Figure 8 : Mikrotik RIP configuration
To start the RIP daemon on each Pi, use its SSH terminal i.e. for Pi-1, Pi-2 and Pi-3, and enter the
following commands:
sudo systemctl restart zebra.service
sudo systemctl restart ripd.service
Mike Freeman 23/11/2022
Systems and Devices - Networks
8
You will now see some activity in the main window as Wireshark captures the packet associated
with routing information transfers. Finally, click on the Stop icon
on the top toolbar to stop
capturing network traffic.
What broadcast address is used by the RIP protocol? How where the routing tables on each Pi
updated?
Note, by default routing information is transferred every 30 seconds, but this can vary with different
configurations. Remember TCP is a point-to-point protocol so can not use in a broadcast address.
Finally broadcasts are limited to a broadcast domain e.g. a subnet, these packets are not forwarded
by the router to other subnets. The eth1 interface on each Pi uses the 192.168.0.0/16 network i.e. a
class B network as shown in figure 9. The eth0 interface on each Pi uses the 172.16.X.0/30 network
i.e. a classless network.
Task : test your understanding of the RIPv1 protocol by answering assessed question Q2.
Figure 9 : network classes
Task 3
RIPv1 was introduced when the Internet was relatively “small”, therefore, the amount of data
transferred by each broadcast was not significant. However, as networks got bigger this regular 30
second burst of traffic started to become an issue i.e. routers became synchronised, resulting in 100s
of routers all transmitting data at the same time.
Note, remember that broadcast packets are received and processed by all hosts/routers on that local
network, even if they are not involved in routing packets.
RIPv1 also had a number of limitations e.g. fixed metrics, limited to 15 hops and only supported
classful routing, but perhaps the most obvious missing functionality is the lack of authentication /
passwords, which is a slight security concern :).
Mike Freeman 23/11/2022
Systems and Devices - Networks
9
To overcome these issues RIPv2 was developed in 1994, again using UDP as its transport protocol,
port number 520 (RFC 1723: https://datatracker.ietf.org/doc/html/rfc1723). This protocol supports
Classless Inter-Domain Routing (CIDR) and also passwords :). It also switched from broadcast
based addressing to multicast addressing i.e. IP address 224.0.0.9, reducing network loads for hosts
not involved in network routing.
Multicast addressing uses a Class D address i.e. a multicast ID. Now, only routers monitoring this
address will process these packets i.e. you can think of multicast as an application specific
“broadcast” address. For more information on what applications use what multicast IDs refer to:
https://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml
To see RIPv2 in action modify the ripd.conf files on each Pi as shown in figure 10 i.e. modify
the file ripd.conf files on Pi-1, Pi-2 and Pi-3.
Note, changes have been underlined, don’t forget to uncomment the password.
! -*- rip -*hostname ripd
password zebra
!
router rip
version 2
network eth1
redistribute static
redistribute kernel
redistribute connected
timers basic 10 15 30
no passive-interface eth1
!
log file ripd.log
Figure 10 : ripd.conf version 2
In Task 1 each Pi was on its own subnet, therefore, they were unable to see the broadcast packets
from other Raspbery Pis. They could only see the broadcast packets from the router i.e. each
Raspberry Pi’s routing table was only updated with information from the router’s routing table.
Moving the RIP protocol onto eth1 means that each Raspberry Pi is now in the same broadcast
domain, therefore, each Pi will “see” other Pi routing tables. To enable the router to process these
new RIPv2 packets update the configuration show in figure 8, changing the receive/send versions
from v1 to v2.
Restart the Wireshark GUI. Left click on (highlight) the Ethernet 1 (eth1) icon
Interface list. Next, enter the packet protocol filter :
in the
rip
and click on the Apply button (this will remove most of the network “noise”). Then click on the
Start icon
on the top toolbar in Wireshark. Restart the RIP daemon on each Pi using each SSH
Mike Freeman 23/11/2022
Systems and Devices - Networks
10
terminal i.e. for Pi-1, Pi-2 and Pi-3, by entering the following commands:
sudo systemctl restart zebra.service
sudo systemctl restart ripd.service
You will now see some activity in the main window as Wireshark captures the routing information
packets. Finally, click on the Stop icon
on the top toolbar to stop capturing network traffic.
What multicast address is used by the RIP protocol? Examine Pi-1’s routing table. What has
changed? Why have these routes been added?
Note, RIP is an example of an early routing protocol and therefore has a number of limitations. For
our small system these overheads are not that significant e.g. periodically transferring the full
routing table to each router. However, as the size of these network’s grow this becomes impractical.
To solve this and other problems the Open Shortest Path First (OSPF) protocol was developed. This
is a dynamic routing protocol. Routing calculations are now not just based on the number of hops,
but also cost parameters such as bandwidth, delay and load. To perform these calculations this
protocol uses link-state routing based on Dijkstra's, or the shortest path first (SPF) algorithm. Each
router maintains a link-state database, a network topology map, allowing every router to calculate
the “cost” of each route. As with any protocol OSPF has its disadvantages (high initial network load
as link-states are transferred, increased router processing and memory requirements) and advantages
(once a stable link-state is reached there are minimal network overheads). However, in general it
has now replaced RIP.
E = Enable - = Delete
D = Disable
Figure 11 : enable, disable and delete RIP on Mikrotik
Task : test your understanding of the RIPv2 protocol by answering assessed question Q3.
Task 4
To expand our network we can connect multiple Raspberry Pi systems together. Initially we will
stop the RIP daemon on each Pi. In each SSH terminal i.e. for Pi-1, Pi-2 and Pi-3, enter the
following commands:
sudo systemctl stop ripd.service
sudo systemctl stop zebra.service
Next, using the web interface disable the RIP service on the Mikrotik router, as shown in figure 11.
Mike Freeman 23/11/2022
Systems and Devices - Networks
11
The first method of joining these systems is via the network switch. Each Raspberry Pi system has
an unique IP address based on its desk number e.g. in figure 12 desks 100 and 101. Therefore, for
this example the IP address for Pi-1 on each of these systems will be:
•
•
Desk 100: 192.168.100.1/16
Desk 101: 192.168.101.1/16
Are these Raspberry Pis on the same subnet? If you connect a network cable between these switches
as shown in figure 12 will Pi-1 be able to ping the other Pi-1?
192.168.101.1
192.168.100.1
Pi-1
PC
SWITCH
Pi-2
Pi-3
Pi-1
ROUTER
ROUTER
Pi-2
SWITCH
PC
Pi-3
Figure 12 : connecting systems via the switch
To test if this connection would work use the green network cable to connect your system to your
neighbour’s, or to the spare Raspberry Pi system on the next desk, as shown in figure 13.
Connecting
cable
Figure 13 : connecting systems via the switch
Figure 14 : Pi-1 (desk 100) routing table
Mike Freeman 23/11/2022
Systems and Devices - Networks
12
Examine the routing tables for each Pi-1. An example from figure 12 is shown in figure 14. From
this example you should spot that in its present state you will be unable to access the 172.16.X.0 or
the 10.X.1.0 networks on the remote system.
Enable the RIP protocol on the eth1 interface on both Raspberry Pi systems. Then re-examine the
routing tables on Pi-1. What networks have been added to the routing table? Can you now access
the 172.16.X.0 or the 10.X.1.0 networks on the remote system?
The second method of connecting the Raspberry Pi systems together is via the Mikrotik router, as
shown in figure 15. If you connect a network cable between these routers, will Pi-1 be able to ping
the other Pi-1?
192.168.100.1
192.168.101.1
Pi-1
PC
SWITCH
Pi-2
Pi-1
ROUTER
ROUTER
Pi-3
Pi-2
SWITCH
PC
Pi-3
Connecting
cable
Figure 15 : connecting systems via the router
As you probably guessed for the Raspberry Pis to be able to communicate with each other we need
to set-up the two routers. However, until this is done you will be unable to connect to the second
router i.e. a chicken and egg scenario. Therefore, to configure the second router you will need to
access it via the network switch. On the PC set-up two SSH tunnels, one for each router. For the test
system I am using i.e. desk-100 and desk-101 these SSH tunnels will be:
ssh -L 8888:172.16.100.6:80 pi@192.168.100.1
ssh -L 8889:172.16.101.6:80 pi@192.168.101.1
Note, you need two different port numbers, one for each tunnel.
Task : test your understanding of the RIPv2 protocol by answering assessed question Q4.
Mike Freeman 23/11/2022
Systems and Devices - Networks
13
IMPORTANT : when you have finished, restore the Mikrotik configuration back to its original
settings, such that it’s good to go for the next person using that desk. If you are not sure how to do
this do ask and I can show you how.
Assessed questions
Practical questions related to this lab must be answered from your assigned desk position as your
answers are specific to that desk e.g. IP addresses etc. You may not use another desk. If the PC or
equipment is faulty please report this to me and new equipment will be provided. If you do answer
these questions from a different desk or borrow equipment from another desk you will be awarded a
zero mark. Therefore, always double check your equipment and desk numbers before starting these
questions.
The open assessment for this module is based on the tasks that you perform in these laboratory
scripts. Some of these task can be complete outside the lab, whilst others will need to be performed
at your assigned desk, either during the laboratory session or in your own time i.e. you are not
expected to complete the more complex tasks within the scheduled lab session.
Q1 (2 mark) : calculate the direct broadcast address of eth0 for Pi-2 for your system. Show all
working. Enable local broadcast on Pi-1, Pi-2 and Pi-3. Ping the eth1 direct and local broadcast
addresses from Pi-2. Why do you not get the same results? Taking screen shots of the ping
command terminals and a suitable screen capture to support your answer.
Q2 (2 mark) : what broadcast address is used by the RIPv1 protocol? When RIPv1 is enabled what
routes have been added to Pi-1’s routing table. Why have these routes been added? Take appropriate
screen shots of Wireshark and the command terminal to support your answer.
Q3 (2 mark) : what multicast address is used by the RIPv2 protocol? When RIPv2 is enabled what
routes have been added to Pi-1’s routing table. Why have these routes been added? Take appropriate
screen shots of Wireshark and the command terminal to support your answer.
Q4 (4 mark) : connect two Raspberry Pi systems together using the router, update the two Mikrotik
routers and the Raspberry Pi to use RIPv2, such that Pi-1 is able to ping the other Pi-1 in the other
system i.e. ping 192.168.<OTHER-DESK>.1. Describe and document the required modifications
needed. Submit screen shots of the routing tables of each Pi and Mikrotik. Also include a screen
shot of the ping command being executed.
IMPORTANT : when you have finished, restore the Mikrotik configuration back to its original
settings, such that it’s good to go for the next person using that desk. If you are not sure how to do
this do ask and I can show you how.
Total : 10 marks.
Mike Freeman 23/11/2022
Systems and Devices - Networks
14
Appendix A : Quagga
Figure A1 : Quagga (https://en.wikipedia.org/wiki/Quagga)
Mike Freeman 23/11/2022
Related documents
prelab2
prelab2
Network layer
Network layer
prelab2
prelab2
CCNA 2 - Chapter 8 Study Guide 1. Why
CCNA 2 - Chapter 8 Study Guide 1. Why
Download
advertisement