Mahmmoud A. Mahdi

The Routing Information Protocol The important differences between RIPv1 and RIPv2:

▪ The primary, or most important, difference between versions 1 and 2 of RIP is that:▪ RIPv2 supports variable-length subnet masking (VLSM). VLSM helps

preserve IP address space by enabling networks to be subdivided into smaller blocks based on need.

▪ RIPv2 supports simple (that is, plain text) username/password authentication▪ which is handy to prevent unwanted changes from cluttering your routing

tables.

▪ RIPv2 routers add the ability to receive triggered updates.▪ When you know that your network topology is changing. This trigger

forces all the RIP routers you own to assimilate the changes immediately.▪ Triggered updates are also useful because routers that detect a link or

router failure can update their routing tables and announce the change, making their neighbors aware of it sooner rather than later.

You can use the Routing And Remote Access snap-in to set up two kinds of filters that screen out some types of RIP updates: Route filters allow you to pick and choose the

networks that you want to admit knowing about and for which you want to accept announcements.

Peer filters give you control over the neighboring routers to which your router will listen.

RIP has two operation modes: Periodic update mode, a RIP router sends out its list

of known routes at periodic intervals (which you define).

Autostatic update mode, the RRAS router broadcasts the contents of its routing table only when a remote router asks for it.▪ One drawback to RIP in either version is that it causes the

router to send its entire routing table with every update. This can generate a large amount of traffic and makes RIP inappropriate for many of today’s networks.

▪ Another routing protocol, Open Shortest Path First, solves this problem by sending updates for only routes that have changed.

Internal routing:

Refers to routing that occurs within your internetwork. By contrast, border routing is what happens when packets leave your internetwork and go to another router someplace else.

Filters are usually used to block out undesirable traffic.

In general, the idea is to keep out packets that your machines doesn’t need to see.

You can construct filters that allow traffic into or deny traffic out of your network based on rules that specify source and destination addresses and ports.

The basic idea behind packet filtering is simple:1. You specify filter rules.

2. Incoming packets are measured against those rules.

There are two types of filter rule: Accept all packets except those prohibited by a

rule.

Drop all packets except those permitted by a rule.

The following are some examples of filters:

Block all packets to a web server except those on TCP ports 80 and 443.

Block all outgoing packets on the ports used by the MSN and AOL instant messaging tools.

Filters on a PPTP or L2TP server can screen out everything except VPN traffic.

You create and remove filters by using the Input Packet Filters and Output Packet Filters buttons on the General tab of the Local Area Network Properties dialog box.

The mechanics of working with incoming and outbound filters are identical; just remember the following guidelines: You create inbound filters to screen traffic coming to

the interface.

You create outbound filters to screen traffic going back out through that interface.

This dialog box has the following six parts: Receive All Packets Except Those That Meet The Criteria Below

excludes the packets you specify and accepts everything else.▪ This option is inactive until you create a filter rule.

Drop All Packets Except Those That Meet The Criteria Below accepts only those packets you specify and excludes everything else.▪ This option is inactive until you create a filter rule.

The Filters list, which is initially empty, shows you which filters are defined on this interface.▪ Each entry in the list shows the following: Source address and mask Destination address and mask Protocol, port, and traffic type specified in the rule

The New, Edit, and Delete buttons allow you to add, edit, and remove filters.

To create a filter that blocks packets by their origin or source address, check the Source Network box, and supply the IP address and subnet mask for the source you want to block.

To create a filter that blocks packets according to their destination address, check the Destination Network box, and fill in the appropriate address and subnet mask.

To filter by protocol, choose the protocol you want to block: Any, which blocks everything TCP TCP (Established) IP UDP ICMP Other, with a fill-in field for a protocol number

Packet filters provide a useful security mechanism for blocking unwanted traffic on particular machines.

▪ It’s a good idea to use packet filters to keep non-VPN traffic out of your VPN servers.

You need at least two filters to adequately screen out non-PPTP traffic: The first filter allows traffic with a protocol ID of 47—

the Generic Routing Encapsulation (GRE) protocol—to pass to the destination address of the PPTP interface.

The second filter allows inbound traffic bound for TCP port 1723 (the PPTP port) to come to the PPTP interface.

You can add a third filter if the PPTP server also works as a PPTP client; in that case, the third filter needs the interface’s destination address, a protocol type of TCP (established), and a source port of 1723.

1. Open the Routing And Remote Access snap-in by selecting Start\Administrative Tools \Routing And Remote Access. Expand the server and IPv4 nodes to expose the General node of the server on which you’re working. Select the General node.

2. Right-click the Local Area Connection interface, and choose Properties.3. In the General tab of the interface’s Properties dialog box, click the Inbound

Filters button. The Inbound Filters dialog box appears.4. Click the New button, and the Add IP Filter dialog box appears.5. Fill out the Add IP Filter dialog box as follows:

Check the Destination Network check box.

Fill in the destination IP address field with the IP address of the remote VPN interface. (For this exercise, we entered 192.168.1.254. You can use the same.)

Enter a destination subnet mask of 255.255.255.255.

Select a protocol type of TCP, and then specify a source port of 0 and a destination port of 1723.

Click the OK button.

6. The Inbound Filters dialog box reappears, listing the new filter you created in step 5.

▪ Add another new filter using the same IP address and subnet mask, but this time specify Other in the Protocol field and fill in a protocol number of 47.

▪ When you’re done, click the OK button to return to the Inbound Filters dialog box.

7. In the Inbound Filters dialog box,▪ Click the Drop All Packets Except Those That Meet The

Criteria Below radio button

▪ And click the OK button.

8. Close the interface’s Properties dialog box.

Four filters are required—two input filters and two output filters: Two input filters with a destination of the VPN

interface address and a netmask of 255.255.255.255, filtering UDP:▪ One with a source and destination port of 500▪ The second with a source and destination port of 1701

Two output filters with a source of the VPN interface address and a netmask of 255.255.255.255, filtering UDP:▪ One with a source and destination port of 500▪ The second with a source and destination port of 1701

1. Open the Routing And Remote Access snap-in by selecting Start \Administrative Tools \Routing And Remote Access.

2. Select the server whose status you want to monitor in the left pane of the MMC.

3. Select the Network Interfaces node. Notice that the right pane of the MMC now lists all known interfaces along with their

status and connection state.4. Select the General node beneath IPv4.

Notice that the right pane of the MMC updates to show the IP interfaces, their IP addresses, their administrative and operational states, and whether IP filtering is enabled on each interface.

5. Right-click the General node, and choose the Show TCP/IP Information command. Check the number of IP routes shown.

6. Right-click the Static Routes node, and choose the Show IP Routing Table command. Note that the number of routes listed corresponds to the route count in the TCP/IP

Information window and that some of the routes listed are automatically generated.

IP multicasting works by sending to a single IP address a packet that is read by many hosts. Multicasting uses a special range of IP

addresses, called the Class D address space, that is reserved exclusively for multicasting.

Internet Group Management Protocol (IGMP) is used to exchange multicast group membership information between multicast capable routers.

You can configure RRAS in two modes: IGMP router mode

▪ Listens for IGMP membership report packets and tracks group membership.

▪ Must be attached to any interfaces that connect to multicast configured hosts.

IGMP proxy mode▪ essentially acts like a multicast host, except that it forwards

IGMP membership report packets to an IGMP router. ▪ This provides a list of multicast-enabled hosts to an

upstream router that normally wouldn’t be aware of the hosts.

▪ Typically, it is used on single-router networks connected to the Internet.

IP-in-IP interfaces (or IP-in-IP tunnels)

You may need to send multicast traffic across non-multicast-compatible routers.

An IP-in-IP interface actually encapsulates packets with an additional IP header.

You create and manage IP-in-IP interfaces in RRAS the same way you configure other interfaces.

Lesson 1

What Are Static and Dynamic Routing? How the IP Protocol Selects a Route Demonstration: Viewing a Routing Table Troubleshooting Routing

Statically configured routers: Do not automatically discover the IDs of remote

networks.

Do not exchange information with other routers.

Are not fault tolerant. Dynamically configured routers: Discover the IDs of remote networks automatically.

Use a routing protocol to exchange information with other routers.

Can be fault tolerant.

Lesson 2

RRAS Routing Roles Routing Protocols Configuration Options for an Interface Information Available for an Interface Demonstration: Configuring RRAS as a LAN

Router

Routing roles include:

Routing role Description

LAN router Can route IPv4 and IPv6 packets between network segments

Demand-dial Automatically create a connection to a remote location by using dial-up networking or a VPN connection

NAT Perform NAT and allow computers to access the internet by sharing a single internet addressable IPv4 address.

Routing protocols include:

Routing Protocol Description

DHCP Relay Agent Allows a RRAS server to relay DHCP requests to a DHCPserver on a remote network

IGMP Router Proxy

Allows a RRAS server to act as an IGMP router or proxy for multicast traffic

NAT Allows a RRAS server to act as a NAT router to share a single IPv4 address.

RIP Version 2 for Internet Protocol

Allows a RRAS router to perform dynamic routing with other RIP routers.

DHCPv6 Relay Agent

Allows a RRAS server to relay DHCP request to a DHCPv6 server on a remote network.

Interface configuration options include:

Configuration Option Description

IP Router Manager Enables or disables TCP/IP for the interface.

Router Discovery Advertisements

Clients use router discovery advertisements to dynamically discover default gateways.

Inbound/Outbound filters

Filters similar to Windows Firewall.

Fragmentation checking Specifies whether filtering is performed on packet fragments.

Multicast boundaries Configures time to live for multicast traffic.

Multicast heartbeat detection

Used to confirm that multicast infrastructure is functioning properly.

Available interface information includes:

Interface information Description

TCP/IP Information Statistics such as number of packets sent and received.

Address Translations Translations from IP address to physical address.

IP Addresses IP addresses that are bound to this computer.

IP Routing Table Host and network routes in the routing table of this computer

TCP connections Active connection and listening TCP ports.

UDP listener ports A list of UDP ports listening to accept UDP packets.

Tool Use for Where to find it

Routing and Remote Access

•Configuring Routing and Remote Access as a router, VPN server, dial-up server, or RADIUS client.

Administrative Tools Computer Management.

Route •Views and modifies the routing table.

Command prompt

Ping •Verifying host availabilityand reachability

Command prompt

Tracert •Use to verify router status on a network path

Command prompt

Pathping •Use to verify routerstatus on a network path

Command prompt

Group Policy Management Console

•Edit group policy objects•Create QoS policies

Administrative Tools

Contact Me: qursaan@gmail.com