Routing tables have to come from somewhere. Routing processes run on routers and communicate with other routers on the network. Using the information they collect they populate the routing table on the router.
The routing algorithm doesn't change. Just the routing table information changes.
Two basic types
IGP - Internal routing - within an organization (Autonomous System)
Examples
Distance Vector - RIP, RIP v2, EIGRP
Link State - OSPF, ISIS
EGP - Exterior routing - used between organizations. Is main core
protocol on the Internet.
Examples
BGP
Internal routing protocols typically are Distance/Vector or Link State.
Distance vector - example is RIP or RIPng RIP - RFC1058 - Only understands old class a/b/c style networks RIP Version 2 - RFC1723 - understands modern classless networks shares its concept of entire routing table only with its neighbors at regular intervals UDP used to exchange informationEach router advertises its RIP information table (including its idea of HOP count) to all the other routers periodically. The shortest path (as determined by hop count) is placed in the routing table.
Link state - example is OSPF RFC 2328 shares info about all of its connections (its link states) to all of its neighbors. Neighbors share these link state advertisements with their neighbors. (within an OSPF area) OSPF only sends changes after initialization. Uses its own IP protocol (Like UDP or TCP at Layer 4) to exchange information. It uses IP protocol 89Each router keeps a picture of the network "in its head" and uses the link state updates to adjust the picture.
Links have costs associated with them. Once a router has a full picture of a network it uses Dijkstra's algorithm to compute the best "next hops" to place in the routing table. The costs of the links are used to determine the shortest path from a router to any destination network.
FIU uses OSPF
BGP - Exterior routing RFC 1771 Path vector routing Routers exchange both next hop and path information Is the protocol used to maintain the Internet today. All sites (autonomous systems) use BGP to exchange routing information. Uses TCP to exchange information
Primarily talking about layer 2 Wide Area technologies PPP is used as Layer 2 framing for some: Serial links - including dial-ups POS - Packet over sonet (fiber optic) PPP consists of a Framing encapsulation protocol (PPP itself), a link control protocol(LCP), and a network control protocol(NCP).Wikipedia article on PPP
Others WAN layer 1 and layer 2 protocols might use their own framing (or at times use PPP) ISDN Frame Relay ATM DSL Cable modems HOME/Small office technologies Serial links (dialup) uses PPP for framing (layer 2) uses audio waveform signals to carry digital data 28Kbps to 56Kbps DSL Runs over normal phone lines, distance limited somewhat. Farther you are from Central Office, the slower your speed will be. (depending on DSL technology) layer 2 protocol provides point to point link Can use Ethernet as datalink Can also use ATM as datalink layer Will often use PPP over the Ethernet or ATM to provide point to point service ADSL - upload/download speeds different - depends on distance from DSLAM SDSL - upload/download speeds the same Cable Modems Runs over broadband cable DOCSIS - standard for cable modems bus topology ethernet 802.3 format in DOCSIS payload usually asymmetric speeds faster downloads than uploads Due to under-laying bus technology speeds can be affected by other users Wide Area Technologies T and E carrier framing and SONET Time Division Multiplexing An extension of the phone systems T carrier systems Voice channel is 64Kbps. == T0 (over a DS0) 24 voice channels makes a T1 (carried over a DS1) = 1544Kbps =1.544Mbps 672 voice channels (28 T1's) makes a T3 carried over a DS3 = 44.736Mbps OC-1 is optical signal roughly equivalent to a DS3 51.84 Mbit/s SONET = Synchronous Optical Network Internationally SDH - Synchronous Digital Hierarchy STS = synchronous transport signal - used in US (SONET) STM = synchronous transport signal - used internationally (SDH) 3 OC1 can be carried in a OC3 (OC3 = STS-3 , in SDH world = STM-1 ) 155Mbps 4 OC3's can be carried in a OC12 (OC12 = STS-12, in SDH world = STM-4 ) 622Mbps 16 OC3's can be carried in OC48 (OC48= STS-48, in SDH world = STM-16) 2488Mbps 64 OC3's can be carried in OC192 (OC192= STS-192, in SDH world = STM-64) 9953Mbps Leased lines T1 or T3 circuits provided directly between two points Frame Relay Uses its own datalink layer - uses many different physical layers T1, T3 Star based topology - underneath it all. Presents the user with a Virtual Circuit. Data rate is dependent on providers provisioning and physical layer Customer must ask provider for provisioning. ATM Big brother of ISDN and Frame relay breaks frames into 53 byte cells which are combined back into PDU's (protocol data units) Multiple Star topology Uses concept of virtual circuit to provide point to point services Usually is framed in Sonet frames OC3 (~155Mbits) OC12 (~622 Mbits) OC48 (~2.4 Gbits) OC192 (~9.6 Gbits) POS Packet over sonet - RFC 2615 PPP is layer 2 protocol - sonet is layer 1/2 OC3 (~155Mbits) OC12 (~622 Mbits) OC48 (~2.4G bits) OC192 (~9.6 Gbits) Ethernet 1G and 10G ethernet are gaining in popularity for WAN connections. Lan PHY is real ethernet. Wan PHY is ethernet encoded in OC-192/STM-64. Often combined by carrier providers with DWDM. LTE / Wireless Various speeds available Various topologies available
This is usually encapsulating IP packets within other IP packets for transport across the network as a virtual point-to-point link.
Payload is often encrypted and AAA protocols are employed. AAA = Authentication, Authorization, and Accounting.
Authentication - Who are you Authorization - What the authenticated "you" is allowed to access Accounting - Records of what the authenticated "you" does
Two categories:
1. VPN's built on TCP streams of bytes. An example is using
SSH
http://www.tldp.org/HOWTO/ppp-ssh/
Another example is putting IP over SSL.
The advantage here is that since these VPN's work over TCP and on fairly well known and un-blocked ports they will work in situations (NATed networks, or firewalled networks) that others may not.
But running IP over TCP can lead to all kinds of weird problems. Encapsulating packets over a stream based protocol can create a number of interesting timing issues. It is usually slower than UDP or other packet in packet technologies.
2. VPN's built by encapsulating each packet. GRE and IPsec are examples of these types/
GRE - Generic routing encapsulation - RFC 1701 and refined in RFC 2784
IP protocol 47
---------------------------------
| |
| Delivery Header | Standard IP header with source/dest addresses being the VPN boxes
| |
---------------------------------
| |
| GRE Header |
| |
---------------------------------
| |
| Payload packet | Can be encrypted
| |
---------------------------------
The GRE packet header has the form:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|C| |K|S| Reserved0 | Ver | Protocol Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum (optional) | Reserved1 (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| key (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| sequence number (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Protocol type is the same as Ethernet protocol type of original
packet. IE for IPv4 0x0800..
PPTP - RFC2637 - point to point tunneling protocol.
Uses GRE - IP protocol 47 to move data
Uses TCP port 1723 to set up connections
Defined by Microsoft but open source implementations are available.
Version 1 had major flaws
Version 2 fixed many of them. Still has a weak key space for the session encryption.
FIU SCS supports PPTP to provide end users (Road warriors) with VPN service.
L2TP - RFC 2661 / RFC 3931 - layer 2 tunneling protocol.
L2TP / IPsec - RFC 3193 - layer 2 tunneling protocol over IPsec ESP transport mode
Uses PPP as a L2TP payload.
FIU SCS supports L2TP to provide end users (Road warriors) with VPN service.
IPsec
AH - digital sign of packet - IP protocol 51 - verifies data is not modified in transit
---------------------------------
|orig IP hdr | | | |
|(any options)| AH | TCP | Data |
---------------------------------
ESP - sign and encrypt packet - IP protocol 50
BEFORE APPLYING ESP
----------------------------
IPv4 |orig IP hdr | Payload |
|(any options)| Data |
----------------------------
tunnel - is true VPN puts signed and encrypted packet within normal
unsigned packet
-----------------------------------------------------------
| new IP hdr* | | orig IP hdr* |Payload | ESP | ESP|
|(any options)| ESP | (any options) |Data |Trailer|Auth|
-----------------------------------------------------------
|<--------- encrypted ---------->|
|<----------- authenticated ---------->|
transport - encrypts the payload only, no digital signature of header
-------------------------------------------------
|orig IP hdr | ESP | Payload | ESP | ESP|
|(any options)| Hdr | Data | Trailer |Auth|
-------------------------------------------------
|<----- encrypted ---->|
|<------ authenticated ----->|
Key exchange is big problem.
http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ikev2-tutorial-01.txt