-

 

The Routing Table

How does a router learn how to reach destinations ?

Routers forward packets based on destination IP addresses and they have to know about these destinations in order for the packets to be forwarded. There are a couple of ways in which a router would learn about these destinations: Statically configured routes, Directly connected interfaces, and dynamic routing protocols. Static routes are pretty self explanatory, you manually configure(tell) the router to reach destination X.X.X.X forward to this next hop(next router). Directly connected interfaces are also kind of self explanatory. These are the interfaces(physical or logical) on the router, that have IP addresses assigned to them. The router “see’s” it’s interfaces that are up and configured as directly connected networks. So it knows how to reach those networks by forwarding out those appropriate interfaces. The third way a router will learn how to reach a destination network is dynamic routing protocols. The way that dynamic routing protocols share routing information is by forming neighbor-ship’s with other routers. This allows them to forward what networks each router knows how to reach to their neighbor’s. There are two “flavors” of dynamic routing protocols: IGP’s and EGP’s. Interior Gateway Routing Protocols(IGP’s) are the dynamic routing protocols that are used within an organization. Exterior Gateway Routing Protocols(EGP’s) are dynamic routing protocols that are used between organizations(Autonomous Systems). The IGP’s that are used today are : RIP, EIGPR, OSPF, IS-IS. The only EGP that is used today is BGP. There are other more in-depth details about the routing protocols like within IGP’s there are two types of protocols(Distance Vector and Link State) and within EGP’s BGP can be either iBGP(within the same autonomous system) or eBGP(between autonomous systems) and other details that we will not go into for the purposes of this blog.

Once the routers learn about these networks they determine the best routes and install them into their routing tables. So now we know how a router learns about destinations, how does it decide which paths are “best” and install them into it’s routing table? This is firstly determined on prefix-length. The best path is the path with the most specific prefix. If there were three routes that match the destination 192.168.1.62, just say 192.168.1.0/24, 192.168.1.0/25, and 192.168.1.0/26, then the router will chose the path with the longest prefix match(subnet mask) that matches. So the router would send the packets to the next-hop in the routing table associated with the 192.168.1.0/26 route because it is the longest prefix match in the example. This longest prefix match rule is true for static and dynamic routes. This takes care of routes learned from a single source. So what happens when the same route, say 192.168.10.0/24, is learned from multiple sources(i.e. static and dynamic or two different dynamic)?

This is where we need to talk about Administrative Distance, or the trustworthiness of a routing source. The admin distance is predetermined values set by a vendor determining which order their routers will prefer routes. In this case we are talking about Cisco so here is an example of admin distance for Cisco routers.

Sorry for the fuzziness but you get the point. The lower values are preferred over higher values, with directly connected networks being the “most believable”. The admin distance is the sort of “tie-breaker” here. If we are learning the same routes from multiple sources then you go to the admin distance and compare the values, whichever is lower is preferred and installed into the routing table. The obvious question is what happens when you are learning about the same networks from the same IGP/EGP but from two different “neighbors”. Well, then the router would equally load balance across the links. There is a lot I am skipping over but this is supposed to be a high level overview. There is much more to discuss in greater detail, but that will be saved for another post. I hope this helps you understand the routing table a little more.

Comments

Post a Comment

Popular posts from this blog

AWS Identity and Access Management(IAM)

-
Image
 IAM   With the cloud becoming more and more prevalent, how do we secure who can access cloud resources and which resources can speak to each other. This very important problem is solved with AWS Identity and Access Management(IAM) resource.  IAM enables you to control who can access your AWS environment, what actions they can perform, and which resources they can interact with. It allows you to set fine-grained permissions and policies to meet your security and compliance requirements. So what are the parts that make up Identity and Access Management(IAM) ? - User groups - Users - Roles - Policies - Identity Provider Lets go into more detail about each resource that makes up IAM. User groups are groups you can define to logically group users together that perform similar functions in job. This is kind of like having different groups for different job roles. Users are just the manually configured users created for use on the management console. This is where you define all the diffe
Read more

AWS Virtual Private Clouds(VPCs)

-
Image
   In the spirit of my last blog on cloud computing, we will discuss VPC's in this blog.  What are VPC's ? Before I answer this question I need to explain this picture and the terms used. In AWS(and other cloud providers) we have several things that make up the global cloud infrastructure. Those things are Regions, Availability Zones, and Edge Locations(not pictured). A region is a geographical area around the world that consist of multiple availability zones. An availability zone can be thought of as multiple discrete data centers that have separate power, cooling, networking, and housed in separate buildings. Edge locations are places where CloudFront caches your content to provide ultra-low latency delivery of your content. According to AWS they currently have 32 regions, 102 availability zones, and more than 550 PoP's(points of presence). These things together make it possible to create global resources in minutes that serve millions of customers.  A VPC or Virtual Pri
Read more

IPSec VPN - Fundamentals

-
A VPN, or Virtual Private Network, is a way to establish a tunnel between two endpoints, like two routers or two endpoints. VPN’s are used to provide a way of secure communication over an unsecure medium. A simple example would be secure communication between two branch offices over the unsecure internet. This is important because we need secure communication so that people can’t eavesdrop and steal important company information. Oftentimes, people misunderstand VPN's and think just because "private" is in the name that it's secure. This is not always the case, especially in the service provider world where there are different types of VPN's that do not provide any sort of encryption. IPSec VPN's do however provide encryption and other features. There are several different types of VPN’s that can be deployed. The most common ones are Site-To-Site and Remote Access, although there are many more and depending on the use case, the most common could be differe
Read more