Network Protocols Routing Part 2 TDC375 Spring 2009 10 John Kristoff DePaul University 1 Examine your config Microsoft Windows ipconfig all route print UNIX varies depending on flavor ifconfig netstat arn or route n cat etc dhcp dhclient conf or something like it cat etc resolv conf Mac OS X Like UNIX but also check Sys prefs Network TDC375 Spring 2009 10 John Kristoff DePaul University 2 Determine your IPv4 IPv6 address es More than one Net mask in dotted decimal IPv4 and notation ARP cache Default route default router Network interface list Recursive caching name servers MAC address and OUI assignment TDC375 Spring 2009 10 John Kristoff DePaul University 3 Recall Routers as signposts Best match forwarding TDC375 Spring 2009 10 John Kristoff DePaul University 4 Hierarchical routing TDC375 Spring 2009 10 John Kristoff DePaul University 5 Route announcements TDC375 Spring 2009 10 John Kristoff DePaul University 6 Distance Vector DV Routing Routers gossip amongst themselves kind of like the telephone game As announcement propagates distance increases TDC375 Spring 2009 10 John Kristoff DePaul University 7 DV bootstrap 1 TDC375 Spring 2009 10 John Kristoff DePaul University 8 DV bootstrap 2 TDC375 Spring 2009 10 John Kristoff DePaul University 9 DV converged TDC375 Spring 2009 10 John Kristoff DePaul University 10 DV Summary Simple distance calculation determines path Periodic route updates sent to neighbors Convergence time can be slow Updates can be triggered upon a metric change Loop avoidance optimizations delay convergence Examples RIP IP IPX RIPv2 RIPng IGRP cisco TDC375 Spring 2009 10 John Kristoff DePaul University 11 Link state LS routing Routers exchange their connectivity in a LSP LSP link state packet as opposed to exchanging the routing table A LSP includes router id sequence number links and costs for each link time to live TTL TDC375 Spring 2009 10 John Kristoff DePaul University 12 LS bootstrap TDC375 Spring 2009 10 John Kristoff DePaul University 13 LS summary Each router builds their own map from LSPs Good convergence time Good loop avoidance Can be more complex and resource intensive Not really an issue these days in practice Generally preferable over distance vector Examples OSPF IS IS TDC375 Spring 2009 10 John Kristoff DePaul University 14 Path vector PV routing More similar to DV than LS Like DV routes are exchanged not connectivity Each hop appends itself to the path of a route A hop is an Autonomous System AS Path policy preferences influence route selection An AS is roughly an Autonomous ISP network i e paths can be altered routes can be rejected Examples BGP TDC375 Spring 2009 10 John Kristoff DePaul University 15 Influencing BGP route selection Most specific prefix best match still matters most Highest local preference value associated w route Shortest AS path length a weak form of distance Origin type e g IGP versus EGP Lowest MED a peer announced parameter Prefer external over internal route first received route lowest router id etc Use of community strings policy changes things TDC375 Spring 2009 10 John Kristoff DePaul University 16 IPv4 BGP Topology Example TDC375 Spring 2009 10 John Kristoff DePaul University 17 Protocol encapsulation RIP uses UDP port 521 via IP broadcast multicast IS IS runs directly over layer 2 multicast OSPF is IP protocol 89 via IP multicast BGP uses TCP port 179 unicast of course TDC375 Spring 2009 10 John Kristoff DePaul University 18 Example Implementations Cisco IOS Juniper JunOS Zebra and derivatives Quagga Vyatta BIRD Internet Rouding Daemon OpenBGPD MikroTik RouterOS TDC375 Spring 2009 10 John Kristoff DePaul University 19 BGP Remote Triggered Blackhole Goal Have remote router dev null certain traffic Trick use next hop address that points to dev null Trick Using policy set next hop for matching traffic Team Cymru bogon route server does this Many ISPs offer this as a DDoS relief service IPaddr getting packeted Have upstream null it Also see IETF RFC 5635 TDC375 Spring 2009 10 John Kristoff DePaul University 20 unicast Reverse Path Check uRPF Goal mitigate source address spoofing Trick Validate source address to ingress interface Is there a route back via that interface Loose versus strict mode Easier than ACLs filters Maybe Doesn t work for everyone What do you do if you have a default route TDC375 Spring 2009 10 John Kristoff DePaul University 21 Netflow Key router technology for analysis and monitoring Netflow is not like pcap A unidirectional summary of traffic for a flow Flow is a unique tuple of addrs proto ports Router exports flows at timer RST FIN etc Data may be limited due to sampling Scales very well and is very popular TDC375 Spring 2009 10 John Kristoff DePaul University 22 Netflow version 5 most popular Doesn t support IPv6 need Netflow v9 for that saddr daddr and netmasks Next hop address ingress egress interface id Total bytes packets in a flow Flow start end time Protocols ports type code TCP flags ToS bits src dst ASN peer or origin TDC375 Spring 2009 10 John Kristoff DePaul University 23 Netflow illustrated http flows is net depaul edu http flows ittns northwestern edu TDC375 Spring 2009 10 John Kristoff DePaul University 24 Flow specification flow spec Using BGP exchange flow spec to act on Largely used as a distributed firewall filter Can be more precise than a BGP RTBH Besides filtering you can rate limit log pass Not widely implemented Team Cymru beginning to provide this service TDC375 Spring 2009 10 John Kristoff DePaul University 25 Exchanges and Peering Networks need to connect to each other Question Who pays who Question Where do they physically connect at Peering is an entire ecosystem unto itself Paid versus settlement free peering Transit versus peering and exchanges Peering requirements and network types TDC375 Spring 2009 10 John Kristoff DePaul University 26