IP (Internet Protocol)

IP (Internet Protocol)

Also see below: IP 101

November 6, 2000
by Peter Morrissey

In many ways, the task of a router is very simple. It must look at the destination address of an IP packet and then forward the packet to another router or to a directly connected host. However, if you've ever attempted to get two devices to communicate on an IP network, you know that it doesn't always work.

In this Network Design Manual article we'll show you the steps involved in getting a packet from Point A to Point B on an IP network. We'll talk about the settings that are necessary on a host to communicate on a routed network and what they really mean. Once you understand this, you'll be able to ask the right questions when things don't go as expected and even do a little bit of your own troubleshooting.

Anatomy of an IP Address

When one host has data to send to another host, it sends it to its local IP process, which builds an IP packet for transmission on the network. The packet has a header, which includes the destination IP address as well as the source address of the local host. The destination and source IP addresses stay with the data until it arrives at the host so that all the routers it traverses know in what direction to send it. The source address provides the destination host with an address to which it can send its response.

To understand how this happens requires a deeper knowledge of the IP address. It's obvious that an IP address consists of four separate numbers, separated by dots. Each number represents one byte worth of data, limiting it to a range of 256 possible values, commonly represented as decimal values from 0 to 255 or binary values from 00000000-11111111.

One thing that is not so obvious is that each IP address is always divided into two sections. The first section always delineates the network address, or subnet. This is the part routers are primarily concerned with. The second section, combined with the first section forms a unique node address. The subnet mask is configured to tell the host or client which part is the network address and which part is the node address.

Subnet Masks

The subnet mask is a required setting on any host that communicates on an IP network. It is commonly represented in the same format as an IP address, except that the values usually are either 255 or 0. (Exceptions to this are becoming more common--we'll talk about those later). If you've ever seen a subnet mask, you will notice that a series of one or more 255 values are always designated in succession, followed by a series of 0 values. If you line a subnet mask up over an IP address by the dots, each number below a 255 will be part of the network address. The remaining numbers under the 0s will be the node address.

255.255.255.0	= mask
128.230.100.4	= IP address

With this type of subnet mask, the boundary between the network and node address is always on a dot between the last 255 and the first 0, sometimes referred to as the byte boundary.

What really matters to a computer of course is the binary representation. The above mask and IP address are represented in the following manner as binary:

11111111.11111111.11111111.00000000	Mask
10000000.11100110.01100100.00000100	IP Address

With the binary representation, an uninterrupted sequence of 1s in the mask, line up exactly over the subnet portion of the address. With this type of mask, seeing the binary version doesn't add any value, but later it will be necessary to see the binary data to fully understand masks that don't end neatly on one-byte boundaries.

Part of the decision as to how to set up the subnet mask is left to the network designer, but the subnet mask must be configured consistently throughout the network. Another factor that limits the definition of a subnet mask is its class. For example, with a "Class B" address, the first two bytes always have to be included in the network portion of the address, and thus the subnet mask will always start out with 255.255 or 11111111.11111111. With a "Class C" address, the first three bytes have to always be included in the network portion of the address. In this case the subnet mask would have to start with 255.255.255.

In each instance, there is a lot of flexibility in the way that the rest of the address is masked. The example above is a Class B address. The network address is 128.230.100. The node address is 4. The example above used a subnet mask of 255.255.255.0. This makes it possible to have 254 unique, routed networks or subnets because the mask can include the third byte in the network address. (You can't use 255 because that's reserved for broadcast address, and 0s, used in an older style of broadcast address, can't be used either; 0s at the end of an address are also used to symbolize network addresses.) Even though the first two bytes cannot be changed, the third byte can have any value from 1 to 254. This means that with a three-byte or 24-bit subnet mask, the following distinct networks or subnets are possible with the address:

128.230.1.0

128.230.254.0

There is one byte left over for node addresses, so each network or subnet will have 254 node addresses. If the minimum subnet mask of 255.255.0.0 were used, there could only be one routed network. But two bytes would be left over for node addresses. So the range of possible node addresses would be 128.230.1.1 to128.230.254.254 or approximately 65,000 nodes. The disadvantage of this is that you cannot divide your network into routed subnets.

With this particular address, if you divide only the subnet mask on the byte boundaries, you have 254 subnets limited to 254 nodes each, or you have one big network with 65,000 nodes. These two extremes have some obvious trade-offs. There may be cases where you would want more than 254 nodes on a routed subnet, but the other extreme flattens the network completely, giving you no ability to divide your network into routed subnets.

Fortunately, the subnet mask doesn't have to divide the network address and the node address on a dot boundary. In some cases it can be divided somewhere in between. When the network address and node address are not divided on a dot boundary, the subnet mask is called a variable-length subnet mask. A variable-length subnet mask is commonly represented in decimal form, such as 255.255.254.0. But its binary representation has to be considered to understand where the network address ends and the node addresses can begin. The following example uses a subnet mask of 255.255.254.0:

255.255.254.0	= mask
128.230.00.2	= IP address

To understand this, we'll have to look at it in binary form. Here the mask does not line up on the byte boundaries:

255.255.254.0	= 11111111.11111111.11111110.00000000	Mask
128.230.004.2	= 10000000.11100110.00000100.00000010	IP Address

One thing you should notice is that there are contiguous 1s from left to right in the subnet mask. This is one of the rules of a subnet mask: All the binary 1s have to be contiguous, and all the following 0s overlaying the node address have to be contiguous. A mask that doesn't follow this pattern is not valid. In any case, the valid node addresses are all possible numbers that can be represented under the 0s, so the lowest number is going to be: 128.230.4.1 or 10000000.11100110.00000100.00000001. And the highest number is going to be 128.230.5.254 or 10000000.11100110.00000101.11111110. You will also notice that this mask has one less one bit than the previous mask. This is sometimes referred to as a 23-bit mask.

11111111.11111111.11111110.00000000	= 255.255.254.0	= mask
10000000.11100110.00000100.00000000	= 128.230.004.0	= network address
10000000.11100110.00000100.00000010	= 128.230.004.2	= node address
10000000.11100110.00000100.00000001	= 128.230.004.1	= lowest possible node address
10000000.11100110.00000101.11111110	= 128.230.005.254	= highest possible node address

Because subnet masks have to be contiguous 1s followed by contiguous 0s, the last byte of a subnet mask can only have the following binary or decimal values:

11111111	= 255
11111110	= 254
11111100	= 252
11111000	= 248
11110000	= 240
11100000	= 224
11000000	= 192
10000000	= 128
00000000	= 0

Broadcast Addresses

There are times when a device has to send an IP packet to every node on a network. In such an instance, it will use the broadcast address of that network. The subnet mask is also used to derive the broadcast address. This is done by replacing all of the binary digits in the node address, as governed by the trailing 0s in the mask, to values of binary ones. This is combined with the network address, which results in the broadcast address. Following is the broadcast address that would go with our above example.

11111111.11111111.11111110.00000000	= 255.255.254.0	= mask
10000000.11100110.00000100.00000000	= 128.230.004.0	= network address
10000000.11100110.00000101.11111111	= 128.230.005.255	= broadcast address

Broadcast addresses also are easier to figure out when the masks end on the one-byte boundaries. When this is the case, it can easily be represented in decimal by substituting decimal 255s in place of the bytes where the mask indicates the node address belongs. Here's an example:

255.255.255.0	= mask
128.230.4.0	= network address
128.230.4.255	= broadcast address

To Route or Not to Route

The rules of IP networking dictate that any time a host has an IP packet to transmit, it must first determine whether the destination IP address is on its own network or another network. If the address is not on its own network, the host must send that packet to a router. The host determines this by comparing the network portion of its own address with the network portion of the address with which it wants to communicate, or the destination IP address.

At this point in the process, the subnet mask comes into play. The subnet mask determines how much of the address is the network address. By doing so, it helps ascertain the comparable portion of the host's and the destination' s IP address. If the network portion of the addresses is different, the packet is sent to the router; if it is the same, a router is not needed. The packet can be sent directly on the local network.

In the following 23-bit mask example the destination address is on the same network as the source IP address. The portion of the destination address directly beneath the contiguous binary 'ones' of the mask address is the same as that of the source address:

11111111.11111111.11111110.00000000	= 255.255.254.0	= Mask
10000000.11100110.00000100.00001000	= 128.230.004.8	= Source IP address
10000000.11100110.00000101.00010000	= 128.230.005.16	= Destination IP address

If the mask is changed to a 24-bit address, the result will be different. Here, those sections of the source and destination addresses overlaid by the binary 'ones' of the mask are different, thus proving the addresses are on different networks:

11111111.11111111.11111111.00000000	= 255.255.255.0	= Mask
10000000.11100110.00000100.00001000	= 128.230.004.8	= Source IP address
10000000.11100110.00000101.00010000	= 128.230.005.16	= Destination IP address

In this example, the packet must be sent to the router. It's because of such differences that every host has to have a router or gateway address configured. If a host can communicate with other hosts on its own subnet but not with those not on its subnet, then either the mask or the router address is incorrectly configured on the host.

IP Over Ethernet

It's important to remember that IP operates on layer 3 of the OSI model. But for IP's bits to be physically transmitted on a network, it must rely on the protocols in layers one and two of the OSI model. Enter Ethernet.

At this point it is important to remember that data on an Ethernet network cannot move from point A to point B without knowing the Ethernet address of point B. Also, an Ethernet NIC (Network Interface Card) will ignore all Ethernet packets without an Ethernet address as the destination address. The only exception is the Ethernet broadcast address, which turns the destination Ethernet address to all binary 'ones.'

Continuing with the example above, once packet transmission via the local network vs. the router is determined, another step is necessary. This step involves the Address Resolution Protocol (ARP). ARP sends a broadcast out on the network using the IP broadcast address discussed earlier. This broadcast, at which all network devices will look, includes a query for the Ethernet address of the device with the destination IP address.

Every device on the local network-note, the router will not propagate the broadcast to other networks--will then look at the Ethernet packet, and the device with the destination IP address in question will respond to the Ethernet address query. Once this address is received, the transmitting host can place the IP packet inside an Ethernet frame and send it to the destination host. When that host receives the packet it throws away the Ethernet frame, leaving the IP packet.

Packet transmission via a router is no different. If the destination IP address is on another network and has to be sent through a router, ARP must still determine the Ethernet address of that router. And like the host, when the router receives the packet it strips off the Ethernet address. Remember, routers are only interested in the destination IP address.

Routing

When a router receives a packet, it is really only concerned with the packet's destination network address. This is the only information the router needs from the packet to do its job.

Like hosts, routers use masks to determine the extent of the network address within the destination IP address. Every router keeps a table listing all the networks it knows, along with the interface it needs to transmit the packet in the right direction. This is called a routing table. Also like a host, a router uses masks to determine whether it is directly connected to a network, automatically adding a corresponding entry to its table. It is possible to manually enter routes into a routing table. These are usually called static routes.

If there is only one router in the network, then it isn't necessary to worry about anything other than directly connected networks. If there are a few networks that are not directly connected, then it will be necessary to tell the router the direction in which to send packets destined for the network. This can be done by manually configuring the routes. If there are numerous routes, then it will be necessary to rely on routing protocols to do this automatically.

Routing protocols give routers the ability to automatically inform each other of any directly connected routes. Not all routing protocols are created equal, though. For example, with some routing protocols, such as RIP version 1 and IGRP, only one subnet mask can be used on the whole network. With other protocols, it is possible to have different subnet masks on different parts of the network. The next section, "Choosing an Interior Gateway Routing Protocol," will talk more about routing protocols.


	Sidebar: Routing vs. Switching Traffic will not propagate across a router unless it is sent to the router's interface using the router's Ethernet address, and it must have a destination IP address that the router is aware of. For this reason, routers provide a good means for filtering and segregating traffic. Switches can provide traffic filtering as well, but they operate strictly at layer 2. A switch forwards packets based on their Ethernet addresses. Switches determine the Ethernet addresses of devices attached to every port by watching incoming packets' source Ethernet addresses and building routing tables accordingly. To determine where to forward a packet, a switch looks at its destination Ethernet address, consults the forwarding table and then forwards traffic via the correct port. While switches do not alter the contents of the packet, routers do. When a router receives a packet from an Ethernet network, the first thing it does is strip off the Ethernet header to examine the packet's destination IP address. The router then consults its routing table and forwards the packet accordingly.

Troubleshooting Tips

A handy tool for troubleshooting routed networks is the "traceroute" utility. By entering the traceroute command followed by the destination IP address that you are trying to reach from a UNIX workstation, you will be given the IP address of every router that is reachable along the path between the two machines. The command looks like this:

traceroute 192.168.25.1

Similarly, you can run Microsoft's version of this command (tracert) from the DOS command line on an NT or Win9x machine.

The "ping" command is also an indispensable tool for troubleshooting basic communications problems. It is available on Microsoft, UNIX and Novell hosts. Ping followed by a destination IP address will attempt to send a packet to the destination host. The host will then echo a reply. On a Unix machine, this command looks like this:

ping 192.168.25.1

If your machine is able to communicate with local hosts but not with hosts on the other side of a router, the most common cause is either a misconfigured router address or subnet mask. If you run into this problem, be sure double check your router and subnet mask settings before you start worrying about the network. The easiest way to check the current configuration on a Windows 9x host is to run the "winipcfg" command. On an NT host, it's slightly different, "ipconfig." You can get this information from a UNIX host by running the following command.

ifconfig -a

Once you've verified that these settings are correct, you can ping the router's address to verify that it is reachable. If you still cannot reach the destination host, it's certainly possible that there is a network problem between the host and the router.

Choosing an Interior Gateway Protocol

When you enable routing protocols and their corresponding processes, you unleash a powerful, dynamic force that automates the population of routing tables on your network. But using any major IGP (Interior Gateway Protocol), such as RIP/RIP2, OSPF or IGRP/ EIGRP has trade-offs.

The first rule of thumb is to implement IGPs only where a single administrator has responsibility for the operation and performance of the network. Otherwise, you can expect serious problems such as configuration errors, which may bring down the network or cause stability problems. In addition, when problems occur, you'll want to be able to fix them quickly without waste time arguing about which administrator caused them. For networks where many administrators share responsibility, such as the Internet, consider an EGP (Exterior Gateway Protocol), like BGP4. We'll explore BGP3 in the next section.

If you have only one router, you may not need a routing protocol, which is necessary only where you have multiple routers that need to share information. Even then, if you have only a handful of networks, you can update the tables manually via static routes, though they don't scale very well. That's where routing protocols come into play.

Routing Information Protocol

The Routing Information Protocol (RIP) is based on a program called "routed" that was developed to run on the BSDI version of Unix. It was standardized in RFC 1058 in 1988. Version 2, specified in RFC 1388, added support for VLSMs (Variable Length Subnet Masks), but it did not address the protocol's major weaknesses: delay. In networks with multiple paths to the same destination, for instance, it takes some time before RIP will move to use an alternative path.

In spite of the popular phrase, "RIP: May it RIP," RIP is well tested, widely implemented and ideally suited for networks without redundant routes. RIP v.1 is still used to support most of Syracuse University's 10,000-node network. It does the job, and the university has not suffered a serious network outage in over two years.

RIP is classified as a distance vector protocol, which means it uses distance, as measured in routing hops, to determine a packet's optimal path. Routers send out advertisements to one another every 30 seconds. Each router that receives a given advertisement increases the hop count by one. If advertisements are received from multiple routers, the path to the router with the lowest hop count is the path chosen. Should the preferred route be unavailable, the route with the higher hop count is used as a backup.

With RIP as well as other routing protocols, the routers on a network must go through a process to determine alternate paths when one path becomes unavailable. This process is called convergence. As stated above, the fact that RIP takes a long time to converge is a major problem. RIP was designed to wait until it has missed six updates, totaling 180 seconds, before it will consider a route unreachable. It then waits for the next advertisement of another available route before it updates the routing table with the new route. This means at least three minutes will pass before a backup route can be used, which is certainly long enough for most users to notice a lag and for most applications to time out. Of course this latency won't pose a problem, if you have only one route to any destination anyway.

The other fundamental problem with RIP is that it ignores the speed of links involved when choosing a path. For example, if one path consisting entirely of Fast Ethernet links is one hop further away than a path that includes a 10-Mbps Ethernet link, the path with the slower 10-Mbps Ethernet link will be incorrectly selected as optimal.

The original version of RIP was unable to use VLSMs, which kept administrators from slicing and dicing address space to make the most efficient use of limited IP addresses. RIP 2 fixes this by advertising the subnet mask in use with every routing advertisement. Because the earlier version did not advertise a subnet mask, it had no way to convey the details of different-length masks for different networks or subnets.

Routing protocols should also prevent your packets from going in circles, or falling into routing loops, a problem that affects networks with redundant links. RIP assumes that if there are more than 15 routing hops from one end of a network to another, loops must be involved. Therefore when a route reaches 16 hops it considers it to be unavailable. Obviously, this limits RIP to networks in which no more than 15 routers must be traversed.

Obviously, RIP's biggest problems involve larger networks with redundant paths. If your network does not have redundant paths, RIP should work just fine. It is an Internet standard implemented by just about every vendor that supports routing. RIP is implemented in most server operating systems and is very easy to configure and troubleshoot. If you have a larger network, or one with redundant paths, however, you should seriously consider one of the other routing protocol choices.

Editor's Note: Tune in next week, as we tackle alternatives to RIP such as the venerable OSPF Version 2.

OSPF Version 2

OSPF (open shortest path first), an Internet standard like RIP, was designed to aggressively address RIP's shortcomings. It was first standardized in RFC 1247 in 1991. The latest version, OSPF v.2, can be found in RFC 2328 (version 1 was never implemented). Unlike RIP, OSPF is a link-state routing protocol, which means that routing changes are based on the status and speeds of the physical links in the networked routers. Moreover, these changes are immediately propagated to every router on the network.

When an OSPF router is first activated, it uses OSPF's "hello protocol" to discover any neighbors to which it is connected. It then exchanges link-state information with these routers in the form of LSAs (link-state advertisements). Using this information, each router creates a database that consists of every interface, its corresponding neighbor and a metric representing the speed of that interface. Each router then uses LSAs to pass this information along to all neighboring routers. Every LSA that a router receives from a neighbor is passed along to its other neighbors in turn until every router receives the LSAs of every other router in the network.

It's important to note that a link-state database is distinct from a routing table. From LSA information, each router calculates a path to every destination on the network, building a tree with itself at the root. This comprises its SPF (shortest path first) tree, which forms the basis of the routing table. LSAs are exchanged every 30 minutes, unless there is a change in network topology. If an interface goes down, for example, the information is propagated across the network at once.

If there is a redundant path, the convergence will last as long as it takes to recalculate the SPF tree and update the routing tables for the affected network. This can happen in a few seconds or less, depending on the size of the network. Because of these calculations, routers running OSPF require more CPU resources. This becomes even more critical on an unstable network where interfaces are up and down frequently and a lot of CPU resources are required on the router. The flooding of LSAs may also cause problems on WAN links if they happen too frequently.

One way that OSPF compensates for increased CPU and memory demands is by dividing the network into separate, hierarchical domains, called areas. Routers exchange LSAs only with other routers in their own areas. There is also a backbone area known as Area 0. All areas must be adjacent to Area 0. A border between two areas is defined on an ABR (area border router). ABRs have at least one interface in Area 0 and one interface in another non-backbone area.

The best designed OSPF networks contain contiguous networks to each area, which can be summarized on the backbone through VLSMs (variable-length subnet masks). This makes it possible to describe multiple networks in one routing table entry. The rule of thumb is that there should be about 50 routers per area, but this can vary based on the number of interfaces per router and their stability.

Where RIP is unable to consider the speed of interfaces in determining the best path through the network, OSPF is able to consider a "cost" that is derived by the speed of each interface. However, the formula for determining the cost is not standardized so the default settings may vary.

In all, OSPF is a powerful alternative to RIP, but it makes many demands on router resources and requires more planning. If you're running RIP and it isn't causing you any problems, it may pay to stick with it. But if you want to take advantage of redundant links on your network with a standards-based protocol, OSPF is the way to go.

Enhanced Interior Gateway Routing Protocol

In Cisco shops, there are some advantages to implementing Cisco's EIGRP protocol (enhanced interior gateway routing protocol), the successor to IGRP. For one, it quickly propagates changes in link status, much like OSPF but with less overhead. The biggest disadvantage of EIGRP, however, is that it's not a standard, so it locks you into Cisco products.

Like OSPF, EIGRP routers discover their neighbors and exchange hello packets. EIGRP sends hello packets every five seconds. If three are missed, the neighboring router is considered dead and alternative routes are used. EIGRP also sends incremental updates regarding topology changes on an as-needed basis. And unlike RIP, it doesn't use bandwidth to advertise regular updates.

EIGRP calls the next router in the path toward a network destination a "successor." It also keeps track of the next-hop routers that can provide loop-free backup routes, which it calls "feasible successors." This information is tracked in a topology table. If a route becomes unavailable, the topology table can be quickly consulted for feasible successors. If it finds one, convergence is instantaneous. If none are found, the router will start querying local neighbors for another route, and update its topology table and router table accordingly.

For instance, when a link state changes on a local router, it will recompute its topology table based on the new information. Where OSPF would immediately flood the change in link state to every router on the network, EIGRP will only involve routers that are directly affected by the change. This uses bandwidth as well as router CPU resources more efficiently. Also, EIGRP won't use more than 50% of the available bandwidth, resulting in big gains on low-bandwidth WAN links. Another advantage of EIGRP is that it supports Novell/IPX and AppleTalk environments. This could mean less training for workers in multiprotocol environments.

Multihoming With BGP

If you work for an ISP, you probably have an appreciation of the BGP (Border Gateway Protocol)'s built-in flexibility and protection. BGP was designed for multiple communicating networks with no single administrative entity, so it's tailor-made for the Internet. On the other hand, if you work at an organization with an Internet connection, you may not even have to bother learning how to spell BGP, much less how it works. You can get along by using a default route that points all external traffic to your ISP and let its staff work out the details. However, if you're thinking of adding another Internet connection to a second ISP for backup purposes or load-balancing, you'd better familiarize yourself with BGP. Note: We highly recommend that you work closely with your ISP before experimenting with features that propagate outside your network.

What Is BGP?

BGP is the only widely implemented EGP (Exterior Gateway Protocol) and the only routing protocol used to link networks to one another on the Internet. BGP was first specified in 1989 in RFC 1105. Version 4 was specified in 1994 in RFC 1654 and updated in RFC 1771. There have also been a number of documented extensions. Version 4's most significant contribution is its ability to aggregate advertisements from multiple contiguous routes in one routing-table entry. This is known as CIDR (Classless Interdomain Routing). BGP4 was implemented when big routing tables began overwhelming routers. What CIDR does is protect you from many potential outages and instability on the Internet, and provide great relief for address depletion by more efficiently dividing addresses.

When enabled, BGP4 establishes relationships with adjacent routers, referred to as neighbors. Unlike OSPF (Open Shortest Path First) and EIGRP (Enhanced Interior Gateway Routing Protocol), which will automatically discover routing neighbors, BGP won't exchange routing-table information until both routers have configured one another's IP addresses and ASNs (Autonomous System Numbers) on their corresponding interfaces. Once this is completed, the neighboring routers are considered peers.

Neighboring routers send small "keep-alive" messages to one another. If a neighbor stops receiving keep-alive messages for a predefined "hold time," it will update its routing table to reflect the loss in available routes. BGP also sends incremental updates when routes become unavailable. Otherwise, the full routing tables are exchanged only when two routers first establish or re-establish a peering relationship as described above.

BGP is a Path Vector Protocol, which is similar to a Distance Vector Protocol, but with a key difference. A Distance Vector Protocol chooses routes based on the hop count (or routers traversed) and link speeds. BGP, in contrast, chooses a route that traverses the least number of ASes (Autonomous Systems). As a routing advertisement passes through an AS, it prepends (adjusts the path length advertised) the ASN of the origin AS to the path of other ASes it has traversed. By default, the path with the fewest ASNs is stored in the routing table as the optimal path to a destination network. One AS can contain multiple routers, so it's possible for the actual hop count to be higher than the AS path indicates.

BGP Optimization

With BGP's built-in flexibility, however, you can enhance this default behavior. For instance, you may want to control the path traffic takes as it leaves your network. When peering with multiple neighbors in an external AS, or in different external ASes, there will be multiple paths to the same destination network. By default, BGP determines the optimal path by picking the route that traverses the fewest number of ASes. However, BGP does not take link speed or network load into consideration when computing paths, so the shortest path may not be the optimal one.

You can get around this by using BGP's Local-Pref attribute, which forces BGP to take a particular next-hop route in a scenario with multiple choices. You simply tell the router that all, or even some, of the routes advertised to one of your router interfaces should receive a higher Local-Pref weight than the same routes advertised to another interface. Because Local-Pref is always considered before the computed path distance, the interface you designate with the highest Local-Pref will be chosen as the best route.

Controlling traffic as it comes back into your network is more difficult. With geographically diverse networks, where one ISP connection is a lot closer to one part of the network than to another, you may want to use the MED (multiexit discriminator) attribute, which specifies the path external traffic should use when destined for one of your internal networks. Although the MED attribute is a simple way to control incoming traffic, it will work only if both Internet connections go to the same ISP, since it won't be propagated outside that ISP's AS. Of course, prepending is another way to control incoming traffic.

BGP routing can also be controlled through the community attribute that puts a predefined code on a group or community of routes so the receiving router takes a predefined action based on the value of that code. This code can be user-defined, but the most common is a reserved or well-known community, called No-Export. When a BGP router sees a route come in with the No-Export community, it will not advertise the route outside its own AS. This can be handy for balancing incoming traffic.

The ISP Balancing Act

You'll most likely use BGP if you have multiple connections to the Internet. But if you're interested only in load-balancing, you'll want to stick with one ISP. For redundant ISPs, you'll need two ISPs, and balancing the load will be more difficult.

When you have one ISP and one router at your end, balancing outgoing traffic can be simple, and you have the most control over the paths your packets traverse. In fact, if both interfaces are on the same router at your end, you can even avoid BGP. For example, Cisco Systems gives you the ability to load-balance between two static routes. It's possible that your ISP could do the same for the traffic entering your network.

As we discussed above, you can use the MED attribute to control how traffic enters your network, as long as both connections go to the same AS. If both connections go to the same ISP, there's a very good chance both connections will go to the same AS. For traffic leaving your network, you can also use the Local-Pref attribute to control how traffic leaves your network.

BGP should automatically take care of failing over from one ISP to another and thus provide redundancy with its default settings. However, load-balancing with multiple ISPs can be very challenging. The best approach is to start with the default BGP settings and monitor the transmitted and received traffic. Once you get a baseline, use the Local-Pref attribute to fine-tune traffic leaving your network based on the destination external network or on the AS. There are more than 60,000 networks advertised on the Internet, so target routes with the highest traffic levels. You can always experiment by switching preferred routes from one ISP to another if you get response-time complaints.

You may also need to balance the traffic coming back into your network. One common way to do this is to insert extra AS numbers in the advertisements as discussed above. This works best if you're advertising multiple, internal networks. You can then make the advertisements for one network look better than those for another and force the traffic back into your network via the corresponding ISP pipes.

Another approach is to limit the traffic on one ISP connection to that ISP--and all its customers--and let the rest of your traffic use the other ISP. This works well if much of your traffic rests with the customers of one of your ISPs. The approach also works well if you're using VPNs (virtual private networks) to connect your branch offices or partners on the same ISP. You can use the No-Export community feature to make sure your network isn't advertised beyond that ISP's network. This will take care of incoming traffic. You can also use the Local-Pref attribute to control outgoing traffic by making sure outgoing traffic is restricted by the ISP's ASN.

The drawback to this approach is that you sacrifice some redundancy. If the connection to your ISP that talks to the whole Internet goes down, your other connection can't take over unless you turn off the No-Export option. In this way, the only traffic that will know how to reach your network will still be restricted to that ISP's customers.

BGP provides a lot of control over the destiny of your Internet traffic. But be sure to work closely with your ISP when implementing these options. When you communicate with the Internet that intimately, you must make sure you don't cause any problems. Moreover, if you'll be accepting routes from the Internet, you'll need to invest in lots of memory and CPU for your routers. You should have at least 64 MB available, if you're accepting a full routing table from one ISP. You'll need to double that if you're accepting full routing tables from two ISPs in one router. Also, before you sign up with an ISP, be aware that there's no guarantee the ISP will even advertise a network that's been provided by another ISP. Make sure your new ISP can provide the redundancy and load-balancing you expect.

Anatomy of a Route Map

Below you can find an example configuration of two route maps and their associated commands as they appear in a Cisco router. Route maps associate BGP features or attributes with specific routes. They are applied on a per-neighbor basis (1), where they are referenced by name and told whether to apply the map to incoming (in) or outgoing (out) routing updates.

There can also be a series of route map statements (3) that are identified by their route map name. The statements include line numbers that determine the order in which those statements are read. Each statement has a condition established by the "match" command and/or an action established by the "set" command. The match command can refer to an access list (2) to identify a route based on its network address. A special "AS path access list" can be used to make a match based on the AS number. The AS path access list can use regular expressions to search for patterns.

Route map SET-LOCAL-PREF, highlighted in red, is applied to routing updates coming in from 10.1.4.2. Line 10 looks to the AS path access list to find updates coming from AS 20. If a match is found, a Local Preference of 300 is applied. If no match is found, however, the process proceeds to Line 20, which applies a Local Preference of 300 to the remaining routes.

Two route Maps and all their associated commands.

The NON-TRANSIT-FILTER route map, highlighted in blue, refers to access List 20 to permit networks that start with 172.25 (the internal network) and deny everything else. It prevents Internet advertisements from being readvertised back to the peer at the ISP.

Preparing for Multihoming

Step 1: Registration: If you want to participate in BGP routing on the Internet, you need to apply for a unique ASN (autonomous system number) at www.arin.net. Processing takes a few weeks and costs $500, plus an annual fee.

Step 2: Design: It's important for you to give some thought to how you'll integrate BGP with the rest of your network. Keep in mind that you'll want to run BGP only at the edge of your network. If you have multiple routers that are connected to the Internet, you can run BGP between them. This is commonly known as iBGP. However, whenever possible, you'll want to isolate your network from the large routing tables and consequently the instability that's common to the Internet. Instead, use default routes that send traffic destined for the Internet to one of your routers running BGP. To direct external traffic from your BGP routers back into your network, run your IGP (interior gateway protocol) on your BGP routers. Just don't redistribute the BGP routes into your IGP.

Step 3: Configuration: BGP is enabled with the "router" command, which references the ASN. The recommended "no synchronization" command lets BGP advertise the internal network without having to wait to hear updates from the internal network. The "network" command indicates which networks on the router are participating in BGP. The "neighbor" command establishes peering with a router in another AS. It's also used to activate other BGP options that are relevant to that neighbor.

Step 4: Basic BGP configuration on Cisco router:

	router bgp 5
	no synchronization
	network 172.25.0.0
	neighbor 172.25.4.2 remote-as 20

What About Quality of Service?

One reason to add multiple Internet connections is to distribute load. If you think you can avoid this as long as you ensure that your most important traffic gets through, think again.

You can set up such assurances on a per-interface basis for traffic leaving your network. For example, with Cisco routers you can set up a "priority list" that will give preferences to different applications based on requested TCP ports. Other vendors have similar features in their equipment.

Traffic entering your network is another story. Your ISP controls such traffic, and unfortunately, most ISPs don't offer such services. But there are a few notable exceptions. Concentric Network Corp. (www.concentric.com) has announced it will provide varying levels of Quality of Service (QoS) with its VPN service. And Concert (www.concert.com), the AT&T and BT joint venture, has announced it will provide three priority levels using the emerging DiffServ standard for classifying packets based on the first six bits of the ToS (type of service) field found in the IP header.

DiffServ, outlined in RFC 2474 and 2475, is backward-compatible with an earlier scheme that uses the first three bits of the ToS field and offers 64 levels of service. However, DiffServ won't guarantee bandwidth. Another standard, RSVP (Resource Reservation Protocol), attempts to reserve a specific level of bandwidth from end to end. If the bandwidth is unavailable, it tries again later. RSVP's advantage is that once the bandwidth is reserved, there's no danger additional traffic will cause problems, because it will be simply refused. On the down side, RSVP doesn't scale very well with a large number of connections because the participating routers must set up and track the state of every connection. DiffServ probably will become the preferred ISP QoS implementation because it can aggregate all connections into the predefined levels of QoS.

Unfortunately, if you think it's taking a long time for ISPs to step up to the plate with QoS services, it's going to take a lot longer to get end-to-end QoS when crossing ISPs. The services mentioned above only will work for traffic that is kept within an ISP's network. An ISP cannot map QoS levels to another ISP and guarantee that they will be followed.

HERE IS ANOTHER ARTICLE I FOUND USEFUL!

IP 101: All About IP Addresses

By Chris Lewis The key to understanding IP, and all of the issues related to IP, is knowing what a routing table looks like and the effects each IP topic has on the entries in a routing table. To begin with, let's review the basics. IP addresses are 32 bit numbers, most commonly represented in dotted decimal notation (xxx.xxx.xxx.xxx). Each decimal number represents eight bits of binary data, and therefore can have a decimal value between 0 and 255. IP addresses most commonly come as class A, B, or C. It's the value of the first number of the IP address that determines the class to which a given IP address belongs. Class D addresses are used for multi-cast applications.

(For a full explanation of class D addresses, refer to "Diving Through the Layers" .) The range of values for these classes are given below.

Class   Range    Allocation
A       1-126    N.H.H.H
B       128-191  N.N.H.H
C       192-223  N.N.N.H
D       224-239  Not applicable




N=Network
H=Host




Note 1: 127.0.0.0 is a class A network, 
but is reserved for use as a loopback address 
(typically 127.0.0.1).
Note 2: The 0.0.0.0 network is reserved for use as the default route.
Note 3: Class D addresses are used by groups of hosts or routers 
that share a common characteristic: e.g. all OSPF devices 
respond to packets sent to address 224.0.0.2
Note 4: Class E addresses exist (240-248), 
but are reserved for future use

The class of an address defines which portion of the address identifies the Network number and which portion identifies the Host, as illustrated above, as N and H.

So, without any subnetting (which we will come to a little later), a routing table will keep track of a) network numbers, b) the next hop router to use to get to that network, and c) the interface this next hop router is reachable through. A simple network with the corresponding routing table for a Cisco router is illustrated below.

C     199.2.2.0   directly connected   Ethernet 0
C     10.0.0.0    directly connected   Token-ring 1
C     152.8.0.0   directly connected   Ethernet 1
I     200.1.1.0   via 152.8.1.2        Ethernet 1

Since Cisco doesn't give headings for these columns, you need to know what each column consists of. The first column of the routing table indicates how the network number was discovered. C stands for Connected and I indicates the network was learned from the IGRP routing protocol. For a full description of the routing table as it appears in a UNIX host and a Cisco router, refer to "Should RIP Rest In Peace" .

The important thing to realize is that while a routing table keeps track of network numbers, no one assigns a network number to any piece of equipment. Every interface of a router or host connected on the network must have an IP address and a subnet mask defined (many pieces of equipment will assign a default subnet mask if none is applied). From this IP address and subnet mask, the network number is derived by the IP stack and tracked in the routing table.

(This is the exact opposite of what happens in a NetWare network. In NetWare, you assign a network number to a server LAN card, which is used by all workstations on that wire. The workstations use MAC addresses as IPX node numbers.)

Routing tables can get very large. Internet backbone routers can have over 40,000 routes defined in them. In most corporate networks, the routing table is much smaller, as there are not so many subnets that need to be reached.

Many large routers, particulary internet routers, use a method called Classless Interdomain Routing (CIDR) to reduce the number of entries a router needs in its routing table. If we imagine, for instance, that all the Class C addresses that start with the value 194 are allocated for use in Europe, it would significantly reduce the number of entries in Internet routers in the US if there was only one entry for all these class C addresses, rather than a separate entry in the routing table for each one. CIDR works if (as in this example) all the networks with the first octet value of 194 are physically located in one area of the network.

IP addresses are used to deliver packets of data across a network and have what is termed end-to-end significance. This means that the source and destination IP address remains constant as the packet traverses a network. Each time a packet travels through a router, the router will reference it's routing table to see if it can match the network number of the destination IP address with an entry in its routing table. If a match is found, the packet is forwarded to the next hop router for the destination network in question (note that a router does not necessarily know the complete path from source to destination--it just knows the next hop router to go to). If a match is not f ound, one of two things happens. The packet may be forwarded to the router defined as the default gateway, or the packet may be dropped by the router. (In the language of TCP/IP, a gateway is a router.)

Packets are forwarded to a default router in the belief that the default router has more network information in its routing table and will therefore be able to route the packet correctly on to its final destination. This is typically used when connecting a LAN with PCs on it to the Internet. Each PC will have the router that connects the LAN to the Internet defined as its default gateway.

A default gateway is seen in a routing table of a host as follows: the default route 0.0.0.0 will be listed as the destination network, and the IP address of the default gateway will be listed as the next hop router.

If the source and destination IP addresses remain constant as the packet works its way through the network, how is the next hop router addressed? In a LAN environment this is handled by the MAC (Media Access Control) address, as illustrated below. The key point is that the MAC addresses will change every time a packet travels though a router, however, the IP addresses will remain constant.

                       PC1    Router E0   Router E1   PC2
MAC Address            M1     M2          M3          M4
Software (IP) address  11     12          13          14


A packet sent from PC1 to PC2 will look like this at point A:

 Destination  Source  Destination Source   Data
    MAC        MAC        IP        IP

     M2         M1        14        11    1001001

A packet sent from PC1 to PC2 will look like this at point B:

 Destination  Source  Destination Source   Data
    MAC        MAC        IP        IP

     M4         M3        14        11    1001001

Subnet Masks
Subnet masks are essential tools in network design, but can make things more difficult to understand. Subnet masks are used to split a network into a collection of smaller subnetworks. This may be done to reduce network traffic on each subnetwork, or to make the internetwork more manageable as a whole. To all intents and purposes, each subnetwork functions as if it were an independent network, as far as entries in the routing table are concerned. The illustration below shows how a routing table looks when subnet masks are used on a network.

Interface configuration for router 1

Interface IP Address  Subnet mask
E0        150.4.2.1   255.255.255.0
E1        150.4.3.1   255.255.255.0
E2        150.4.1.1   255.255.255.0


150.4.0.0 is subnetted with three subnets
c    150.4.1.0   directly connected   Ethernet 2
c    150.4.2.0   directly connected
   Ethernet 0
c    150.4.3.0   directly connected   Ethernet 1

As you can see, the routing table notes that the class B network is subnetted, and recognizes each subnet as a separate entry in the routing table.

As the subnet mask is the area that causes most confusion, let's look more closely at how the subnet mask works.

Communication between a node on a local subnetwork and a node on a different subnetwork is like communication between nodes on two different networks. To a user, routing between subnetworks is transparent. Internally, however, the IP software recognizes any IP addresses that are destined for a subnetwork and sends those packets to the gateway for that subnetwork.

When subnet masks are used, an IP address is interpreted as follows:

[IP address] = [Network address][Subnetwork address][Host address]

This shows that when a network is divided into subnetworks, the host address portion of the IP address is divided into two parts, the subnetwork address and the host address.

For example, if a network has the Class B IP network address portion 129.47, the remainder of the IP address can be divided into subnetwork addresses and host addresses. This division is controlled by the network administrator to allow the most flexibility for network development at the site.

A subnet mask is the mechanism that defines how the host portion of the IP address is divided into subnetwork addresses and local host address portions. The subnet mask is a 32-bit, (four byte) number, just as an IP address is.

To understand the mechanics of the subnet mask, it is important to know a little of binary arithmetic. We will go through the process of working out how subnet masks work longhand, then show a shortcut.

In binary numbers, the only digits available are 0 and 1. The rightmost digit of a binary number represents the amount of ones in the number (either 0 or 1). The next number represents the amount of twos, either 0 or 1, the next number, the amo unt of fours etc. Thus to convert the eight bit binary number 01101001, to the more familiar decimal, we need to use the map below:

128 64 32 16 8 4 2 1



  0  1  1  0 1 0 0 1

Thus, the binary number 01101001 is in fact 105 in the more familiar decimal notation. If you have eight zeroes in a binary number, the decimal value is obviously zero. If you have eight ones, the decimal value is 255.

To see how a subnet mask splits up the host portion into subnet address and host address, it is necessary to convert both the IP address and the subnet mask to binary numbers. Once the IP address and subnet mask have been converted to binary, a logical AND is performed between the address and subnet mask (which means the resultant value is 1 if both IP and subnet mask value are a 1; otherwise the result is zero). Let's look at an example:

IP Address  : 201.222.5.121
Subnet Mask : 255.255.255.248

201.222.5.121 : 11001001.11011110.00000101.01111 001 255.255.255.248 : 11111111.11111111.11111111.11111 000 Subnet : 11001001.11011110.00000101.01111 000 201. 222. 5. 120

Thus, the resultant subnet address is 201.222.5.120. This subnet mask is said to have five bits in the subnet field, which leaves three bits to define hosts. (Note that the last three bits of the fourth byte are separated off to show the effect of the subnet mask.) With three binary bits, there are eight possible values (0 through7). However, there are only six of these addresses that can be used for hosts on this subnet. This is because the first and last values are reserved. The first is reserved as identifying the subnet number itself and the last is the broadcast address for that subnet. This is shown for our example IP address and subnet mask below:

IP address = 210.222.5.121
Subnet Mask = 255.255.255.248
Subnet Address = 201.222.5.120
Usable Host Addresses on Subnet = 201.222.5.121 - 201.222.5.126
Subnet Broadcast Address = 2 01.222.5.127

It is good to work through a few example to understand how it works. Try to work out the subnet address, usable host addresses and broadcast address for the following:

IP address = 164.2.34.35
Subnet mask = 255.255.255.224

IP address = 101.2.3.18
Subnet Mask = 255.255.0.0

(The answers are given at the end of this article.)

For subnetting the last octet (which is the most common task) the quicker way to work it out is as follows: subtract the value of the last octet of the subnet mask from 256, and that will tell you how many IP addresses there are in the subnet.

For example, with a subnet mask of 255.255.255.224, take 224 from 256 and you get 32. This tells you that for a subnet mask ending in 224, you are splitting the network number into subnets that have 30 usable IP addresses in them (remembering that the first and last IP address in a subnet is not useable for host addressing).

An alternate method that works for subnets that extend in to the third octet (such as 255.255.192.0) starts with writing down the subnet mask in binary.

Look at the decimal value of the rightmost 1 in the subnet mask.

This decimal value tells you what increment in the IP address puts you into a new subnet.

This is best explained by using an example. Let's say we have a subnet mask of 255.255.255.224; converting this to binary, we get:

11111111.11111111.11111111.11100000

We can see that the ones end in the spot that represents the number of 32's we have in the number. This means that with every increment of 32 in the IP address, we go in to a new subnet. We can illustrate this by applying this subnet mask to the following IP address:

150.2.3.56

With the 255.255.255.224 subnet mask we get a new subnet every 32 addresses, so the subnets will start at:

150.2.3.0
150.2.3.32
150.2.3.64
150.2.3.96
150.2.3.128
150.2.3.160
150.2.3.192
150.2.3.224

So, for the address 150.2.3.56, with a subnet mask of 255.255.255.24, the subnet address is 150.2.3.32.

The following tables show how many hosts per subnet, and total subnets result when a range of subnet masks are applied to both class B and C networks.

Class B Subnetting

#Subnet Bits   Subnet Mask      #Subnets   #Hosts 
2              255.255.192.0    4          16382
3              255.255.224.0    8           8190
4              255.255.240.0    16          4094
5              255.255.248.0    32          2046
6              255.255.252.0    64          1022
7              255.255.254.0    128          510
8              255.255.255.0    256          254
9              255.255.255.128  512          126
10             255.255.255.192  1024          62
11             255.255.255.224  2048          30
12             255.255.255.240  4096          14
13             255.255.255.248  8192           6
14             255.255.255.252  16384          2

Class C Subnetting

#Subnet Bits   Subnet Mask      #Subnets   #Hosts 
2              255.255.255.192  4              62
3              255.255.255.224  8              30
4              255.255.255.240  16             14
5              255.255.255.248  32              6
6              255.255.255.252  64              2

RFCs 760, 791 and 1812 caution against the use of the first and last subnet, and in some installations, either the last subnet, or the first and last subnet are unavailable. Whether these subnets are usable depends on the routing protocols in use on the network and the IP implementation on the routing devices on the network.

In practice an RFC is a guideline--not an officially sanctioned standard--and vendors are free to implement workarounds to problems highlighted in RFCs. If your network uses UNIX hosts and RIP version 1 as its routing protocol, you cannot use the first and last subnet. (In this instance, the number of subnets listed in the tables needs to be reduced by two in each case.) If your network consists of Cisco routers using OSPF or EIGRP, you can use the f irst and last subnet. If you are using Cisco routers and IGRP, you can always use the first subnet, but not always the last. Of course, there are other combinations that will or will not work--either refer to the documentation of your specific devices, or refer to the manufacturer to see if the first and last subnet can be used.

If you are at all unclear on whether your combination will work with the first and last subnet, avoid their use. However, if you are short on available IP addresses and your configuration supports it, there is no reason not to use them.

What defines whether a routing protocol will support use of the first and last subnet correctly is whether the routing protocol in use sends subnet mask information in route updates. RIP and other distance vector protocols do not, link state and hybrid protocols (such as EIGRP and OSPF) do.

The reason this is so, is best illustrated with an example. Suppose you have a Class C network of 200.200.200.0, using a subnet mask of 255.255.255.192 and allocate an interface on a router with an IP address of 200.200.200.195. This is in the last subnet in the network which starts at 200.200.200.192. The broadcast address for this subnet is 200.200.200.255, which also happens to be the broadcast address for the whole class C network. If the value of the subnet mask is not sent in routing updates, a remote router that has the 200.200.200.192 subnet listed in its routing table may not know if a packet addressed to 200.200.200.255 is meant for just that subnet or the whole class C.

As if all this was not enough, there are other issues that need to be considered, that make the definition of hard and fast rules complex.

Routing Protocols
As the routing table is the center of what goes on for a routed network, there are routing protocols implemented to keep it updated automatically. A routing protocol runs on each router in the network and has the goal of notifying all other routers regarding the networks it knows about and any changes to the network that occur (for example, as the result of a link failure making a remote network reachable via a different route.

Unfortunately, the behavior of these routing protocols is different enough that you need to be aware of what they will do to the routing table under various conditions.

Distance vector routing protocols, like RIP and IGRP, send updates on a regular basis (defaults are 30 seconds for RIP, 90 seconds for IGRP, although this is configurable) that include information on all the routes know about in the routing table. For large routing tables, these updates can consume signficant bandwidth (for example, a couple of thousand entries in a routing table will consume a 128k line every time an update is sent out). These updates are only sent to neighboring routers.

Link state protocols use a different mechanism. These protocols send out small hello packets every 30 seconds to all routers in the network as keep-alive messages. Route information is only sent out whenever something changes, and them, only to the routers that need to know. Link state protocols may be a bit better on bandwidth consumption, but require more processing and memory within the router to operate well.

If a router learns of two ways to get to a remote subnet via RIP, the route with the lowest metric will be selected and placed in the routing table. If the metrics are equal, how the router behaves varies from vendor to vendor. The router may place either of the routes in the routing table, however, with RIP, you are sure that only one route will be used.

If a router learns of two ways to get to a remote subnet via IGRP, things are different. If the two routes have equal metric, they will both be put in the routing table and traffic split between them. If the metric for the two routes is within a pre-defined variance, traffic will be split between them in proportion to their metric values. If the difference between the metrics is greater than the pre-defined variance, the route with the lowest metric alone will be entered in to the routing table. For IGRP the default variance is 1.

Within a network, you can restrict the distribution and acceptance of route updates via passive interfaces and trusted routers. If a router interface is defined as passive, it will only listen for route updates and not send any out. If there are only certain routers that you want to receive route update information from, you can use the neighbor command (for Cisco routers). This identifies the list of router IP addresses you will accept updates from.

In multi-protocol networks, there may be more than one routing protocol in use. If a router learns of the same network number from two different routing protocols, how does it select which set of information to put in the routing table? In this case comparing metrics is useless as RIP uses a different metric calculation than IGRP, which is different again from OSPF. The way this problem is handled in a Cisco environment is to assign an administrative distance to each protocol, and prefer the information from the protocol with the lowest administrative distance. RIP has an administrative distance of 120, OSPF of 110, IGRP of 100, EIGRP of 90. Static roues have an administrative distance of 1 and directly connected networks of 0.

The next issues to consider are Autonomous Systems and OSPF areas. In the thinking presented so far, the network number is the highest level in the IP address hierarchy, which may or may not have subnets allocated underneath it. With RIP version 1 as a routing protocol, this remains true. With more modern protocols, the concept of an Autonomous System (AS) comes in to play. An AS is a collection of network numbers under a common administration. By default, routers will process route updates that originate from the same AS and will disregard updates from other ASes. The AS that a particular router is configured for is set when the routing process is enabled.

So, with an IGRP router, the IP address hierarchy starts with Autonomous Syst em number, then network number, then subnet number.

With an OSPF system, another level of hierarchy is introduced, which is the Routing Area. Each OSPF system has to have at least one Area configured. As link state routing protocols maintain a topological database of all network numbers, which is used to calculate entries to the routing table, there needs to be some way to reduce the size of the topological database to make it manageable for a large network. This is achieved by splitting an OSPF system into multiple areas, each of which are inter-connected via Area 0, the backbone area.

So, with an OSPF system, the hierarchy is Autonomous System, OSPF Area, network number, subnet number.

With link state and hybrid routing protocols, there is the option to use Variable Length Subnet Masks (VLSM). With a distance vector protocol such as RIP or IGRP, only one subnet mask value can be used on a network, as subnet mask values are not sent in routing updates. In this situation, the routing protocol looks to see the mask used on the interface it received the routing update on and assumes that mask value is in use throughout the network.

In link state and hybrid protocols, subnet mask information is sent in routing updates, which allows a different subnet mask value to be used in different parts of the network. This adds a measure of flexibility in assigning subnet masks, but does add complexity.

Next, an issue that continually causes confusion, and that is route summarization for distance vector protocols (link state protocols can be configured to enable or disable route summarization). What route summarization means is that when a router connects two different network numbers together, subnet information is not passed between the two networks. This is best illustrated with an example.

An incorrectly configured network for use with distance vector protocols subject to route summarization

In this figure, the 180.5.0.0 network has a sub net mask of 255.255.255.0 in use. Because of route summarization, router 2 and router 3 will both advertise 180.5.0.0 without subnet information to router 1. Router 1 will therefore have two equal cost routes to the 180.5.0.0 network. Any packets that router 1 needs to send to the 180.5.1.0 subnet will be split between router 2 and router 3, as all router 1 knows about is the 180.5.0.0 network. Potentially, this could cause only half the packets to be delivered to a host on the 180.5.1.0 subnet.

The routing protocols discussed so far have been interior gateway routing protocols. Exterior protocols also exist. These protocols are designed to regulate what traffic can travel between different Autonomous Systems (AS) and protect each from any bugs in another AS. The mechanisms we will examine here are static routing, the Exterior Gateway Protocol and the Border Gateway Protocol. An AS is a collection of network numbers and equipment that is under a common administration. Routing processes like IGRP and OSPF are initiated with as AS number in the router configuration and only accept updates from other routers within the same AS. Different AS numbers are used on the Internet

Static Routing Usually an experienced network administrator will seek to minimize any manual configuration. In the case of Exterior routing, this may be different, as static routing offers a number of advantages when routing between Autonomous Systems. These advantages can be summarized as follows:

	Complete flexibility over the advertisement of subnet's and their next hop routers
	No routing protocol traffic travels over the link connecting Autonomous Systems.
	As no routing protocol is operating over the inter-AS link, there is no possibility of a faulty router in one AS affecting the other AS.

The downsides are obvious. Static routes do not adapt to link failures, and manual configuration can be a headache to maintain. Despite these downsides, static routing is often a popular choice for connecting internetworks that do not "trust" each other. Lets say Autonomous System 1 consists of network numbers 45.0.0.0 and 46.0.0.0, and Autonomous System 2 consists of network numbers 47.0.0.0 and 48.0.0.0. This is illustrated in the following figure:

Static Routing Between Autonomous Systems

To complete static routing for connecting these two autonomous systems together, use the following commands:

RouterA(config)#ip route 47.0.0.0 255.0.0.0 80.4.4.5
RouterA(config)#ip route 48.0.0.0 255.0.0.0 80.4.4.5

RouterB(config)#ip route 45.0.0.0 255.0.0.0 80.4.4.4
RouterB(config)#ip route 46.0.0.0 255.0.0.0 80.4.4.4

This tells each Autonomous System how to get to networks in the other Autonomous System.

Exterior Gateway Protocol
As its name suggests, the Exterior Gateway Protocol, or EGP, was the first example of an exterior gateway protocol. EGP has three components, Neighbor acquisition, Neighbor reachability and routing information. EGP was designed to add a measure of automation to the configuration of routes between different Autonomous Systems.

The routing information of EGP is similar to distance vector protocols, but it omits the metric for routes advertised. EGP was implemented like this because it was designed for the Internet, when it was assumed that there would be a core network, with separate routing domains connected to this core by one router. The major problem with using EGP in a more generalized network is that, since no use is made of metrics, if there is more than one path to a destination, packets can very easily get caught in routing loops.

EGP has been superseded by the Border Gateway Protocol, BGP.

Border Gateway Protocol - BGP
BGP was introduced to improve upon EGP. The main features of BGP are that it introduced a reliable transport protocol, to ensure that route updates are received. BGP also implements a keepalive mechanism, ensuring that BGP routers know if neighboring BGP routers fail. BGP does not transmit metrics with it's route updates, but does transmit a path for each AS that lists the AS's to be visited on the way to the destination AS. BGP thus avoids the circulating packet problem of EGP.

BGP works on the principle of enforcing policies. A policy is manually configured and allows a BGP enabled router to rank possible routes to other Autonomous Systems, selecting the best path.

Configuring BGP
We can use an example to discuss how to configure BGP on a router. In this example, let's take router R6. To configure BGP we will perform the following:

Network Configuration for BGP Example

	Define BGP as a routing process
	Define the networks internal to this AS that are going to be advertised
	Define the relationships that this router will have with its neighbors
	Assign administrative weights to paths to control the path selection process

This is a basic configuration for BGP, there are however many many further configuration customizations that can be made. For a fuller discussion of BGP configuration, refer to "Multi-Homing Your Internet Service With BGP" .

The following commands are entered in to router R6.

Router6(config)#router bgp 3
Router6(config-router)#network 147.30.0.0
Router6(config-router)#network 150.1.0.0
Router6(config-router)#neighbor 147.30.1.1 remote-as 3
Router6(config-router)#neighbor 160.4.5.5 remote-as 2

The first line in this configuration defines BGP for Autonomous System 3 on router 6. The next two lines define the network numbers internal to AS 3 that will be advertised via BGP. The fourth line defines an internal neighbor, that is in the same AS. The BGP process on router 6 will now exchange information with a BGP process defined on R5. The fifth line defines the neighbor in a different AS that router 6 will exchange information with.

The effect of this configuration is that R6 will share information about network s 147.30.0.0 and 150.1.0.0 with the two specified routers via BGP updates.

The last thing left to do in our basic configuration of BGP, is to assign administrative weights to control the path selection process. In the following example, a weight of 40,000 is assigned to the path to router R4

Router6(config-router)#neighbor 160.4.5.5 40000

This administrative weight can vary between 0 and 65535, the default being 32768. The effect of increasing the weight to R4 is to make it less attractive when R6 is calculating which paths to use.

Redistributing Route Information Between Protocols
If you have the opportunity of building a network from scratch, and could design it such that the only devices to run routing protocols are routers, you could choose your favorite protocol and use that exclusively. Typically, though, the situation is that there is an existing network with an existing routing protocol in place, and more often than not, UNIX machines have some routing responsibilities in a network. As many UNIX machines only support RIP and it is unlikely that RIP will be the best choice of routing protocol for an internetwork of any size, the question arises how more than one routing protocol can co-exist on an internetwork, either permanently, or during a period of migration.

The answer is Redistribution. A router can be configured to run more than one routing protocol and Redistribute route information between the two protocols. The idea is that there will be multiple domains on the internetwork, each operating with a different routing protocol. At the border between these domains, one router has the responsibility of running both routing protocols and informing each domain about the other's networks in the appropriate routing protocol. This is illustrated below:

A Border Router Configured to Redistribute Between RIP and IGRP

In this example, router 1 has to run both RIP and IGRP, then inform Domain A about the networks in Domain B with RIP updates and inform Domain B about Domain A's networks using IGRP updates. The router in this figure will only be able to assign one metric to all the routes that it redistributes from one Domain to another. It cannot translate metrics between protocols. At first this may seem to be a drawback, that all networks are redistributed with the same metric value, no matter where they are located in the other Domain. In reality this is not a problem, since to get from Domain A to Domain B, all connections have to go through the same router, so the initial part of the journey is identical when sending packets between Domains.

In this example, a packet destined for Domain A, originating in Domain B reaches router 1. Router 1 then has a routing table filled with entries for the networks in Domain A that have been calculated using RIP updates. The packet will then follow the best path to it's destination network.

The following is an example of how the routing protocol processes could be configured on router 1, to redistribute routes between the RIP and IGRP Domains.

Given a basic configuration for both RIP and IGRP, the redistribute commands are in bold:

router igrp 12
timers basic 15 45 0 60
network 164.8.0.0
network 193.1.1.0
no metric holddown
metric maximum-hop 50
redistribute rip
default - metric 300 344 200 200 200

router rip
network 150.1.0.0
network 120.0.0.0
redistribute igrp 12
default-metric 3

This assumes that Domain A has network numbers 150.1.0.0 and 120.0.0.0 in it and Domain B has networks 164.8.0.0 and 193.1.1.0 in it.

The five values following the default-metric entry in the router IGRP section are the metrics that will be sent out in IGRP updates, for routes learned about via RIP. In the router RIP section, routes learned from IGRP updates will be advertised with a metric of 3. It must be noted that the numbers shown here are random. In most instances this does not matter, as all cross domain traffic has to go through router 1 as previously explained.

As you can see, once you start to configure subnets and use multiple network numbers, autonomous systems and redistribution, life can get tricky! The best advice we can leave you with is to be careful out there!

Answers to subnet questions

Subnet 164.2.34.32
Usable host addresses 164.2.34.33 to 164.2.34.62
Broadcast address 164.2.34.63

Subnet 101.2.0.0
Usable host addresses 101.2.0.1 to 101.2.255.254
Broadcast address 101.2.255.255