Full HTML for

Basic foilset Introduction to Network Security

Given by Roman Markowski at Lectures at Xi'an Jaotong University on Sept 1998. Foils prepared Dec. 6 98
Outside Index Summary of Material

Bridging protocols
  • Transparent bridging
  • Source-route bridging
  • Translational bridging
  • Source-Route Transparent bridging
Switching protocols
  • LAN switching
  • Tag switching
  • Data-Link Switching
  • Cell switching

Table of Contents for full HTML of Introduction to Network Security

 Denote Foils where Image Critical
Denote Foils where HTML is sufficient
1 Internetworking: Bridging, Switching and Routing
2 Bridging, Switching, Routing (1)
3 Bridging, Switching, Routing (2)
4 Bridging and Switching Basics (1)
5 Bridging and Switching Basics (2)
6 Bridging and Switching Basics (3)
7 Transparent Bridging (1)
8 Transparent Bridging (2)
9 Transparent Bridging (3)
10 Source Route Bridging (1)
11 Source Route Bridging (2)
12 Translational Bridging (1)
13 Translational Bridging (2)
14 Translational Bridging (3)
15 Source Route Transparent Bridging
16 LAN switching (1)
17 LAN switching (2)
18 LAN switching (3)
19 Tag switching (1)
20 Tag switching (2)
21 Tag switching (3)
22 Tag switching (4)
23 Data-Link Switching - DLSw
24 Cell switching
25 Routing Basics (1)
26 Routing Basics (2)
27 Routing Basics (3)
28 Routing Information Protocol (1)
29 Routing Information Protocol (2)
30 Interior Gateway Routing Protocol (1)
31 Interior Gateway Routing Protocol (2)
32 OSI Routing Protocol (1)
33 OSI Routing Protocol (2)
34 OSI Routing Protocol (3)
35 OSI Routing Protocol (4)
36 OSI Routing Protocol (5)
37 Open Shortest Path First (1)
38 Open Shortest Path First (2)
39 NetWare Link-Service Protocol (1)
40 NetWare Link-Service Protocol (2)
41 Enhanced IGRP (1)
42 Enhanced IGRP (2)
43 Enhanced IGRP (3)
44 IP Multicast (1)
45 IP Multicast (2)
46 IP Multicast (3)
47 BGP - Border Gateway Protocol (1)
48 BGP - Border Gateway Protocol (2)
49 RSVP (1)
50 RSVP (2)
51 RSVP (3)
52 RSVP (4)
53 RSVP (5)
54 CIDR (1)
55 CIDR (2)
56 CIDR (3)
57 CIDR (4)
58 Windows NT routing (1)
59 Windows NT routing (2)

Outside Index Summary of Material

HTML version of Basic Foils prepared Dec. 6 98

Foil 1 Internetworking: Bridging, Switching and Routing

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Roman Markowski
IS Manager
Northeast Parallel Architectures Center
September 1998
http://www.npac.syr.edu/users/roman/
HTML version of Basic Foils prepared Dec. 6 98

Foil 2 Bridging, Switching, Routing (1)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Bridging protocols
  • Transparent bridging
  • Source-route bridging
  • Translational bridging
  • Source-Route Transparent bridging
Switching protocols
  • LAN switching
  • Tag switching
  • Data-Link Switching
  • Cell switching
HTML version of Basic Foils prepared Dec. 6 98

Foil 3 Bridging, Switching, Routing (2)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Routing protocols
  • RIP - Routing Information Protocols
  • IGRP - Interior Gateway Routing Protocol
  • IS-IS - Intermediate System to Intermediate System
  • OSPF - Open Shortest Path First
  • NLSP - NetWare Link-Services Protocol
  • EIGRP - Enhanced IGRP
  • IP Multicast routing protocols
  • EGP - Exterior Gateway Protocol
  • BGP - Boarder Gateway Protocol
  • RSVP - Resource-Reservation Protocol
  • CIDR - Classless Inter-Domain Routing
  • Windows NT routing
HTML version of Basic Foils prepared Dec. 6 98

Foil 4 Bridging and Switching Basics (1)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Bridges and switches divide networks into self-contained units; minimizing traffic
Kinds of bridging
  • Transparent bridging - found in Ethernet environment
  • Source-route bridging - found in Token Ring environment
  • Translational bridging - translation between Ethernet and Token Ring media
  • Source-Route Transparent bridging - combines transparent and source-route bridging
Bridges can filter frames based on: source, destination, upper-level protocols
HTML version of Basic Foils prepared Dec. 6 98

Foil 5 Bridging and Switching Basics (2)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Types of bridges
  • local and remote
  • MAC-layer bridges (Media Access Control) - bridge between homogeneous networks
  • LLC-layer bridges (Logical Link Control) - can bridge between for example Ethernet and Token Ring
Switching - replace bridges and complements routers
Switches
  • are faster because they switch in hardware based on MAC addresses
  • support higher port densities than bridges
  • reduce collisions (provide dedicated bandwidth)
HTML version of Basic Foils prepared Dec. 6 98

Foil 6 Bridging and Switching Basics (3)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Switches methods
  • cut-through method
  • store and forward method
Types of switches
  • LAN switches : interconnect multiple LAN segments
  • WAN switches
  • ATM switches : support voice, video and data applications (switch fixed-size cells)
HTML version of Basic Foils prepared Dec. 6 98

Foil 7 Transparent Bridging (1)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
developed by Digital in the early 1980s
IEEE 802.1 standard
transparent bridges are transparent to network hosts; they learn the network topology by analyzing the source addresses of incoming frames from all attached networks
transparent bridge builds a table (host address, bridge port); the table is called filtering data base; the table is used for traffic forwarding
transparent bridge reduces the traffic by isolating intra-segment traffic
HTML version of Basic Foils prepared Dec. 6 98

Foil 8 Transparent Bridging (2)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
without a bridge-to-bridge protocol bridging fails because of a bridging loop; in addition to connectivity problem, proliferation of broadcast messages in networks with loops creates broadcast storms (both bridges will forward broadcast frames endlessly, using all available network bandwidth). On the other hand "a loop" implies the existence of multiple paths improves topological flexibility
H1
H2
B1
B2
H1
H1
H1,H2
H1,H2
HTML version of Basic Foils prepared Dec. 6 98

Foil 9 Transparent Bridging (3)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Spanning Tree Algorithm
  • developed by Digital
  • preserves the benefits of loops
  • eliminates "bridging loop problem"
  • IEEE 802.1d (final specification, not compatible with initial Digital solution)
  • there are 5 possible states considered by a bridge
    • disabled; blocking; listening; learning; forwarding
  • terminology
    • unique bridge identifier; port identifier; root bridge; path cost; root port; root path cost; designated bridge and port
HTML version of Basic Foils prepared Dec. 6 98

Foil 10 Source Route Bridging (1)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
IBM bridge architecture defined for Token Ring
IEEE 802.5 specification
2 numbers defined during configuration: ring number (12 bits) and bridge number (4 bits); the pair of numbers require a network uniqueness.
Support for parallel routes
Token
Ring
Token
Ring
bridge
HTML version of Basic Foils prepared Dec. 6 98

Foil 11 Source Route Bridging (2)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Source Route Bridge assumes that the complete source-to-destination route is placed in all inter-LAN frames sent by the source
Source Route Bridge stores and forwards frames
Frames: test frame and explorer frame used to discover source-to-destination path between host X and host Y
After a route is defined and selected, it is inserted into a routing information field (RIF) in frames
RIF consists of Routing Control Field and Routing Descriptor (up to 13 bridges / hops allowed)
HTML version of Basic Foils prepared Dec. 6 98

Foil 12 Translational Bridging (1)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Allows for unlike LANs to communicate ( for example Ethernet and Token Ring)
The key to Ethernet to token ring translation is the reverse order of significant bits for the MAC addresses in the destination and source address fields
Token
Ring
bridge
Ethernet
HTML version of Basic Foils prepared Dec. 6 98

Foil 13 Translational Bridging (2)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
There is a few implementations of Translational Bridging
Bits representing Token Ring functions that have no Ethernet corollary typically are thrown out by translational bridges ( priority, reservation, monitor bits)
Frame conversion:
  • IEEE 802.3 and Token Ring
  • Ethernet Type II and Token Ring
  • Ethernet Type II "0x80D5" and Token Ring
HTML version of Basic Foils prepared Dec. 6 98

Foil 14 Translational Bridging (3)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Translation Challenges (Ethernet vs. Token Ring)
  • incompatible bit order in MAC address
  • embedded MAC address - in some cases MAC address can appear in the data portion of a frame (for example RIP)
  • incompatible MTU size - bridges do not handle frame fragmentation and reassembly
  • handling of exclusive Token Ring functions: monitor bit, reservation bit, priority mechanism, frame status bits
  • handling of routing information field information within Token Ring frames
  • incompatible spanning tree algorithms
HTML version of Basic Foils prepared Dec. 6 98

Foil 15 Source Route Transparent Bridging

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Designed by IBM in 1990
Allows to inter-operate source route bridges and transparent bridges on the same network
Routing Information Indicator Bit is used to distinguish transparent bridging frames and source route bridging frames
SRT bridging permits the coexistence of two incompatible environments (Ethernet and Token Ring)
Spanning Tree Algorithm and Source Routing Path are used
HTML version of Basic Foils prepared Dec. 6 98

Foil 16 LAN switching (1)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
LAN switches (developed in 1990)
  • available for Ethernet, token ring, FDDI
  • provide much higher port density at a lower cost than traditional bridge
  • similar to transparent bridges: learning topology, forwarding, filtering
  • LAN switch is called "frame switch", ATM switch is called "cell switch"
  • micro-segmentation - fewer users per segment; collisions do not occur when one user per segment (dedicated bandwidth for a user)
HTML version of Basic Foils prepared Dec. 6 98

Foil 17 LAN switching (2)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
LAN switch supports:
  • full-duplex communication: effectively doubles the throughput
  • media-rate adaptation : translation between 10 and 100 Mbps
  • dedicated collision-free communication between network devices
  • multiple simultaneous conversation: forwarding or switching
  • several packets at the same time
LAN switch forwarding
  • store-and-forward :error checking is performed (cyclic redundancy check); errorous frames are discarded
  • cut-through: latency is reduced by eliminating error checking; only the destination address is copied into the on-board buffers
HTML version of Basic Foils prepared Dec. 6 98

Foil 18 LAN switching (3)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
LAN switch bandwidth
  • asymmetric switch: unequal bandwidth between ports
  • symmetric switch: evenly distributed bandwidth to each port
LAN switch vs. OSI RM
  • Layer 2 switch: performs switching and filtering based on MAC address; transparent to network protocols
  • Layer 2 switch with Layer 3 feature: switching decisions are based on MAC addresses and some Layer 3 traffic control features (broadcast, multicast, IP fragmentation)
  • multi-layer: makes switching decisions on the Layer 2 and Layer 3 addresses
HTML version of Basic Foils prepared Dec. 6 98

Foil 19 Tag switching (1)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Components
  • forwarding : uses tag information carried by packets, and tag-forwarding information maintained by a tag switch
  • control : responsible for maintaining correct tag-forwarding information among a group of interconnected tag switches
Tag switching can be implemented over any media type (point-to-point, ATM, etc)
Forwarding component
  • based on the notion of label swapping : the switch is using incoming packet tag information as an index in the TIB - Tag Information Base (outgoing tag, outgoing link-level info, outgoing interface)
HTML version of Basic Foils prepared Dec. 6 98

Foil 20 Tag switching (2)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Forwarding component
  • forwarding decision is based on exact-match algorithm using a fixed-length, fairly short tag as an index
    • simple forwarding procedure
    • high performance
    • straightforward hardware implementation
  • the same forwarding algorithm applies for unicast and multicast
  • tag forwarding component is independent of the network-layer protocol
HTML version of Basic Foils prepared Dec. 6 98

Foil 21 Tag switching (3)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Control component
  • based on the notion of binding between tag and network-layer routing
  • control component is responsible for creating tag bindings and then distributing the tag-binding information among tag switches
  • collection of modules; each designed to support a particular routing function
Modules to support routing functions
  • in destination based routing, a router makes a forwarding decisions based on the destination address carried in a packed and stored in the Forwarding Infrastructure Base (FIB) maintained by a router. There are 3 methods: downstream allocation, upstream allocation, downstream tag allocation on demand
HTML version of Basic Foils prepared Dec. 6 98

Foil 22 Tag switching (4)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Modules to support routing functions
  • in hierarchical routing, within a domain routing is provided via interior routing (e.g. OSPF), while routing access domains is provided via exterior routing (e.g. BGP)
    • tag switching allows the decoupling of interior and exterior routing
    • packets can carry no ONE but a set tags organized as a stack
  • in multicast routing , multicast routing procedures (e.g.PIM) are responsible for constructing spanning trees, with receivers as leaves
    • tag switch supports multicast by utilizing data-link layer multicast capabilities
QoS is a tag switch capability based on
  • classification of packets into different classes
  • handling of packets via appropriate QoS characteristics
HTML version of Basic Foils prepared Dec. 6 98

Foil 23 Data-Link Switching - DLSw

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
DLSw provides means of transporting IBM SNA and NetBIOS traffic over an IP network
Alternative to source-route bridging (SRB), which allows to transport SNA and NetBIOS traffic in Token Ring environment
IBM solution in 1992 (RFC 1434, 1795)
The principal difference between SRB and DLSw is in support of local termination
  • DLSw node or router terminates data-link control (DLC)
  • In SRB, data-link control is handled on an end-to-end basis
  • Switch-to-Switch Protocol (SSP) is used between DLSw nodes (routers) to establish connection, forward data and handle flow control
HTML version of Basic Foils prepared Dec. 6 98

Foil 24 Cell switching

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Fixed-size cells simplify requirements on the switching hardware (ATM, SMDS)
  • higher speeds; shorter transit delay; more efficient handling in queues; no link level error recovery (higher protocols are responsible for error checking in payload portion)
  • switch operation based on lookups in local translation table (inPort, inVPI, inVCI) <--> (outPort, outVPI, outVCI)
Most suitable to carry voice, video,data,image over the same physical link
Referred to as cell relay
Connectionless cell switching DQDB (IEEE 802.6) used by SMDS services; connection-oriented and connection-less used in ATM (53-byte cells)
HTML version of Basic Foils prepared Dec. 6 98

Foil 25 Routing Basics (1)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Routing - act of moving information across a network from source to destination; routing occurs at Layer 3 of OSI RM; routing became popular in mid-1980s
Routing components
  • Path determination (very complex)
  • Packet transportation (referred to as switching)
Path determination
  • routers maintain routing tables
  • routing algorithms fill routing tables (metric: cost, load, bandwidth, reliability, path length , hop count)
  • routing update messages
HTML version of Basic Foils prepared Dec. 6 98

Foil 26 Routing Basics (2)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Routing protocols
  • RIP - Routing Information Protocols
  • OSPF - Open Shortest Path First
  • IGRP - Interior Gateway Routing Protocol
  • EIGRP - Enhanced IGRP
  • IS-IS - Intermediate System to Intermediate System
  • EGP - Exterior Gateway Protocol
  • BGP - Boarder Gateway Protocol
Routed protocols (network protocols) are transported by routing protocols across an inter-network
  • IP, DECnet, AppleTalk, Novell NetWare, OSI, Banyan VINES, Xerox XNS
HTML version of Basic Foils prepared Dec. 6 98

Foil 27 Routing Basics (3)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Routing algorithms
  • goals: optimality, simplicity, stability, robustness, flexibility
  • static and dynamic
  • single-path and multi-path
  • flat and hierarchical (space of routers)
  • inter-domain (like RIP, IGRP) and intra-domain (like EGP, BGP)
  • host intelligent (end-node determines the whole path- source routing) and router intelligent
  • link-state (shortest path first - small updates everywhere, OSPF, IS-IS, E-IGRP) and distance vector (Bellman-Ford - larger updates only to neighboring routes, IGRP, RIP)
HTML version of Basic Foils prepared Dec. 6 98

Foil 28 Routing Information Protocol (1)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
RIP is a distance vector protocol that uses hop count as a metric
widely used in a global Internet
RIP is an interior gateway protocol - performs routing within a single routing domain (autonomous system)
"routed" - implementation of RIP shipped with Unix
AppleTalk RTMP and VINES RTP are based on RIP
There are 2 RIP specifications : RIP (RFC 1058 (1988)) and RIP 2 (RFC 1723 (1994))
HTML version of Basic Foils prepared Dec. 6 98

Foil 29 Routing Information Protocol (2)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
RIP Characteristics
  • RIP sends routing-updates messages at regular intervals and when the network topology changes (updates to routing tables)
  • RIP maintains only the best routes (with the lowest metric value)
  • RIP uses a single routing metric (hop count) to measure a distance between a source and a destination) - the maximum number of hops is 15
  • stability features: hold-down mechanism and split-horizon prevent incorrect routing information from being propagated
  • routing timer default = 30 sec
HTML version of Basic Foils prepared Dec. 6 98

Foil 30 Interior Gateway Routing Protocol (1)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Developed in the mid-1980s by Cisco Systems
Robust routing within a routing domain
many organizations replaced RIP by IGRP (RIP is limited to small networks)
IGRP works in IP networks and in CLNP (OSI ConnectionLess-Network Protocol) networks
Enhanced IGRP replaced IGRP in early 1990s
By default routing tables are updated every 90 sec
IGRP has a number of features (hold-downs, split-horizons,poison-reverse updates) designed to enhance IGRP stability
HTML version of Basic Foils prepared Dec. 6 98

Foil 31 Interior Gateway Routing Protocol (2)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
IGRP Characteristics
  • IGRP is a distance-vector interior gateway protocol (call at regular intervals only to neighboring routes for updates of routing tables)
  • metric is a weighted combination of inter-network delay, bandwidth, reliability and load; IGRP provide wide ranges for its metrics; metric components are combined in a user definable algorithm
  • multi-path routing allowed (single stream of traffic in round-robin fashion over more than one line)
HTML version of Basic Foils prepared Dec. 6 98

Foil 32 OSI Routing Protocol (1)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Open System Interconnection protocol suit uses a suite of routing protocols developed by ISO
  • IS-IS Intermediate System to Intermediate System
  • ES-IS End System to Intermediate System
  • IDRP Inter-Domain Routing Protocol
OSI Terminology
  • ES - end system: non-routing network node
  • IS - intermediate system : router
  • ES-IS - protocols enables ES and IS discover each other
  • IS-IS - provides routing between ISs
  • area - group of networks and hosts specified by an administrator
HTML version of Basic Foils prepared Dec. 6 98

Foil 33 OSI Routing Protocol (2)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
OSI Terminology
  • domain- collection of connection areas
  • Level 1 routing : IS-IS routing within one areas
  • Level 2 routing : IS-IS routing between domains
area
area
ES
IS
IS
IS
IS
ES
domain
Level 2
HTML version of Basic Foils prepared Dec. 6 98

Foil 34 OSI Routing Protocol (3)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
IS-IS
based on work done at Digital for DECnet Phase V
originally developed for CLNP (Connection-Less Network Protocol), then extended to IP (Integrated IS-IS)
ISO 10589 - specification of IS-IS
link-state hierarchical routing protocol
IS-IS packets have complex structure (hello packets, link-state packets, sequence number packets)
link-state update messages - ISs learn the network topology
IS-IS distinguishes between Level 1 and Level 2 ISs
default single metric assigned by an administrator (max path value 1024); optional metrics: delay, expense and error; IS-IS uses these metrics to compute routes through the network.
HTML version of Basic Foils prepared Dec. 6 98

Foil 35 OSI Routing Protocol (4)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
ES-IS
ISO 9542 specification
defines how hosts (ESs) and routers (ISs) learn about each other ( configuration process)
it is a "discovery" protocol ( ES hello messages and IS hello messages)
3 types of sub-networks: point-to-point (like WAN serial), broadcast (like Ethernet), general topology (like X.25)
HTML version of Basic Foils prepared Dec. 6 98

Foil 36 OSI Routing Protocol (5)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
IDRP
ISO 10747 specification
routing between domains
operates seamlessly with CLNP, ES-IS, IS-IS
based on BGP; support for CLNP QoS; reliability
security (cryptographic signatures on the per-packet basis)
Terminology:
  • BIS - border intermediate system
  • RD - routing domain
  • RDI - routing domain identifier
  • RIB - routing information base( routing database)
  • confederation - group of RDs nested within one another
HTML version of Basic Foils prepared Dec. 6 98

Foil 37 Open Shortest Path First (1)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
OSPF - developed (1988) for IP networks by IETF ( Internet Engineering Task Force)
interior gateway protocol
specification RFC 1247
based on SPF (shortest path algorithm = Dijkstra algorithm) developed in 1978 for ARPAnet; and a few other research efforts
OSPF characteristics
  • link-state routing protocol (link state information is used to calculate the shortest path to each node)
  • routers exchange link-state advertisements (LSAs) with all routers within the same hierarchical area
  • operates within the same hierarchy of routers; intra-autonomous system (AS - collection of networks under the common administration)
HTML version of Basic Foils prepared Dec. 6 98

Foil 38 Open Shortest Path First (2)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
AS is divided into areas
  • topological database keeps overall picture of networks in relationship to routers
  • area's topology is invisible to entities outside the area
  • intra-area routing ( source and destination within an area)
  • inter-area routing ( source and destination in different areas)
  • OSPF backbone connects Areas
HTML version of Basic Foils prepared Dec. 6 98

Foil 39 NetWare Link-Service Protocol (1)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Link-state routing protocol from Novell designed to overcome some of the limitations associated with the IPX RIP and Service Advertisement Protocol (SAP)
Based on OSI IS-IS
Better efficiency, scalability, routing than IPX RIP
Backwards compatible with RIP
NLSP-based routers store a complete map of the network
Routing information is exchanged only when topology changes
HTML version of Basic Foils prepared Dec. 6 98

Foil 40 NetWare Link-Service Protocol (2)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Supports: multicast addressing; parallel paths with load balancing; up to 127 hops (RIP only 15 hops)
NLSP supports: hierarchical routing ( areas, domains, inter-networks <--> Level 1, Level 2, Level 3)
Hierarchical addressing scheme:
  • area-address = network-address (32 bits) and mask (32 bits)
  • mask identifies how much of the network address refers to the area itself and how much to individual networks within the area
  • example: network address = 123456C1 mask = FFFFFF00 area = 123456; network within area = C1
HTML version of Basic Foils prepared Dec. 6 98

Foil 41 Enhanced IGRP (1)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Replaced its predecessor IGRP in early 1990s (by Cisco Systems)
Integrates capabilities of link-state protocol into distance-vector protocols
Incorporates Diffusing Update Algorithm (DUAL)
E-IGRP inter-operates with older IGPR routers and consumes less bandwidth than IGRP routers
E-IGRP supports
  • partial updates ( no periodic updates; only for routers that need info; only when the metric for a route changes)
  • multiple network layer protocols (IP, Appletalk, NetWare; for IP: implementation rebuilds routes learned from OSPF, RIP, IS-IS, EGP, BGP)
  • variable-length subnet mask
  • fast convergence (E-IGRP router stores all its neighboring tables)
HTML version of Basic Foils prepared Dec. 6 98

Foil 42 Enhanced IGRP (2)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Technologies used in E-IGRP:
  • neighbor discovery / recovery - dynamically learns about other routers in directly attached networks( periodically exchanged small hello packets)
  • reliable transport protocol (RTP) - responsible for guaranteed delivery of E_IGRP packets to all neighbors
  • protocol dependent modules - used for network layer protocol-specific requirements
  • DUAL finite-state machine - tracking all routers and selecting efficient, loop-free paths
Types of packets: hello and acknowledgment, update, query, replay
HTML version of Basic Foils prepared Dec. 6 98

Foil 43 Enhanced IGRP (3)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Four routing concepts used by E-IGRP
  • neighbor tables - information about all reachable and operational neighbor routers
  • topology tables - contains destination addresses and a list of neighbors that have advertised the destination
  • route states - active (requires re-computation) or passive
  • route tagging - routes are tagged individually with the identity of their origin; used buy administration to customize routing and maintain flexible policy control
HTML version of Basic Foils prepared Dec. 6 98

Foil 44 IP Multicast (1)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
routing technique that allows IP traffic to be sent from one or multiple sources to multiple destinations
a single packet is sent to a multicast group ( single IP destination group address)
IP multicasting is similar to IP broadcasting except that instead of all hosts receiving the data, only systems which belong to a multicast host group receive the data.
a multicast host group is a group of systems which have the same Class D IP destination address (for example 224.99.0.6); Class D covers addresses: 224.0.0.0 - 239.255.255.255
HTML version of Basic Foils prepared Dec. 6 98

Foil 45 IP Multicast (2)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
multicast must be enabled on hosts and routers. If multicast is not supported, we have to built a tunnel i.e. encapsulate multicast messages in unicast datagrams
IGMP - Internet Group Membership Protocol (RFC 1112) used to dynamically register hosts in a multicast group with a class D address
IP multicast routing protocols (communication between routers):
  • MOSPF - Multicast Open Shortest Path First (3Com) - multicast routing protocol; extension of OSPF; uses unicast routing protocol; MOSPF calculates routes from the source to all possible group members for a particular group; works only in inter-networks that use OSPF; optimized for small number of active sources
HTML version of Basic Foils prepared Dec. 6 98

Foil 46 IP Multicast (3)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
IP multicast routing protocols
  • DVMPR - Distance Vector Multicast Routing Protocol (Cisco, Bay,3Com) more complicated than RIP; used by MBONE; specification RFC 1075; uses reverse path flooding technique
  • PIM - Protocol Independent Multicast (routing protocol from Cisco, Bay Networks); PIM is used by multicast routers to determine which other multicast routers should receive multicast packets
    • PIM dense-mode: transmits packets to all LANs unless it receives instruction to the contrary; reverse path flooding algorithm;
    • PIM sparse-mode: transmits packets to LANs which have made "join" request; optimized for many data streams but relatively few LANs
HTML version of Basic Foils prepared Dec. 6 98

Foil 47 BGP - Border Gateway Protocol (1)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Routing involves 2 activities
  • optimal path determination ( complex issue)
  • transport of packets through network (relatively straightforward)
BGP performs inter-domain routing in TCP/IP networks
BGP is an exterior gateway protocol (performs routing between multiple autonomous systems or domains and exchanges routing information with other BGP systems)
BGP was developed to replace its predecessor: EGP (Exterior Gateway Protocol - a particular instance if an exterior gateway protocol)
RFC 1771, 1654 (obsolete 1105, 1163, 1267)
autonomous system (routing domain) - portion of inter-network under common administrative authority
HTML version of Basic Foils prepared Dec. 6 98

Foil 48 BGP - Border Gateway Protocol (2)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
3 types of routing between BGP routers
  • intra-autonomous system routing
  • inter-autonomous system routing
  • pass-through autonomous system routing
BGP operation
  • maintains routing tables (lists all physical paths to a particular network)
  • transmits routing updates (routers send the portion of their routing tables that have changed)
  • bases routing decisions on routing metrics
  • keeps information about global topology of network
Types of BGP messages (version 4)
  • open messages (open BGP communication session)
  • update message (provides routing updates to other BGP systems; TCP )
  • notification message (sent when error occurs)
  • keep-alive message - notify BGP peers that a device is still alive)
HTML version of Basic Foils prepared Dec. 6 98

Foil 49 RSVP (1)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
RSVP - Resource Reservation Protocol
enables Internet applications to obtain special QoS
it is not a routing protocol, but it works in conjunction with routing protocols
RSVP is a Transport Protocol in OSI RM ( 4th layer)
RSVP supports 3 types of traffic
  • best-effort: traditional IP traffic (best effort service)
  • rate-sensitive: e.g. H323 video-conferencing require constant transport rate (guaranteed bit-rate service)
  • delay sensitive: e.g. MPEG-II (predictive service or controlled-delay service)
HTML version of Basic Foils prepared Dec. 6 98

Foil 50 RSVP (2)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
RSVP supports unicast and multicast sessions
QoS requirements are communicated through a network via a flow specification from receiver to sender
Session set-up
  • (1) receiver joins a multicast group using IGMP
  • (2) sender sends RSVP path message to the IP destination address
  • (3) receiver starts sending appropriate reservation request messages specifying the desired flow descriptors using RSVP
  • (4) sender starts sending data
HTML version of Basic Foils prepared Dec. 6 98

Foil 51 RSVP (3)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
RSVP operation
  • receivers are responsible for requesting resource reservation
  • hosts and routers run RSVP software (daemons) to be capable of participating in resource reservation
  • RSVP protocol is used to pass the QoS request to all nodes (routers and hosts) along the reverse data path to the data source
  • at each node, the RSVP program applies a local decision procedure (called admission control) to determine whether it can supply the requested QoS
  • if admission control succeeds, the RSVP program sets the parameters to the packet classifier and scheduler to obtain the desired QoS
HTML version of Basic Foils prepared Dec. 6 98

Foil 52 RSVP (4)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
RSVP Tunnel
  • connects RSVP-capable routers through a cloud of non-RSVP routers
  • RSVP is not implemented in all routers
  • condition non-RSVP network must provide acceptable and sufficient capacity and real-time service
RSVP soft state implementation
  • soft state refers to a state in routers and end nodes that can be updated dynamically by certain RSVP messages
  • when state changes occur RSVP propagates those changes from end to end within RSVP network without delay
HTML version of Basic Foils prepared Dec. 6 98

Foil 53 RSVP (5)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
RSVP messages
  • reservation-request message : sent from receiver to sender
  • path message : sent by each sender to store the path state in each node
  • error and confirmation messages : path error, reservation-request error, reservation-request confirmation
  • teardown messages : remove the path and reservation state
RSVP reservation style
  • distinct reservation : installs a flow for each relevant sender in each session ( Fixed-Filter Style)
  • shared reservation: used by set of senders that are known not to interfere with each other (Wildcard-Filter Style, Share-Explicit Style)
HTML version of Basic Foils prepared Dec. 6 98

Foil 54 CIDR (1)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
CIDR stands for Classless Inter-Domain Routing
developed to solve IPv4 address space problems
  • it abandons network classes and enables supernetting
  • it implements block address allocation
  • it allows hierarchical routing
Traditional addressing system (classful addressing) - class A,B,C
Class A
Class B
Class C
1-127 16,777,214
128-191 65,534
192-223 254
HTML version of Basic Foils prepared Dec. 6 98

Foil 55 CIDR (2)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
The inflexibility of the traditional A-B-C scheme meant addresses were frequently wasted
CIDR addresses are classless
The network prefix comprises the network address and the mask: x.y.z.w/22 is equivalent to using a network mask 255.255.252.0 (the first 22 bits identify the network)
addresses can be supernetted and subnetted (supernetting means combining two or more contiguous network addresses: for example 4 class C networks can be combined in one 128.230.117.0/22)
HTML version of Basic Foils prepared Dec. 6 98

Foil 56 CIDR (3)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
CIDR Prefix Nr of hosts Equivalent Class Cs
  • /27 32 1/8
  • /26 64 1/4
  • /25 128 1/2
  • /24 256 1
  • /23 512 2
  • /22 1,024 4
  • /21 2,048 8
  • /20 4,096 16
  • /19 8,192 32
  • /18 16,384 64
  • /17 32,768 128
  • /16 65,536 256
  • /15 131,072 512
  • /14 262,144 1,024
HTML version of Basic Foils prepared Dec. 6 98

Foil 57 CIDR (4)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
The widespread implementation of CIDR and hierarchical routing could cause a significant reduction in the number of routing-table entries
The key to making CIDR work on the internet is the Border Gateway Protocol (BGP) version 4. Within an organization, routers can still use any of protocols (RIP, OSPF, EIGRP)
HTML version of Basic Foils prepared Dec. 6 98

Foil 58 Windows NT routing (1)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Windows NT server can be setup as router: two or more network interfaces (different topologies : Ethernet, token ring)
Multihomed NT router
Software :
  • MPR - Multi-Protocol Routing;
  • RRAS - Routing and Remote Access Server
MPR and RRAS are necessary for dynamic routing
When you install two NICs in a server, enable routing, but do not install MPR and RRAS, NT will work as a static router. Routing table must be built manually:
  • route add [destination] [mask] [gateway] [METRIC metric]
HTML version of Basic Foils prepared Dec. 6 98

Foil 59 Windows NT routing (2)

From Introduction to Network Security Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
MPR
  • static routing support for IP and IPX
  • RIP 1.0 for IP; RIP and SAP for IPX
  • BOOTP agent for DHCP; command line interface (like 'route')
RRAS
  • GUI interface; command line interface with scripting
  • IP and IPX routing (including OSPF and RIP 2.0)
  • API for additional third-party routing protocols
NT tools
  • arp -a shows IP and MAC address mapping
  • tracert; route print displays a routing table
  • ipxroute stats/show information on RIP, SAP and statistics
© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Sun Dec 6 1998