When TCP/IP on a host is initialized, it automatically creates a routing table, which consists of default entries, manual entries, and entries made automatically through communication wi
Trang 1how packets Travel from Network to Network
Let’s look at how a data packet from one host travels to another across the span of networks After a sending host receives the needed IP address, the packet is sent from the host through the TCP/IP suite to the physical
medium for delivery at the target IP address Routing is the process of send-ing the packet to its destination A router is a device that forwards packets from one network to another and is also referred to as a gateway (the term
gateway is used in several different contexts; in all cases, a gateway connects one thing with another)
When the sending host has a packet ready, it already has determined the destination’s IP address by using one of the many name-to-IP resolu-tion methods discussed However, it may not know where that IP address is located if it is not located on the same subnet as the sending host
When TCP/IP on a host is initialized, it automatically creates a routing table, which consists of default entries, manual entries, and entries made automatically through communication with network routers To route the packet properly, the IP layer of a host will consult with the routing table that
is stored in memory Depending on whether the destination is on the same network or across the network boundaries (which is determined by examin-ing the network ID of the destination address), the packet will be sent by
direct delivery or indirect delivery.
Direct delivery is when the router is not used to forward the packet because the destination is on the same network (subnet or network seg-ment) as the sending host In this case, the packet is sent directly to its destination When the packet leaves the sending host, the data is encapsulated in a frame format for the network interface layer with the destination’s physical address included (as you’ll recall, the physical or
hEAd oF ThE ClASS…
Network+ Exam is Focused on TCp/Ip … period.
For those of you taking the Network+ exam, you will
need to know TCP/IP in detail It’s the most commonly
used protocol today and the most tested on the exam
On the Network+ exam, the term IPX/SPX (as well as
the others) will come up a lot so it may appear as if
many questions are on IPX/SPX, AppleTalk, or
Net-BEUI It’s important to understand that many times,
in this scenario, you are being asked fundamental
knowledge that was already acquired earlier in this chapter, such as the fact that IPX/SPX uses NLSP as
a Dynamic Routing Protocol, whereas TCP/IP will use something such as OSPF NLSP is an IPX/SPX-based Dynamic Routing Protocol, whereas OSPF is a TCP/ IP-based one Most of the exam is focused on details about TCP/IP, so don’t get too upset that you see IP-based protocols covered here in depth, whereas, others are not.
Trang 2Understanding Basic IP Routing 337
MAC address that matches the IP address in the destination header is
determined by ARP)
If the packet is destined for another network, it is sent to an
interme-diate point for forwarding This is called indirect delivery The IP data is
encapsulated in a frame format that is actually addressed to the physical
address of the network interface of the IP router that is on the sending
computer’s subnet Thus, the packet is sent from the sending host directly
to the router The router takes a look at the packet and determines where
it should be sent to reach its final destination The router passes the packet
from its internal interface (the one with an address on the same subnet
as the sender) to its external interface (the interface that’s on a
differ-ent subnet) From there, the packet may make its way across many routers
before reaching the subnet or network on which the destination computer
resides
IP Routing Tables
Any IP node that initializes the TCP/IP stack will generate a default
rout-ing table based on the configuration of that node For instance, when your
network-connected desktop boots up and initializes the TCP/IP stack, it will
create a default routing table based on your computer’s unique IP address,
which includes the network ID as well as the default gateway (default router)
and subnet mask The table also contains the logical or physical interface,
typically the network interface card, to be used to forward the packet
IP routing table entries
Routing table entries can be default, manual, or dynamic
The default values are created when the TCP/IP stack is initialized,
■
■
as shown in Figure 7.6
Manual entries can be placed in the table for specific routes that
■
■
may be desired Some organizations, for instance, want specific
traf-fic to go through specitraf-fic routers In that case, those routes can be
entered into the routing table manually
Routes can be added dynamically if the router supports dynamic
■
■
routing tables
We’ll discuss the differences between manual and dynamic routing in a
moment For now, let’s look at the specific entries in a routing table Routing
table entries contain a number of elements in a specified order Each of those
elements is required and each is described briefly here Figure 7.6 shows a
typical routing table
Trang 3■ Network Destination The network ID can be class-based,
sub-netted, or supernetted
■
■ Netmask The mask used to match the destination network with
the IP address in the data
■
■ Next Hop or Gateway The IP address of the next router (a hop is
one segment between routers If a packet has to go through two routers, that would be two hops)
■
■ Interface Identifies which network interface is used to forward the
packet Remember that every router has at least two interfaces
■
■ Metric The metric is a number used to help determine the best
route for the packet This typically is used to identify the route with
the fewest hops The metric is often expressed as the cost of the
route.
Routing tables can also store four specific types of routes:
■
■ Directly Attached Network IDs For packets destined for the local
or attached network If the sending and receiving hosts are both
on the same subnet, for instance, the packet will be sent via this method
■
■ Remote Network IDs Any packets destined for networks reachable
via routers will be sent via this routing method
FIGurE 7.6
Default Routing Table
Entries.
Trang 4Understanding Basic IP Routing 339
■
■ Host Routes A host route is a route to a specific IP address This
type of route allows a packet to be sent to a specific IP address The
network ID is the IP address of the destination host and the
net-work mask is 255.255.255.255
■
■ Default Route The default route is used when a more specific
net-work ID or route cannot be found When all else fails, the default
route is used This is defined as a network ID of 0.0.0.0 and the
network mask is 0.0.0.0
route Determination Process
Each IP packet has a destination IP address, which is used to determine
how the packet will be routed Using the logical ANDing process, the
desti-nation IP address and the subnet mask (or netmask) are compared If they
match, the packet stays on the local network and is sent directly to the
destination IP address
If the destination IP address and the subnet mask do not match, the
entries in the routing table are compared to the destination IP address If a
match is found (that is, if the destination IP address and the subnet mask
AND to a value found in the routing table), the packet is sent to the gateway
listed in the routing table If no matching entries can be found, the packet
is sent to the defined default gateway If more than one match is found in
the routing table entries, the metric is used and the route with the fewest
hops is typically selected To view the route table on a Windows Server 2003
computer, access the command prompt and type route print.
If there is no matching entry in the routing table, the packet will be sent
to the default gateway for forwarding When this process is complete, the
resulting IP address (either destination IP address or gateway IP address) is
then resolved to a physical address This process uses ARP
Note
In this section we used a server (multihomed with two network interface card (NICs))
as a router When using Routing and Remote Access Service (RRAS), you can use
Windows Server 2003 (or 2000) as a router Because most people have more access to
a copy of the server than to a Cisco router, this made the most sense However, it will
be most commonly seen on a vendor router such as Cisco or Juniper For the exam you
will not be asked to analyze different vendor-based routing information tables (RITs), so
this example is all that you need to learn the concepts about routing to be able to pass
the exam Make sure that, when you get an opportunity, to work with commonly used
equipment whenever possible, especially Cisco’s offerings.
Trang 5Physical Address Resolution (Using ARP)
ARP resolves IP addresses to physical addresses ARP is used to resolve the next-hop IP address to a physical MAC address This is done using network broadcasts The resolved MAC address is placed in the header of the packet
as the destination MAC address
ArP Cache
Just as a routing table is stored on the local host, so too is a list of the resolved IP-to-MAC addresses This information is held in the ARP cache Each time a request and resolution occur, both the sender and receiver store the other’s IP-to-MAC address mapping When a packet is received, the ARP cache is checked to see if the resolution has already been added to the cache
If so, the packet is immediately forwarded to the resolved address If the ARP cache does not contain the listing, a process must be initiated to resolve the
IP address to the MAC address Resolved entries are stored for a specified period of time and then discarded If the same IP address is used within the specified time frame, the MAC address is already known and the packet is simply forwarded If the ARP cache entry has expired, it no longer exists and the discovery process must be used, even if the MAC address was previously discovered
ArP Process
There are two steps involved in resolving the IP address to a MAC address:
the ARP request and ARP reply The node responsible for forwarding the
packet (either the sender or a gateway) will use the ARP request message to request the MAC address for the next-hop IP address The format of the ARP request is a MAC-level broadcast that is sent to all nodes on the same physi-cal segment as the sender Whichever node sends the ARP request message
is called the ARP requester.
The ARP reply is the return process The node whose address matches the MAC address in the ARP request will respond by sending an ARP reply This is a unicast (directly back to the sender only) MAC frame sent by the
node called the ARP responder The ARP responder’s unicast message
con-tains both its IP address and its MAC address
Once this process is complete, both nodes now have new information about an IP address and the associated MAC address This information is stored in the ARP cache for a specified amount of time When it expires, if this address is needed again, the same request and reply process is used RARP (which is Reverse ARP) is the complete opposite of ARP Where ARP is the process of resolving a known IP address to its MAC address,
Trang 6Understanding Basic IP Routing 341
RARP will resolve an IP address to a known MAC Remember, it’s
sim-ply the opposite of ARP and very easy to remember simsim-ply by its name
alone
Although not necessarily testable on the Network exam, there are other
forms of ARP that you should be aware of as a Network technician that
you will see in use in your day-to-day activities
Inverse ARP
On non-broadcast-based multiple access (NBMA) networks, such as wide area
technologies including ATM (Asynchronous Transfer Mode), Frame Relay,
and X.25, the network interface address is not the MAC address Instead,
it is a virtual circuit In these cases, the IP address is mapped to the virtual
circuit over which the packet is traveling In resolving addresses in NBMA
networks, the virtual circuit identifier is known, but the receiving node’s IP
address is not Inverse ARP (InARP) is used to resolve the IP address on the
other end of the virtual circuit InARP was specifically designed for Frame
Relay circuits InARP uses a query on each virtual circuit to determine the IP
address of the interface on the other end A table is built using the results of
these queries for use in resolving addresses in NBMA networks
Proxy ARP
Proxy ARP occurs when one node answers ARP requests on behalf of another
node This is typically the case in subnets where no router is present An
ARP proxy device is placed between nodes on the network This device is
aware of all nodes on its physical segment and can respond to ARP requests
and facilitate the forwarding of packets on the network An ARP proxy device
is often a routing device, but it does not act as an IP router
Note
The process of resolving an address to its physical (MAC) address is a very important
one and is likely to be the subject of at least one exam question Typically, questions
have to do with how ARP actually resolves the address Remember that the ARP request
is a broadcast datagram and the ARP reply is a unicast datagram Datagrams, unlike
other messages, do not require the ACK message to acknowledge receipt The
broad-cast datagram is sent out to all hosts, which process the ARP request If a host’s IP
address matches the ARP request, it sends an ARP reply The ARP reply is a unicast
because it is sent from the matching host directly back to the requesting host No other
hosts receive this datagram If it does not match the request, the ARP request is simply
discarded.
Trang 7Static and Dynamic IP Routers
Routing tables can be updated manually or dynamically If the table must be
updated manually, it is considered to be static If the table can be updated auto-matically, it is considered to be dynamic Static routing works well in small
environments, but does not scale well to larger networks Another useful appli-cation of static routing is in subnets that are separated from the rest of the network Rather than using routing protocols across WAN connections, static routes can be entered manually at both the main office and remote office rout-ers to make each network segment reachable A third common use of static routes is to connect a network to the Internet A Windows Server 2003 puter can be used as a static router when it is configured as a multihomed com-puter This entails installing two or more network interface cards, each with a separate IP address and subnet mask Static routes can then be configured for the two (or more) networks directly attached to the multi-homed computer Dynamic routing occurs when routing tables are automatically and peri-odically updated Dynamic routers rely upon routing protocols Dynamic routing can be divided into two different classifications
Interior Gateway Routing Protocols
■
■
Exterior Gateway Routing Protocols
■
■
Interior Gateway Routing Protocols (IGPs) are designed for routing within an autonomous system What that means is they were designed to control routing within a company or Local Area Network Exterior Gateway Routing Protocols (EGPs) were designed to control routing between autono-mous systems such as connecting to your Internet Service Provider (ISP) The three most commonly used IP-based IGP routing protocols are as follows:
Routing Information Protocol
■
■
Open Shortest Path First
■
■
Enhanced Interior Gateway Routing Protocol (Cisco proprietary
■
■
EIGRP) The three most commonly used IP-based EGP routing protocols are as follows:
Border Gateway Protocol (BGP)
■
■
Intermediate System – Intermediate System (IS-IS)
■
■
Enhanced Interior Gateway Routing Protocol (Cisco proprietary
■
■
EIGRP)
Trang 8Understanding Basic IP Routing 343
The Routing Information Protocol (RIP) was originally designed for use
on classful networks RIP is a Distance Vector Routing Protocol and
deter-mines routes based on the number of hops (how many routers it must pass
through) Any route more than 15 hops away is considered unreachable For
this reason, RIP does not scale well to large networks RIP routing tables are
dynamically updated using a route-advertising mechanism Ripe now has two
versions; v1, which sends updates via broadcasts, and v2, which sends updates
via multicast Other Distance Vector Routing Protocols include BGP
In contrast to RIP, OSPF is a Link State Routing Protocol The method
of dynamically updating routing information is through link state
adver-tisements (LSAs) that have information containing both the connected
net-works and their costs The cost of each router interface is determined by the
administrator to use best connections first The combined cost of a
connec-tion using this classless routing protocol must be less than 65,535 Other
Link-State Routing Protocols include IS-IS
A third way is to combine the nest of advertisements in Link-State
Pro-tocols and the simplicity of Distance Vector These proPro-tocols are known as
Hybrid Protocols and include the Cisco proprietary EIGRP
A Windows Server 2003 computer can be configured as a dynamic router,
using either of these protocols As with static configurations, multiple NICs
must be installed and RRAS must be enabled In dynamic routing, default
routes are seldom used Thus, it is not necessary to configure a default
gate-way on any NIC When the Routing and Remote Access Service is enabled,
static routing is enabled To enable dynamic routing, add the RIP and OSPF
protocols and enable them on your NICs by adding your NICs to the
appro-priate routing protocol RIP is more approappro-priate for small- to medium-sized
networks and OSPF is appropriate for large networks Therefore, you are
most likely to enable one or the other protocol, depending on your network
configuration
Test day Tip
One or more questions about routing protocols may come up on the exam Remember
that RIP and OSPF both support dynamic routing, but RIP is not a good choice for a
larg-er network Look for questions that may include more than 16 hops – you’ll immediately
know that RIP can’t be used in this case As OSPF was specifically designed for Frame
Relay circuits, questions about OSPF will likely revolve around Frame Relay as opposed
to other NBMA types of networks Also keep in mind that a multihomed computer must
have RRAS enabled to function as a router, and that it sets up static routing by default
The only way dynamic routing occurs is if you install the RIP or OSPF protocols and bind
your NIC to them.
Trang 9Routing Utilities
There are four commonly used routing utilities Each typically is run from
the command line (Start | Run | cmd) The specific command line options
available are displayed when the command is typed in at the prompt
■
■ route Used to view and modify the entries in the routing table.
■
■ ping Used to verify reachability of intended destinations using
Internet Control Message Protocol (ICMP) Echo messages
■
■ tracert Used to send ICMP Echo messages to discover the path
between a node and a destination
■
■ pathping Used to discover the path between a host and destination
or to identify high-loss links
A very common use of the ping utility is to check connectivity from one computer to another From your computer, you can run the ping util-ity from the command window You can ping using an IP address or host-name If your computer cannot connect to the network, you can try to ping a known server or another computer (by IP address or name) on your network If that does not work, the next step is to ping the local com-puter, which tests the internal network communication functions of your
computer (NIC and TCP/IP stack) by using the following command: ping
localhost or ping 127.0.0.1 (the loopback address) If this fails, the
prob-lem is with the configuration of the TCP/IP stack on your computer If pinging the loopback address is successful, the problem is probably exter-nal to the NIC
Exam warning
Before exam day, try each of these utilities on a networked computer Once you see how the utility works and what the return values are, you’ll have a much clearer idea of how each is used Scenarios based on using these utilities may trip you up if you’re not certain which utility has which function Memorize the functions of these four utilities You’ll probably see one or more of them used in a network scenario You will learn more about these commands and utilities as well as troubleshooting in general in Chapters 11 and 12 respectively.
IP routing involves using both direct and indirect routes to deliver packets
to their intended destinations Static and dynamic routing tables are used to determine how to best send the packet With the use of the IP protocol and other associated protocols (Application Layer Protocols, UDP datagrams, ICMP messages, or Routing Protocols), messages are reliably and quickly encoded, sent, and decoded
Trang 10Understanding Basic IP Routing 345
NAt
NAT is designed for IP address simplification and conservation NAT
is a feature of most systems, including Microsoft servers used as routers
and configured with RRAS, and Cisco devices that use IOS (Internetwork
Operating System – the OS that Cisco devices use) NAT permits an
organi-zation’s IP address structure to appear differently to outside networks than
the actual address space it is using This allows organizations to connect
to the Internet without having to use globally unique addressing schemes
internally It enables private IP networks that use non-registered RFC1918
IP addresses to connect to the Internet
Generally, NAT is used when a company’s internal addresses are not
globally unique and thus cannot be routed on the Internet (for instance,
using RFC 1918 private addresses), or because two separate networks that
need to communicate are using an overlapping IP address space
In most cases, NAT allows hosts on a private network (inside network)
to transparently communicate with destination hosts (outside network) in a
global or public network This is achieved by modifying the source address
portion of an IP packet as it traverses the NAT device The NAT device
tracks each translation (conversation) between the source host (inside
net-work) and the destination host (outside netnet-work), and vice versa
NAT converts IP addresses from the private address space to the public
address space When a device performing NAT receives a packet from the
internal network, it changes the source IP address, recalculates the
appropri-ate checksums, and sends it to the Internet This obscures the true source
address
NAT is a method by which IP addresses are mapped from one address
realm to another This type of translation provides transparent routing from
host to host There are many variations of address translation that assist in
translating different applications A common use of NAT in an enterprise
environment is when someone at home wants to surf the website rsnetworks
net When the user does, the request goes to the server that holds that
infor-mation by DNS over the Internet Once the request packets are sent to the
Web server’s network, the router that sits on the perimeter performs NAT on
the packets In this example, the packets are sent to a server inside the
net-work with an IP address of 192.168.1.10 When the data that was requested
is sent back, the router maintains the information needed to return the
pack-ets in its internal tables Some router vendors call these translation tables
Cisco calls them xlate on their PIX firewalls.
Another commonly used technology, although not on the listed
objec-tives, but equally important, is PAT PAT extends the concept of
transla-tion one step further by also translating transport identifiers like TCP and
UDP port numbers and ICMP query identifiers This allows the transport