Routing TCP[s]IP (Vol. 11998)

 

All of the operational procedures, timers, and stability functions of RIPv1 remain the same in version 2, with the exception of the broadcast updates. RIPv2 multicasts updates to other RIPv2-speaking routers, using the reserved class D address 224.0.0.9. The advantage of multicasting is that devices on the local network that are not concerned with RIP routing do not have to spend time " unwrapping " broadcast packets from the router. The multicast updates are examined further in the section, "Compatibility with RIPv1."

After a look at how the RIP message format accommodates the version 2 extensions, this section focuses on the operation and benefits of these additional features.

RIPv2 Message Format

The RIPv2 message format is shown in Figure 7.1; the basic structure is the same as for RIPv1. All the extensions to the original protocol are carried within what were unused fields. Like version 1, RIPv2 updates can contain entries for up to 25 routes. Also like version 1, RIPv2 operates from UDP port 520 and has a maximum datagram size (with an eight-byte UDP header) of 512 octets.

Figure 7.1. RIPv2 takes advantage of the unused fields of the version 1 message so that the extensions do not change the basic format.

Command will always be set to either one, signifying a request message, or two, signifying a response message.

Version will be set to two for RIPv2. If it is set to zero, or if it is set to one but the message is not a valid RIPv1 format, the message will be discarded. RIPv2 will process valid RIPv1 messages.

Address Family Identifier is set to two for IP. The only exception is a request for a router's (or host's) full routing table, in which case it will be set to zero.

Route Tag provides a field for tagging external routes or routes that have been redistributed into the RIPv2 process. One suggested use of this 16-bit field is to carry the autonomous system number of routes that have been imported from an external routing protocol. Although RIP itself does not use this field, external routing protocols connected to a RIP domain in multiple locations may use the route tag field to exchange information across the RIP domain. The field may also be used to group certain external routes for easier control within the RIP domain. The use of route tags is discussed further in Chapter 14, "Route Maps."

IP Address is the address of the destination of the route. It may be a major network address, a subnet, or a host route.

Subnet Mask is 32-bit mask that identifies the network and subnet portion of the IP address. The significance of this field is discussed in the section "Variable-Length Subnet Masking."

Next Hop identifies a better next-hop address, if one exists, than the address of the advertising router. That is, it indicates a next-hop address, on the same subnet, that is metrically closer to the destination than the advertising router is. If the field is set to all zeros (0.0.0.0), the address of the advertising router is the best next-hop address. An example of where this field would be useful is given at the end of this section.

Metric is a hop count between 1 and 16.

Figure 7.2 shows four routers connected to an Ethernet link. [2] Jicarilla, Mescalero, and Chiricahua are all in autonomous system number 65501 and are speaking RIPv2. Chiricahua is a border router between autonomous system 65501 and autonomous system 65502; in the second autonomous system, it speaks BGP to Lipan.

[2] This figure is an adaptation of an example presented by Gary Malkin in RFC 1722.

Figure 7.2. Although they share a common data link, Jicarilla and Mescalero speak only RIPv2; Lipan speaks only BGP. Chiricahua is responsible for informing the first two routers of any routes learned from the latter.

Here, Chiricahua is advertising routes it learns from BGP to the RIP-speaking routers (Figure 7.3). [3] In its RIPv2 advertisements, Chiricahua will use the Route Tag field to indicate that subnet 10.3.3.0, with a mask of 255.255.255.0, is in autonomous system 65502 (0xFFDE). Chiricahua will also use the Next Hop field to inform Jicarilla and Mescalero that the best next-hop address to 10.3.3.0 is Lipan's interface, 10.1.1.3, rather than its own interface. Note that because Lipan does not run RIP, and Jicarilla and Mescalero do not run BGP, Jicarilla and Mescalero have no way of knowing directly that Lipan is the best next-hop router, even though it is reachable on the same subnet.

[3] Redistribution refers to the practice of advertising routes learned from one protocol to another protocol; it is discussed in detail in Chapter 11, "Route Redistribution."

Figure 7.3. This protocol capture of a RIPv2 update from Chiricahua shows the Route Tag, Subnet Mask, and Next Hop fields being used to advertise subnet 10.3.3.0.

Compatibility with RIPv1

RIPv1 handles updates in a flexible manner. If the Version field indicates version 1 but any bits of any unused fields are set to one, the update is discarded. If the version is greater than 1, the fields defined as unused in version 1 are ignored and the message is processed . As a result, newer editions of the protocol, like RIPv2, can be backward compatible with RIPv1.

Note

compatibility settings for RIPv1 and RIPv2

RFC 1723 defines a "compatibility switch" with four settings, which allows versions 1 and 2 to interoperate :

  1. RIP-1 , in which only RIPv1 messages are transmitted

  2. RIP-1 Compatibility , which causes RIPv2 to broadcast its messages instead of multicast them so that RIPv1 may receive them

  3. RIP-2 , in which RIPv2 messages are multicast to destination address 224.0.0.9

  4. None, in which no updates are sent

The RFC recommends that these switches be configurable on a per interface basis. The Cisco commands for settings 1 through 3 are presented in the section "Configuring RIPv2;" setting 4 is accomplished by using the passive-interface command.

Note

setting for controlling reception of updates

Additionally, RFC 1723 defines a "receive control switch" to regulate the reception of updates. The four recommended settings of this switch are:

  1. RIP-1 Only

  2. RIP-2 Only

  3. Both

  4. None

This switch should also be configurable on a per interface basis. The Cisco commands for settings 1 through 3 are also presented in the configuration section of this chapter. Setting 4 can be accomplished by using an access list to filter UDP source port 520, by not including a network statement for the interface, [4] or by configuring a route filter as discussed in Chapter 13," Route Filtering."

[4] This method would work only if no other interface on the router on which RIP should run is attached to the same major network.

Classless Route Lookups

Chapter 5, "Routing Information Protocol (RIP)," explains classful route lookups, in which a destination address is first matched to its major network address in the routing table and is then matched to a subnet of the major network. If no match is found at either of these steps, the packet is dropped.

This default behavior can be changed, even for classful routing protocols such as RIPv1 and IGRP, by entering the global command ip class less . When a router performs classless route lookups, it does not pay attention to the class of the destination address. Instead, it performs a bit-by-bit best match between the destination address and all its known routes. This capability can be very useful when working with default routes, as demonstrated in Chapter 12, "Default Routes and On-Demand Routing." When coupled with the other features of classless routing protocols, classless route lookups can be very powerful.

Note

Classless routing protocols carry subnet masks in their routing updates.

Classless Routing Protocols

The true defining characteristic of classless routing protocols is the capability to carry subnet masks in their route advertisements. One benefit of having a mask associated with each route is that the all-zeros and all-ones subnets are now available for use. Chapter 2, "TCP/IP Review," explained that classful routing protocols cannot distinguish between an all-zeros subnet (172.16.0.0, for example) and the major network number (172.16.0.0). Likewise, they cannot distinguish between a broadcast on the all-ones subnet (172.16.255.255) and an all-subnets broadcast (172.16.255.255).

If the subnet masks are included, this difficulty disappears. You can readily see that 172.16.0.0/16 is the major network number and that 172.16.0.0/24 is an all-zeros subnet. 172.168.255.255/16 and 172.16.255.255/24 are just as distinguishable .

By default, the Cisco IOS rejects an attempt to configure an all-zeros subnet as an invalid address/mask combination even if a classless routing protocol is running. To override this default behavior, enter the global command ip subnet-zero .

Note

Classless routing protocols enable the use of variable-length subnet masking.

A much greater benefit of having a subnet mask associated with each route is being able to use variable-length subnet masking (VLSM) and to summarize a group of major network addresses with a single aggregate address. Variable-length subnet masks are examined in the following section, and address aggregation (or supernetting) is introduced in Chapter 8, "Enhanced Interior Gateway Routing Protocol (EIGRP)."

Variable-Length Subnet Masking

If a subnet mask can be individually associated with each destination address advertised throughout an internetwork, there is no reason why all the masks must be of equal length. That fact is the basis for VLSM.

A simple application of VLSM is shown in Figure 7.4. Each data link of the internetwork shown must have a uniquely identifiable subnet address, and each subnet address must contain enough host addresses to accommodate the devices attached to the data link.

Figure 7.4. Using VLSM, the class C address shown can be subnetted to accommodate this internetwork and the hosts on each of its data links.

Given the class C network address assigned to this internet, subnetting cannot be accomplished at all without VLSM. The token ring, with its need for 100 host addresses, requires a 25-bit mask (1 bit of subnetting); a mask any longer would not leave enough host bits. But if all masks must be of equal length, only one more subnet can be created from the class C address. [5] There would not be enough subnets to go around.

[5] This statement assumes that the all-zeros and all-ones subnets ”the only subnets available with a single bit of subnetting ”can be routed.

With VLSM the widely varying host address requirements of the internetwork of Figure 7.4 can be met using a class C network address. Table 7.1 shows the subnets and the address ranges available within each.

Table 7.1. The subnets of Figure 7.4.

Subnet/Mask

Address Range

Broadcast Address

192.168.50.0/25

192.168.50.1 “192.168.50.126

192.168.50.127

192.168.50.128/26

192.168.50.129 “192.168.50.190

192.168.50.191

192.168.50.192/27

192.168.50.193 “192.168.50.222

192.168.50.223

192.168.50.224/28

192.168.50.225 “192.168.50.238

192.168.50.239

192.168.50.240/30

192.168.50.241 “192.168.50.242

192.168.50.243

192.168.50.244/30

192.168.50.245 “192.168.50.246

192.168.50.247

Note

VLSM can be thoughts of as sub-subnetting

Many people, including many who work with VLSM, make the technique more complicated than it is. The complete key to VLSM is this: After a network address is subnetted in the standard fashion, those subnets can themselves be subnetted. In fact, one will occasionally hear VLSM referred to as " sub-subnetting."

A close examination of the addresses in Table 7.1 (in binary, as always) will reveal how VLSM works. [6] First, a 25-bit mask is used to divide the network address into two subnets: 192.168.50.0/25 and 192.168.50.128/25. The first subnet provides 126 host addresses to meet the needs of the token ring in Figure 7.4.

[6] The reader is strongly encouraged to work through this entire example in binary.

From Chapter 2, you know that subnetting involves expanding the default network mask so that some host bits are interpreted as network bits. This same procedure is applied to the remaining subnet 192.168.50.128/25. One of the Ethernets requires 50 host addresses, so the mask of the remaining subnet is expanded to 26 bits. This step provides two sub-subnets, 192.168.50.128/26 and 192.168.192/26, each with 62 available host addresses. The first sub-subnet is taken for the larger Ethernet, leaving the second to again be subnetted for the other data links.

This procedure is repeated twice more to provide the necessary subnets of the necessary size for the smaller Ethernet and the FDDI ring. A subnet of 192.168.50.240/28 remains, as do two serial links requiring subnets. Any point-to-point link will, by its very nature, require only two host addresses ”one at each end. Thirty-bit masks are used to create the two serial link subnets, each with just two available host addresses.

Point-to-point links, requiring a subnet address but only two host addresses per subnet, are one justification for using VLSM. For example, Figure 7.5 shows a typical WAN topology with remote routers connected via Frame Relay PVCs to a hub router. Modern practice usually calls for each of these PVCs to be configured on a point-to-point subinterface. [7] Without VLSM, equal-size subnets would be necessary; the size would be dictated by the subnet with the largest number of host devices.

[7] Subinterfaces are outside the scope of this book. Readers who are not already familiar with these useful tools are referred to the Cisco Configuration Guide.

Figure 7.5. VLSM allows each of these PVCs to be configured as a separate subnet without wasting host addresses.

Suppose a class B address is used for the network in Figure 7.5 and each router is attached to several LANs, each of which may have up to 175 attached devices. A 24-bit mask would be necessary for each subnet, including each PVC. Consequently, for every PVC in the internetwork, 252 addresses are wasted . With VLSM, a single subnet can be selected and sub-subnetted with a 30-bit mask; enough subnets will be created for up to 64 point-to-point links (Figure 7.6).

Figure 7.6. This class B address has been subnetted with a 24-bit mask. 172.17.11.0 has been sub-subnetted with a 30-bit mask; the resulting 64 subnets can be assigned to point-to-point links.

Examples of VLSM address designs appear in this and subsequent chapters. Chapter 8 introduces another major justification for using VLSM, hierarchical addressing, as well as address aggregation.

Authentication

A security concern with any routing protocol is the possibility of a router accepting invalid routing updates. The source of invalid updates may be an attacker trying to maliciously disrupt the internetwork or trying to capture packets by tricking the router into sending them to the wrong destination. A more mundane source of invalid updates may be a malfunctioning router. RIPv2 includes the capability to authenticate the source of a routing update by including a password.

Authentication is supported by modifying what would normally be the first route entry of the RIP message, as shown in Figure 7.7. With authentication the maximum number of entries a single update can carry is reduced to 24. The presence of authentication is indicated by setting the Address Family Identifier field to all ones (0xFFFF). The Authentication Type for simple password authentication is two (0x0002), and the remaining 16 octets carry an alphanumeric password of up to 16 characters . The password is left justified in the field, and if the password is less than 16 octets, the unused bits of the field are set to zero.

Figure 7.7. The RIPv2 authentication information, when configured, is carried in the first route entry space.

Note

Simple password authentication for RIPv2 is in plain text.

Figure 7.8 shows an analyzer capture of a RIPv2 message with authentication. The figure also shows a difficulty with the default RIP authentication: The password is transmitted in plain text. Anyone who can capture a packet containing a RIPv2 update message can read the authentication password.

Figure 7.8. When simple password authentication is used, the password is carried in plain text and can be read by anyone who can "sniff" the packet carrying the update.

Note

The Cisco IOS supports MD5 authentication for RIPv2.

Although RFC 1723 describes only simple password authentication, foresight is shown by including the Authentication Type field. Cisco IOS takes advantage of this feature and provides the option of using MD5 authentication instead of simple password authentication. [8] Cisco uses the first and last route entry spaces for MD5 authentication purposes.

[8] MD5 is described in RFC 1321. A good discussion of MD5 can also be found in the following book: Charlie Kaufman, Radia Perlman, and Mike Spencer. Network Security: Private Communication in a Public World. Prentice Hall, 1995, pp. 120 “122.

MD5 is a one-way message digest or secure hash function, produced by RSA Data Security, Inc. It is also occasionally referred to as a cryptographic checksum because it works in somewhat the same way as an arithmetic checksum. MD5 computes a 128-bit hash value from a plain text message of arbitrary length (a RIPv2 update, for instance) and a password. This " fingerprint " is transmitted along with the message. The receiver, knowing the same password, calculates its own hash value. If nothing in the message has changed, the receiver's hash value should match the sender's value transmitted with the message.

Figure 7.9 shows an update from the same router of Figure 7.8, but with MD5 authentication. The authentication type is three, and no password can be seen. Notice that Cisco is using both the first and the last route entry space for authentication information. Because this usage is not part of the open RIPv2 standard, the analyzer indicates "Authentication out of Place."

Figure 7.9. This update was originated from the same router as the update in Figure 7.8., but MD5 authentication is being used.

Категории