5.4.1. Interior and external Internet routing protocols
Most of the routing protocols used in modern packet switching networks lead their origin from the Internet and its predecessor - ARPANET network. In order to understand their appointment and features, it is useful to first get acquainted with the structure of the Internet network that put a print on the terminology and protocol types.
Internet was originally built as a network that unites a large number of existing systems. From the very beginning in its structure allocated main Network (Care Backbone Network),and networks attached to the highway were considered as autonomous systems (AUTONOMOUS Systems, AS).The main network and each of the autonomous systems had their own administrative management and its own routing protocols. It is necessary to emphasize that the autonomous system and domain of the Internet names are different concepts that serve different purposes. The autonomous system combines networks, in which routing is carried out under the general administrative guidance of one organization, and the domain combines computers (possibly belonging to different networks), in which unique symbolic names are assigned under the general administrative management of one organization. Naturally, the area of \u200b\u200baction of the autonomous system and the name domains may in a particular case, if one organization performs both of the specified functions.
The overall architecture of the Internet network is shown in Fig. 5.25. Next, we will call the routers to remain in line with the traditional Internet terminology.
Gateways used to form networks and subnets inside an autonomous system are called internal gateways (interiorgateway),and gateways with which autonomous systems are joined by network lines are called external gateways (exterior gateways).The network line is also an autonomous system. All autonomous systems have a unique 16-bit number, which is highlighted by the Organization established by the new autonomous system, Internic.
Accordingly, the routing protocols inside autonomous systems are called internal gateway protocols (Interior Gateway Protocol, IGP),and the protocols that determine the exchange of route information between external gateways and the main network gateways - external Gateway Protocols (Exterior Gateway Protocol, EGP).Inside the main network also assume any Own Internal IGP Protocol.
The meaning of the separation of the entire Internet network to autonomous systems is in its multi-level modular representation, which is necessary for any large system capable of expansion on a large scale. Change routing protocols inside any autonomous System It should not affect the work of other autonomous systems. In addition, the internet division on autonomous
418 Chapter 5 Network Level As Building Tool large networks
systems should contribute to the aggregation of information in trunk and external gateways. Domestic gateways can use enough detailed link graphs for internal routing to select the most rational route. However, if the information of such a degree of detail will be stored in all network routers, the topological databases will rise so that they will require the memory of gigantic sizes, and the time for making routing decisions will become unacceptable.
Therefore, detailed topological information remains inside the autonomous system, and the autonomous system as a single integer for the rest of the Internet represent external gateways, which report the internal composition of the autonomous system. The minimum required information is the number of IP networks, their addresses and the internal distance to these networks from this external gateway.
CIDR Classless Routing Technique can significantly reduce the volume of route information transmitted between autonomous systems. So, if all networks inside a certain autonomous system start with a common prefix, for example, 194.27.0.0/16, then the external gateway of this autonomous system should declare only about this address, not reporting on the existence within this autonomous system, for example, network 194.27. 32.0 / 19 or 194.27.40.0/21, since these addresses are aggregated to the address 194.27.0.0/16.
5.4. Routing protocols in IP networks 419
Shown in fig. 5.25 The structure of the Internet with a single highway sufficiently corresponded to reality long enough, therefore, a protocol for exchanging route information between autonomous systems, called EGP was developed. However, with the development of networks of service providers, the Internet structure has become much more complex, with an arbitrary nature of the links between autonomous systems. Therefore, the EGP protocol gave way to the BGP protocol, which allows you to recognize the presence of loops between autonomous systems and eliminate them from intersystem routes. EGP and BGP protocols are used only in external liaison gateways, which are most often organized by Internet service providers. In corporate network routers, internal routing protocols are operating, such as RIP and OSPF.
5.4.2. Remote-vector RIP protocol
Building routing table
RIP (RUTING INFORMATION PROTOCOL) is an internal remote-vector type routing protocol, it is one of the earliest exchange of route information exchange protocols and is still extremely distributed in computing networks due to the simplicity of implementation. In addition to the RIP version for TCP / IP networks, there is also a RIP version for Novell IPX / SPX networks.
For IP there are two versions of the RIP protocol: the first and second. The RIPVL protocol does not support masks, that is, it distributes between routers only information about network numbers and distances to them, and information about the masks of these networks does not distribute, believing that all addresses belong to the standard classes A, B or C. RIPV2 protocol transfers information On masks of networks, so it is greater in compliance with the requirements of today. Since when constructing routing tables, version 2 is not fundamentally different from version 1, then in the future, the first version will be described to simplify records.
As a distance to the network, the RIP protocol standards allow various types of metrics: hops, metrics, taking into account the bandwidth, introduced delays and reliability of networks (that is, the corresponding features D, T and R in the "Quality of Service" field of the IP package), as well as any Combinations of these metrics. The metric must have the property of additivity - the metric of the composite path must be equal to the sum of the metric component of this path. In most implementations, the RIP uses the simplest metric - the number of hops, that is, the number of intermediate routers that need to overcome the package to the destination network.
Consider the process of constructing a routing table using the RIP protocol on the example of the composite network shown in Fig. 5.26.
Step 1 - Creating Minimum Tables
This network has eight IP networks associated with four routers with identifiers: ML, M2, MH and M4. RUP routers operating on the RIP protocol may have identifiers, however, they are not necessary for the operation of the protocol. In RIP messages, these identifiers are not transmitted.
In the initial state in each router software The TCP / IP stack automatically creates a minimum routing table, in which only directly connected networks are taken into account. In the picture of the address of ports of routers, in contrast to network addresses, placed in ovals.
Table 5.14 allows you to estimate the approximate view of the minimum router routing table.
After initializing each router, it begins to send the RIP protocol message to its neighbors, which contain its minimum table.
5.4. Routing protocols in IP networks 421
RIP messages are transmitted in UDP protocol packages and include two parameters for each network: its IP address and distance to it from the transmitting router message.
Neighbors are those routers that this router can directly convey the IP packet on any of its network without using the services of intermediate routers. For example, for the ML router, neighbors are M2 and MH routers, and for the M4 router, M2 and MH routers.
Thus, the ML router transmits the following message to the M2 router:
201.36.14.0 network, distance 1;
network 132.11.0.0, distance 1;
network 194.27.18.0, distance 1.
Stage 3 - Getting RIP messages from neighbors and processing received information
After receiving similar messages from M2 and MZ routers, the ML router increases each received metric field per unit and remembers, through which port and from which router received new information (the address of this router will be the address of the next router, if this entry is entered into the routing table). Then the router begins to compare new information from the one that is stored in its routing table (Table 5.16).
Table 5.16.ML router routing table
IP is decrypted as Internet Protocol (Internet protocol), and specifically the 4th version of this protocol is currently the most common. IPv4 is defined through RFC 791.
As part of the OSI, this is the protocol of the network (3rd) level. This level, I remind, is intended to determine the path of data transfer.
IPv4 uses packet switching. At the same time, the original transmitted message is divided into parts of a small size (packets), which are transmitted over the network independently.
In addition, IPv4 does not guarantee the delivery of packages, or the lack of duplicates. This is the so-called "Best Effort Delivery" (in contrast to the guaranteed delivery). Accordingly, these tasks go to higher-level protocols, for example, TCP.
Addressing
IPv4 identifies the sender and recipient using a 32-bit address, which limits the number of possible addresses 4 294 967 296. From this number of IPv4 reserves special address ranges, called private (~ 18 million) and multicast (~ 270 million).
Addresses are usually recorded in the form of four decimal octets through a point, for example: 198.51.100.25 corresponds to the number C6336419 16.
When using the global address space, it is necessary to distinguish the addresses available in local physical network that do not require routing and addresses that are physically different. In the event of the latter, packets are sent to the router, which must convey them further.
In the first versions of the standard, the first Ocet was used to identify the network, the rest - to identify the node. Quite quickly it became clear that 256 networks are not enough. Therefore, network classes were introduced:
| Class | First bits | Length address of the network | Address length node |
|---|---|---|---|
| A. | 0 | 8 | 24 |
| B. | 10 | 16 | 16 |
| C. | 110 | 24 | 8 |
| D. | 1110 | N / A. | N / A. |
| E. | 1111 | N / A. | N / A. |
| Class | Start range | End of range |
|---|---|---|
| A. | 0.0.0.0 | 127.255.255.255 |
| B. | 128.0.0.0 | 191.255.255.255 |
| C. | 192.0.0.0 | 223.255.255.255 |
| D. | 224.0.0.0 | 239.255.255.255 |
| E. | 240.0.0.0 | 255.255.255.255 |
Class D is reserved for a multicast, class E - just reserved "just in case."
The length of the network address and the length of the node address was determined by the first bit of the address. From about 1985, they also refused. The reasons for this are that many organizations demanded more addresses than provided a class C network and obtained a class B. Class B network, however, exceeded the organization's requirements at times.
On the change of network classes came the mask of the network. This bit mask, which indicates which bits addresses relate to the network, and which - to the node. According to the standard agreement, the mask must be filled from left to right, so that the network address is always in senior bits. This allows you to specify only network address length, instead of the network mask, the entire network.
For example, 192.0.2.0/24 means that the first 24 bits (three octets) refer to the address of the network, and the rest are to the address of the node. / 24 Equivalent to the network mask 255.255.255.0.
The use of network masks is described in RFC 1517.
Numerous standards also reserve various address ranges for special needs.
| Range | Description | RFC |
|---|---|---|
| 0.0.0.0/8 | Current Network (source address) | 6890 |
| 10.0.0.0/8 | Private network | 1918 |
| 100.64.0.0/10 | Shared address space CGN | 6598 |
| 127.0.0.0/8 | LOOPBACK | 6890 |
| 169.254.0.0/16 | Autoconfiguration | 3927 |
| 172.16.0.0/12 | Private network | 1918 |
| 192.0.0.0/24 | IETF Protocol Assignments | 6890 |
| 192.0.2.0/24 | Documentation and examples 1 | 5737 |
| 192.88.99.0/24 | IPv6 to IPv4 relay | 3068 |
| 192.168.0.0/16 | Private network | 1918 |
| 198.18.0.0/15 | Testing bandwidth Network | 2544 |
| 198.51.100.0/24 | Documentation and examples 2 | 5737 |
| 203.0.113.0/24 | Documentation and examples 3 | 5737 |
| 224.0.0.0/4 | Multicast | 5771 |
| 240.0.0.0/4 | Reserved | 1700 |
| 255.255.255.255 | Broadcast query | 919 |
Also reserved addresses of nodes, in binary representation consisting of zeros (denotes the entire network, reserved) and units (broadcast request for this network).
For example, 203.0.113.0 means (in the text) network 203.0.113.0/24, and 203.0.113.255 - a broadcast request to this network.
Package format
The package consists of a header and data. IP does not imply any integrity check. The underlying protocol (say, Ethernet) already ensures the integrity check channel level, and the above (say, TCP) - at the data level.
Version, 4 bits First header field. IPv4 has a value 0010 2, i.e. 4. Header length, 4 bits Number of 32-bit words in the title. The minimum value 5, which corresponds to the length of the header 20 bytes. Maximum - 15, header length 60 bytes. DSCP or TOS - the type of service, 6 bits determines the transitation, say, for VoIP. ECN, 2 Bit flag explicit network overload. Requires support from both sides (receiving and transmitting). When receiving this flag, the transfer rate decreases. If there is no fag support, the packages are simply discarded. Full length, 16 bits full packet length in bytes, including title and data. Minimum length - 20, maximum - 65535. Identification, 16 bits serves to unique identification of datagram. Since when transferring various networks It may be necessary to divide the package into smaller parts, this field serves to identify parts belonging to one package. Flags, 3 bits
Bit flags:
- Reserved, always 0
- Do not fragmented. If the further transmission of the package requires fragmentation, the package is discarded.
- More fragments. For fragmented packages, everyone, in addition to the latter, this flag is set to 1.
- 1 - ICMP
- 6 - TCP.
- 17 - UDP.
It is rarely used. Consists of title-data blocks. The title option has a length of 8-16 bits and consists of fields:
- The type of option, 8 bits - the field defining what is the option. The value "0" means the end of the list of options. Total registered 26 codes.
- Length, 8 bits - the size of the entire option in the bits, including the title. For some types of options may be absent.
ARP
IP defines logical addresses. However, to send a package on the Ethernet network, it is also necessary to know the physical address of the target node (or router). For comparing one with another, the ARP protocol is used.
ARP (Address Resolution Protocol) is a formal protocol of the network (3rd) level in the OSI model, although in fact ensures the interaction of the 2nd and 3rd levels. ARP is implemented for various pairs of protocols of the 2nd and 3rd levels.
The protocol itself is built on a simple queuing scheme. Consider on a specific example.
If the network node, let's say, with the logical address 198.51.100.1 (in the network 198.51.100.0/24) wants to send a package of node b with a logical address 198.51.100.2, it sends a second-level broadcast query (in this case Ethernet) with an encapsulated ARP message that ask the network nodes - what physical address at the node with a logical address of 198.51.100.2, and containing the logical and physical address of the node A. Knot b, seeing its own logical address in the request, sends a response to the node A according to the request Logical and physical address. Request results are cached.
ARP messages have the following structure:
Physical Protocol (hute), 2 bytes used protocol 2 levels. Ethernet has an identifier 1. Logical protocol (PTYPE), 2 bytes used protocol 3 level. Complies with EtherType types. IPv4 has a 0x0800 identifier. The length of the physical address (HLEN), 1 byte length of the physical address in octets, for Ethernet - 6 Logical address length (PLEN), 1 byte Logical address length in octets, for IPv4 - 4 Operation (Oper), 2 bytes 1 for query, 2 For response, and many other options for protocol extensions. The physical address of the sender (SHA), the Hlen byte in the query - the address of the requesting. The response is the address of the requested node. Logic address of the sender (SPA), PLEN byte
The physical address of the recipient (Tha), the HLEN byte is ignored in the query. In response - the address requested. Logical address of the recipient (TPA), PLEN byte
Usually network nodes also send ARP messages when changing the IP address or when turned on. This is usually implemented as an APR request, in which TPA \u003d SPA, and Tha \u003d 0. Another option is an ARP response, in which TPA \u003d SPA and THA \u003d SHA.
In addition, ARP can be used to detect the conflict of logical addresses (while SPA \u003d 0).
There are protocol extensions that produce inverse operations, INARP (INVERSE ARP) receiving the L3 address via L2 address and RARP receiving the L3 address of the requesting node.
RARP was used to autoconfiguration L3 addresses. Subsequently replaced by the BOOTP protocol, and then DHCP.
Routing in IPv4 networks
The main routing algorithm in IPv4 networks is called the forwarding algorithm.
If there is a target address D and the prefix N network, then
- If n coincides with the prefix of the current node network, send local communication data.
- If there is a route for n in the routing table, send the NEXT-HOP data to the router.
- If there is a default route, send the NEXT-HOP data by default router
- Otherwise - a mistake.
The routing table is a table of mapping of network addresses and NEXT-HOP addresses of routers for these networks. So, for example, a node with an address 198.51.100.54/24 may have such a routing table: 203.0.113.0/24
| Destination | Gateway. | Device. |
|---|---|---|
| 198.51.100.0/24 | 0.0.0.0 | eth0. |
| 203.0.113.0/24 | 198.51.100.1 | eth0. |
| 0.0.0.0/0 | 203.0.113.1 | eth0. |
In principle, the route is also attached to the network device from which the data should be sent.
If the node can be achieved by several routes, a route with a longer network mask is selected (i.e. more specific). The default route can be only one.
For example, a node 198.51.100.54/24 has a routing table:
| Destination | Gateway. | Device. |
|---|---|---|
| 198.51.100.0/24 | 0.0.0.0 | eth0. |
| 203.0.113.0/24 | 198.51.100.1 | eth0. |
| 203.0.113.224/27 | 198.51.100.5 | eth0. |
Global computer network The Internet was initially built according to the following scheme: the main network, networks are joined, called autonomous systems. The main network is also an autonomous system. Such an approach is convenient, since detailed topological information remains inside the autonomous system, and the self-containing system itself as a single integer for the rest of the Internet expand external gateways (routers, with which autonomous systems are attached to the main network). Internal gateways are used inside the autonomous system of subnets.
Accordingly, the routing protocols used in the Internet are divided into external and internal routing protocols (EGP, BGP) transfer route information between autonomous systems. Internal routing protocols (RIP, OSPF, IS-IS) are used only within the autonomous system. Changing routing protocols and routes inside the autonomous system does not affect the operation of other autonomous systems.
OSPF Protocol (Open Shortest Path First - Open Protocol "The shortest path first") adopted in 1991. This is a modern protocol focused on working in large heterogeneous networks with a complex topology that includes hinges. It is based on the algorithm of the state of connections, which is highly resistant to changes in the network topology.
40. Transport TCP / IP stack protocols.
Since connections are not installed on the network level, then there are no guarantees that all packages will be delivered to the destination by integer and unharmed or come in the same order in which they were sent. This task is a reliable information communication Between two finite nodes - the main level of the TCP / IP stack, also called transport.
At this level, the TCP Transmission Control (Transmission Control Protocol) and Datagram Protocol (User Datagram Protocol) are functioning. The TCP protocol ensures reliable transmission of messages between remote application processes due to the formation of logical connections. This protocol allows equifiating objects on the sender-sender and recipient computer to maintain data exchange in duplex mode. TCP allows without errors to deliver a byte stream formed on one of the computers to any other computer included in the compound network. TCP divides the stream of the byte on the part - segments, and transmits them below the underlying level of firewall. After these segments are delivered by means of the level of firewalk to the destination, the TCP protocol will again collect them into a continuous stream of bytes.
UDP Protocol provides transfer applied packages Actigram, as well as the main protocol of IP interconnection level, and performs only the functions of the binder (multiplexer) between network Protocol and numerous application-level services or user processes.
41.Diagnostic TCP / IP utilities.
The TCP / IP includes diagnostic utilities designed to check the stack configuration and testing the network connection.
| Utility | Application |
| ARP | Displays and change the address broadcast table used by the ARP address resolution protocol (Address Resolution Protocol - Defines the local address by IP address) |
| HostName. | Displays the name of the local host. Used without parameters. |
| ipconfig | Displays values \u200b\u200bfor the current TCP / IP stack configuration: IP address, subnet mask, default gateway address, WINS addresses ( Windows Internet NAMING SERVICE) and DNS (Domain Name System) |
| nbtstat | Displays statistics and current NETBIOS information set on top TCP / IP. Used to check the state of current NETBIOS connections. |
| NetStat. | Displays statistics and current information on TCP / IP connection. |
| nslookup. | Carries out checking records and domain pseudonyms of hosts, domain services of hosts, as well as information operating system, By requests to DNS servers. |
| Ping. | Carries out the configuration of the TCP / IP configuration and check the connection with the remote host. |
| Route. | Modifies IP routing tables. Displays the contents of the table, adds and deletes IP routes. |
| Tracert. | Checks the route to remote computer By sending the ECMP ECMP (Internet Control Message Protocol). Displays the route of passing packets to a remote computer. |
To verify the configuration of the TCP / IP configuration, the IPConfig utility is used. This command is useful on computers running with DHCP (Dynamic Host Configuration Protocol), as it gives users the ability to determine which TCP / IP network configuration and which values \u200b\u200bwere installed using DHCP.
The IPConfig utility allows you to find out if the configuration is initialized and if IP addresses are not duplicated:
- if the configuration is initialized, the IP address, mask, gateway appear;
- if IP addresses are duplicated, the network mask will be 0.0.0.0;
- If, when using a DHCP, the computer could not get an IP address, then it will be equal to 0.0.0.0.
PACKET Internet Grouper is used to check TCP / IP configuration and connection error diagnostics. It defines the availability and operation of a particular host. Using Ping The best way to check that there is a route between the local computer and the network host.
The Ping command checks the connection with the remote host by sending the ICMP echo packets to this host and listen to the echo responses. Ping expects each packet sent and prints the number of transmitted and received packages. Each received package is checked in accordance with the transmitted message. If the connection between the hosts is bad, it will become clear from Ping messages how many packs are lost.
By default, 4 echo packets 32 bytes long (periodic sequence of alphabet characters in the upper case) are transmitted. Ping allows you to change the size and number of packages, specify whether to record the route that it uses which value of the lifetime (TTL) is to install, it is possible to fragmented the package, etc. When you receive an answer in the TIME field, it is indicated for what time ( In milliseconds) sent the package reaches a remote host and returns backwards. Since the default value to expect a response is 1 second, then all values this field There will be less than 1000 milliseconds. If you get the message "Request Time Out" (exceeded the wait interval), then it is possible if you increase the response time of the response, the package will reach a remote host.
Ping can be used to test as host name (DNS or NetBIOS) and its IP addresses. If Ping with the IP address was successful, and with the name - unsuccessful, it means that the problem is to recognize the conformity of the address and the name, and not in the network connection.
Ping utility is used in the following ways:
1) To verify that the TCP / IP is installed and correctly configured on the local computer, the ping command sets the loop address. feedback (LOOPBACK ADDRESS): Ping 127.0.0.1
2) To make sure that the computer is properly added to the network and the IP address is not duplicated, the IP address of the local computer is used:
Ping IP address_local_chost
3) To verify that the default gateway functions and that you can connect to any local host on the local network, the default gateway is set to the default IP address:
Ping IP address_chlusion
4) To check the ability to establish connection via the router in the Ping command, the IP address of the remote host is set:
Ping [Parameters] IP address_aened host
Tracert is a route trace utility. It uses the TTL field (Time-to-Live, the lifetime) of the IP package and ICMP error messages to determine the route from one host to another.
The Tracert utility may be more substantive and convenient than Ping, especially in cases where the remote host is unattainable. With it, it is possible to determine the area of \u200b\u200bcommunication problems (in the Internet provider, in the support network, in the remote host network) by how far the route is tracked. If problems arose, the utility displays the sprocket (*), or the "Destination Net Unreachable" type message, "Destination Host Unreachable", "Request Time Out", "Time Exeeded".
The Tracert utility works as follows: 3 trial echo packets are sent to each host through which the route passes to a remote host. At the same time, the time waiting time for each packet is displayed (it can be changed using specials. Parameter). Packages are sent with different lifetimes. Each router, found along the path, before redirecting a packet, reduces the value of TTL per unit. Thus, the lifetime is a counter of intermediate delivery points (hops). When the lifetime of the package reaches zero, it is assumed that the router will send to the computer-source message ICMP "TIME EXEEDED" (time expired). The route is determined by sending the first echo packet with TTL \u003d 1. Then, the TTL increases by 1 in each subsequent package until the packet reaches the remote host, or the maximum possible value of TTL (by default 30, is set using the -h parameter). The route is determined by learning ICMP messages that are sent back by intermediate routers.
Syntax: TRACERT [PARAMETERS] Name)
The ARP utility is designed to work with ARP cache. The main task of the ARP protocol is to broadcast IP addresses to the corresponding local addresses. For this, the ARP protocol uses information from the ARP table (ARP cache). If the required entry in the table is not found, the ARP protocol sends a broadcast request to all computers of the local subnet, trying to find the owner of this IP address. The cache may contain two types of records: static and dynamic. Static records are entered manually and stored in cache constantly. Dynamic entries are placed in the cache as a result of broadcast query. For them there is a notion of life. If within a certain time (by default 2 min.) The recording was not in demand, it is removed from the cache.
The NetStat utility allows you to get static information on some of the stack protocols (TCP, UDP, IP, ICMP), and displays information about current network connections. It is especially useful on firewalls, with its help you can detect the security violations of the network perimeter.
Syntax:
Netstat [-A] [-E] [-n] [-s] [-p Protocol] [-R]
Parameters:
-a displays a list of all network connections and listening to local computer ports;
-e displays statistics for Ethernet interfaces (for example, the number of received and sent bytes);
-N displays information on all current connections (for example, TCP) for all local computer network interfaces. For each connection information is displayed on IP addresses of local and remote interfaces together with the numbers of the ports used;
-s displays statistical information for UDP, TCP, ICMP, IP protocols. The "/ more" key allows you to view charts;
-R Displays the contents of the routing table.
