INJIBARA UNIVERSITY

College of Engineering and Technology

Department of Information Technology

4th Year Student

1
Chapter 3
Outlines
Introduction
Types of routing
How routing works
Routing Information Protocol (RIP)
Interior Gateway Routing Protocol (IGRP)
Network Addressing Scheme
Types of NAT
Overloading NAT with PAT (NAPT)
 Introduction
 Routing

 a process accomplished by router

 process during which data packets are forwarded from one

machine or device
 Selecting the minimum cost, distance, and/or time path from
several alternatives to deliver a message.
 Routing encapsulates two tasks:

 deciding the paths for data transferred (use protocols-metrics,

bandwidth, delay, reliability and algorithms), and
 sending the packets on these paths
 How routing works
 PC2 want to send data to PC3
 PC2 forward the packet to router 5 fa0/0 interface
 Router5 determine the best path(next hop) by referring its routing
table
 Router5 transfer the packet to next hop(router)
 The next hop router encapsulate the message , see the destination
address and to determine the best path for forwarding the message
 Routing Table
 A type of data table that acts as a map, often installed on a router,
network computer or other hardware
 It is where data about the neighboring routers(next hop) is
stored and used to calculate and decide where to send the
packet.
 It contains list of IP addresses and subnet masks which
identifies directly connected and remote routers
 Home networks: utilize a very small routing table because
the simply forward all outbound traffic to ISP gateway (10 or
fewer)
 Largest routers at the core of the internet backbone
must contain the full Internet routing table (>100000)
 Routing Table designing challenges
 Fixed memory
 Issue of working with ARP cache & correctly maintaining list of
available routs for data
 Black holes causes ineffective delivery

 Structures of Routing table

Destination Subnet mask Interface
 128.75.43.0 255.255.255.0 Eth0
 128.75.43.0 255.255.255.128 Eth1
 192.12.17.5 255.255.255.255 Eth3
 default Eth2
 Types of routing
Static Routing
 Routing table is created maintained and updated by Network
Administrator
 Does not use routing protocol
 Suitable for small network
 High security
Dynamic Routing
 Information in routing table is changed dynamically by router itself
using routing protocols
 Use routing protocol
 Suitable for large network
 Less security

 Advantage and Disadvantages of Static routing
Advantages
 Minimal cpu/memory overhead-do not calculate best path
 No bandwidth overhead-updates are not shared between routers
 Adds security-granular control on how traffic is routed
Disadvantage
 Infrastructure changes must be manually adjusted
 No “dynamic” fault tolerance-if a link goes down the admin is
responsible
 Impractical in large networks
Configuration syntax
ip route [destination_network] [mask] [next-hop_address or
exit interface] [administrative_distance] [permanent]
 Default Route
 When the router is unable to find a matching address to the
packets destination address in its routing table, it forwards the
packet to its exit interface or next hop address configured
with a default route 0.0.0.0/0.
Syntax
ip route 0.0.0.0 0.0.0.0 [next-hop_address or exit interface]
 Dynamic Routing
 Use routing protocol: software & routing algorithms to determine
best path and construct routing table
 Routers dynamically learn destinations and how to get them &
advertize those destinations to other routers (if they use the same
routing protocol)
Advantages
 Simpler to configure on large networks
 Dynamically choose a different route if a link goes down
 Ability to load balance b/n multiple links
Disadvantage
 Updates are shared b/n routers, thus consuming bandwidth
 Routing protocols put additional load on routers CPU/RAM
 Types of Dynamic routing
1. Distance Vector Routing Protocols (DVRP)
2. Link State Routing Protocol (LSRP)
Distance Vector Routing Protocol
 find the best path to a remote network by judging distance
 route with the least number of hops to the network is
determined to be the best route.
 They send the entire routing table to directly connected
neighbors.
 Key characteristics:
 Periodic updates of the full routing table are sent to routing neighbors.
Example RIP (every 30 seconds),IGRP(every 90 seconds)
 Distance-vector protocols suffer from slow convergence, and are
highly susceptible to loops.
 Some form of distance is used to calculate a route’s metric.
 The Bellman-Ford algorithm is used to determine the shortest path.
 Link State Routing Protocol
 Called shortest-path-first protocols
 each router create three separate tables (utilize more
RAM and CPU)
 Neighbor table – contains a list of all neighbors, and the interface
each neighbor is connected. Neighbors are formed by sending Hello
packets.
 Topology table – also known as the “link-state” table contains a
map of all links within an area, including each link’s status.
 Shortest-Path table – contains the best routes to each particular
destination (also known as the “routing” table”)
 All routers within an area have identical topology tables.
 Examples are:
 Intermediate System-to-Intermediate System (IS-IS) and
 Open Shortest Path First (OSPF)
 The state of a link changes, such as a router interface failing, an

advertisement containing only this link-state change will be sent to

all routers within that area. Each router will adjust its topology table
accordingly, and will calculate a new best route if required.

 Because updates are sent only during a link-state change, and contain

only the change (and not the full table), link-state protocols are less
bandwidth intensive than distance-vector protocols

 Link-state protocols utilize some form of cost, usually based on

bandwidth, to calculate a route’s metric.

 The Dijkstra formula is used to determine the shortest path.

 Administrative distances, metric and wild mask
Administrative Distance
 the metric used by routers to choose the best path when there are
two or more routes to the same destination from two different
routing protocols
 Each routing protocol is prioritized in order of most to least reliable using
an administrative distance value.
 A router prefers a static route to a dynamic route because the router
considers a route with a low number to be the shortest
 To override the AD of static route, change the default AD during
configuration to >120
 An AD is an integer from 0 to 255, where 0 is the most trusted and 255
means no traffic will be passed via this route.
 If a router receives two updates listing the same remote network, then the
route with the lowest AD will be placed in the routing table. If the AD is
the same, then routing protocol metrics (such as hop count or bandwidth
of the lines) will be used to find the best path to the remote network
 Default Administrative Distances

Metric
 is a value used by routing protocols to assign costs to reach
remote networks.
 Each routing protocol uses its own metric. For example, RIP
uses hop count, EIGRP uses bandwidth and delay, and OSPF
uses bandwidth.
 Wild Card Mask
 A wildcard mask can be thought of as a subnet mask with ones and
zeros inverted.
 for example, a wildcard mask of 0.0.0.255 corresponds to a subnet
mask of 255.255.255.0.
 Used in OSPF,ACL to indicate the size of a network or subnet and what IP
addresses should be permitted or denied respectively
To calculate wildcard mask
Simply subtract your mask from 255.255.255.255 to get your wildcard
mask.
Example:
1. The wildcard mask of /26 is:
255.255.255.255 - 255.255.255.192 = 0.0.0.63
2. The wildcard mask of /19 is:
255.255.255.255 - 255.255.224.0 = 0.0.31.255
3. The wildcard mask of /12 is:
255.255.255.255 - 255.240.0.0 = 0.15.255.255
 Routing Information Protocol (RIP)
 distance-vector, interior gateway protocol (IGP) used by routers to
exchange routing information
 Uses hop count to determine the best path
 Maximum allowable number of hops are 15 hops
 Hop Count = routers and also Firewall that are Routers
 Router broadcasts (RIP v1) its entire RIP table to its neighboring routers
every 30 seconds
 Administrative distance of 120
 Suitable for small network
RIPv1
 It is a class full protocol .Because it doesn’t send updates with subnet mask
information.
 RIP supports up to six equal-cost paths to a single destination and use
them for load-balancing. (default four paths)
 Does not support variable length subnet mask (VLSM)
 Use broadcast
 Outdated
 RIPv2
 RIPv2 uses multicasts (only to neighbor routers configure with
RIPv2) and
 RIPv2 supports triggered updates—when a change occurs, a
RIPv2 router will immediately propagate its routing information to
its connected neighbors.
 RIPv2 is a classless protocol.

 Supports VLSM

 RIPv2 supports authentication.You can restrict what routers you

want to participate in RIPv2. This is accomplished using a hashed
password value
OSPF :- has two options to authentication
1.Plain Text Authentication:-
R1(config)#interface serial 1/0
R1(config-if)#ip rip authentication mode text
R1(config-if)#ip rip authentication key your key
2.Message digest algorithm (MD5) Authentication :- one way of cryptographic
function using encoding MD5 check sum that include the transmitted packet.
R1(config)#interface s1/0
R1(config-if)#ip rip authentication mode MD5
R1(config-if)#ip rip authentication key-chain your key
 RIP Timers
 uses four different kinds of timers to regulate its performance

 Route update timer: routing updates are updated periodically in every

30 seconds.

 Hold-down timer: Routes will enter into the hold-down state when an

update packet is received that indicated the route is unreachable.

 The default is 180 seconds.

 Route invalid timer: the length of time that must elapse (180 seconds)

before a router determines that a route has become invalid.

 Route flush timer: the time between a route becoming invalid and its

removal from the routing table (240 seconds).

 RIP Configuration

RIPv1 RIPv2
router rip router rip
network Network_Address version 2
network Network_Address

 Use no auto-summary command to disable automatic

summarization feature
 show ip protocols and show ip route commands are important for
verification and troubleshooting on any routing protocol.
 show ip rip database: Lists all the routes known by RIP
 debug ip rip or debug ip rip {events}: Displays RIP routing updates
as sent and received in real time
 Interior Gateway Routing Protocol (IGRP)
 is a dynamic class routing protocol used by autonomous
system (AS) routers running on TCP/IP hosts
 overcomes RIP network limitations and supports
multiple routing metrics, including delay, bandwidth,
load and reliability
 updates are broadcast every 90 seconds (by default).
 Uses composite metrics
 Uses multipath routing
 Supports unequal-cost load balancing
 the administrative distance of IGRP is 100
 Enhanced Interior Gateway Routing Protocol (EIGRP)
 owned by Cisco and operate only on their devices.
 advanced distance vector routing protocol & supports link state/hybrid.
 Its’s goals are to provide a loop-free routing environment and rapid
convergence.
 A classless routing protocol
 use a composite metric (bandwidth and delay).
Bandwidth
 The bandwidth metric (1544 Kbps) is a static value used by some routing
protocols such as EIGRP and OSPF to calculate their routing metric.
 Kilobits per second (Kbps).
 Most serial interfaces use the default bandwidth value of 1544 Kbps or
1,544,000 bps (1.544 Mbps).
Delay
 Delay is a measure of the time it takes for a packet to traverse a route.
 Based on the type of link, the interface
 Expressed in microseconds (millionths of a second).
R1# show interface serial 0/0/0
<output omitted>
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
 Use Reliable Transport Protocol (RTP- capable of transmitting both
multicast and unicast) updates
 Uses a diffusing update algorithm (DUAL) to avoid loops and send
occasional hello packets to check the status of neighbor routers
 Supports discontinuous(alternating) network
 Supports all layer 3 protocols (IPv4, IPX, and IPv6)
 The administrative distance of EIGRP is 90
 It uses neighbor table, topology table and route tables for route
discovery
EIGRP Configuration
router eigrp AS_No
network Network_Address | network Network_Address Wildcard mask
 AS_No(Autonomous System number) can be any number in the range
from 1 to 65535 both inclusive.
 debug eigrp packet: displays transmission and receipt of all EIGRP
packets
 Open Shortest Path First (OSPF)
 Is a Classless Interior Gateway Routing Protocol that routes IP packets
within a single routing network domain only (area)
 A link state routing protocol that do not send frequent periodic updates of
the entire routing table
 it sends an update only when a change in the topology occurs
(multicasting)
 OSPF performs a full update every 30 minutes.
 uses the SPF (Dijkstra's algorithm) to calculate the shortest connection
path. For example, a person in city A wants to travel to city M and is given
two options:
 Travel via cities B and C. The route would be ABCM. And the distance
(or bandwidth cost in the networking case) for A-B is 10 miles, B-C
is 5 miles and C-M is 10 miles.
 Travel via city F. The route would be AFM. And the distance for A-F is
20 miles and F-M is 10 miles.
 ABCM with metric of (10+5+10=25) considered as best path than
AFM (20+10=30)
.
 OSPF uses bandwidth to determine the cost of a link. A link with
higher bandwidth results in a lower cost. The lowest cost route to a
destination is the most desirable path
 AD value is 110
 has unlimited hop counts
 OSPF maintains a two layer hierarchy consisting of:
 Backbone area(area 0)
 Off backbone area
( area 1 -65, 535)
OSPF Configuration
router ospf process-id.
network Network_Address Wildcard_mask area 0
 The process ID is chosen by the administrator and can be any
number from 1 to 65535. It is only locally significant and does not
have to match the ID of other OSPF routers.
Name Class Type AD Metric Classful/ Algorithm Transport type

less

RIPv1 Distance Vector IGP 120 Hop count Classful Bellman-Fold UDP/520

RIPv2 Distance Vector IGP 120 Hop count Classless Bellman-Fold UDP/520

IGRP Distance Vector IGP 100 Composite Classful Dijkstra(SPF) IP Protocol 9

(BW+DLY)

EIGRP Advanced IGP 90 (internal) Composite Classless DUAL EIGRP Protocol 88

Distance Vector (BW+DLY)
170(external)
OSPF Link State IGP 110 Cost Classless Dijkstra(SPF) OSPF Protocol 89
 Access Control List(ACL)

 ACLs are lists of conditions used to test network traffic that tries
to travel across a router interface. These lists tell the router what
types of packets to accept or deny.
 The router examines each packet and will forward or
discard it based on the conditions specified in the ACL.
`
 An ACL used to
 filter traffic i.e. permit/deny traffic
 Identify traffic i.e. include/exclude traffic

Primary reasons
 Limit network traffic and increase network performance.
 Provide traffic flow control. ACLs can restrict the delivery of
routing updates.
 Provide a basic level of security for network access.
 Decide which types of traffic are forwarded or blocked at the
router interfaces.
Like: e-mail traffic to be routed, but block all Telnet traffic.
 inbound and outbound interfaces
S 0/0 OUT In S 0/1

F0/0 In OUT F0/0

 How ACL work?
 ACL statements operate in sequential, logical order.
 If a condition match is true, the packet is permitted or denied and
the rest of the ACL statements are not checked.
 If all the ACL statements are unmatched, an implicit deny any
statement is placed at the end of the list by default.

Type of ACL’s
 Standard ACLs
 VTY ACLs
 Extended ACLs
 Named ACLs
 Standard ACLs

Syntax: -
access-list [1-99] [permit | deny] [source address] [wildcard mask] [log]

Example:
Block network 172.18.0.0 from accessing the 172.16.0.0
network
Router(config)# access-list 10 deny 172.18.0.0 0.0.255.255
Router(config)# access-list 10 permit any
To apply this access list, we would configure the following on Router A:
Router(config)# int fa4/0
Router(config-if)# ip access-group 10 out
 Verifying ACLs on the router
–Show ip interface
–Show access-lists
–Show running-config
Extended ACL

Syntax:
access-list [100-199] [permit | deny] [protocol] [source address] [wildcard mask]
[destination address] [wildcard mask] [operator [port]] [log]
Example: block network 172.18.0.0 from accessing anything on
the 172.17.0.0 network, EXCEPT for the HTTP port on the
web server
RB(config)# access-list 101 permit tcp 172.18.0.0
0.0.255.255 host 172.17.0.10 eq 80
RB(config)# access-list 101 deny ip 172.18.0.0 0.0.255.255
172.17.0.0 0.0.0.3
RB(config)# access-list 101 permit ip any any
We could have identified the web server in one of two ways:
RB(config)# access-list 101 permit tcp 172.18.0.0
0.0.255.255 host 172.17.0.10 eq 80
RB(config)# access-list 101 permit tcp 172.18.0.0
0.0.255.255 172.17.0.10 0.0.0.0 eq 80
RB(config)# int fa1/0
RB(config-if)# ip access-group 101 in
 Named ACL
 Syntax: ip access-list {standard | extended} name
 Apply a Named ACL to an interface in the same manner as applying a Standard or
Extended ACL.
 Example:
RB(config)#ip access-list extended web-only
RB(config-ext-nacl)#permit tcp 172.18.0.0 0.0.255.255 host 172.17.0.10 eq
80
RB(config-ext-nacl)#deny ip 172.18.0.0 0.0.255.255 172.17.0.0 0.0.0.3
RB(config-ext-nacl)#permit ip any any
We could have identified the web server in one of two ways:
RB(config-ext-nacl)# permit tcp 172.18.0.0 0.0.255.255 host 172.17.0.10
eq 80
RB(config-ext-nacl)# permit tcp 172.18.0.0 0.0.255.255 172.17.0.10
0.0.0.0 eq 80
RB(config)# int fa1/0
RB(config-if)# ip access-group web-only in
Network Addressing Scheme
• IANA-Internet Assigned Numbers Authority
• RIR-Regional Internet Registry (5)
• ISP and End User Org.

Problems with IPv4

Shortage of IPv4 addresses
Allocation of the last IPv4 addresses was for the year 2005
Address classes were replaced by usage of CIDR, but this is not sufficient

Short term solution

NAT: Network Address Translator

Long term solution

IPv6 = IPng (IP next generation)
Provides an extended address range
NAT: Network Address Translator
NAT
Translates between local addresses and public ones
Many private hosts share few global addresses

Private Network Public Network

Uses private address range Uses public addresses
(local addresses)
Local addresses may not Public addresses are
be used externally globally unique
 Types Of NAT
Static NAT
Dynamic NAT
 Dynamic NAT with Overload or port address translation (PAT)
 Static NAT –
 Mapping an unregistered IP address to a registered IP
address on a one-to-one basis. Particularly useful when a
device needs to be accessible from outside the network.
 the computer with the IP address of 192.168.32.10 will
always translate to 213.18.123.110.
 NAT Addressing Terms
 Inside Local
 an address used for a host inside an enterprise.
 actual IP address assigned to a host in the private network.
 Inside Global
 NAT uses an inside global address to represent the inside host as
the packet is sent through the outside network, typically the Internet.
 A NAT router changes the source IP address of a packet sent
by an inside host from an inside local address to an inside
global address as the packet goes from the inside to the outside
network.
 Outside Global
 an address used for a host outside an enterprise, the Internet.
 the actual IP address assigned to a host that resides in the outside
network, typically the Internet.
 Outside Local
 NAT uses an outside local address to represent the outside host
as the packet is sent through the private network.
 It is outside private, outside host with a private address
Static NAT Configuration
 Specify the inside interface:
Router(config)#interface fast eth0/0 (private side interface)
Router(config-if)# ip nat inside
 Specify the outside interface:
Router(config)#interface fast ethernet0/1 (Public side interface)
Router(config-if)# ip nat outside
 Enter static translation entry :
Router(config)# ip nat inside source static 192.168.0.1
206.245.160.1
To see IP address translations:
Router#show ip nat translation
Dynamic NAT
Maps an unregistered IP address to a registered IP address
from a group of registered IP addresses.
The computer with the IP address 192.168.32.10 will translate
to the first available address in the range from 213.18.123.100
to 213.18.123.150.

45
Dynamic NAT Configuration
 Specify the inside interface:
Router(config)#interface fast ethernet0/0
Router(config-if)# ip nat inside
 Specify the outside interface:
Router(config)#interface serial0/0
Router(config-if)# ip nat outside
 Define an Access List to permit the inside local addresses to be
translated:
Router(config)#access-list 1 permit 10.0.0.0 0.0.0.255
 Define a pool of global addresses :
Router(config)# ip nat pool DNAT1 179.2.2.65 179.2.2.90 netmask
255.255.255.224
 Enter dynamic translation entry :
Router(config)# ip nat inside source list 1 pool DNAT1
Overloading NAT with PAT (NAPT)
 Overloading - A form of dynamic NAT that maps multiple
unregistered IP addresses to a single registered IP address by
using different ports. This is known also as PAT (Port Address
Translation), single address NAT or port-level multiplexed NAT.
 Each computer on the private network is translated to the same IP
address (213.18.123.100), but with a different port number
assignment..
PAT Configuration
 Set the fast eth 0/0 and se2/0 interface as the inside and outside interface:
R1# configure terminal
R1(config)# interface fastethernet0/0
R1(config-if)# ip nat inside
R1(config-if)# interface serial2/0
R1(config-if)# ip nat outside
 allow the 192.168.0.0/24 network to reach any destination.
R1(config)# access-list 100 permit ip 192.168.0.0 0.0.0.255 any
 enable NAT overload and bind it to the outside interface previously
selected:
 R1(config)# ip nat inside source list 100 interface serial 2/0
overload