Unit 3: Dynamic Routing

Basic Routing
The term routing refers to taking a packet from one device and sending it through the network to
another device on a different network. Routers dont really care about hosts they only care about
networks and the best path to each one of them.

The list of the minimum factors a router must know to be able to affectively route packets:
Destination address
Neighbor routers from which it can learn about remote networks
Possible routes to all remote networks
The best route to each remote network
How to maintain and verify routing information

The router learns about remote networks from neighboring routers or from an administrator. The
router then builds a routing table, which is basically a map of the internetwork, and it describes
how to find remote networks. If a network is directly connected, then the router already knows
how to get to it.

The static routing method requires someone to hand-type all network locations into the routing
table. Conversely, when dynamic routing is used, a protocol on one router communicates with the
same protocol running on neighboring routers. The routers then update each other about all the
networks they know about and place this information into the routing table. If a change occurs in
the network, the dynamic routing protocols automatically inform all routers about the event. If
static routing is used, the administrator is responsible for updating all changes by hand onto all
routers.

Dynamic Routing
Dynamic routing is when protocols are used to find networks and update routing tables on routers.
A routing protocol defines the set of rules used by a router when it communicates routing
information between neighboring routers.

Two types of routing protocols are used in internetworks: interior gateway protocols (IGPs) and
exterior gateway protocols (EGPs). IGPs are used to exchange routing information with routers in
the same autonomous system (AS). An AS is either a single network or a collection of networks
under a common administrative domain, which basically means that all routers sharing the same
routing-table information are in the same AS. EGPs are used to communicate between ASs. An
example of an EGP is Border Gateway Protocol (BGP).

Routing Protocol Basics

Administrative Distances:
The administrative distance (AD) is used to rate the trustworthiness of routing information
received on a router from a neighbor router. An administrative distance is an integer from 0 to 255,
where 0 is the most trusted and 255 means no traffic will be passed via this route.
If a router receives two updates listing the same remote network, the first thing the router checks
is the AD. If one of the advertised routes has a lower AD than the other, then the route with the
lowest AD will be chosen and placed in the routing table. If both advertised routes to the same
network have the same AD, then routing protocol metrics like hop count and/or the bandwidth of
the lines will be used to find the best path to the remote network.

Autonomous Systems:
Within the Internet, an autonomous system (AS) is a collection of connected Internet Protocol (IP)
routing prefixes under the control of one or more network operators on behalf of a single
administrative entity or domain that presents a common, clearly defined routing policy to the
Internet.

The newer definition in RFC 1930 came into use because multiple organizations can run Border
Gateway Protocol (BGP) using private AS numbers to an ISP that connects all those organizations
to the Internet. Even though there may be multiple autonomous systems supported by the ISP, the
Internet only sees the routing policy of the ISP. That ISP must have an officially registered
autonomous system number (ASN).

A unique ASN is allocated to each AS for use in BGP routing. AS numbers are important because
the ASN uniquely identifies each network on the Internet.

Redistribution of Routing Information:

Route redistribution is when we take a route from one routing protocol and inject it or distribute it
into another protocol. By default, routers only advertise and share routes with other routers
running the same protocol. So if we have 2 routers and one runs OSPF and the other runs EIGRP
and we want them to know about each others routes, by default, they won't share routing
information because they are not running the same protocol.
Load Balancing:

Network load balancing (commonly referred to as dual-WAN routing or multihoming) is the

ability to balance traffic across two WAN links without using complex routing protocols like BGP.

This capability balances network sessions like Web, email, etc. over multiple connections in order
to spread out the amount of bandwidth used by each LAN user, thus increasing the total amount
of bandwidth available. For example, a user has a single WAN connection to the Internet operating
at 1.5Mbit/s. They wish to add a second broadband (cable, DSL, wireless, etc.) connection
operating at 2.5Mbit/s. This would provide them with a total of 4Mbit/s of bandwidth when
balancing sessions.

Routing Protocols
There are three classes of routing protocols:
1. Distance vector: The distance-vector protocols in use today find the best path to a remote
network by judging distance. In RIP routing, each instance where a packet goes through a router
is called a hop, and the route with the least number of hops to the network will be chosen as the
best one.

RIP is a distance-vector routing protocol and periodically sends out the entire routing table to
directly connected neighbors.

2. Link state: In link-state protocols, also called shortest-path-first protocols, the routers each
create three separate tables. One of these tables keeps track of directly attached neighbors, one
determines the topology of the entire internetwork, and one is used as the routing table. OSPF is
an IP routing protocol thats completely link-state. Link state protocols send updates containing
the state of their own links to all other directly connected routers on the network.

3. Hybrid: Hybrid protocols use aspects of both distance-vector and link-state protocols, and
EIGRP is a great example.

Routing Information Protocol (RIP)

Routing Information Protocol (RIP) is a true distance-vector routing protocol. RIP sends the
complete routing table out of all active interfaces every 30 seconds. It relies on hop count to
determine the best way to a remote network, but it has a maximum allowable hop count of 15 by
default, so a destination of 16 would be considered unreachable.
RIP version 1 uses only classful routing, which means that all devices in the network must use the
same subnet mask. This is because RIP version 1 doesnt send updates with subnet mask
information in tow. RIP version 2 provides something called prefix routing and does send subnet
mask information with its route updates. This is called classless routing.

RIP Operation:
A big problem with distance vector routing protocol is routing loop. Lets take a look at how a
routing loop occurs.
Here we have routers A, B and C. Notice that at the beginning (when a routing protocol is not
turned on) there are only directly connected networks in the routing tables of these routers. For
example, in the routing table of router A, network 1.0.0.0 has already been known because it is
directly connected through interface E0 and the metric (of a directly connected network) is 0 (these
3 parameters are shown in the routing tables below).

Also B knows networks 2.0.0.0 & 3.0.0.0 with a metric of 0.

Also C knows networks 3.0.0.0 & 4.0.0.0 with a metric of 0.

Now we turn on RIP on these routers (In the rest of this article, we will call network 1.0.0.0 network
1, 2.0.0.0 network 2 and so on).
RIP sends update every 30 seconds so after 30 sec goes by, A sends a copy of its routing table to
B, B already knew about network 2 but now B learns about network 1 as well. Notice the metric
we have here for directly connected networks, since were using RIP, were using a metric of hop
count. Remember a hop count (or a hop) is how many routers that these packets will have to go
through to reach the destination. For example, from router A to network 1 & 2 (which are directly
connected) it goes to 0 hop, router B has now learned about network 1 from A via E0 interface so
the metric now will be 1 hop.
Each router receives a routing table from its direct neighbor. For example, Router B receives
information from Router A about network 1 and 2. It then adds a distance vector metric (such as
the number of hops), increasing the distance vector of these routes by 1.

B also exchanges its routing table with A about network 2 and 3.

B then passes the routing table to its other neighbor, Router C.

C also sends its update to B and B sends it to A.

Now the network is converged.

Now lets assume network 4 down suddenly.

When network 4 fails, Router C detects the failure and stops routing packets out its E1 interface.
However, Routers A and B have not yet received notification of the failure. Router A still believes
it can access 4.0.0.0 through Router B. The routing table of Router A still reflects a path to network
10.4.0.0 with a distance of 2 and router B has a path with a distance of 1.

There will be no problem if C sends an update earlier than B and inform that network is currently
down but if B sends its update first, C will see B has a path to network 4 with a metric of 1 so it
updates its routing table, thinking that if B can go to network 4 by 1 hop than I can go to network
4 by 2 hops but of course this is totally wrong.

The problem does not stop here. In turn, C sends an update to B and informs it can access network
4 by 2 hops. B learns this and think if C can access network 4 by 2 hops than I can access by 3
hops.
This same process occurs when B continually sends its update to C and the metric will increase to
infinity so this phenomenon is called counting to infinity.

Below lists some methods to prevent this phenomenon:

SPLIT HORIZON:
A router never sends information about a route back in same direction which is original
information came, routers keep track of where the information about a route came from. Means
when router A sends update to router B about any failure network, router B does not send any
update for same network to router A in same direction.

ROUTE POISONING:
Router consider route advertised with an infinitive metric to have failed ( metric=16) instead of
marking it down. For example, when network 4 goes down, router C starts route poisoning by
advertising the metric (hop count) of this network as 16, which indicates an unreachable network.
When router B receives this advertising, it continue advertising this network with a metric of 16.

POISON REVERSE:
The poison reverse rule overwrites split horizon rule. For example, if router B receives a route
poisoning of network 4 from router C then router B will send an update back to router C (which
breaks the split horizon rule) with the same poisoned hop count of 16. This ensures all the routers
in the domain receive the poisoned route update.

Notice that every router performs poison reverse when learning about a downed network. In the
above example, router A also performs poison reverse when learning about the downed network
from B.

HOLD DOWN TIMERS:

After hearing a route poisoning, router starts a hold-down timer for that route. If it gets an update
with a better metric than the originally recorded metric within the hold-down timer period, the
hold-down timer is removed and data can be sent to that network. Also within the hold-down timer,
if an update is received from a different router than the one who performed route poisoning with
an equal or poorer metric, that update is ignored. During the hold-down timer, the downed route
appears as possibly down in the routing table.

For example, in the above example, when B receives a route poisoning update from C, it marks
network 4 as possibly down in its routing table and starts the hold-down timer for network 4. In
this period if it receives an update from C informing that the network 4 is recovered then B will
accept that information, remove the hold-down timer and allow data to go to that network. But if
B receives an update from A informing that it can reach network by 1 (or more) hop, that update
will be ignored and the hold-down timer keeps counting.

Note: The default hold-down timer value = 180 second.

TRIGGERED UPDATE:
When any route failed in network, do not wait for the next periodic update instead send an
immediate update listing the poison route.

COUNTING TO INFINITY:
Maximum count 15 hops after it will not be reachable.

RIP Timers:
RIP uses several timers to regulate its operation. These timers are described below:
Update timer: how often the router sends update. Default update timer is 30 seconds
Invalid timer (also called Expire timer): how much time must expire before a route becomes invalid
since seeing a valid update; and place the route into hold down. Default invalid timer is 180
seconds

Disadvantages with RIP

Increased network traffic: RIP checks with its neighboring routers every 30 seconds, which
increases network traffic.
Maximum hop count: RIP has a maximum hop count of 15, which means that on large
networks, other remote routers may not be able to be reached.
Closest may not be shortest: Choosing the closest path by hop count does not necessarily
mean that the fastest route was selected. RIP does not consider other factors when
calculating best path.
RIP only updates neighbors so the updates for non-neighboring routers are not first-hand
information.
Dijkstra Algorithm
Here we want to find the best route between A and E (see below). We can see that there are six
possible routes between A and E (ABE, ACE, ABDE, ACDE, ABDCE, ACDBE), and it's obvious
that ABDE is the best route because its weight is the lowest. But life is not always so easy, and
there are some complicated cases in which we have to use algorithms to find the best route.

1. As we see in the first image, the source node (A) has been chosen as T-node, and so its
label is permanent (we show permanent nodes with filled circles and T-nodes with the -->
symbol).

2. In the next step, we see that the status record set of tentative nodes directly linked to T-
node (B, C) has been changed. Also, since B has less weight, it has been chosen as T-node
and its label has changed to permanent (see below).

3. In step 3, like in step 2, the status record set of tentative nodes that have a direct link to T-
node (D, E), has been changed. Also, since D has less weight, it has been chosen as T-node
and its label has changed to permanent.
 4. In step 4, we don't have any tentative nodes, so we just identify the next T-node. Since E
has the least weight, it has been chosen as T-node.

Overview of OSPF
Open Shortest Path First is an open standard routing protocol thats been implemented by a wide
variety of network vendors, including Cisco.
Heres a list that summarizes some of OSPFs best features:

1. Allows for the creation of areas and autonomous systems

2. Minimizes routing update traffic
3. Is highly flexible, versatile, and scalable
4. Supports VLSM/CIDR
5. Offers an unlimited hop count
6. Is open standard and supports multi-vendor deployment

Here are three of the biggest reasons to implement OSPF in a way that makes full use of its
intentional, hierarchical design:
1. To decrease routing overhead
2. To speed up convergence
3. To confine network instability to single areas of the network
An OSPF hierarchical design minimizes routing table entries and keeps the impact of any topology
changes contained within a specific area.

OSPF runs great inside an autonomous system, but it can also connect multiple autonomous
systems together. The router that connects these ASs is called an autonomous system boundary
router (ASBR).

OSPF Terminology:
Link: A link is a network or router interface assigned to any given network. When an interface is
added to the OSPF process, its considered to be a link. This link, or interface, will have up or
down state information associated with it as well as one or more IP addresses.

Router ID: The router ID (RID) is an IP address used to identify the router. Cisco chooses the
router ID by using the highest IP address of all configured loopback interfaces. If no loopback
interfaces are configured with addresses, OSPF will choose the highest IP address out of all active
physical interfaces. To OSPF, this is basically the name of each router.

Neighbor: Neighbors are two or more routers that have an interface on a common network, such
as two routers connected on a point-to-point serial link.

Adjacency: An adjacency is a relationship between two OSPF routers that permits the direct
exchange of route updates.

Designated router: A designated router (DR) is elected whenever OSPF routers are connected to
the same broadcast network to minimize the number of adjacencies formed and to publicize
received routing information to and from the remaining routers on the broadcast network or link.
Backup designated router: A backup designated router (BDR) is a hot standby for the DR on
broadcast, or multi-access, links. The BDR receives all routing updates from OSPF adjacent
routers but does not disperse LSA updates.

Hello protocol: The OSPF Hello protocol provides dynamic neighbor discovery and maintains
neighbor relationships. Hello packets and Link State Advertisements (LSAs) build and maintain
the topological database. Hello packets are addressed to multicast address 224.0.0.5.

Link State Advertisement: A Link State Advertisement (LSA) is an OSPF data packet containing
link-state and routing information thats shared among OSPF routers. An OSPF router will
exchange LSA packets only with routers to which it has established adjacencies.

OSPF areas: An OSPF area is a grouping of contiguous networks and routers. All routers in the
same area share a common area ID.

OSPF Operation
OSPF operation is basically divided into these three categories:
- Neighbor and adjacency initialization
- LSA flooding
- SPF tree calculation

Neighbor and Adjacency Initialization:

The beginning neighbor/adjacency formation stage is a very big part of OSPF operation. When
OSPF is initialized on a router, the router allocates memory for it, as well as for the maintenance
of both neighbor and topology tables. Once the router determines which interfaces have been
configured for OSPF, it will then check to see if theyre active and begin sending Hello packets.

The Hello protocol is used to discover neighbors, establish adjacencies, and maintain relationships
with other OSPF routers. Hello packets are periodically sent out of each enabled OSPF interface
and in environments that support multicast.

The address used for this is 224.0.0.5, and the frequency with which Hello packets are sent out
depends upon the network type and topology. Broadcast and point-to-point networks send Hellos
every 10 seconds, whereas non-broadcast and point-to-multipoint networks send them every 30
seconds.
LSA Flooding

LSA flooding is the method OSPF uses to share routing information. LSA information containing
link-state data is shared with all OSPF routers within an area. The network topology is created
from the LSA updates, and flooding is used so that all OSPF routers have the same topology map
to make SPF calculations with.

Efficient flooding is achieved through the use of a reserved multicast address: 224.0.0.5
(AllSPFRouters). LSA updates, which indicate that something in the topology has changed, are
handled a bit differently. The network type determines the multicast address used for sending
updates. Table below contains the multicast addresses associated with LSA flooding. Point-to-
multipoint networks use the adjacent routers unicast IP address.

Once the LSA updates have been flooded throughout the network, each recipient must
acknowledge that the flooded update has been received. Its also important for recipients to
validate the LSA update.

SPF Tree Calculation

Within an area, each router calculates the best/shortest path to every network in that same area.
This calculation is based upon the information collected in the topology database and an algorithm
called shortest path first (SPF).

Its important to understand that this tree contains only networks that exist in the same area as the
router itself does. If a router has interfaces in multiple areas, then separate trees will be constructed
for each area. One of the key criteria considered during the route selection process of the SPF
algorithm is the metric or cost of each potential path to a network. But this SPF calculation doesnt
apply to routes from other areas.

OSPF Metrics

OSPF uses a metric referred to as cost. A cost is associated with every outgoing interface included
in an SPF tree. The cost of the entire path is the sum of the costs of the outgoing interfaces along
the path. Cisco uses a simple equation of 108/bandwidth, where bandwidth is the configured
bandwidth for the interface. Using this rule, a 100 Mbps Fast Ethernet interface would have a
default OSPF cost of 1 and a 1,000 Mbps Ethernet interface would have a cost of 1.

IS- IS Protocol
Intermediate System to Intermediate System (IS-IS) is a routing protocol designed to move
information efficiently within a computer network, a group of physically connected computers or
similar devices. It accomplishes this by determining the best route for datagrams through a packet-
switched network.

IS-IS is a link-state routing protocol, operating by reliably flooding link state information
throughout a network of routers. Each IS-IS router independently builds a database of the network's
topology, aggregating the flooded network information. Like the OSPF protocol, IS-IS uses
Dijkstra's algorithm for computing the best path through the network. Packets (datagrams) are then
forwarded, based on the computed ideal path, through the network to the destination.

Both IS-IS and Open Shortest Path First (OSPF) are link state protocols, and both use the same
Dijkstra algorithm for computing the best path through the network. As a result, they are
conceptually similar. Both support variable length subnet masks, can use multicast to discover
neighboring routers using hello packets, and can support authentication of routing updates.

While OSPF was natively built to route IP and is itself a Layer 3 protocol that runs on top of IP,
IS-IS is an OSI Layer 2 protocol. It is at the same layer as Connectionless Network Protocol
(CLNP).

Path Vector Protocol

A path vector protocol is a network routing protocol which maintains the path information that
gets updated dynamically. Updates which have looped through the network and returned to the
same node are easily detected and discarded. This algorithm is sometimes used in BellmanFord
routing algorithms to avoid "Count to Infinity" problems.

It is different from the distance vector routing and link state routing. Each entry in the routing table
contains the destination network, the next router and the path to reach the destination.

Path Vector Messages in Border Gateway Protocol (BGP): The autonomous system boundary
routers (ASBR), which participate in path vector routing, advertise the reachability of networks.
Each router that receives a path vector message must verify that the advertised path is according
to its policy. If the messages comply with the policy, the ASBR modifies its routing table and the
message before sending it to the next neighbor. In the modified message it sends its own AS
number and replaces the next router entry with its own identification.
Border Gateway Protocol is an example of a path vector protocol. In BGP, the routing table
maintains the autonomous systems that are traversed in order to reach the destination system.
Exterior Gateway Protocol (EGP) does not use path vectors.

It has three phases:

Initiation
Sharing
Updating

Border Gateway Protocol (BGP)

A Routing Protocol used to exchange routing information between different networks.

General operation:
Learns multiple paths via internal and external BGP speakers
Picks the best path and installs it in the routing table (RIB)
Best path is sent to external BGP neighbors
Policies are applied by influencing the best path selection

Terminology:
Neighbor
Any two routers that have formed a TCP connection to exchange BGP routing
information are called peers or neighbors
iBGP
iBGP refers to the BGP neighbor relationship within the same AS. The neighbors do not
have to be directly connected.
 eBGP
When BGP neighbor relationship are formed between two peers belongs to different AS
are called eBGP EBGP neighbors by default need to be directly connected.

BGP Attributes:
Well-known attributes must be supported by every BGP implementation
Mandatory attributes must be included with every route entry. If one attribute is
missing, it will result in an error message
Discretionary attributes every BGP router must recognize, but they dont have to be
present with every route entry
Optional attributes not necessarily supported by all BGP implementations. It can be
either transitive or non-transitive.

BGP is used internally (iBGP) and externally (eBGP)

iBGP
used to carry some/all Internet prefixes across ISP backbone and ISPs customer prefixes
eBGP
used to exchange prefixes with other ASes and implement routing policy