Introduction To Routing

Introduction

Routing is one of the most important features in a network that needs to connect with other networks. In this
page we try to explain the difference between Routed and Routing protocols and explain different methods used
to achieve the routing of protocols.The fact is that if routing of protocols was not possible, then we wouldn't be
able to comminucate using computers because there would be no way of getting the data across to the other
end !

Definition

Routing is used for taking a packet (data) from one device and sending it through the network to another device
on a different network. If your network has no routers then you are not routing. Routers route traffic to all the
networks in your internetwork. To be able to route packets, a router must know the following :

 Destination address

 Neighbor routers from which it can lean about remote networks

 Possible routes to all remote networks

 The best route to each remote network

 How to maintain and verify routing information

Before we go on, I would like to define 3 networking terms :

Convergence: The process required for all routers in an internetwork to update their routing tables and create a
consistent view of the network, using the best possible paths. No user data is passed during convergence.

Default Route: A "standard" route entry in a routing table which is used as a first option. Any packets sent by a
device will be sent first to the default route. If that fails, it will try alternative routes.

Static Route: A permanent route entered manually into a routing table. This route will remain in the table, even
if the link goes down. It can only be erased manually.

Dynamic Route: A route entry which is dynamically (automatically) updated as changes to the network occur.
Dynamic routes are basically the opposite to static routes.

We start off with the explanation of the IP routing process and move onto routed protocols, then tackle the
routing protocols and finally the routing tables. There is plenty to read about, so grab that tea or coffee and let's
start !

1
The IP Routing Process
Introduction

We are going to take a look at what happens when routing occurs on a network. When I was new to the
networking area, I thought that all you needed was the IP Address of the machine you wanted to contact but so
little did I know. You actually need a bit more information than just the IP Address !

The process we are going to explain is fairly simple and doesn't really change, no matter how big your network
is.

The Example:

In our example, we have 2 networks, Network A and Network B. Both networks are connected via a router
(Router A) which has 2 interfaces: E0 and E1. These interfaces are just like the interface on your network card
(RJ-45), but built into the router.

Now, we are going to describe step by step what happens when Host A (Network A) wants to communicate
with Host B (Network B) which is on a different network.

1) Host A opens a command prompt and enters >Ping 200.200.200.5.

2) IP works with the Address Resolution Protocol (ARP) to determine which network this packet is destined for
by looking at the IP address and the subnet mask of the Host A. Since this is a request for a remote host, which
means it is not destined to be sent to a host on the local network, the packet must be sent to the router (the
gateway for Network A) so that it can be routed to the correct remote network (which is Network B).

3) Now, for Host A to send the packet to the router, it needs to know the hardware address of the router's
interface which is connected to its network (Network A), in case you didn't realise, we are talking about the
MAC (Media Access Control) address of interface E0. To get the hardware address, Host A looks in its ARP
cache - a memory location where these MAC addresses are stored for a few seconds .

2
4) If it doesn't find it in there it means that either a long time has passed since it last contacted the router or it
simply hasn't resolved the IP address of the router (192.168.0.1) to a hardware address (MAC). So it then sends
an ARP broadcast. This broadcast contains the following "What is the hardware (MAC) address for IP
192.168.0.1 ? ". The router identifies that IP address as its own and must answer, so it sends back to Host A a
reply, giving it the MAC address of its E0 interface. This is also one of the reasons why sometimes the first
"ping" will timeout. Because it takes some time for an ARP to be sent and the requested machine to respond
with its MAC address, by the time all that happens, the TTL (Time To Live) of the first ping packet has expired,
so it times out !

5) The router responds with the hardware address of its E0 interface, to which the 192.168.0.1 IP is bound. Host
A now has everything it needs in order to transmit a packet out on the local network to the router. Now, the
Network Layer hands down to the Datalink Layer the packet it generated with the ping (ICMP echo request),
along with the hardware address of the router. This packet includes the source and destination IP address as well
as the ICMP echo request which was specified in the Network Layer.

3
 

6) The Datalink Layer of Host A creates a frame, which encapsulates the packet with the information needed to
transmit on the local network. This includes the source and destination hardware address (MAC) and the type
field which specifies the Network Layer protocol e.g IPv4 (that's the IP version we use), ARP. At the end of the
frame, in the FCS portion of the frame, the Datalink Layer will stick a Cyclic Redundancy Check (CRC) to
make sure the receiving machine (the router) can figure out if the frame it received has been corrupted. To learn
more on how the frame is created, visit the Data Encapsulation - Decapsulation.

7) The Datalink Layer of Host A hands the frame to the Physical layer which encodes the 1s and 0s into a
digital signal and transmits this out on the local physical network.

8)The signal is picked up by the router's E0 interface and reads the frame. It will first do a CRC check and
compare it with the CRC value Host A added to this frame, to make sure the frame is not corrupt.

9)After that, the destination hardware address (MAC) of the received frame is checked. Since this will be a
match, the type field in the frame will be checked to see what the router should do with the data packet. IP is in
the type field, and the router hands the packet to the IP protocol running on the router. The frame is stripped and
the original packet that was generated by Host A is now in the router's buffer.

10) IP looks at the packet's destination IP address to determine if the packet is for the router. Since the
destination IP address is 200.200.200.5, the router determines from the routing table that 200.200.200.0 is a
directly connected network on interface E1.

4
11) The router places the packet in the buffer of interface E1. The router needs to create a frame to send the
packet to the destination host. First, the router looks in the ARP cache to determine whether the hardware
address has already been resolved from a prior communication. If it is not in the ARP cache, the router sends an
ARP broadcast out E1 to find the hardware address of 200.200.200.5

12) Host B responds with the hardware address of its network interface card with an ARP reply. The router's E1
interface now has everything it needs to send the packet to the final destination.

5
13)The frame generated from the router's E1 interface has the source hardware address of E1 interface and the
hardware destination address of Host B's network interface card. However, the most important thing here is that
even though the frame's source and destination hardware address changed at every interface of the router it was
sent to and from, the IP source and destination addresses never changed. The packet was never modified at all,
only the frame changed.

14) Host B receives the frame and runs a CRC. If that checks out, it discards the frame and hands the packet to
IP. IP will then check the destination IP address. Since the IP destination address matches the IP configuration
of Host B, it looks in the protocol field of the packet to determine the purpose of the packet.

15) Since the packet is an ICMP echo request, Host B generates a new ICMP echo-reply packet with a source IP
address of Host B and a destination IP address of Host A. The process starts all over again, except that it goes in
the opposite direction. However, the hardware address of each device along the path is already known, so each
device only needs to look in its ARP cache to determine the hardware (MAC) address of each interface.

And that just about covers our routing analysis. If you found it confusing, take a break and come back later on
and give it another shot. Its really simple once you grasp the concept of routing.

Routing Protocols
Introduction

Routing protocols were created for routers. These protocols have been designed to allow the exchange of
routing tables, or known networks, between routers. There are a lot of different routing protocols, each one
designed for specific network sizes, so I am not going to be able to mention and analyse them all, but I will
focus on the most popular.

The two main types of routing: Static routing and Dynamic routing

The router learns about remote networks from neighbor routers or from an administrator. The router then builds
a routing table, the creation of which I will explain in detail, that describes how to find the remote networks. If
the network is directly connected then the router already knows how to get to the network. If the networks are
not attached, the router must learn how to get to the remote network with either static routing (administrator

6
manualy enters the routes in the router's table) or dynamic routing (happens automaticlly using routing
protocols).

The routers then update each other about all the networks they know. If a change occurs e.g a router goes down,
the dynamic routing protocols automatically inform all routers about the change. If static routing is used, then
the administrator has to update all changes into all routers and therefore no routing protocol is used.

Only Dynamic routing uses routing protocols, which enable routers to:

 Dynamically discover and maintain routes

Statically programmed routers are unable to discover routes, or send routing information to other routers. They
send data over routes defined by the network Administrator.

A Stub network is so called because it is a dead end in the network. There is only one route in and one route out
and, because of this, they can be reached using static routing, thus saving valuable bandwidth.

Dynamic Routing Protocols

There are 3 types of Dynamic routing protocols, these differ mainly in the way that they discover and make
calculations about routes (click to select):

1) Distance Vector

2) Link State

3) Hybrid

 Distance Vector routers compute the best path from information passed to them from neighbors

 Link State routers each have a copy of the entire network map

 Link State routers compute best routes from this local map

The Table below (clickable) shows the main characteristics of a few different types of dynamic routing
protocols:

7
You can also clasify the routing protocols in terms of their location on a network. For example, routing
protocols can exist in, or between, autonomous systems.

Exterior Gateway Protocols (EGP's) are found between autonomous systems, whereas Interior Gateway
Protocols (IGP'S) are found within autonomous systems:

Example of an EGP is the Border Gateway Protocol (BGP) which is also used amongst the Internet routers,
whereas examples of IGP protocols are RIP, IGRP, EIGRP.

Distance Vector Routing Protocols

Distance Vector routing protocols use frequent broadcasts (255.255.255.255 or FF:FF:FF:FF) of their entire
routing table every 30 sec. on all their interfaces in order to communicate with their neighbours. The bigger the
routing tables, the more broadcasts. This methodology limits significantly the size of network on which
Distance Vector can be used.

Routing Information Protocol (RIP) and Interior Gateway Routing Protocol (IGRP) are two very popular
Distance Vector routing protocols. You can find links to more information on these protocols at the bottom of
the page. (That's if you haven't had enough by the time you get there !)
8
Distance Vector protocols view networks in terms of adjacent routers and hop counts, which also happens to be
the metric used. The "hop" count (max of 15 for RIP, 16 is deemed unreachable and 255 for IGMP), will
increase by one every time the packet transits through a router.

So the router makes decisions about the way a packet will travel, based on the amount of hops it takes to reach
the destination and if it had 2 different ways to get there, it will simply send it via the shortest path, regardless
of the connection speed. This is known as pinhole congestion.

Below is a typical routing table of a router which uses Distance Vector routing protocols:

Let's explain what is happening here :

In the above picture, you see 4 routers, each connected with its neighbour via some type of WAN link e.g
ISDN.

Now, when a router is powered on, it will immediately know about the networks to which each interface is
directly connected. In this case Router B knows that interface E0 is connected to the 192.168.0.0 network and
the S0 interface is connected to the 192.168.10.0 network.

Looking again at the routing table for Router B, the numbers you see on the right hand side of the interfaces are
the "hop counts" which, as mentioned, is the metric that distance vector protocols use to keep track on how far
away a particular network is. Since these 2 networks are connected directly to the router's interface, they will
have a value of zero (0) in the router's table entry. The same rule applies for every router in our example.

Remember we have "just turn the routers on", so the network is now converging and that means that there is no
data being passed. When I say "no data" I mean data from any computer or server that might be on any of the
networks. During this "convergence" time, the only type of data being passed between the routers is that which
allows them to populate their routing tables and after that's done, the routers will pass all other types of data
between them. That's why a fast convergence time is a big advantage.

One of the problems with RIP is that it has a slow convergence time.

9
Let's explain what we see :

In the above picture, the network is said to have "converged", in other words, all routers on the network have
populated their routing table and are completly aware of the networks they can contact. Since the network is
now converged, computers in any of the above networks can contact each other.

Again, looking at one of the routing tables, you will notice the network address with the exit interface on the
right and next to that is the hop count to that network. Remember that RIP will only count up to 15 hops, after
which the packet is discarded (on hop 16).

Each router will broadcast its entire routing table every 30 seconds.

Routing based on Distance Vector can cause a lot of problems when links go up and down, this could result in
infinite loops and can also de-synchronise the network.

Routing loops can occur when every router is not updated close to the same time.

Let's have a look at the problem before we look at the various solutions:

Let's explain :
10
In the above picture you can see 5 routers of which routers A and B are connected with Router C, and they all
end up connecting via routers D and E to Network 5.

Now as the above picture shows, Network 5 fails.

All routers know about Network 5 from Router E. For example, Router A, in its tables, has a path to Network 5
through routers B,D and E.

When Network 5 fails, Router E knows about it since it's directly connected to it and tells Router D about it on
its next update (when it will broadcast its entire routing table). This will result in Router D stopping routing data
to Network 5 through Router E. But as you can see in the above picture, routers A B and C don't know about
Network 5 yet, so they keep sending out update information. Router D will eventually send out its update and
cause Router B to stop routing to Network 5, but routers A and C are still not updated. To them, it appear that
Network 5 is still available through Router B with a metric of 3 !

11
Now Router A sends its regular broadcast of its entire routing table which includes reachability for Network 5.
Routers C and B receive the wonderful news that Network 5 can be reached from Router A, so they send out the
information that Network 5 is now available !

From now on, any packet with a destination of Network 5 will go to Router A then to Router B and from there
back to Router A (remember that Router B got the good news that Network 5 is available via Router A).

So this is where things get a bit messy and you have that wonderful loop, where data just gets passed around
from one router to another. Seems like they are playing ping pong :)

To deal with these problems we use the following techniques:

Maximum Hop Count

The routing loop we just looked at is called "counting to infinity" and it is caused by gossip and wrong
information being communicated between the routers. Without something to protect against this type of a loop,
the hop count will keep on increasing each time the packet goes through a router ! One way of solving this
problem is to define a maximum hop count. Distance Vector (RIP) permits a hop count of up to 15, so anything
that needs 16 hops is unreachable. So if a loop occurred, it would go around the network until the packet
reached a hop count of 15 and the next router would simply discard the packet.

Split Horizon

Works on the principle that it's never useful to send information about a router back to the destination from
which the original packet came. So if for example I told you a joke, it's pointless you telling me that joke again !

In our example it would have prevented Router A from sending the updated information it received from Router
B back to Router B.

Route Poisoning : Alternative to split horizon, when a router receives information about a route from a
particular network, the router advertises the route back to that network with the metric of 16, indicating that the
destination is unreachable.

In our example, this means that when Network 5 goes down, Router E initiates router poisoning by entering a
table entry for Network 5 as 16, which basically means it's unreachable. This way, Router D is not susceptible
12
to any incorrect updates about the route to Network 5. When Router D receives a router poisoning from Router
E, it sends an update called a poison reverse, back to Router E. This make sure all routes on the segment have
received the poisoned route information.

Route poisoning, used with hold-downs (see section below) will certainly speed up convergence time because
the neighboring routers don't have to wait 30 seconds before advertising the poisoned route.

Hold-Down Timers

Routers keep an entry for the network-down state, allowing time for other routers to recompute for this topology
change, this way, allowing time for either the downed router to come back or the network to stabilise somewhat
before changing to the next best route.

When a router receives an update from a neighbor indicating that a previously accessible network is not
working and is inaccessible, the hold-down timer will start. If a new update arrives from a neighbor with a
better metric than the original network entry, the hold-down is removed and data is passed. But an update is
received from a neighbor router before the hold-down timer expires and it has a lower metric than the previous
route, therefore the update is ignored and the hold-down timer keeps ticking. This allows more time for the
network to converge.

Hold-down timers use triggered updates, which reset the hold-down timer, to alert the neighbor's routers of a
change in the network. Unlike update messages from neighbor routers, triggered updates create a new routing
table that is sent immediatley to neighbor routers because a change was detected in the network.

There are three instances when triggered updates will reset the hold-down timer:

1) The hold-down timer expires

2) The router received a processing task proportional to the number of links in the internetwork.

3) Another update is received indicating the network status has changed.

In our example, any update received by Router B from Router A, would not be accepted until the hold-down
timer expires. This will ensure that Router B will not receive a "false" update from any routers that are not
aware that Network 5 is unreachable. Router B will then send a update and correct the other routers' tables.

Routing Information Protocol - RIP

Routing Information Protocol (RIP) is a true Distance-Vector routing protocol. It sends the complete routing
table out to all active interfaces every 30 seconds. RIP only uses hop count to determine the best way to a
remote network, but it has a maximum allowable hop count of 15, meaning that 16 is deemed unreachable. RIP
works well in small networks, but it is inefficient on large networks with slow WAN links or on networks with
large number of routers installed.

RIP comes in two different versions. RIP version 1 uses only classful routing, which means that all devices in
the network must use the same subnet mask. This is because RIP version 1 does not include the subnet mask
when it sends updates. RIP v1 uses broadcasts (255.255.255.255).

13
RIP version 2 does, however, and this is what we call classless routing (check the Subnetting section for more
details). RIP v2 uses multicasts (224.0.0.9) to update its routing tables.

Route Update Timer: Sets the interval, usually 30 seconds, between periodic routing updates, in which the
router sends a complete copy of its routing table out to all neighbor routers.

Route Invalid Timer: Determines the length of time that must expire, usually 90 seconds, before the router
determines that a route is invalid. It will come to this conclusion if it doesn't hear any updates about that route
for that period. When the timer expires, the router will send out an update to its neighbors letting them know
that the route is invalid.

Route Flush Timer: Sets the time between a route becoming invalid and its removal from the routing table (240
secs). Before it's removed, the router will notify its neighbors of that route's impending doom ! The value of the
route invalid timer must be less than that of the route flush timer. This is to provide the router with enough time
to tell its neighbors about the invalid route before the routing table is updated.

Interior Gateway Protocol - IGRP

Interior Gateway Routing Protocol (IGRP) is a Cisco proprietary Distance-Vector routing protocol. This means
that all your routers must be Cisco routers in order to use IGRP in your network, keep in mind that Windows
2000 now supports it as well because they have bought a licence from Cisco to use the protocol !

Cisco created this routing protocol to overcome the problems associated with RIP.

IGRP has a maximum hop count of 255 with a default of 100. This is helpful in larger networks and solves the
problem of there being only 15 hops maximum possible in a RIP network. IGRP also uses a different metric
from RIP. IGRP uses bandwidth and delay of the line by default as a metric for determining the best route to an
internetwork. This is called a composite metric. Reliability, load and Maximum Transmission Unit (MTU) can
also be used, although they are not used by default.

IGRP has a set of timers to enhance its performance and functionality:

Update Timer: These specify how frequently routing-update messages should be sent. The default is 90
seconds.

Invalid Timers: These specify how long a router should wait before declaring a route invalid if it doesn't receive
a specific update about it. The default is three times the update period.

Hold-down Timers: These specify the hold-down period. The default is three times the update timer period plus
10 seconds.

Route Flush Timer:These indicate how much time should pass before a route should be flushed from the routing
table. The default is seven times the routing period.

Link State Routing Protocols

Link State protocols, unlike Distance Vector broadcasts, use multicast.

Multicast is a "broadcast" to a group of hosts, in this case routers (Please see the multicast page for more
information). So if I had 10 router of which 4 where part of a "mutilcast group" then, when I send out a
multicast packet to this group, only these 4 routers will receive the updates, while the rest of them will simply
ignore the data. The multicast address is usually 224.0.0.5 & 224.0.0.6, this address is defined by the IGRP
(Interior Gateway Routing Protocol).

Link State routing protocols do not view networks in terms of adjacent routers and hop counts, but they build a
comprehensive view of the overall network which fully describes the all possible routes along with their costs.
Using the SPF (Shortest Path First) algorithm, the router creates a "topological database" which is a hierarchy
reflecting the network routers it knows about. It then puts it's self on the top of this hierarchy, and has a
complete picture from it's own perspective.

When a router using a Link State protocol, such a OSPF (Open Shortest Path First) knows about a change on
the network, it will multicast this change instantly, there for flooding the network with this information. The
information routers require to build their databases is provided in the form of Link State advertisement packets
(LSAP). Routers do not advertise their entire routing tables, instead each router advertises only its information
regarding immediately adjacent routers.

Link State protocols in comparison to Distance Vector protocols have:

 Big memory requirements

 Shortest path computations require many CPU circles

 If network is stable little bandwidth is used; react quickly to topology changes

 Announcements cannot be “filtered”. All items in the database must be sent to neighbors

 All neighbors must be trusted

 Authentication mechanisms can be used to avoid undesired adjacencies

 No split horizon techniques are possible

Even though Link State protocols work more efficiently, problem can arise. Usually problems occur cause of
changes in the network topology (links go up-down), and all routers don't get updated immediately cause they
might be on different line speeds, there for, routers connected via a fast link will receive these changes faster
than the others on a slower link.

Different techniques have been developed to deal with these problem and these are :

1) Dampen update frequency

2) Target link-state updates to multicast

15
3) Use link-state area hierarchy for topology

4) Exchange route summaries at area borders

5) Use Time-stamps Update numbering & counters

6) Manage partitions using a area hierarchy

Please select one of the following Link State routing protocols:

Open Shortest Path First - OSPF

Open Shortest Path First (OSPF) Routing Protocol

Open Shortest Path First (OSPF) is a routing protocol developed for Internet Protocol (IP) networks by the
interior gateway protocol (IGP) working group of the Internet Engineering Task Force (IETF). The working
group was formed in 1988 to design an IGP based on the shortest path first (SPF) algorithm for use in the
Internet. Similar to the Interior Gateway Routing Protocol (IGRP), OSPF was created because in the mid-1980s,
the Routing Information Protocol (RIP) was increasingly unable to serve large, heterogeneous internetworks.

OSPF is a classless routing protocol, which means that in its updates, it includes the subnet of each route it
knows about, thus, enabling variable-length subnet masks. With variable-length subnet masks, an IP network
can be broken into many subnets of various sizes. This provides network administrators with extra network-
configuration flexibility.These updates are multicasts at specific addresses (224.0.0.5 and 224.0.0.6).

The cool 3D diagram below shows us the information that each field of an OSPF packet contains:

16
Analysis Of "Type" Field

All OSPF packets begin with a 24-byte header, which is shown right above. There is however one field I would
like to give a bit more attention to, and this is the "Type" field which is 1 byte long.

As illustrated in the diagram, the "Type" field identifies the OSPF packet type as one of the following:

 Hello: Establishes and maintains neighbor relationships.

 Database Description: Describes the contents of the topological database. These messages are
exchanged when an adjacency is initialized.

 Link-state Request: Requests pieces of the topological database from neighbor routers. These messages
are exchanged after a router discovers (by examining database-description packets) that parts of its
topological database are out of date.

 Link-state Update: Responds to a link-state request packet. These messages also are used for the regular
dispersal of Link-State Acknowledgments (LSA). Several LSAs can be included within a single link-
state update packet.
17
  Link-state Acknowledgment: Acknowledges link-state update packets.

OSPF has two primary characteristics:

1) The protocol is open (non proprietary), which means that its specification is in the public domain. The OSPF
specification is published as Request For Comments (RFC) 1247.

2) The second principal characteristic is that OSPF is based on the SPF algorithm, which sometimes is referred
to as the Dijkstra algorithm, named for the person credited with its creation.

OSPF is a Link State routing protocol that calls for the sending of link-state advertisements (LSAs) to all other
routers within the same hierarchical area. Information on attached interfaces, metrics used, and other variables
is included in OSPF LSAs. As OSPF routers accumulate link-state information, they use the SPF algorithm to
calculate the shortest path to each node.

As a Link State routing protocol, OSPF contrasts with RIP and IGRP, which are Distance Vector routing
protocols. Routers running the Distance Vector algorithm send all or a portion of their routing tables in routing-
update messages to their neighbors.

Additional OSPF features include equal-cost, multipath routing, and routing based on upper-layer type-of-
service (TOS) requests. TOS-based routing supports those upper-layer protocols that can specify particular
types of service. An application, for example, might specify that certain data is urgent. If OSPF has high-
priority links at its disposal, these can be used to transport the urgent datagram.

OSPF supports one or more metrics. If only one metric is used, it is considered to be arbitrary, and TOS is not
supported. If more than one metric is used, TOS is optionally supported through the use of a separate metric
(and, therefore, a separate routing table) for each of the eight combinations created by the three IP TOS bits (the
delay, throughput, and reliability bits). If, for example, the IP TOS bits specify low delay, low throughput, and
high reliability, OSPF calculates routes to all destinations based on this TOS designation.

18