Dynamic Routing

In the real world, and especially in larger environments, companies usually rely on dynamic routing protocols to keep routing tables updated. Quite simply, it is easier to configure all routers to use a dynamic routing protocol and have them learn about unconnected networks from other routers, rather than statically defining a route to each and every network on every router. Dynamic routing protocols also provide a degree of fault tolerance. If a network or router fails on a network using dynamic routing protocols, other routers will find out about it, either through updates from neighboring routers, or via the absence of updates messages. In contrast, with only static routes defined, neighboring routers do not exchange information. When a network or router fails in a static routing environment, other routers do nothing to compensate for the failure.

Certainly dynamic routing protocols have their advantages, but they also have drawbacks. For one, the update messages that are passed between routers running dynamic routing protocols add traffic to the network. Secondly, some routing protocols also increase resource usage on the router, since they calculate the best route to a network from updates received. Finally, it takes time for routers to find out about a network that is unavailable, and for all routers to have consistent routing table information. Once all routers have knowledge of all available networks, the network is referred to as being converged.

Not all routing protocols are equal in these respects. Some converge faster, but use up more of a router’s processing resources. Others go easy on resource usage, but cause more network traffic. Some make routing decisions based on very basic information, while others take into account a variety of factors. Using a routing protocol almost always involves some type of tradeoff, and deciding which works “best” will largely depend on the characteristics of the network you are dealing with. Routing protocols generally fall into two main categories – distance vector and link state.

Static Routing

In our second example we looked at configuring routing statically. Static routing really involves nothing more than telling a router about a non-connected network, and the next-hop address to reach it (or local interface on which to forward the packet). While it may be a little more work than using dynamic routing, static routes are a quick and effective way to configure routing, especially on small networks.

On larger internetworks that consist of many routers and networks, static routing will probably not be the best option. This is because of what transpires when a router or network becomes unreachable – with static routing, a router won’t be able to do anything to find another path through the internetwork. With dynamic routing, when a path becomes unavailable, a router will find out about it from other routers, and will attempt to use a different path, if one exists. That’s not to say that dynamic routing protocols are the solution to all of life’s routing problems. In fact, they can sometimes cause just as many problems as they solve, as we’ll see a little later in this chapter.

Even before our router is configured with static routes, it has a routing table. Each routed protocol (like IP or IPX) maintains its own routing table. To view the IP routing table on a Cisco router, use the show ip route command, as shown below.

RouterA#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is not set
C 10.0.0.0/8 is directly connected, Serial0
C 192.168.1.0/24 is directly connected, Ethernet0

Before any static (or dynamic) routes exist, a routing table will show entries for only directly connected networks. In this case, the output of show ip route shows two connected networks, 10.0.0.0/8 and 192.168.1.0/24. In both cases, the fact that they are directly connected is clear according to the message following the network ID. However, the letter “C” that precedes the entries also identifies the networks as being directly connected. The codes shown at the beginning of the command output describe how a router knows about a network in its routing table.

Adding a static route isn’t terribly difficult at all. The command to add a static IP route is ip route. The complete syntax of the command is:

ip route [destination network] [mask] [next hop address OR exit interface] [administrative distance] [permanent]

Not all of the options listed above need to be entered. In this case, we’ll enter only the destination network, subnet mask, and next-hop address information. We’ll discuss the other options shortly. Let’s assume that our network is configured as shown in the figure below. In it, RouterA is directly connected to networks 192.168.1.0/24 and 10.0.0.0/8. We’ll need to add a static route on RouterA, telling it that network 172.16.0.0/12 can be reached via the next hop address of 10.0.0.2.

Figure: Router A and Router B interconnecting 3 networks.

RouterA#config t
Enter configuration commands, one per line. End with CNTL/Z.
RouterA(config)#ip route 172.16.0.0 255.240.0.0 10.0.0.2
RouterA(config)#^Z
RouterA#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is not set
C 10.0.0.0/8 is directly connected, Serial0
C 192.168.1.0/24 is directly connected, Ethernet0
S 172.16.0.0/12 [1/0] via 10.0.0.2

Notice that a new entry has been added to the routing table, and is preceded by an “S”. This designates the route as static. In this case, network 172.16.0.0/12 is accessible via the next-hop address, which is interface S0 on Router B – 10.0.0.2. If you’re setting up static routes and you notice that the route just added doesn’t appear after issuing the show ip route command, it likely means that the next-hop address you specified cannot be contacted. In order for the route to appear in the table, the next-hop address must be accessible. If you want to add a static route and have it appear in the routing table regardless of whether it’s available, add the permanent keyword to the end of the ip route command, as shown below.

RouterA(config)#ip route 172.16.0.0 255.240.0.0 10.0.0.2 permanent
RouterA(config)#^Z
RouterA#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is not set
S 172.16.0.0/12 [1/0] via 10.0.0.2
C 192.168.1.0/24 is directly connected, Ethernet0

In the example above, I unplugged the S0 interface on RouterB. Notice how network 10.0.0.0/8 no longer appears as directly connected, since the address 10.0.0.2 cannot be reached. However, the use of the permanent keyword keeps the new entry for network 172.16.0.0/12 in the routing table, even though the next hop address is unavailable.
After adding the static route to network 172.16.0.0/12 on RouterA, the next step is to add a static route to network 192.168.1.0/24 on RouterB.

RouterB#config t
Enter configuration commands, one per line. End with CNTL/Z.
RouterB(config)#ip route 192.168.1.0 255.255.255.0 10.0.0.1
RouterB(config)#^Z
RouterB#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is not set
C 10.0.0.0/8 is directly connected, Serial0
C 172.16.0.0/12 is directly connected, Ethernet0
S 192.168.1.0/24 [1/0] via 10.0.0.1

In order to remove a static route, use the “no” version of the ip route command, followed by the network address and subnet mask of the route you wish to remove. For example, to remove the static route to network 192.168.0.0/24 from RouterB, you would enter:

RouterB(config)#no ip route 192.168.0.0 255.255.255.0

Recall that another option for the ip route command allows you to add what is known as an administrative distance. An administrative distance is simply a number that designates how reliable or “trustworthy” the information about a particular route source is considered to be. For example, a directly connected interface is always considered the most trustworthy, and has an administrative distance of 0. A static route is also considered trustworthy, since an administrator will have manually defined it, after all. Static routes are assigned an administrative distance of 1 by default. The lower an administrative distance, the more trustworthy a route is considered to be. Consider the routing table entry below. The administrative distance of this route is 1, as shown by the value in the first portion of the square brackets.

S 192.168.1.0/24 [1/0] via 10.0.0.1

Routes learned from dynamic routing protocols are also assigned default administrative distances. But how are administrative distances used? Well, assume that an administrator has defined a static route to a network, and a route to the same network is also learned from a routing protocol. In cases where this happens, the router will “keep” or use the entry with the lower administrative distance. By default, a static route will always beat an entry learned dynamically. The list below provides the default administrative distances associated with routes learned in different ways.

Directly connected interface 0
Static Route 1
EIGRP 90
IGRP 100
OSPF 110
RIP 120
Unknown 255

To set the administrative distance of a static route to 50, use the ip route command as follows:

RouterB(config)#ip route 192.168.0.0 255.255.255.0 10.0.0.1 50
RouterB(config)#^Z
RouterB#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is not set
C 10.0.0.0/8 is directly connected, Serial0
C 172.16.0.0/12 is directly connected, Ethernet0
S 192.168.1.0/24 [50/0] via 10.0.0.1

While static routing may be a great deal of work to configure and maintain, there are two scenarios where static routing will commonly be used. The first is on “stub” networks, a network from which there is only one exit router to the rest of an internetwork. The second is in demand-dial routing environments, which are looked at in more detail in Chapter 11.

Routed Versus Routing Protocols

Before we take a look at a how a path is determined, it’s important to be able to differentiate between a routed and routing protocol. Although the names are similar, there is a big difference between the two. A routed protocol is a Network Layer protocol that is used to move traffic between networks. IP, IPX, and AppleTalk are all examples of routed protocols. Routed protocols allow a host on one network to communicate with a host on another, with routers forwarding traffic between the source and destination networks. They are characterized by logical addressing (such as an IP or IPX address) that not only identifies a source or destination host, but also the network (or subnet) on which they reside. In contrast, a protocol like NetBEUI does not use any logical addressing, and isn’t routable. Why is that? Because when a router comes across a NetBEUI packet, it has no way of determining where the destination host resides, since a NetBEUI packet does not include a logical destination address, only a name. The protocol cannot be routed; this means that communication between NetBEUI hosts is limited to occurring within a single non-routed network. Obviously that limits NetBEUI’s usefulness on a large internetwork.

Routing protocols serve a different purpose. Instead of being used to send data between source and destination hosts, a routing protocol is used by routers to exchange routing information with one another. For example, if we want our routers to dynamically “learn” about networks from one another, we configure them with a common routing protocol such as RIP or IGRP. Routers use routing protocols to exchange information about the networks they are aware of. In other words, routing protocols allow routers to “talk” to one another. This doesn’t mean that we need to configure routing protocols on every internetwork – there are other options, such as statically defining paths to destination networks on each router. If that sounds like a lot of work, you’re right. Once a network moves beyond a few routers, you will definitely need to consider adding one or more routing protocols. A variety of routing protocols exist beyond RIP and IGRP, including OSPF, EIGRP, AURP and others. The reason for choosing one over another will be influenced by a number of factors, including the size of a network, required performance, and the routed protocol(s) in use.

Routing Protocol Configuration Mode

The last configuration mode that you will eventually come across is the one associated with configuring routing protocols. We’ll look at routing protocols and their configuration in detail in Chapter 8. For now, it’s enough to simply be familiar with the prompt associated with configuring routing protocols.

toronto-1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
toronto-1(config)#router rip
toronto-1(config-router)#

We have now seen six different router prompts, four of which fall within global configuration mode. The list below reviews each of the prompts we’ve seen so far, and the mode or level that it designates:

Router> User EXEC mode
Router# Privileged EXEC mode
Router(config)# Global configuration mode
Router(config-if)# Interface level of global configuration mode
Router(config-line)# Line level of global configuration mode
Router(config-router)# Routing protocol level of global configuration mode

OSPF Routing with Windows

The OSPF routing protocol is the only other traditional routing protocol included with Windows 2000 outside of RIP versions 1 and 2. Traditionally RIP is used in small networks because it is easy to configure. However, certain scalability issues with RIP (such as the limitation that it only allows up to 15 hops) tend to make it a poor choice for larger networks. Whereas RIP is a distance-vector protocol, OSPF is a link-state protocol, meaning that each router has a database of the network routing topology. While this leads to more effective routing decision-making, it also increased the complexity of setting up an OSPF-based topology. Note that both RIP and OSPF can be run on routers at the same time.

In order to better understand how OSPF works, you need to be familiar with some key concepts. These include the idea of an Autonomous System (AS), areas, backbone areas, and the different types of OSPF routers (these differ in their responsibilities and how they function). The section below outlines these key concepts.

Autonomous System – an AS basically refers to a collection of areas that fall under the same administrative control, and has a backbone area between which different areas communicate directly.

Area – An OSPF area is a portion of an AS that includes contiguous subnet ranges. One of the main purposes of an OSPF area is route aggregation, which allows routing within an area to be confined to that area and not travel over the backbone. This is also sometimes referred to as route summarization, where routers within an area know only about their area, and a default route to the backbone. This makes OSPF a more efficient routing protocol, since every router does not need to necessarily know the details of other network available. As a general rule, follow the idea that an OSPF area should be comprised of the same systems that make up an Active Directory site. Areas are usually numbed in the format 0.0.0.x, where x usually designates a subnet range (although this is convention, not any requirement).

Backbone Area – the backbone area is the (usually) high-speed area into which all other OSPF areas are connected (these other areas are generally referred to as stub areas. Any traffic moving between different areas should communicate via the backbone area. The backbone area is always designated as area 0.0.0.0 in an OSPF implementation.

Stub Areas – A stub area is an area connected to the backbone area by an Area Boundary Router (ABR). When designing an OSPF-based topology, you should try to connect all stub areas to the backbone instead of connecting them to other stub areas. In a stub area, you can set up a single static route for all traffic destined outside of the area.

Area Border Router – any router in an OSPF system that borders and interconnects two or more areas (such as the backbone and a stub area) is considered an Area Border Router. Each ASB will carry an individual link state database for each area with which it is interconnected.

Autonomous System Boundary Router (ASBR) – a router than interconnects different Autonomous Systems in an OSPF topology.

Backbone Router – Any router that interconnects to the backbone area, including ABRs with a backbone connection.

Internal Router – any router that has all interfaces connected within the same area. These routers only carry a single link state database, containing information about the area in which it exists.

Virtual Link – A logical link between the backbone area and an ABR when a physical link between them does not exist. It is usually recommended that you avoid using virtual links where possible, since they can sometimes cause routing problems that can be difficult to troubleshoot.

While I could dedicate an entire article to OSPF and all of its workings, I’ll spare you the majority of the details. The key things to understand are that an OSPF-enabled router speaks to the other routers in its own area directly, exchanging routing information. This ensures that every router within the area has the same link state database as every other router in the area, and changes are flooded within the area as they occur. If a network has been properly designed into a hierarchical VLSM (variable length subnet mask) scheme, routing will be much more efficient and effective, since OSPF usually exchanges less traffic than RIP. Note that OSPF and RIP version 2 both pass subnet mask information in their routing table updates, while RIP version 1 does not. For companies that use VLSM, this is a critical consideration in choosing a routing protocol.

In order to configure a Windows 2000 Server to act as an OSPF router, you need to add the OSPF protocol.

Once OSPF has been added, you will need to configure an interface to use OSPF. As such, it is possible to have one or more interfaces use OSPF, while another (like a dial-up interface) might not. After an interface is added, you will be presented with the OSPF properties page.

Note that by default, an OSPF interface will be made part of the backbone area. The General tab allows you to configure the network type as well as router priority, cost, and an authentication password. The NBMA Neighbors tab allows you to configure the IP addresses of other OSPF routers on non-broadcast networks (such as Frame Relay, for example). Finally, the Advanced tab allows you to configure OSPF properties such as the Hello interval (how often an OSPF router announces its existence on the network), MTU size and so forth.

Note also that by right clicking on the OSPF heading under IP routing you can easily view neighboring routers, the link state database(s) of the system, and more.

RIP Routing with Windows

Since static routing can become cumbersome in very large internetworks, companies will usually choose to have routing tables built dynamically by a routing protocol. It is via routing protocols that routers ‘talk’ to one another, exchanging information about the networks that they are aware of. Although a wide variety of routing protocols exist, Windows 2000 supports only three, RIP versions 1 and 2, as well as OSPF. In order for routers to exchange information with one another, they must be running a common routing protocol. By far the simplest routing protocol to implement is RIP, the Routing Information Protocol. RIP’s simplicity comes from the fact that it requires very little in terms of configuration outside of simply ‘turning it on’. In an internetwork that uses RIP, routers broadcast their routing tables to their neighbors at configurable intervals. The downside of this is that it has a negative impact on network performance, and changes in the network topology (such as a router going down) can take a long time to propagate through a network, thus compounding network communication problems.

As mentioned earlier, Windows 2000 supports both RIP versions 1 and 2. RIP version 1 is often considered a poor choice in larger environments, mainly because it only supports classful IP addressing, which in part means that subnet mask information is not propagated as part of the RIP v1 broadcasts. This also means that RIP version 1 is not suitable for networks that use either CIDR (classless interdomain routing) or VLSM (variable-length subnet masks). Another downfall of RIP v1 is the fact the security is very limited, since neighboring routers do not authenticate with one another. This would might allow any RIP router to exchange information with neighboring RIP routers, regardless of whether they should be.

On the other hand, RIP version 2 does support VLSM, CIDR, and basic authentication (a string value that must be the same on routers participating in the exchange, via clear text). RIP v2 routers also support the exchange of information via broadcast or multicast, which can be configured. Note that a router running only RIP v1 cannot exchange information with a router running only RIP v2.

RIP is added via the ‘New Routing Protocol’ menu choice off the General tab in the IP Routing section of Routing and Remote Access.

Note that you first add a routing protocol, and then configure that protocol on an interface-by-interface basis. Note also that even though the screen above suggests that only RIP version 2 can be added, this option also allows you to configure interfaces using RIP 1 if desired.

By accessing the properties of RIP via the shortcut menu, you are actually configuring what are sometimes referred to as global parameters. The options here are limited, since an interface hasn’t actually been added yet, as will be discussed in a moment. The general tab controls how long a router will wait before sending a triggered update (meaning that its table has been updated), as well as RIP logging options. The Security tab is actually a little more important, since it allows you to control exactly which RIP routers this router is allowed to interact with. While the router will be able to accept announcements from all other RIP routers (running the same version) by default, you can also specify which routers it can or cannot accept announcements from explicitly by IP address.

Routing With Windows

Those familiar with Windows NT 4.0 will remember that by adding more that one network card to a system and enabling IP forwarding, you could use Windows NT as a router. Though the functionality was limited to acting as a static router or one which could only exchange information with other routers using RIP version 1, the ability to have NT act as a router was often used where a hardware-based solution (such as a Cisco router or similar) was impractical or too expensive. Windows 2000 builds on this functionality, with the Routing and Remote Access service (RRAS) providing the ability to integrate with other routers using a variety of popular routing protocols including RIP versions 1 and 2, as well as OSPF. Further to this, RRAS will also allow your server to act as a demand-dial router, initiating dial-up connections (as well as VPN connections) via ISDN and standard phone lines. This demand-dial functionality provides what could potentially be a very cost-effective solution in offices where Internet or related dial-up costs (such as WAN connection) are prohibitively expensive.

Before having a discussion about configuring a router, I think it is first important to understand what a router actually does, especially besides the obvious (routing packets). For the sake of simplicity, lets consider a 2-subnet internet. In order for hosts on one subnet (who have a given address range) to talk to computers on another subnet, they must communicate using a router as an intermediary. Sometimes referred to as a gateway, the router has a connection on both networks, usually with separate network interface cards, one on each subnet. When a host on one subnet needs to talk to a host on another, it forwards the frame it has created to the local router interface. Upon receiving the frame, the router does a number of things. First, it strips off the associated frame addressing (for example the Ethernet MAC addresses), and then looks at the destination IP address. Though the router (usually) won’t know about the whereabouts of a specific host, it will know about the networks to whom it is attached at a minimum, as well as any it has learned about via routing protocols. If the router has the destination network in its routing table, it will note the IP address to where the datagram should be sent next, either the destination host itself, or another router (if applicable). After decrementing the TTL of the datagram by 1 (as happens at every router), the router them frames the datagram for the underlying network technology, including the appropriate MAC addressing, and forwards the frame to that host.

Whenever you talk about routers you should be sure to distinguish between routing protocols and routed protocols. Quite simply, a routed protocol is one whose traffic has an addressing scheme that allows it to be routed, such as IP or IPX. On the other hand, a routing protocol is one that routers use to exchange information with one another, such as RIP or OSPF.

Routing and Remote Access (RRAS)

One of the most powerful new tools included with Windows 2000 Server is the Routing and Remote Access (RRAS) tool. The capabilities included with RRAS include the ability to configure Windows 2000 as a basic router (running routing protocols such as RIP and OSPF), a demand-dial router (via a standard dial-up or ISDN interface), a traditional remote access server (using dial-in PSTN or ISDN connections), a VPN server (allowing PPTP or L2TP connections), or a combination of the above. The remote access capabilities in RRAS are the focus of this article, with routing functionality to be covered in the next article in the series. This article will also cover some of the more advanced remote access capabilities, including the ability to configure remote access policies (which allow a much more granular way of granting access).

Prior to configuring Routing and Remote Access in Windows 2000, you will need to ensure that the service is both installed and enabled. Use the RRAS administrative tool to enable Routing and Remote Access.

Choosing ‘Configure and Enable Routing and Remote Access’ will open the Routing and Remote Access Wizard, which allows you to easily configure your services for any of the services listed below, while still offering you the ability to configure the services manually (the last option). Note that the downwards-pointing red arrow designates that the service is not running.

While the wizard provides a quick and easy way to get RRAS up and running, I suggest that you also attempt the manual configuration of the services to get a better idea of what is involved in setting each up.