advanced ip networking series: “routing the network · pdf fileadvanced ip networking...
TRANSCRIPT
Advanced IP Networking Series: “Routing The Network of Networks“
Wayne M. Pecena, CPBE, CBNE
Texas A&M University
Office of Information Technology
Educational Broadcast Services
Advanced IP Networking Series: “Routing The Network of Networks “
• The Quick IP Networking Fundamentals Review
• The Routing Protocol
• Which Routing Protocol?
• Implementing Routing
• Access Control Lists
• The Layer 3 Switch
• Summary – Q&A
2
Advertised Webinar Scope: Part 2 of Advanced IP Networking builds on the previous Network of Networks webinar by incorporating IP Layer 3 routing and selective access features utilizing Access Control Lists (ACL) to a VLAN-based layer 2 multiple network based infrastructure. Theoretical concepts of routing protocol choices and ACL implementation will be reinforced with real-world equipment configuration examples.
Prerequisite Knowledge: Attendees should have knowledge of IP networking concepts that includes OSI Layers 1-3, Ethernet switching, IP routing,
and VLAN principals.
WEBINAR OUTLINE:
The Quick IP Networking Fundamentals Review
3
5 Things Required To Build a Network
• Send Host
• Receive Host
• Message or Data to Send Between Hosts
• Media to Interconnect Hosts
• Protocol to Define How Data is Transferred
Reference Models
5
Application
Session
Presentation
Transport
Physical
Data Link
Network
7
5
6
4
1
2
3
Transport
Internetwork
Network AccessProvides Media
Interface, Topology
Provides Data Sequencing, Flow Control, Integrity
Provides Logical Addressing, Fragmentation,
End-End Delivery
Provides Physical Addressing, Error
Correction
Service Provided to Applications
Provides Conversation Control
Provides Data Formatting
3
1
2
LLC
MAC
The OSI Model TCP/IP Model Encapsulation
Application4
IP
Network Interface
TCP UDP
Application Data
Segments
Bits
Frames
Packets
DoD Model
Another Look at the “OSI Model”
6
EMAIL RS-xxx
PPPIPv4TCP
25POPSMTP
Net Mgmt
File Transfer
WEB
Directory
SNMP
FTP
HTTP
DNS
161 / 162
20 / 21
80
53
UDPIPv6
802.2 SNAP
Ethernet II
ISDN
ADSL
Fiber
Coax
CAT 5
Application7
Presentation6
Session5
Transport4
Network 3
Data Link2
Physical1
Application Layers
Network Layers
Layer 2 Standards:
• Project 802 Ethernet Standards:
– 802.1 Bridging
– 802.3 Ethernet
– 802.11 Wireless
7
http://standards.ieee.org/about/get/
Layer 3 Standards:
• Request for Comments – RFC’s – The “Standards Bible” of the Internet
– Explains All Aspects of IP Networking
8
www.rfc-editor.org/rfc.html
Layer 2 & Layer 3 Addressing
• Each Host on an Ethernet Based IP Network Has:
• An Unique MAC Address – Layer 2 Physical Address (local network segment)
• An Unique IP Address – Layer 3 Logical Address (global routed)
172.15.1.1 172.15.2.2 DATA Trailer00:12:3F:8D:4D:A7FF:FF:FF:FF:FF:FF
DestinationMAC
SourceMAC
DestinationIP
SourceIP
IP Packet
Ethernet Frame
Simplified Representation
Common Port Numbers
• RESERVED PORTS
“System Port Numbers” • Port 20 / 21 – FTP “File Transfer Protocol”
• Port 23 – TELNET
• Port 53 – DNS “Domain Name Service”
• Port 80 – HTTP
• Port 110 – POP3 “Post Office Protocol”
• Port 123 – NTP “Network Time Protocol”
• Port 161 – SNMP “Simple Network Management Protocol” (UDP)
• Port 443 - HTTPS
• REGISTERED PORTS
“User Port Numbers” • Port 1720 – H.323 Video Call Setup
• Port 1812 – RADIUS Authentication
• Port 2000 – CISCO “Skinny”
• Port 3074 – “X-Box” Live
• Port 4664 – Google Desktop
• Port 5004 – RTP “Real Time Transport Protocol”
• Port 5060 – SIP “Session Initiation Protocol
• Port 5631 – PC Anywhere
• Port 8080 – Alternate HTTP
10
http://www.iana.org/assignments/port-numbers
Broadcast Domain – Collision Domain
Layer 3 Routing Fundamentals
12
Key Terminology
• The “Routed” Protocol
• The “Routing” Protocol
• The “Routing” Table Contains: – The Destination Network
– The “Next-Hop” Information
– Routing Metric & Administrative Distance
• The Router Looks at the “Destination” Address – Determines Appropriate Interface
13
Routing
• Routing is Simply the Moving of Information Between Networks (Subnets or Broadcast Domains)
• OSI Model Layer 3 Process
• Routing Types:
– Static Routing
– Dynamic Routing
• Routing Protocol Classes:
– Interior Gateway Protocol (IGP)
– Exterior Gateway Protocols (EGP)
14
Routing Types • Static Routing
– Appropriate for Small & Simple Networks – Minimal Router CPU/Memory – No Routing Update Overhead – Appropriate for Stable Networks – Often Used in “Stub” Networks – Human Intervention / Administration Required Yy
• Dynamic Routing – Appropriate for Changing Topology Environments
– Automatically Adapts to Changes
– Desirable When Multiple Paths Exist
– More Scalable
– Hardware More Complex
– Less Configuration Error Prone
15
Dynamic Routing Categories
• Distance Vector Routing Protocol – Periodic Routing Table Updates
– “Distance” Used as a Metric
– Neighbors “Trust” Neighbors
– Slow Convergence
• Link State Routing Protocol – Maintains Neighbor, Topology, & Shortest-Path Tables
– Each Router Updates From All Others
– “Cost” Used as a Metric
16
Routing Metrics & Administrative Distance Determines The Best Path to Target Host
• Cost Metrics: – Hop Count The Number of Routers in a Path
– Bandwidth Throughput (bps)
– Load Traffic Flowing Through a Router
– Delay Network Latency (distance or congestion)
– Reliability Amount of Downtime of a Network Path
• Administrative Distance – Indicates Believability of the Route
– Often Used When Multiple Protocols Are Used
– Often Used to Prefer A Certain Path When Multiple Paths Exist
– Routing Protocols Have Default Administrative Distances
17
Smaller Metrics = Best Route Lower Administrative Distance = More Believed
The “Administrative” Distance
• The Administrative Distance Determines Which Route to Trust
18
Route Source: Administrative Distance (default)
Direct 0
Static 1
EIGRP 90
OSPF 110
RIP 120
Unknown 255
Used When Multiple Routes Exist
Hop Count May Not Be The Best Metric!
19
The Routing Protocol
20
The Routing Protocol
• Learn the route to each subnet in the internetwork (build routing table)
• Determine the “best’ route (one route)
• Remove routes that are no longer valid
• Update routing table to reflect changes
• Perform updates quickly
• Prevent routing loops
Routing Fundamentals
22
Distance-Vector Routing Protocols
• “Routing by Rumor” – The Overall Network is Unknown, Only Directly Connected Neighbors Are Known by Each Router
• Routing Decision Based Upon a “Distance” or Metric and “Direction” or Vector to Describe the “Next-Hop”
23
Link-State Routing Protocols
• Network Topology Information is Flooded Throughout the Network
• Each Router Determines its Own “Best Path”
24
Which Routing Protocol?
25
IGP and EGP Protocols
26
ExteriorGatewayProtocol
InteriorGatewayProtocol
InteriorGatewayProtocol
IS-IS BGP
RIP IGRP
EIGRP OSPF
RIP IGRP
EIGRP OSPF
Routing Protocol Choices “Most Popular”
27
Interior Distance Vector
Interior Link State Exterior Path Vector
Classful RIP IGRP EGP
Classless RIP v2 EIGRP OSPF v2 IS-IS BGP v4
IPv6 RIPng EIGRP v6 OSPF v3 IS-IS v6 BGP v4
Our Focus
Practical Routing Protocol Choices “Common” IGP Protocols – VLSM Support
RIP v2 EIGRP (Cisco) OSPF v2
Type: Distance Vector Hybird Link-State
Metric: Hop Count Bandwidth/Delay Cost
Administrative Distance:
120 90 110
Hop Count Limit: 15 224 None
Convergence: Slow Fast Fast
Updates:
Full Table Every 30 Seconds
Send Only Changes When Change Occurs
Send Only When Change Occurs, But Refreshed Every 30m
RFC Reference: RFC 1388 N/A RFC 2328
28
RIP v2 Routing Information Protocol
RFC 1388
• Advantages: – Simple – Easy to Configure
– Low Maintenance
– General Understanding Of
• Disadvantages: – Higher Router CPU Utilization
– High Bandwidth Use for Routing Updates
– No Knowledge of Link Bandwidth
– Slow Convergence
– Limited Network Size (hop count = 15)
29
OSPF v2 Open Shortest Path First
RFC 2328
• Advantages: – Fast Convergence
– Routing Updates Are Small
– Scales to Varying Network Sizes
– Considers Link Bandwidth Into Metric Calculation
• Disadvantages: – More Knowledge Required – A lot of Options
– Complex to Configure
30
EIGRP v4 Enhanced Interior Gateway Routing Protocol
CISCO Proprietary
• Advantages: – Fast Convergence
– No OSPF Area Assignments = Less Complex
– Complex Cost Metric: • Bandwidth
• Delay
• Reliability
• Utilization
• Disadvantages: – More Knowledge Required – A lot of Options
– Need “Cisco” Environment
31
Implementing Routing
32
VLAN Example from Part 1
33
Switch Port Type Configuration:
Access Link – Member of One VLAN Only Connects to a Host Trunk Link – Carries Traffic From Multiple VLANS Between Switches
Switch Interface Configuration
34
35
No Connectivity Exists Between Broadcast Domain, Networks, or Subnets!
Add Connectivity Between Broadcast Domains
36
Add Router
Router Configuration:
37
Configuration Disclaimer: Exact configuration commands may vary based upon specific equipment models and software version. Generic “Cisco” commands utilized for illustration purposes.
Blue Network: 192.168.100.0 /24 Green Network: 192.168.200.0 /24 Red Network: 192.168.300.0 /24
Assign Network to an Interface: interface ge0 ip address 192.168.100.1 255.255.255.0 no shutdown interface ge1 ip address 192.168.200.1 255.255.255.0 no shutdown interface ge2 ip address 192.168.300.1 255.255.255.0 no shutdown
Enable RIP Routing: router rip network 192.168.100.0 network 192.168.200.0 network 192.168.300.0
Add Connectivity Between Broadcast Domains
38
Sub-Interface Created on Router GE1 Interface
Access Control Lists The “ACL”
39
The “ACL” Rules:
• Simply a “Set of Rules” That Provides a “Permit” or “Deny” Based Upon: – Layer 3 IP Address
– Layer 4 Port Number
• An ACL is: – A Table (with explicit DENY)
– Applied to a Specific Router Interface
40
The “ACL” Rules continued…..
• ACL’s can be Numbered or Named
• Numbered ACL’s Structure: – 1-99 IP Standard Access List
– 100-199 IP Extended Access List
– 200-299 Protocol Access List
– 1300-1999 IP Standard Access List-Expanded
– 2000-2999 IP Extended Access List-Expanded
• Named ACL Structure: – Standard Named
– Extended Named
41
The “ACL” Rules continued…..
• Standard Access List – Can Only Permit or Deny The Source Host IP Address
– Placed Closest to Destination Host
• Extended Access List – Can Permit or Deny Based Upon:
• Source IP Address
• Destination IP Address
• TCP Port #
• UDP Port #
• TCP/IP Protocol
– Placed Closest to Source Network
42
The “ACL” Rules continued…..
• One “ACL” per Interface per Direction – Ingress
– Egress
• An ACL Only Acts of IP Traffic Passing Through Router
• Organize Structure of ACL: – More specific statements placed first
– Process Sequentially
43
ACL Example(s): access-list 110 deny ip any host 192.168.100.110 access-list 123 deny ip any host 192.168.100.110 eq 23
ACL Structure
44
Create an Access-List:
access-list [number] [deny | permit] [host] [source ip] [wildcard]
Apply Access-List to Interface:
ip access-group [number] [in | out]
Logical Operators Can Be Used:
lt Less Than gt Greater Than eq Equal To neq Not Equal To range port number range
Wild Card Mask
45
Inverse of the “Subnet” Mask
The Subnet Mask:
192.168.100.100 / 24 or
192.168.100.100 mask 255.255.255.0
The Inverse Mask:
0.0.0.255
Network Host
Match Don’t Care
Standard IP List Example #1: Prevent Host 192.168.30.30 from Accessing Host 192.168.10.10
46
Create Access List on Router 1: access list 101 192.168.30.30 0.0.0.0 access-list 101 permit any Apply Access List to Interface: interface E1 ip access-group 101 in
Configuration Disclaimer: Exact configuration commands may vary based upon specific equipment models and software version. Generic “Cisco” commands utilized for illustration purposes.
Extended IP List Example: Allow Only http Access to Host 192.168.10.10 from 192.168.30.0 /24
47
Create Access List on Router 2: Access-list 101 permit tcp 192.168.30.0 0.0.0.255 host 192.168.10.10 eq 80 access-list 101 permit ip any any Apply Access List to Interface: interface E0 ip access-group 101 in
Configuration Disclaimer: Exact configuration commands may vary based upon specific equipment models and software version. Generic “Cisco” commands utilized for illustration purposes.
A “Practical” ACL Example Block External Users From “Pinging” Inside Hosts
48
Create Access List on Router 1: access list 101 deny icmp any any access-list 101 permit ip any any Apply Access List to Interface: interface E1 ip access-group 101 in
Configuration Disclaimer: Exact configuration commands may vary based upon specific equipment models and software version. Generic “Cisco” commands utilized for illustration purposes.
The Layer 3 Switch
49
What Is A “Layer 3” Switch? • “Marketing Terminology” Applied to a One Box Solution:
– Layer 2 Switching
– Layer 3 Routing
• Layer 3 Switch Performs Both!
• Multilayer Switch Port Types:
– Switchport: Layer 2 Port – MAC Addresses Learned
– Layer-3 Port: Routing Port
– Switched Virtual Interface: VLAN Virtual Interface
• Not for All Environments:
– Typically Found in Workgroup Environment
– Limited to Ethernet Ports/Interfaces
– Limited to OSPF and RIP Protocols
50
Summary Q & A
51
Takeaway Points • Routers Create “Broadcast Domains”
• Routing is Moving an IP Packet from One Network to Another Network
• Static & Dynamic Routing Each Have Advantages & Disadvantages
• The Routing Protocol Determines the Best Path to a Destination Host
• ACL’s Can Be Used to Control IP Traffic
• A Layer 3 Switch Combines Layer 2 Switching & Layer 3 Routing in One Box
52
Further Study:
53
SBE Networking Certifications CBNT Certified Broadcast Networking Technician
• This certification is designed for persons who wish to demonstrate a basic familiarity with networking hardware as utilized in business and audio/video applications in broadcast facilities.
• Exam Focus: – Network topologies and layouts – Common network protocols – Wiring standards and
practices – Maintenance, troubleshooting and
connectivity issues – Challenges unique to broadcast-
based networks
CBNE Certified Broadcast Networking Engineer
54
• This certification is an “Advanced” level that reflects the skill and knowledge that will be required in today's world of converged IT and broadcast engineering.
• Exam Focus: – Audio/Video over IP
– Digital Content Management
– Video Systems in an IT World
– Data Transmission Systems
– General IT Hardware
55
Thank You for Attending! Wayne M. Pecena Texas A&M University [email protected] [email protected] 979.845.5662
56
? Questions ?