T Computer Networks: Routing Lectures. c Janne Lindqvist 1/59

Transcription

1 T Computer Networks, Autumn /59 T Computer Networks: Routing Lectures c Janne Lindqvist janne.lindqvist@tml.hut.fi 1/59

2 T Computer Networks, Autumn /59 Goals of the Set of Lectures The big picture Routing protocols distance vector (RIP) link state (OSPF) path vector (BGP) multicast Routing algorithms c Janne Lindqvist janne.lindqvist@tml.hut.fi 2/59

3 T Computer Networks, Autumn /59 Intuition Common analogy: the postal service But Internet routing is not quite like the postal service What were the roles of an IP address? c Janne Lindqvist janne.lindqvist@tml.hut.fi 3/59

4 T Computer Networks, Autumn /59 Review direct delivery vs. indirect delivery routing table static routing vs. dynamic routing autonomous system (AS) subnet addressing Classless Inter-Domain Routing (CIDR) c Janne Lindqvist janne.lindqvist@tml.hut.fi 4/59

5 T Computer Networks, Autumn /59 Routing Protocols Interior Gateway Protocols (IGP) vs. Exterior Gateway Protocols (EGP) distance vector vs. link state vs. path vector c Janne Lindqvist janne.lindqvist@tml.hut.fi 5/59

6 T Computer Networks, Autumn /59 Routing Protocols routing protocols transmit routing information between routers routing protocols DO NOT forward/route packets c Janne Lindqvist janne.lindqvist@tml.hut.fi 6/59

7 T Computer Networks, Autumn /59 Bellman-Ford Algorithm Bellman-Ford algorithm, single-source shortest path distributed Bellman-Ford algorithm, all-pairs shortest path On a Routing Problem - Richard Bellman, Quarterly of Applied Mathematics, Volume XVI, 1958 c Janne Lindqvist janne.lindqvist@tml.hut.fi 7/59

8 T Computer Networks, Autumn /59 Bellman-Ford Algorithm 1/3 If a node is in the shortest path between A and B, then the path from the node to A must be the shortest path and the path from the node to B must also be the shortest path. D j current estimate of the minimum cost from node j to the destination node C ij link cost from node i to node j C ii = 0 C ik = if nodes i and k are not directly connected c Janne Lindqvist janne.lindqvist@tml.hut.fi 8/59

9 T Computer Networks, Autumn /59 Bellman-Ford Algorithm 2/3 1. Initialization D i =, i d D d = 0 2. Updating: For each i d, D i = min j {C ij + D j }, j i Repeat step 2 until no more changes occur in the iteration. c Janne Lindqvist janne.lindqvist@tml.hut.fi 9/59

10 T Computer Networks, Autumn /59 Bellman-Ford Algorithm 3/3 Good news travel quickly, bad news travel slowly. Count to Infinity problem c Janne Lindqvist janne.lindqvist@tml.hut.fi 10/59

11 T Computer Networks, Autumn /59 Cost Examples 1/capacity packet delay congestion c Janne Lindqvist janne.lindqvist@tml.hut.fi 11/59

12 T Computer Networks, Autumn /59 Routing Information Protocol 1/3 RIP-1 RFC 1058, June 1988 RIP-2 RFC 2453, November 1998 (subnets etc) According to Huitema Routing in the Internet, 2nd edition, the most widely used routing protocol in the Internet. c Janne Lindqvist janne.lindqvist@tml.hut.fi 12/59

13 T Computer Networks, Autumn /59 RIP 2/3 uses UDP metric: hop two message types: request and response infinity is 16 split horizon and poisoned reverse triggered updates c Janne Lindqvist janne.lindqvist@tml.hut.fi 13/59

14 T Computer Networks, Autumn /59 RIP 3/3 split horizon: minimum cost to a given destination is not sent to a neighbor if the neighbor is the next node along the shortest path split horizon with poisoned reverse: minimum cost to a given destination is set to infinity if the neighbor is the next node along the shortest path c Janne Lindqvist janne.lindqvist@tml.hut.fi 14/59

15 T Computer Networks, Autumn /59 Next Link state routing Routing security Alternatives to packet routing Summary c Janne Lindqvist janne.lindqvist@tml.hut.fi 15/59

16 T Computer Networks, Autumn /59 Routing Protocols Interior Gateway Protocols (IGP) vs. Exterior Gateway Protocols (EGP) distance vector vs. link state vs. path vector c Janne Lindqvist janne.lindqvist@tml.hut.fi 16/59

17 T Computer Networks, Autumn /59 Link State Routing According to Tanenbaum, link state protocols: 1. discover neighbors and learn their network addresses 2. measure delay or cost (metric) to each neighbor 3. send the learned data to all other routers 4. compute shortest path to every other router c Janne Lindqvist janne.lindqvist@tml.hut.fi 17/59

18 T Computer Networks, Autumn /59 Neighbor Discovery HELLO packet to each point-to-point line (neighbors) reply to HELLO with a globally unique name a broadcast network (LAN) is considered as a node c Janne Lindqvist janne.lindqvist@tml.hut.fi 18/59

19 T Computer Networks, Autumn /59 Measuring the Link Cost ECHO packet reply to ECHO immediately delay: count round-trip time and divide it by two or delay: the above several times and count the average c Janne Lindqvist janne.lindqvist@tml.hut.fi 19/59

20 T Computer Networks, Autumn /59 Sending the Data Packets 1/2 The learned data is sent as packets consisting: identity of the sender sequence number age list of neighbors Why? How to ensure delivery to all routers? c Janne Lindqvist janne.lindqvist@tml.hut.fi 20/59

21 T Computer Networks, Autumn /59 Sending the Data Packets 2/3 Flooding distribution algorithm sequence number is incremented for every packet (source router, sequence number) pairs are tracked when a new link state protocol packet arrives if new, FORWARD except to the link it arrived if duplicate, DISCARD if old, DISCARD or if old, FORWARD to the router sending old packets c Janne Lindqvist janne.lindqvist@tml.hut.fi 21/59

22 T Computer Networks, Autumn /59 Sending the Data Packets 3/3 Flooding distribution algorithm problems router crashes: what is my sequence number? sequence number corruption solution: Age c Janne Lindqvist janne.lindqvist@tml.hut.fi 22/59

23 T Computer Networks, Autumn /59 Counting the Shortest Path Dijkstra s algorithm: single-source shortest path not distributed! c Janne Lindqvist janne.lindqvist@tml.hut.fi 23/59

24 T Computer Networks, Autumn /59 Interior Gateway Link State Protocol OSPF - Open Shortest Path First silly name, almost all protocols try to find the shortest path complex, many books only about OSPF c Janne Lindqvist janne.lindqvist@tml.hut.fi 24/59

25 T Computer Networks, Autumn /59 Summary What are the fundamental differences between: distance vector routing link state routing? distributed computation vs. centralized computation! c Janne Lindqvist janne.lindqvist@tml.hut.fi 25/59

26 T Computer Networks, Autumn /59 Routing Is Not Always Necessary bridges (comeback in Wireless LAN) Virtual LAN (VLAN) Which to choose? The domain of network engineering. c Janne Lindqvist janne.lindqvist@tml.hut.fi 26/59

27 T Computer Networks, Autumn /59 Routing Security 1/2 RIP-1 RFC 1058, June 1988 RIP-2 RFC 2453, November 1998 (subnets, authentication etc) c Janne Lindqvist janne.lindqvist@tml.hut.fi 27/59

28 T Computer Networks, Autumn /59 Routing Security 2/2 What does authentication solve? Denial of Service (DoS)? Address Resolution Protocol (ARP) spoof? Medium Access Control (MAC) spoof? c Janne Lindqvist janne.lindqvist@tml.hut.fi 28/59

29 T Computer Networks, Autumn /59 What did we cover? Distance vector routing Distributed Bellman-Ford algorithm Link state routing Routing security Alternatives to packet routing c Janne Lindqvist janne.lindqvist@tml.hut.fi 29/59

30 T Computer Networks, Autumn /59 What did we not cover? Multicast routing Routing in ad hoc networks Quality of Service Routing MPLS c Janne Lindqvist janne.lindqvist@tml.hut.fi 30/59

31 T Computer Networks, Autumn /59 Summary of Part I If you don t remember anything else: routing protocols exchange information about networks routing protocols do not forward packets c Janne Lindqvist janne.lindqvist@tml.hut.fi 31/59

32 T Computer Networks, Autumn /59 Goals of the Set of Lectures The big picture Routing protocols distance vector (RIP) link state (OSPF) path vector (BGP) Routing algorithms c Janne Lindqvist janne.lindqvist@tml.hut.fi 32/59

33 T Computer Networks, Autumn /59 Routing Protocols Interior Gateway Protocols (IGP) vs. Exterior Gateway Protocols (EGP) distance vector vs. link state vs. path vector c Janne Lindqvist janne.lindqvist@tml.hut.fi 33/59

34 T Computer Networks, Autumn /59 Autonomous Systems (AS) stub multihomed transit Today: autonomous systems c Janne Lindqvist janne.lindqvist@tml.hut.fi 34/59

35 T Computer Networks, Autumn /59 Why IGP and EGP? Why the classification: intradomain interdomain? Discuss! c Janne Lindqvist janne.lindqvist@tml.hut.fi 35/59

36 T Computer Networks, Autumn /59 Answer to Why IGP and EGP? If every AS had only two routers. It would mean routers in the Internet. Impossible with distance vector and link state protocols We need a divided routing scheme. c Janne Lindqvist janne.lindqvist@tml.hut.fi 36/59

37 T Computer Networks, Autumn /59 Policy Routing Route preferences: do not use path that goes through AS 12 Which destinations are reported to which neighbors Path editing Practical examples university networks vs. corporate networks traffic originated and ending in Canada must not leave Canada c Janne Lindqvist janne.lindqvist@tml.hut.fi 37/59

38 T Computer Networks, Autumn /59 Top-level Internet Routing peering points Finland, two Ethernet switches FICIX1 Espoo, Otaniemi FICIX2 Helsinki, Pasila 1 or 10 Gigabit Ethernet c Janne Lindqvist janne.lindqvist@tml.hut.fi 38/59

39 T Computer Networks, Autumn /59 Routing Protocols Interior Gateway Protocols (IGP) vs. Exterior Gateway Protocols (EGP) distance vector vs. link state vs. path vector c Janne Lindqvist janne.lindqvist@tml.hut.fi 39/59

40 T Computer Networks, Autumn /59 Border Gateway Protocol (BGP-4) Border routers BGP speakers Used between autonomous systems Provides reachability and path information TCP as transport c Janne Lindqvist janne.lindqvist@tml.hut.fi 40/59

41 T Computer Networks, Autumn /59 BGP-4 Message Types Message Types 1 OPEN 2 UPDATE 3 NOTIFICATION 4 KEEPALIVE c Janne Lindqvist janne.lindqvist@tml.hut.fi 41/59

42 T Computer Networks, Autumn /59 BGP-4 OPEN Message Version AS number Hold Time BGP Identifier: IP address Parameters Used to initialize communication c Janne Lindqvist janne.lindqvist@tml.hut.fi 42/59

43 T Computer Networks, Autumn /59 BGP-4 UPDATE Message List of destinations to be removed. List of new available destinations and paths to them. Information from the receiver s perspective. c Janne Lindqvist janne.lindqvist@tml.hut.fi 43/59

44 T Computer Networks, Autumn /59 BGP-4 Why Paths? Why UPDATE message contains path information? Discuss! c Janne Lindqvist janne.lindqvist@tml.hut.fi 44/59

45 T Computer Networks, Autumn /59 Answer to BGP-4 Why paths? Detect loops Policy routing However, cannot be used to deduce the optimal route. c Janne Lindqvist janne.lindqvist@tml.hut.fi 45/59

46 T Computer Networks, Autumn /59 BGP-4 KEEPALIVE Message For testing reachability Sending interval should be 1/3 of the hold timer c Janne Lindqvist janne.lindqvist@tml.hut.fi 46/59

47 T Computer Networks, Autumn /59 BGP-4 NOTIFICATION Message For error reporting AS routing loop Hold time unacceptable etc. c Janne Lindqvist janne.lindqvist@tml.hut.fi 47/59

48 T Computer Networks, Autumn /59 To Make Things Not Simple intradomain: I-BGP interdomain: E-BGP c Janne Lindqvist janne.lindqvist@tml.hut.fi 48/59

49 T Computer Networks, Autumn /59 BGP Security misconfigurations e.g. a route that should have been filtered is exported e.g. October 2003 WorldCom s internal routers crashed attacks c Janne Lindqvist janne.lindqvist@tml.hut.fi 49/59

50 T Computer Networks, Autumn /59 BGP Security No integrity, freshness or authentication for messages. No validation of AS authority for reachability information. No validation of announced path attributes. c Janne Lindqvist janne.lindqvist@tml.hut.fi 50/59

51 T Computer Networks, Autumn /59 Attacks Against BGP Eavesdropping Replay Messsage insertion Message deletion Message modification Man-in-the-middle Denial of service c Janne Lindqvist janne.lindqvist@tml.hut.fi 51/59

52 T Computer Networks, Autumn /59 Damage from Attacks starvation network congestion and delay blackhole looping eavesdrop cut and partition churn and instability resource exhaustion c Janne Lindqvist janne.lindqvist@tml.hut.fi 52/59

53 T Computer Networks, Autumn /59 Protection from Attacks TCP MD5 option filtering (S-BGP?) c Janne Lindqvist janne.lindqvist@tml.hut.fi 53/59

54 T Computer Networks, Autumn /59 Functions of IP Address unicast address interface identifier (socket binds to IP) topological locator (routing) multicast address group identifier c Janne Lindqvist janne.lindqvist@tml.hut.fi 54/59

55 T Computer Networks, Autumn /59 Multicast in Theory Routers use multicast routing protocols to establish connectivity across Internet. Hosts tell routers that they want to receive from group G i. Any host can send to the group. Sending and receiving is simple by socket APIs. bandwidth-efficient group communication c Janne Lindqvist janne.lindqvist@tml.hut.fi 55/59

56 T Computer Networks, Autumn /59 Multicast Routing Protocols flooding source-tree core-tree mesh hybrid Everyone has a favorite protocol (including me!) c Janne Lindqvist janne.lindqvist@tml.hut.fi 56/59

57 T Computer Networks, Autumn /59 The Dichotomy Revisited intradomain Distance Vector Multicast Routing Protocol (DVMRP) Multicast Extensions to OSPF (MOSPF) Protocol Independent Multicast (PIM-SM) (PIM-DM) interdomain Multicast Source Discovery Protocol (MSDP) Border Gateway Multicast Protocol (BGMP) c Janne Lindqvist janne.lindqvist@tml.hut.fi 57/59

58 T Computer Networks, Autumn /59 The Big Picture Default route in a host. OSPF in the access network in an AS. BGP between ASes. And additionally PIM and MBONE for multicast. c Janne Lindqvist janne.lindqvist@tml.hut.fi 58/59

59 T Computer Networks, Autumn /59 That s All Questions? c Janne Lindqvist janne.lindqvist@tml.hut.fi 59/59