Routing IP Packets - CompTIA Network+ N10-006 Cert Guide (2015)

CompTIA Network+ N10-006 Cert Guide (2015)

Chapter 6. Routing IP Packets

After completion of this chapter, you will be able to answer the following questions:

Image How are source and destination IP addresses used to route traffic through a network?

Image What are sources for routing information used to populate a router’s routing table?

Image How do routed protocols differ from routing protocols?

Image When multiple routing protocols know how to reach a destination network, which route is chosen?

Image When a single routing protocol knows of multiple routes to reach a destination network, how is the preferred path (or paths) chosen?

Image What is the distinction between an Interior Gateway Protocol (IGP) and an Exterior Gateway Protocol (EGP)?

Image What are the primary differences between distance-vector and link-state routing protocols?

Image What are the characteristics of the following routing protocols: Routing Information Protocol (RIP), Open Shortest Path First (OSPF) Protocol, Intermediate System-to-Intermediate System (IS-IS) Protocol, Enhanced Interior Gateway Routing Protocol (EIGRP), and Border Gateway Protocol (BGP)?

Image How does Network Address Translation (NAT) perform IP address translation, and how do the Port Address Translation (PAT), Static NAT (SNAT), and Dynamic NAT (DNAT) approaches to NAT differ?

Image What protocols are used to route multicast traffic?

In Chapter 5, “IPv4 and IPv6 Addresses,” you learned how Internet Protocol (IP) networks could be divided into subnets. Each subnet is its own broadcast domain, and the device that separates broadcast domains is a router (which is considered to be synonymous with a multilayer switch in this chapter). A multilayer switch is a network device that can do both the functions of Layer 2 switching of frames, in addition to Layer 3 routing of IP packets. Multilayer switches generally use dedicated chips to perform these functions and as a result may be faster than a traditional router in forwarding packets.

For traffic to flow between subnets, that traffic has to be routed, which is a router’s primary job. This chapter discusses how routing occurs and introduces you to a variety of approaches for performing address translation. This chapter concludes with a discussion of how multicast traffic is routed.

Foundation Topics

Basic Routing Processes

To understand basic routing processes, consider Figure 6-1. In this topology, PC1 needs to send traffic to Server1. Notice that these devices are on different networks. So, the question becomes, “How does a packet from a source IP address of 192.168.1.2 get routed to a destination IP address of 192.168.3.2?”

Image

Figure 6-1 Basic Routing Topology

It might help to walk through this process step by step:

Image

Step 1. PC1 compares its IP address and subnet mask of 192.168.1.2/24 with the destination IP address and subnet mask of 192.168.3.2/24. PC1 concludes that the destination IP address resides on a remote subnet. Therefore, PC1 needs to send the packet to its default gateway, which could have been manually configured on PC1 or dynamically learned via Dynamic Host Configuration Protocol (DHCP). In this example, PC1 has a default gateway of 192.168.1.1 (router R1). However, to construct a Layer 2 frame, PC1 also needs the MAC address of its default gateway. PC1 sends an Address Resolution Protocol (ARP) request for router R1’s MAC address. After PC1 receives an ARP reply from router R1, PC1 adds router R1’s MAC address to its ARP cache. PC1 now sends its data in a frame destined for Server1, as shown in Figure 6-2.

Image

Figure 6-2 Basic Routing: Step 1

Note

ARP is a broadcast-based protocol and, therefore, does not travel beyond the local subnet of the sender.

Step 2. Router R1 receives the frame sent from PC1 and interrogates the IP header. An IP header contains a Time To Live (TTL) field, which is decremented once for each router hop. Therefore, router R1 decrements the packet’s TTL field. If the value in the TTL field is reduced to 0, the router discards the frame and sends a time exceeded Internet Control Message Protocol (ICMP) message back to the source. Assuming the TTL is not decremented to 0, router R1 checks its routing table to determine the best path to reach network 192.168.3.0/24. In this example, router R1’s routing table has an entry stating that network 192.168.3.0/24 is accessible via interface Serial 1/1. Note that ARPs are not required for serial interfaces because these interface types do not have MAC addresses. Router R1, therefore, forwards the frame out of its Serial 1/1 interface, as shown in Figure 6-3.

Image

Figure 6-3 Basic Routing: Step 2

Step 3. When router R2 receives the frame, it decrements the TTL in the IP header, just as router R1 did. Again, assuming the TTL did not get decremented to 0, router R2 interrogates the IP header to determine the destination network. In this case, the destination network of 192.168.3.0/24 is directly attached to router R2’s Fast Ethernet 0/0 interface. Similar to the way PC1 sent out an ARP request to determine the MAC address of its default gateway, router R2 sends an ARP request to determine the MAC address of Server1. After an ARP reply is received from Server1, router R2 forwards the frame out of its Fast Ethernet 0/0 interface to Server1, as illustrated in Figure 6-4.

Image

Figure 6-4 Basic Routing: Step 3

The previous steps identified two router data structures:

Image IP routing table: When a router needed to route an IP packet, it consulted its IP routing table to find the best match. The best match is the route that has the longest prefix. Specifically, a route entry with the longest prefix is the most specific network. For example, imagine that a router has an entry for network 10.0.0.0/8 and for network 10.1.1.0/24. Also, imagine the router is seeking the best match for a destination address of 10.1.1.1/24. The router would select the 10.1.1.0/24 route entry as the best entry because that route entry has the longest prefix.

Image Layer 3 to Layer 2 mapping: In the previous example, router R2’s ARP cache contained Layer 3 to Layer 2 mapping information. Specifically, the ARP cache had a mapping that said a MAC address of 2222.2222.2222 corresponded to an IP address of 192.168.3.2.

As shown in the preceding example, routers rely on their internal routing table to make packet-forwarding decisions. Therefore, at this point, a logical question is, “How does a router’s routing table become populated with entries?” This is the focus of the next section.

Sources of Routing Information

A router’s routing table can be populated from various sources. As an administrator, you could statically configure a route entry. A route could be learned via a dynamic routing protocol (for example, OSPF or EIGRP), or a router could know how to get to a specific network, because the router is physically attached to that network.

Directly Connected Routes

One way for a router to know how to reach a specific destination network is by virtue of the fact that the router has an interface directly participating in that network. For example, consider Figure 6-5.

Image

Figure 6-5 Directly Connected Routes

In Figure 6-5, router R1’s routing table knows how to reach the 192.168.1.0/24 and 192.168.2.0/30 networks because router R1 has an interface physically attached to each network. Similarly, router R2 has interfaces participating in the 10.1.1.0/30 and 192.168.2.0/30 networks and therefore knows how to reach those networks. The entries currently shown to be in the routing tables of routers R1 and R2 are called directly connected routes.

Static Routes

Routes can also be statically configured in a router’s routing table. Continuing to expand on the previous example, consider router R1. As shown in Figure 6-6, router R1 does not need knowledge of each route on the Internet. Specifically, router R1 already knows how to reach devices on its locally attached networks. All router R1 really needs to know at this point is how to get out to the rest of the world. As you can see from Figure 6-6, any traffic destined for a nonlocal network (for example, any of the networks available on the public Internet) can simply be sent to router R2. Because R2 is the next router hop along the path to reach all those other networks, router R1 could be configured with a default static route, which says, “If traffic is destined for a network not currently in the routing table, send that traffic out of interface Serial 1/1.”

Image

Figure 6-6 Static Routes

Note

A static route does not always reference a local interface. Instead, a static route might point to a next-hop IP address (an interface’s IP address on the next router to which traffic should be forwarded). The network address of a default route is 0.0.0.0/0.

Similarly, router R2 can reach the Internet by sending traffic out of its Serial 1/0 interface. However, router R2 does need information about how to reach the 192.168.1.0/24 network available off of router R1. To educate router R2 as to how this network can be reached, a static route, pointing to 192.168.1.0/24, can be statically added to router R2’s routing table.

Dynamic Routing Protocols

If you want to add routing information to routers in more complex networks, such as the topology shown in Figure 6-7, static routing does not scale well. Fortunately, a variety of dynamic routing protocols are available that allow a router’s routing table to be updated as network conditions change.

Image

Figure 6-7 Dynamic Routes

In Figure 6-7, router R2 is advertising a default route to its neighbors (routers R1, R3, and R4). What happens if PC1 wants to send traffic to the Internet? PC1’s default gateway is router R3, and router R3 has received three default routes. Which one does it use?

Router R3’s path selection depends on the dynamic routing protocol being used. As you see later in this chapter, a routing protocol such as Routing Information Protocol (RIP) would make the path selection based on the number of routers that must be transited to reach the Internet (that is, hop count). Based on the topology presented, router R3 would select the 128-Kbps link (where Kbps stands for kilobits per second, meaning thousands of bits per second) connecting to router R2 because the Internet would be only one hop away. If router R3 had instead selected a path pointing to either router R1 or R4, the Internet would be two hops away.

However, based on the link bandwidths, you can see that the path from router R3 to router R2 is suboptimal. Unfortunately, RIP does not consider available bandwidth when making its route selection. Some other protocols (for example, Open Shortest Path First [OSPF]) can consider available bandwidth when making their routing decisions.

Dynamic routes also allow a router to reroute around a failed link. For example, in Figure 6-8, router R3 had preferred to reach the Internet via router R4. However, the link between routers R3 and R4 went down. Thanks to a dynamic routing protocol, router R3 knows of two other paths to reach the Internet, and it selects the next-best path, which is via router R1 in this example. The process of failing over from one route to a backup route is called convergence.

Image

Figure 6-8 Route Redundancy

Routing Protocol Characteristics

Before examining the characteristics of routing protocols, an important distinction to make is the difference between a routing protocol and a routed protocol. A routing protocol (for example, RIP, OSPF, or EIGRP) is a protocol that advertises route information between routers.

Conversely, a routed protocol is a protocol with an addressing scheme (for example, IP) that defines different network addresses. Traffic can then be routed between defined networks, perhaps with the assistance of a routing protocol.

This section looks at routing protocol characteristics, such as how believable a routing protocol is versus other routing protocols. Also, in the presence of multiple routes, different routing protocols use different metrics to determine the best path. A distinction is made between Interior Gateway Protocols (IGP) and Exterior Gateway Protocols (EGP). Finally, this section discusses different approaches to making route advertisements.

Believability of a Route

If a network is running more than one routing protocol (maybe as a result of a corporate merger), and a router receives two route advertisements from different routing protocols for the same network, which route advertisement does the router believe? Interestingly, some routing protocols are considered to be more believable that others. An example would be a Cisco router considering EIGRP to be more believable than RIP.

The index of believability is called administrative distance (AD). Table 6-1 shows the AD for various sources of routing information. Note that lower AD values are more believable than higher AD values.

Image

Image

Table 6-1 Administrative Distance

Metrics

Some networks might be reachable via more than one path. If a routing protocol knows of multiple paths to reach such a network, which route (or routes) does the routing protocol select? Actually, it varies depending on the routing protocol and what that routing protocol uses as a metric. A metric is a value assigned to a route; lower metrics are preferred over higher metrics.

If a routing protocol knows of more than one route to reach a destination network and those routes have equal metrics, some routing protocols support load balancing across equal-cost paths. EIGRP can even be configured to load balance across unequal-cost paths.

Different routing protocols can use different parameters in their calculation of a metric. The specific parameters used for a variety of routing protocols are presented later in this chapter.

Interior Versus Exterior Gateway Protocols

Routing protocols can also be categorized based on the scope of their operation. Interior Gateway Protocols (IGPs) operate within an autonomous system, where an autonomous system is a network under a single administrative control. Conversely, Exterior Gateway Protocols (EGPs) operate between autonomous systems.

Consider Figure 6-9. Routers R1 and R2 are in one autonomous system (AS 65002), and routers R3 and R4 are in another autonomous system (AS 65003). Within those autonomous systems, an IGP is used to exchange routing information. However, router ISP1 is a router in a separate autonomous system (AS 65001) run by a service provider. EGP (typically, Border Gateway Protocol [BGP]) is used to exchange routing information between the service provider’s autonomous system and each of the other autonomous systems.

Image

Image

Figure 6-9 IGPs Versus EGPs

Route Advertisement Method

Another characteristic of a routing protocol is how it receives, advertises, and stores routing information. The two fundamental approaches are distance vector and link state.

Distance Vector

A distance-vector routing protocol sends a full copy of its routing table to its directly attached neighbors. This is a periodic advertisement, meaning that even if there have been no topological changes, a distance-vector routing protocol will, at regular intervals, readvertise its full routing table to its neighbors.

Obviously, this periodic advertisement of redundant information is inefficient. Ideally, you want a full exchange of route information to occur only once and subsequent updates to be triggered by topological changes.

Another drawback to distance-vector routing protocols is the time they take to converge, which is the time required for all routers to update their routing table in response to a topological change in a network. Hold-down timers can speed the convergence process. After a router makes a change to a route entry, a hold-down timer prevents any subsequent updates for a specified period of time. This approach helps stop flapping routes (which are routes that oscillate between being available and unavailable) from preventing convergence.

Yet another issue with distance-vector routing protocols is the potential of a routing loop. To illustrate, consider Figure 6-10. In this topology, the metric being used is hop count, which is the number of routers that must be crossed to reach a network. As one example, router R3’s routing table has a route entry for network 10.1.1.0/24 available off of router R1. For router R3 to reach that network, two routers must be transited (routers R2 and R1). As a result, network 10.1.1.0/24 appears in router R3’s routing table with a metric (hop count) of 2.

Image

Figure 6-10 Routing Loop: Before Link Failure

Continuing with the example, imagine that interface Ethernet 1/0 on router R3 goes down. As shown in Figure 6-11, router R3 loses its directly connected route (with a metric of 0) to network 10.1.4.0/24. However, router R2 had a route to 10.1.4.0/24 in its routing table (with a metric of 1), and this route was advertised to router R3. Router R3 adds this entry for 10.1.4.0 to its routing table and increments the metric by 1.

Image

Figure 6-11 Routing Loop: After Link Failure

The problem with this scenario is that the 10.1.4.0/24 entry in router R2’s routing table was due to an advertisement router R2 received from router R3. Now, router R3 is relying on that route, which is no longer valid. The routing loop continues as router R3 advertises its newly learned route of 10.1.4.0/24 with a metric of 2 to its neighbor, router R2. Because router R2 originally learned the 10.1.4.0/24 network from router R3, when it sees router R2 advertising that same route with a metric of 2, the network gets updated in router R2’s routing table to have a metric of 3, as shown in Figure 6-12.

Image

Figure 6-12 Routing Loop: Routers R2 and R3 Incrementing the Metric for 10.1.4.0/24

The metric for the 10.1.4.0/24 network continues to increment in the routing tables for both routers R2 and R3, until the metric reaches a value considered to be an unreachable value (for example, 16 in the case of RIP). This process is referred to as a routing loop.

Distance-vector routing protocols typically use one of two approaches for preventing routing loops:

Image

Image Split horizon: The split-horizon feature prevents a route learned on one interface from being advertised back out of that same interface.

Image Poison reverse: The poison-reverse feature causes a route received on one interface to be advertised back out of that same interface with a metric considered to be infinite.

Having either approach applied to the previous example would have prevented router R3 from adding the 10.1.4.0/24 network into its routing table based on an advertisement from router R2.

Link State

Rather than having neighboring routers exchange their full routing tables with one another, a link-state routing protocol allows routers to build a topological map of the network. Then, similar to a global positioning system (GPS) in a car, a router can execute an algorithm to calculate an optimal path (or paths) to a destination network.

Routers send link-state advertisements (LSAs) to advertise the networks they know how to reach. Routers then use those LSAs to construct the topological map of a network. The algorithm run against this topological map is Dijkstra’s shortest path first algorithm.

Unlike distance-vector routing protocols, link-state routing protocols exchange full routing information only when two routers initially form their adjacency. Then routing updates are sent in response to changes in the network, as opposed to being sent periodically. Also, link-state routing protocols benefit from shorter convergence times, as compared to distance-vector routing protocols.

Routing Protocol Examples

Now that you understand some of the characteristics that distinguish one routing protocol from another, this section contrasts some of the most popular routing protocols found in modern networks:

Image

Image Routing Information Protocol (RIP): A distance-vector routing protocol that uses a metric of hop count. The maximum number of hops between two routers in an RIP-based network is 15. Therefore, a hop count of 16 is considered to be infinite. Also, RIP is an IGP.

Image Open Shortest Path First (OSPF): A link-state routing protocol that uses a metric of cost, which is based on the link speed between two routers. OSPF is a popular IGP because of its scalability, fast convergence, and vendor-interoperability.

Image Intermediate System-to-Intermediate System (IS-IS): This link-state routing protocol is similar in its operation to OSPF. It uses a configurable, yet dimensionless, metric associated with an interface and runs Dijkstra’s shortest path first algorithm. Although IS-IS as an IGP offers the scalability, fast convergence, and vendor-interoperability benefits of OSPF, it has not been as widely deployed as OSPF.

Image Enhanced Interior Gateway Routing Protocol (EIGRP): A Cisco proprietary protocol. So, although EIGRP is popular in Cisco-only networks, it is less popular in mixed-vendor environments. Like OSPF, EIGRP is an IGP with fast convergence and is very scalable. EIGRP is more challenging to classify as a distance-vector or a link-state routing protocol.

By default, EIGRP uses bandwidth and delay in its metric calculation; however, other parameters can be considered. These optional parameters include reliability, load, and maximum transmission unit (MTU) size. Using delay as part of the metric, EIGRP can take into consideration the latency caused from the slowest links in the path.

Some literature calls EIGRP an advanced distance-vector routing protocol, and some literature calls it a hybrid routing protocol (mixing characteristics of both distance-vector and link-state routing protocols). EIGRP uses information from its neighbors to help it select an optimal route (like distance-vector routing protocols). However, EIGRP also maintains a database of topological information (like a link-state routing protocol). The algorithm EIGRP uses for its route selection is not Dijkstra’s shortest path first algorithm. Instead, EIGRP uses diffusing update algorithm (DUAL).

Image Border Gateway Protocol (BGP): The only EGP in widespread use today. In fact, BGP is considered to be the routing protocol that runs the Internet, which is an interconnection of multiple autonomous systems. Although some literature classifies BGP as a distance-vector routing protocol, it can more accurately be described as a path-vector routing protocol, meaning that it can use as its metric the number of autonomous system hops that must be transited to reach a destination network, as opposed to a number of required router hops. BGP’s path selection is not solely based on autonomous system hops, however. BGP has a variety of other parameters that it can consider. Interestingly, none of those parameters are based on link speed. Also, although BGP is incredibly scalable, it does not quickly converge in the event of a topological change.

A network can simultaneously support more than one routing protocol through the process of route redistribution. For example, a router could have one of its interfaces participating in an OSPF area of the network and have another interface participating in an EIGRP area of the network. This router could then take routes learned via OSPF and inject those routes into the EIGRP routing process. Similarly, EIGRP-learned routes could be redistributed into the OSPF routing process.

Address Translation

As described in Chapter 5, some IP addresses are routable through the public Internet, and other IP addresses are considered private and are intended for use within an organization. Network Address Translation (NAT) allows private IP addresses (as defined in RFC 1918) to be translated into Internet-routable IP addresses (public IP addresses). This section examines the operation of basic NAT and a variant called Port Address Translation (PAT). Address translation can also be done for specific ports associated with an IP address. When this is done, it’s often referred to as port forwarding.

NAT

Consider Figure 6-13, which shows a basic NAT topology. Note that, even though the IP networks of 172.16.1.0/24 and 192.168.1.0/24 are actually private IP networks, for this discussion, assume that they are publicly routable IP addresses. The reason for the use of these private IP addresses to represent public IP addresses is to avoid using an entity’s registered IP addresses in the example.

Image

Image

Figure 6-13 Basic NAT Topology

In Figure 6-13’s topology, two clients with private IP addresses of 10.1.1.1 and 10.1.1.2 want to communicate with a web server on the public Internet. The server’s IP address is 192.168.1.1. Router R1 is configured for NAT. As an example, router R1 takes packets coming from 10.1.1.1 destined for 192.168.1.1 and changes the source IP address in the packets’ headers to 172.16.1.101 (which we assume is a publicly routable IP address for the purposes of this discussion). When the server at IP address 192.168.1.1 receives traffic from the client, the server’s return traffic is sent to a destination address of 172.16.1.101. When router R1 receives traffic from the outside network destined for 172.16.1.101, the router translates the destination IP address to 10.1.1.1 and forwards the traffic to the inside network, where client 1 receives the traffic. Similarly, client 2’s IP address of 10.1.1.2 is translated into an IP address of 172.16.1.102.

Table 6-2 introduces the terminology used when describing the various IP addresses involved in a translation.

Image

Image

Table 6-2 Names of NAT IP Addresses

As a memory aid, remember that inside always refers to an inside device, and outside always refers to an outside device. Also, think of the word local being similar to the Spanish word loco, meaning crazy. That is what a local address could be thought of. It is a crazy, made-up address (a private IP address that is not routable on the Internet). Finally, let the g in global remind you of the g in good, because a global address is a good (routable on the Internet) IP address.

Based on these definitions, Table 6-3 categorizes the IP addresses previously shown in Figure 6-13.

Image

Table 6-3 Classifying the NAT IP Addresses in Figure 6-13

NAT does not always have to be between private and public addresses. For example, NAT could be implemented between two private address ranges or two public address ranges as well.

Whether an inside local address is randomly assigned an inside global address from a pool of available addresses or is assigned an address from a static configuration determines the type of NAT you are using. These two approaches to NAT are called DNAT and SNAT:

Image

Image DNAT: In the preceding example, the inside local addresses were automatically assigned an inside global address from a pool of available addresses. This approach to NAT is referred to as Dynamic NAT (DNAT).

Image SNAT: Sometimes, you want to statically configure the inside global address assigned to a specific device inside your network. For example, you might have an e-mail server inside your company, and you want other e-mail servers on the Internet to send e-mail messages to your server. Those e-mail servers on the Internet need to point to a specific IP address, not one that was randomly picked from a pool of available IP addresses. In such a case, you can statically configure the mapping of an inside local address (the IP address of your internal e-mail server) to an inside global address (the IP address to which e-mail servers on the Internet will send e-mail for your company). This approach to NAT is referred to as Static NAT (SNAT).

PAT

A challenge with basic NAT, however, is that there is a one-to-one mapping of inside local addresses to inside global addresses, meaning that a company would need as many publicly routable IP addresses as it had internal devices needing IP addresses. This does not scale well because, often, a service provider will provide a customer with only a single IP address or a small block of IP addresses.

Fortunately, many routers support Port Address Translation (PAT), which allows multiple inside local addresses to share a single inside global address (a single publicly routable IP address). In Chapter 2, “The OSI Reference Model,” you learned about how IP communications rely on port numbers. As a review, when a client sends an IP packet, not only does that packet have a source and destination IP address, it has a source and destination port number. PAT leverages these port numbers to track separate communication flows.

For instance, consider Figure 6-14. Unlike the example shown in Figure 6-13, in which each inside local address was translated to its own inside global address, the example shown in Figure 6-14 has only one inside global address. This single inside global address is shared among all the devices inside a network. The different communication flows are kept separate in router R1’s NAT translation table by considering port numbers.

Image

Image

Figure 6-14 PAT Topology

When client 1 sends a packet to the web server (with an IP address of 192.168.1.1), the client’s ephemeral port number (its source port selected, which is greater than 1023) is 1025. Router R1 notes that port number and translates the inside local address of 10.1.1.1 with a port number of 1025 to an inside global address of 172.16.1.100 with a port number of 2025. When client 2 sends a packet to the same web server, its inside local address of 10.1.1.2 with a port number of 1050 is translated into an outside local address of 172.16.1.100 with a port number of 2050.

Notice that both client 1 and client 2 had their inside local addresses translated into the same inside global address of 172.16.1.100. Therefore, when the web server sends packets back to client 1 and client 2, those packets are destined for the same IP address (172.16.1.100). However, when router R1 receives those packets, it knows to which client each packet should be forwarded based on the destination port number. For example, if a packet from the web server (192.168.1.1) arrived at router R1 with a destination IP address of 172.16.1.100 and a destination port number of 2050, router R1 would translate the destination IP address to 10.1.1.2 with a port number of 1050, which would be forwarded to client 2.

Multicast Routing

Chapter 5 introduced the concept of multicast transmission, where a multicast sender could send traffic destined for a Class D IP address, known as a multicast group, and devices on a network wanting to receive that transmission could join that multicast group. Let us now consider how a client joins a multicast group and how routers route multicast traffic. Keep in mind that one of the main goals with multicast traffic is to send that traffic only to devices in a network wanting to receive that traffic. Two primary protocols used for multicast are Internet Group Management Protocol (IGMP) and Protocol Independent Multicast (PIM).

Note

A surprising amount of networking literature incorrectly states that IGMP stands for Internet Group Multicast Protocol.

IGMP

The protocol used between clients (for example, PCs) and routers to let routers know which of their interfaces have multicast receivers attached is IGMP. Although three versions of IGMP exist (as described in the list that follows), only two versions (version 1 and version 2) are in wide-scale deployment:

Image IGMP Version 1 (IGMPv1): When a PC wants to join a multicast group, it sends an IGMP report message to its router, letting the router know it wants to receive traffic for a specific group. Every 60 seconds, by default, the router sends an IGMP query message to determine if the PC still wants to belong to the group. There can be up to a 3-minute delay before a router realizes the receiver left the group. The destination address of this router query is 224.0.0.1, which addresses all IP multicast hosts.

Image IGMP Version 2 (IGMPv2): Similar to IGMPv1, except IGMP version 2 can send queries to a specific group and support a leave message. Specifically, a receiver can proactively send a leave message when it no longer wants to participate in a multicast group, allowing the router to prune its interface earlier than it would have with IGMPv1.

Image IGMP Version 3 (IGMPv3): Adds a feature called source-specific multicast (SSM), which allows a client to request traffic not only destined for a particular multicast group but also sourced from a specific server. For example, you could have multiple video servers streaming different video streams, all destined for the same multicast group. However, when a client joined that group, with SSM (as supported by IGMPv3), that client could request that it only receive traffic sourced from a specific server. This would provide support for multiple multicast sessions while consuming only one Class D IP address.

Consider Figure 6-15, which shows a basic multicast topology. Of the three PCs on the network, only PC2 wants to receive the multicast traffic. How do the switch and router know to only forward traffic out ports leading to PC2 (the multicast receiver)?

Image

Image

Figure 6-15 Multicast Receiver Joining a Multicast Group

C2 indicates it wants to belong to the multicast group of 239.1.2.3 by sending an IGMP join message to its default gateway. The switch through which the IGMP join message passes is enabled with the IGMP snooping feature, which allows the switch to eavesdrop on the IGMP join message and determine the multicast group that PC2 wants to join. Then, in the future, when the switch receives traffic from the router destined for 239.1.2.3, the switch will only forward those packets out the port connected to PC2.

When the router receives the IGMP join message from PC2, it knows that it should only forward traffic destined for 239.1.2.3 out the interface on which a IGMP join message was received. As a result, when the multicast source sends a stream of traffic, that traffic is only forwarded out the router port and the switch port leading to PC2, as shown in Figure 6-16.

Image

Figure 6-16 Multicast Traffic Only Being Forwarded to the Multicast Receiver

PIM

Although IGMP allows a multicast receiver to join a multicast group, we still have a need for a multicast routing protocol, which routes multicast traffic between multicast-enabled routers. The most popular multicast routing protocol is PIM. PIM’s main purpose is to form a multicast distribution tree, which is the path (or paths) over which multicast traffic flows. PIM has two modes of operation: PIM dense mode (PIM-DM) and PIM sparse mode (PIM-SM).

PIM-DM

PIM-DM uses a source distribution tree, meaning that an optimal path is formed between the source router in a multicast network (that is, the router closest to the multicast sender) and each last-hop router (the router closest to each multicast receiver). However, before this optimal source distribution tree is formed, traffic from the multicast source is initially flooded throughout the entire network, as shown in Figure 6-17.

Image

Figure 6-17 PIM-DM Flooding

Obviously, this initial flooding of multicast traffic causes traffic to be sent to routers not needing the multicast traffic, and it can unnecessarily consume bandwidth on the links between routers. After this initial flooding occurs, if a router interface receives the multicast traffic, and that traffic is not needed by the router (or if the traffic is needed by the router, but on a different interface), the router interface sends a prune message to its neighboring router, asking that it be pruned off of the source distribution tree, as shown in Figure 6-18.

Image

Figure 6-18 PIM-DM Pruning

After sending these prune messages, the resulting source distribution tree (the path over which the multicast packets flow) is an optimal path between the source router and the last-hop router, as shown in Figure 6-19.

Image

Figure 6-19 PIM-DM Source Distribution Tree After Pruning

A benefit of PIM-DM is that an optimal path is formed between the source router and each last-hop router. However, the drawback of PIM-DM is that a network must undergo the flood and prune behavior, as previously described, to form the optimal distribution tree. Also, even after the optimal distribution tree is formed, the flooding and pruning repeats every 3 minutes. Such a periodic flooding of traffic might cause a significant performance impact on a network.

PIM-SM

PIM-SM uses a shared distribution tree. A shared distribution tree does not initially form an optimal path between a source router and each last-hop router. Instead, a multicast source sends traffic directly to another router, called a rendezvous point (RP). When another router in the multicast network wants to join the multicast distribution tree (because it received an IGMP join message from a client), that last-hop router sends a join message to the RP to join the shared distribution tree, as shown in Figure 6-20. The tree is called a shared distribution tree because all last-hop routers (routers with downstream multicast receivers) send join messages to the same RP.

Image

Figure 6-20 PIM-SM Shared Distribution Tree

The benefit of PIM-SM is that the flood and prune behavior of PIM-DM is avoided. However, by inspecting Figure 6-20, you might conclude that a drawback of PIM-SM is that a suboptimal distribution tree might be formed. Although that is initially true, after a last-hop router receives the first multicast packet from the multicast source, it can see the IP address of the multicast source. Then, based on its unicast routing table, a last-hop router can form an optimal distribution tree and then prune off the branch of the tree connecting it to the RP. This behavior is called shortest path tree (SPT) switchover. Figure 6-21 shows the resulting distribution tree.

Image

Figure 6-21 PIM-SM Distribution Tree After SPT Switchover

With the addition of the SPT switchover feature, PIM-SM is the preferred approach to forming a multicast distribution tree because it gives you an optimal path from the source router to each last-hop router and it avoids the flood and prune behavior of PIM-DM.

Real-World Case Study

Acme Inc. has decided to use a link-state routing protocol for dynamic routing between their LANs and the remote offices, which are connected over the WANs. The link-state protocol they have chosen is OSPF. Each of the routers that have connections to the LAN and WAN subnets will learn about and advertise OSPF routes with their OSPF neighbors.

The branch offices will have a default route that points toward the headquarters routers, and at the headquarters site, they will use a default route that points toward the service provider. Acme Inc. itself will not be using BGP, but their WAN and Internet service provider, which is interacting with other service providers, will use BGP.

IP packets from Acme’s LAN, which are using private IP addresses, will have a DNAT translation performed as those packets are routed out to the Internet through the service provider network. The service provider will use one or more globally routable addresses for the NAT between Acme’s networks and the Internet. Traffic between the headquarters office and the remote branch office will be routed normally, without adding NAT for the intracompany connections.

Acme may use multicast routing internally for video streams that are delivering a morning status report from Acme’s president on a daily basis. By using multicast, the server can send out one stream of data, and the multicast-enabled network can deliver the multicast content to members of the group who have requested and joined that multicast group and have the software running on their computers or mobile devices to enable them to see it.

Summary

The main topics covered in this chapter are the following:

Image How routers forward traffic through a network based on source and destination IP addresses.

Image The sources of route information used to populate a router’s routing table. These sources include directly connected routes, statically configured routes, and dynamically learned routes.

Image A distinction was made between routed protocols (for example, IP) and routing protocols (such as OSPF or EIGRP).

Image Some routing sources are more trustworthy than other routing sources, based on their administrative distances.

Image Different routing protocols use different metrics to select the best route in the presence of multiple routes.

Image This chapter distinguished between IGPs (which run within an autonomous system) and EGPs (which run between autonomous systems).

Image The behavior of distance-vector and link-state routing protocols was contrasted, and you saw how spilt horizon and poison reverse could prevent a routing loop in a distance-vector routing protocol environment.

Image Today’s most popular routing protocols (including RIP, OSPF, IS-IS, EIGRP, and BGP) were presented, along with their characteristics.

Image NAT can be used to translate private IP addresses inside a network to publicly routable IP addresses. Additionally, this chapter contrasted variations of NAT: PAT, SNAT, and DNAT.

Image This chapter discussed the IGMP and PIM protocols used in multicast networks. These protocols work together to allow a network to only forward multicast traffic over links needing that traffic.

Exam Preparation Tasks

Review All the Key Topics

Review the most important topics from inside the chapter, noted with the Key Topic icon in the outer margin of the page. Table 6-4 lists these key topics and the page numbers where each is found.

Image

Table 6-4 Key Topics for Chapter 6

Complete Tables and Lists from Memory

Print a copy of Appendix D, “Memory Tables” (found on the DVD), or at least the section for this chapter, and complete the tables and lists from memory. Appendix E, “Memory Table Answer Key,” also on the DVD, includes the completed tables and lists so you can check your work.

Define Key Terms

Define the following key terms from this chapter, and check your answers in the Glossary:

ARP

TTL

default static route

next-hop

routed protocol

routing protocol

administrative distance

metric

IGP

EGP

distance-vector

link-state

hold-down timer

split horizon

poison reverse

LSA

RIP

OSPF

IS-IS

EIGRP

BGP

route redistribution

NAT

DNAT

SNAT

PAT

IGMP

PIM

Complete Chapter 6 Hands-On Lab in Network+ Simulator Lite

Image Reading a Routing Table

Review Questions

The answers to these review questions are in Appendix A, “Answers to Review Questions.”

1. If a PC on an Ethernet network attempts to communicate with a host on a different subnet, what destination IP address and destination MAC address will be placed in the packet/frame header sent by the PC?

a. Dest. IP: IP address of default gateway. Dest. MAC: MAC address of default gateway.

b. Dest. IP: IP address of remote host. Dest. MAC: MAC address of default gateway.

c. Dest. IP: IP address of remote host. Dest. MAC: MAC address of remote host.

d. Dest. IP: IP address of remote host. Dest. MAC: MAC address of local PC.

2. What protocol is used to request a MAC address that corresponds to a known IPv4 address on the local network?

a. IGMP

b. TTL

c. ICMP

d. ARP

3. What is the network address and subnet mask of a default route?

a. 255.255.255.255/32

b. 0.0.0.0/32

c. 255.255.255.255/0

d. 0.0.0.0/0

4. What routing protocol characteristic indicates the believability of the routing protocol (as opposed to other routing protocols)?

a. Weight

b. Metric

c. Administrative distance

d. SPF algorithm

5. Which of the following are distance-vector routing protocol features that can prevent routing loops? (Choose two.)

a. Reverse path forwarding (RPF) check

b. Split horizon

c. Poison reverse

d. Rendezvous point

6. Which of the following is a distance-vector routing protocol with a maximum usable hop count of 15?

a. BGP

b. IS-IS

c. RIP

d. OSPF

7. Which of the following routing protocols is an EGP?

a. BGP

b. IS-IS

c. RIP

d. OSPF

8. What NAT IP address is a public IP address that maps to an inside device?

a. Inside local

b. Inside global

c. Outside local

d. Outside global

9. What NAT variation automatically assigns an inside global address from a pool of available addresses?

a. SNAT

b. DNAT

c. PAT

d. GNAT

10. What multicast protocol is used between clients and routers to let routers know which of their interfaces are connected to a multicast receiver?

a. IGMP

b. PIM-DM

c. PIM-SM

d. SPT switchover