Configuring and Troubleshooting Routers

# Compare and Contrast Routing Concepts [[Explaining IPv4 Addressing]], [[Supporting IPv4 and IPv6 Networks]] 32 bits ## Routing Tables and Path Selection `show ip route` - routing tables - equivalent to switch's CAM table (mac and IP addresses matched up). Paths to routers. netstat -rn. Gives you the network destination, subnet mask, and interface IDs. - **Protocol** - The source of the route. - **Destination** - Routes can be defined to specific hosts but are more generally directed to network IDs. The most specific destination prefix (the longest mask) will be selected as the forwarding path if there is more than one match. - **Interface** - The local interface to use to forward a packet along the chosen route. This might be represented as the IP address of the interface or as a layer 2 interface ID. - **Gateway/next hop** - The IP address of the next router along the path to the destination. ## Static and Default Routes Static routes have to be built by someone like an administrator. Default ones are automatically discovered and are used if no other routes match. Categories of routing table entries: - Directly connected via ethernet or wifi - Paths to remote networks - say you wanna get to luck's network, there are paths to get there via routers - Host routes - Default routes Default routes identify the next hop router to a destination that cannot be matched by another routing table entry. Also represented by the gateway of last resort. This may be the simplest way for an edge router to forward traffic to an ISPs router. ## Routing Table Example ![[Pasted image 20230523091209.png]] ## Packet Forwarding when a router receives a packet it... 1) reads the destination address 2) looks up a matching destintation network IP address and prefix in the routing table 3) If there is a match, th packet is forwarded out of an interface by encapsulating the packet in a new frame - if the packet can be delivered to a directly connected network via an Ethernet interface - the router useses ARP or ND (IPv6) to determine the interface address of the destination host - if the packet can be forwarded via a gateway over ethernet it inserts the next hop router's MAC address into the new frame - if it can be forwarded via a gateway or other type of interface (leased line, or DSL for example), the router encapsulates the packet in the appropriate type of frame - If the destination address cannot be matched to a route entry, the packet is either forwarded via the default route or dropped (the source host is notified that it was undeliverable) **Hop Count** If the packet is forwarded via a gateway... - the above process is repeated at each router to deliver the packed through the internetwork - each router along the path counts as one hop - SWITCHES DO NOT COUNT AS HOPS ![[Pasted image 20230523092040.png]] **Time To Live** At each router the TTL IP header field is decreased by at least 1 - this could be greater if the router is congested. - the ttl is nominally the number of seconds a packet can stay on the network before being dropped. - While TTL is defined as a unit of time (seconds), in the real world it is interpreted as a maximum hop count - When TTL reaches 0, the packet is dropped - This prevents badly addressed packets from permanently circulating the network ## Fragmentation Typically done at the router with IPv4, in IPv6 hosts performs fragmentation. IP is unreliable, connectionless delivery mechanism - Packets might be lost, delivered out of sequence, duplicated, or delayed - ID, flags, and fragment offset fields record sequence and fragmentation - Fragmentation to fit layer 2 frame maximum transmission unit (MTU) - MTU path discovery # Compare and Contrast Dynamic Routing Concepts ## Dynamic Routing Protocols uses an algoritm and metrics to build and maintain a routing information base. - the database stores info about the networks to which the router is conencted and where there are nultiple paths, prioritizes one over the rest - This is info can be shared with the router's neighbors - That is a learned route. - A router can add learned routes from one or more routing protocols. ## Topology and Metrics algorithms used for path selection can be categorized according to the topology and metrics they used to build and update a routing information base and prioritize optimal paths. - Most algorithms are classed as either **distance vector** or as **link state** - Sometimes a hybrid of methods are used. For each protocol the router maintains a routing info base of routes discovered by that protocol. This is separate to the IP routing table. Will try to route with the fewest hops **Convergence** Process whereby routers running dynamic routing algorithm,s agree on the network topology. - routers must be able to adapt to changes such as newly added networks, failures, and so on - routers must be able to communicate changes to other routers quickly to avoid black holes and loops. A network where all routers share the same topology is a **steady state**. The time taken to reach steady state is a measure of routing protocol's convergence performance. A **flapping interface** is one that is changing frequently to offline and online and back again. ## Interior vs Exterior Gateway Protocols In addition to the algorithm, routing protocols can be classified as the way they deal with administrative boundaries. **autonomous systems (AS)** - network under the administrative control of a single owner. my own space **interior gatway protocol (IGP)** - identifies routes within an AS **exterior gateway protocol (EGP)** - advertise routes between AS. AN EGP includes a field to communicate the networks anon system ID. **Popular protocols** ![[Pasted image 20230523095018.png]] ## Routing Information Protocol **RIP** is a distance vector protocol - only considers a single piece of information about the network topology - the next hop router to reach a given network - it considers only one metric to select the optimal path -- the lowest hop count - RIP sends regular updates (typically every 30 seconds) of its entire routing database to neighboring routers. It can also send triggered updates whenever changes occur. When a router receives an update from a neighbor, it adds unknown routes to its own routing table, increases the hop count by 1, and identifies the originator of the update as the next hop to the specified networks. ![[Pasted image 20230523095502.png]] ![[Pasted image 20230523095627.png]] **RIP Versions...** - RIPv1 - classful - uses inefficient broadcasts to to communicate updates over UDP port 520 - RIPv2 - classless - uses efficient multicast transmissions over UDP port 520 - also supports authentication - RIPng (next generation) - designed for IPv6 - uses UDP port 521 Suited for small networks with limited failover routes. **not scalable**. ## Enhanced Interior Gateway Routing Protocol EIGRP is usually classed as an advanced distance vector or hybrid routing protocol. Like RIP, EIGRP is a **distance vector protcol**. Unlike RIP, EIGRP uses a metric composed of administrator weighted elements. The 2 default elements are bandwidth and delay: - **Bandwidth** -> Applies cost based on the lowest bandwidth link in the path - **Delay** -> Applies a cost baed on time it takes for a packet to traverse the link. Most important if the route is used to carry time-sensitive data. Delay is calculated as the cumulative value for all outgoing interfaces in the path. EIGRP sends a full update when it first establishes contact with a neighbor, and only sends updates when there is a topology change. More efficient and less disruptive to large networks, giving it the best convergence performance in many scenarios. Does use regular hello messaging to confirm connectivity. Maintains a topology table alongside routing info base. this prevents loops while support greater number of max hops (up to 255). Native IP. The protocol is encapsulated directly in IP datagrams. uses port 88 multicasts. **DISTANCE VECTOR AND HYBRID LINK STATE** - because it uses a topology table AND hop count ## Open Shortest Path First Link state algorithm allows a router to store the complete network topology and assess the least-cost paths from this topology database. **OSPF** is the most widely adopted link state protocol. Suited for large organizations with multiple redundant oaths between networks. Better convergence performing then RIP. It was designed to support classless addressing. OSPF is hierarchical. Networks with their connected hosts and routers within an autonomous system are grouped info OSPF areas. Routers in a given area share the same topological database of the networks they serve. Routers that can connect to multiple areas are known as area border routers. A backbone (always called AREA 0) is created by the border routers. THis backbone is only visible to the border routers and invisible to the routers within a specific area. In a given area, routers exchange OSPF hellow messages. In the forms of... - keep-alive packet - in order to acquire neighbors with which to exchange routing information. **uses port 89** messages are sent as multicasts using OSPF datagram format. - supports cryptographic or plaintext authentication ## Border Gateway Protocol **BGP** - designed to be used between routing domains in a mesh internetwork. IS USED AS THE ROUTING PROTOCOL ON THE INTERNET, PRIMARILLY BETWEEN ISPs. The above protocols have been classed as interior gatway protocols (IGPs). They talk between routers within a single routing domain. BGP is a type of exterior gateway protocol that is used for communications between routers in separate AS. When BGP is used within an AS it is referred to as Interior BGP (IBGP), and when implemented between AS, it is (EBGP). An AS hides the complexity of pricate networks from the public. If all internet locations had to be propogated to all internet routers, the routing tables would become far too large. Edge routers for each AS exchange only enough network reachability info as is required to access other AS. BGP prioritizes stability and can be slow to converge. BGP works over TCP port 179. ## Administrative Distance sets a count and it subtracts - Longer prefixes preferred for path selection (`/28 g1 > /24 g0`) - Protocols add one route per destination prefix to global IP routing table - Routing protocol uses metric to determine least-cost path - Router uses administrative distance to prefer paths to same destination learned by different protocols6 each router wants to set the AD on each communication path. May use this to calculate the path metric ![[Pasted image 20230523102704.png]] Each routing protocol supported by the router can add a single route for any given destination prefix to the routing table. This means that there might be more than one route with an identical length prefix in the routing table. Each routing protocol uses its metric to determine the least-cost path. However, as routing protocols use different methods to calculate the metric, it cannot be used to compare routes from different protocols in the overall IP routing table. Instead, an administrative distance (AD) value is used to express the relative trustworthiness of the protocol supplying the route. Default AD values are coded into the router but can be adjusted by the administrator if necessary. This means, for example, that given identical prefix lengths, a static route will be preferred to anything other than directly connected networks and that a route discovered by OSPF would be preferred to one reported by RIP. The value of 255 for unknown routes means that they will not be used. Conversely, a static route with a high AD could be defined to function as a backup if a learned route update fails. In normal circumstances, the router will prefer the learned route because it has a lower AD. ## Classless Inter-Domain Routing ![[Pasted image 20230523103848.png]] EACH NUMBER IN A BINARY SET IS A BIT. THAT IS WHY IPv4 IS 32 BIT. SO THE /24 (CIDR) MEANS THE FIRST 24 BITS IS THE NETWORK ID AND THE REMAINDER IS THE HOST ID ## Variable Lenth Subnets - Use address space in IPv4 network more efficiently - Rather than use the same mask for all subnets, use different mask lengths according to host numbers per subnet | 22 | 23 | 24 | 25 | 26 | 27 | 28 | | ------------- | ------------- | ------------- | ------------- | ------------- | ------------- | ------------- | | 4 | 8 | 16 | 32 | 64 | 128 | 256 | using this you find how many bits are the prefix 1) In the example, the largest requirement is for 80 hosts. 26 has a maximum of 64 values, which is not enough, so the nearest match in the table is 27. This tells us that we need 7 bits for host addressing. This actually allows for 126 host addresses once the network and broadcast addresses have been accounted for (27-2). Using 7 bits makes the prefix /25 (32 minus 7). 2) The next requirement is technically met by a 5-bit host address space, but as this allows for exactly 30 addresses, there would be no room for growth. Using 6 bits might be safer, but for this scenario, we will choose the closest match and adopt the /27 prefix. 3) The next three requirements are for 8, 12, and 12 hosts. These all require 4 bits, which gives up to 14 usab le addresses. 4) The routers use point-to-point links, so no more than two addresses will ever be required. This can be met by selecting a /30 prefix. to get CIDR notation/prefix you need to 2n and then subtract the N value from 32. to find hosts 2n-2 # Install and Troubleshoot Routers ## Edge Routers - Edge placement - hosts in the same IP network/subnet must not be separated by a router - hosts in different IP networks/subnets must be separated by a router - Edge routers on network perimeter - customer edge (CE) to provider edge (PE) - this come together to make the demarcation point - L1/L2 type (metro-optical, leased line, DSL, cable) - SOHO-class routers versus enterprise routers - edge routers have gateway protocols ## Internal Routers - These implement subnets and internal borders/areas - Has no public interfaces - implement whatever network topology is needed - Subinterfaces - split single physical connection to per-VLAN subinterfaces - segmented with VLAN - router serving all vlans - Layer 3 switches - hardware optimized to forward between VLANs - not used for routing - core appliance for routing between VLANs - maintains an IP address to MAC address table - no WAN interface, so no use at network edge ## Router Configuration - Configured via - network (ssh) - serial port - best practice to create a virtual interface known as a loopback interface in the router's OS - gives the router an internal IP After placing a router in the network and connecting the cabling you need to... - apply an IP configuration to each interface - set a routing protocol on each interface ## route `route print` - troubleshoot windows and linux hosts - verify default gateway - add static route - view and modify the routing table of end system - on an end system the oute table contains a single entry for the default route (0.0.0.0/0), any traffic not addressed to the local subnet is sent to the default route - default route points to the default gateway to add a route `route [-f -p] add DESTINATIONIP mask Netmask GatewayIP metric MetricValue if Interface` Variables in the syntax are defined as... - Destination IP - is a network or host address - Netmask - subnet for Destination IP - GatewayIP - router to use to contact the network or host - MetricValue - is the cost of the route - Interface - adpater the host should use (used if the host is multihomed) `route add 192.168.3.0 mask 255.255.255.0 192.168.5.1 metric 2` -p - stores in the registry (permanentyle configured) ## tracert and traceroute **traceroute - linux and routerOS** - issues a **UDP** probe for port **32767** with a TTL of 1 - the packet will be dropped cause it reach TTL 0 - then traceroute sends another packet and increases TTL to 2 and so on and so forth - the output shows the number of hops, the IP address of the ingress interface of the router or host (where the probe is recieved), and the time taken for each hop (ms) - if no acknowledgement is received within the timeout period, an * is shown. - this could as indicate the router packets within expired TTLs silently - traceroute can be configured to send ICMP echo requesats probes rather then UDP by using `traceroute -I`. - `traceroute6 or traceroute -6` is for IPv6 networks **tracert** windows systems - uses ICMP echo requests probes by default - **UDP** **3343** to **33534** - same functionality as above - switches precede the target IP - -d to supress name resolution - -h to specify max number of hops (default is 30) - -w to specify a timeout in ms (default 4000) - when used with host names tracert can be forced to use IPv6 instead of IPv4 by adding the -6 switch - `tracert -6 www.microsoft.com` ## Missing Route Issues If you can ping a host's default gateway, but cant ping some or all hosts on remote networks, then you should suspect a routing issue. In alot of cases the router has gone offline and there is no alternative path to the network. If you suspect a problem with router configuration and the network topology, use traceroute to try to identify where the network path is failing and the route or show route commands to investigate the routing tables of intermediate systems at that point in the path. When inspecting a routing table, you can use `show ip route w.x.y.z to check for the presence of a route to a specific IP network. A missing route may arise because a required static routing entry has not been entered or has been entered incorrectly. Missing routes may also arise because a router fails to communicate with its neighbors and so does not receive routing protocol updates. Performing a device configuration review means checking that the running configuration matches the documented baseline. You might start troubleshooting this by pinging the router nodes that are neighbors of the system with the issue to check basic connectivity. If there is a network path and the neighbors are up, you would investigate the protocol configuration (perhaps there is an authentication issue or incorrect parameter). ## Routing Loop Issues A routing loop occurs when two routers use one another as the path to a network. Packets caught in a routing loop circle around until the TTL expires. One symptom of a potential routing loop is for routers to generate ICMP Time Exceeded error messages. Routing protocols use various mechanisms to prevent loops. For example, distance vector protocols use the following mechanisms: - **Maximum hop count** — If the cost exceeds a certain value (16 in RIP), the network is deemed unreachable. A poison route is one advertised with a hop count of 16. This can provide an explicit failure notice to other routers. - **Holddown timer** — If a node declares a network unreachable, its neighbors start a holddown timer. Any updates about that route received from other nodes are discarded for the duration of the timer. This is designed to ensure that all nodes have converged information about an unreachable network. - **Split horizon** — Prevents a routing update from being copied back to the source. In the example above, this would prevent router C from sending an update about a route to router A via router B to router B. Link state protocols try to ensure that each node has a consistent view of the network through continual, timely updates flooded to all nodes in the routing domain. A loop in a link state routing domain typically indicates that updates are not being propagated correctly. You can use `traceroute` to diagnose a routing loop by looking for IP addresses that appear multiple times in the output. ## Asymmetrical Routing Issues **Asymmetrical routing** a topology where the return path is different to the forward path. COmmon where there are load balancers and where routing takes place over multiple redundant paths accross the internet or other complex internetworks. This can be problematic where the return path is much higher latency then the forward path or where the difference between paths causes stateful firewall or NAT devices to filter or drop communications. ## Low Optical Link Budget Issues As well as the router configuration. should also consider physical and data link issues when troubleshooting WAN and datacenter routing. One cuh issue is poor connectivity across fiber links. An **optical link budget**, or loss budget, is the amount of loss suffered by all components along a fiber transmission path. This is calculated using the following parameters: - **Attenuation** —> This is the loss over the length of the cable, based on fiber type and the wavelength used. Single mode has a loss of up to 0.4 dB/km, while multimode can be from 0.8 dB/km to 3 dB/km. - **Connectors** —> Each connector in the path incurs a loss, usually assumed to be 0.75 dB. - **Splices** —> Additional splices in the cable are budgeted at around 1 dB for mechanical and 0.3 dB for fusion.