Chapter Five. TCP/IP Routing and Addressing

Objectives

1.2 Identify commonly used TCP and UDP default ports

TCP ports

FTP – 20, 21

SSH – 22

TELNET – 23

SMTP – 25

DNS – 53

HTTP – 80

POP3 – 110

NTP – 123

IMAP4 – 143

HTTPS – 443

UDP ports

TFTP – 69

DNS – 53

BOOTP/DHCP – 67

SNMP – 161

1.3 Identify the following address formats

IPv6

IPv4

MAC addressing

1.4 Given a scenario, evaluate the proper use of the following addressing technologies and addressing schemes

Addressing Technologies

Subnetting

Classful vs. classless (for example, CIDR, Supernetting)

NAT

PAT

SNAT

Public vs. private

DHCP (static, dynamic APIPA)

Addressing schemes

Unicast

Multicast

Broadcast

1.5 Identify common IPv4 and IPv6 routing protocols

Link state

OSPF

IS-IS

Distance vector

RIP

RIPv2

BGP

Hybrid

EIGRP

1.6 Explain the purpose and properties of routing

IGP vs. EGP

Static vs. dynamic

Next hop

Understanding routing tables and how they pertain to path selection

Explain convergence (steady state)

What You Need to Know

Understand IPv4 and IPv6 addressing.

Understand the function of default gateways.

Identify the function and purpose of subnetting.

Identify the differences between public and private networks.

Identify the ports associated with common network services.

Understand the function of various network services.

Identify the various protocols used in TCP/IP routing.

Understand how routing works in a TCP/IP network.

Introduction

Without question, the TCP/IP suite is the most widely implemented protocol on networks today. As such, it is an important topic on the Network+ exam. To pass the exam, you definitely need to understand the material presented in this chapter.

This chapter deals with the individual protocols within the protocol suite. It looks at the functions of the individual protocols and their purposes. It starts by discussing one of the more complex facets of TCP/IP—addressing.

IP Addressing

IP addressing is one of the most challenging aspects of TCP/IP. It can leave even the most seasoned network administrators scratching their heads. Fortunately, the Network+ exam requires only a fundamental knowledge of IP addressing. The following sections look at how IP addressing works for both IPv4 and the newest version of IP, IPv6.

To communicate on a network using TCP/IP, each system must be assigned a unique address. The address defines both the number of the network to which the device is attached and the number of the node on that network. In other words, the IP address provides two pieces of information. It’s a bit like a street name and house number in a person’s home address.

Each device on a logical network segment must have the same network address as all the other devices on the segment. All the devices on that network segment must then have different node addresses.

In IP addressing, another set of numbers, called a subnet mask, is used to define which portion of the IP address refers to the network address and which refers to the node address.

IP addressing is different in IPv4 and IPv6. We’ll begin our discussion by looking at IPv4.

IPv4

An IPv4 address is composed of four sets of 8 binary bits, which are called octets. The result is that IP addresses are 32 bits long. Each bit in each octet is assigned a decimal value. The leftmost bit has a value of 128, followed by 64, 32, 16, 8, 4, 2, and 1, left to right.

Each bit in the octet can be either a 1 or a 0. If the value is 1, it is counted as its decimal value, and if it is 0, it is ignored. If all the bits are 0, the value of the octet is 0. If all the bits in the octet are 1, the value is 255, which is 128+64+32+16+8+4+2+1.

By using the set of 8 bits and manipulating the 1s and 0s, you can obtain any value between 0 and 255 for each octet.

Table 5.1 shows some examples of decimal-to-binary value conversions.

Table 5.1 Decimal-to-Binary Value Conversions

IP Address Classes

IP addresses are grouped into logical divisions called classes. The IPv4 address space has five address classes (A through E), although only three (A, B, and C) are used to assign addresses to clients. Class D is reserved for multicast addressing, and Class E is reserved for future development.

Of the three classes available for address assignments, each uses a fixed-length subnet mask to define the separation between the network and the node address. A Class A address uses only the first octet to represent the network portion, a Class B address uses two octets, and a Class C address uses the first three octets. The upshot of this system is that Class A has a small number of network addresses, but each Class A address has a very large number of possible host addresses. Class B has a larger number of networks, but each Class B address has a smaller number of hosts. Class C has an even larger number of networks, but each Class C address has an even smaller number of hosts. The exact numbers are provided in Table 5.2.

Table 5.2 IPv4 Address Classes and the Number of Available Network/Host Addresses

Subnet Mask Assignment

Like an IP address, a subnet mask is most commonly expressed in 32-bit dotted-decimal format. Unlike an IP address, though, a subnet mask performs just one function—it defines which parts of the IP address refer to the network address and which refer to the node address. Each class of IP address used for address assignment has a default subnet mask associated with it. Table 5.3 lists the default subnet masks.

Table 5.3 Default Subnet Masks Associated with IP Address Classes

Subnetting

Now that you have looked at how IP addresses are used, you can learn the process of subnetting. Subnetting is a process by which the node portions of an IP address are used to create more networks than you would have if you used the default subnet mask.

To illustrate subnetting, let’s use an example. Suppose that you have been assigned the Class B address 150.150.0.0. Using this address and the default subnet mask, you could have a single network (150.150) and use the rest of the address as node addresses. This would give you a large number of possible node addresses, which in reality is probably not very useful. With subnetting, you use bits from the node portion of the address to create more network addresses. This reduces the number of nodes per network, but you probably will still have more than enough.

There are two main reasons for subnetting:

It allows you to use IP address ranges more effectively.

It makes IP networking more secure and manageable by providing a mechanism to create multiple networks rather than having just one. Using multiple networks confines traffic to the network that it needs to be on, which reduces overall network traffic levels. Multiple subnets also create more broadcast domains, which in turn reduces network-wide broadcast traffic.

Identifying the Differences Between IPv4 Public and Private Networks

IP addressing involves many considerations, not the least of which are public and private networks. A public network is a network to which anyone can connect. The best (and perhaps only pure) example of such a network is the Internet. A private network is any network to which access is restricted. A corporate network and a network in a school are examples of private networks.

The main difference between public and private networks, apart from the fact that access to a private network is tightly controlled and access to a public network is not, is that the addressing of devices on a public network must be considered carefully. Addressing on a private network has a little more latitude.

As already discussed, in order for hosts on a network to communicate by using TCP/IP, they must have unique addresses. This number defines the logical network that each host belongs to and the host’s address on that network. On a private network with, say, three logical networks and 100 nodes on each network, addressing is not a particularly difficult task. On a network on the scale of the Internet, however, addressing is complex.

If you are connecting a system to the Internet, you need to get a valid registered IP address. Most commonly, you obtain this address from your ISP. Alternatively, if you wanted a large number of addresses, for example, you could contact the organization responsible for address assignment in your area. You can determine who the regional numbers authority for your area is by visiting the IANA website.

Because of the nature of their business, ISPs have large blocks of IP addresses that they can assign to their clients. If you need a registered IP address, getting one from an ISP will almost certainly be a simpler process than going through a regional numbers authority. Some ISPs’ plans actually include blocks of registered IP addresses, working on the principle that businesses will want some kind of permanent presence on the Internet. Of course, if you discontinue your service with the ISP, you can no longer use the IP address it provided.

Private Address Ranges

To provide flexibility in addressing and to prevent an incorrectly configured network from polluting the Internet, certain address ranges are set aside for private use. These address ranges are called private ranges because they are designated for use only on private networks. These addresses are special because Internet routers are configured to ignore any packets they see that use these addresses. This means that if a private network “leaks” onto the Internet, it won’t get any farther than the first router it encounters. So a private address cannot be on the Internet, because it cannot be routed to public networks.

Three ranges are defined in RFC 1918—one each from Classes A, B, and C. You can use whichever range you want, although the Class A and B address ranges offer more addressing options than Class C. Table 5.4 defines the address ranges for Class A, B, and C addresses.

Table 5.4 Private Address Ranges

Classless Interdomain Routing (CIDR)

Classless interdomain routing (CIDR) is a method of assigning addresses outside the standard Class A, B, and C structure. Specifying the number of bits in the subnet mask offers more flexibility than the three standard class definitions.

Using CIDR, addresses are assigned using a value known as the slash. The actual value of the slash depends on how many bits of the subnet mask are used to express the network portion of the address. For example, a subnet mask that uses all 8 bits from the first octet and 4 from the second would be described as /12, or “slash 12.” A subnet mask that uses all the bits from the first three octets would be called /24. Why the slash? In actual addressing terms, the CIDR value is expressed after the address, using a slash. So the address 192.168.2.1/24 means that the node’s IP address is 192.168.2.1, and the subnet mask is 255.255.255.0.

Default Gateways

Default gateways are the means by which a device can access hosts on other networks for which it does not have a specifically configured route. Most workstation configurations actually default to just using default gateways rather than having any static routes configured. This allows workstations to communicate with other network segments, or with other networks, such as the Internet.

When a system wants to communicate with another device, it first determines whether the host is on the local network or a remote network. If the host is on a remote network, the system looks in the routing table to determine whether it has an entry for the network on which the remote host resides. If it does, it uses that route. If it does not, the data is sent to the default gateway.

In essence, the default gateway is simply the path out of the network for a given device. Figure 5.1 shows how a default gateway fits into a network infrastructure.

FIGURE 5.1 The role of a default gateway.

On the network, a default gateway could be a router, or a computer with network interfaces for all segments to which it is connected. These interfaces have local IP addresses for the respective segments.

If a system is not configured with any static routes or a default gateway, it is limited to operating on its own network segment. On the network, the default gateway could be a physical router or a computer with network interfaces for all segments to which it is connected. These interfaces have local IP addresses for the respective segments.

IPv4 Address Types

IPv4 has three primary address types:

Unicast: With unicast addresses, a single address is specified. Data sent with unicast addressing is delivered to a specific node identified by the address. It is a point-to-point address link.

Broadcast: A broadcast address is at the opposite end of the spectrum from a unicast address. A broadcast address is an IP address that you can use to target all systems on a subnet or network instead of single hosts. In other words, a broadcast message goes to everyone on the network.

Multicast: Multicasting is a mechanism by which groups of network devices can send and receive data between the members of the group at one time, instead of sending messages to each device in the group separately. The multicast grouping is established by configuring each device with the same multicast IP address.

It is important to be able to distinguish between these three types of IPv4 addresses.

IPv6 Addressing

Internet Protocol Version 4 (IPv4) has served as the Internet’s protocol for almost 30 years. When IPv4 was in development 30 years ago, it would have been impossible for its creators to imagine or predict the future demand for IP devices and therefore IP addresses.

Where have all the IPv4 addresses gone?

IPv4 uses a 32-bit addressing scheme. This gives IPv4 a total of 4,294,967,296 possible unique addresses that can be assigned to IP devices. Over 4 billion addresses might sound like a lot, and it is. However, the number of IP-enabled devices increases daily at a staggering rate. It is also important to remember that not all of these addresses can be used by public networks. Many of these addresses are reserved and are unavailable for public use. This reduces the number of addresses that can be allocated as public Internet addresses.

The IPv6 project started in the mid-1990s, well before the threat of IPv4 limitations was upon us. Now network hardware and software are equipped for and ready to deploy IPv6 addressing. IPv6 offers a number of improvements. The most notable is its ability to handle growth in public networks. IPv6 uses a 128-bit addressing scheme, allowing a huge number of possible addresses:

340,282,366,920,938,463,463,374,607,431,768,211,456

Identifying IPv6 Addresses

As previously discussed, IPv4 uses a dotted-decimal format—8 bits converted to its decimal equivalent and separated by periods. An example of an IPv4 address is 192.168.2.1.

Because of the 128-bit structure of the IPv6 addressing scheme, it looks quite a bit different. An IPv6 address is divided along 16-bit boundaries, and each 16-bit block is converted into a four-digit hexadecimal number and separated by colons. The resulting representation is called colon-hexadecimal. Let’s look at how it works. Figure 5.2 shows the IPv6 address 2001:0:4137:9e50:2811:34ff:3f57:febc from a Windows Vista system.

FIGURE 5.2 An IPv6 address in a Windows Vista dialog screen.

An IPv6 address can be simplified by removing the leading 0s within each 16-bit block. Not all the 0s can be removed, however, because each address block must have at least a single digit. Removing the 0 suppression, the address representation becomes

2001:0000:4137:9e50:2811:34ff:3f57:febc

Some of the IPv6 addresses you will work with have sequences of 0s. When this occurs, the number is often abbreviated to make it easier to read. In the preceding example you saw that a single 0 represented a number set in hexadecimal form. To further simplify the representation of IPv6 addresses, a contiguous sequence of 16-bit blocks set to 0 in colon hexadecimal format can be compressed to ::, known as the double colon.

For example, the link-local address of

2001:0000:0000:0000:3cde:37d1:3f57:fe93

can be compressed to

2001::3cde:37d1:3f57:fe93.

Of course, there are limits on how the IPv6 0s can be reduced. 0s within the IPv6 address cannot be eliminated when they are not first in the number sequence. For instance, 2001:4000:0000:0000:0000:0000:0000:0003 cannot be compressed as 2001:4::3. This would actually appear as 2001:4000::3.

When you look at an IPv6 address that uses a double colon, how do you know exactly what numbers are represented? The formula is to subtract the number of blocks from 8 and then multiply that number by 16. For example, the address 2001:4000::3 uses three blocks—2001, 4000, and 3. So the formula is as follows:

(8 – 3) * 16 = 80

Therefore, the total number of bits represented by the double colon in this example is 80.

IPv6 Address Types

Another difference between IPv4 and IPv6 is in the address types. IPv4 addressing was discussed in detail earlier in this chapter. IPv6 addressing offers several types of addresses:

Unicast IPv6 addresses: As you might deduce from the name, a unicast address specifies a single interface. Data packets sent to a unicast destination travel from the sending host to the destination host. It is a direct line of communication. A few types of addresses fall under the unicast banner:

Global unicast addresses: Global unicast addresses are the equivalent of IPv4 public addresses. These addresses are routable and travel throughout the network.

Link-local addresses: Link-local addresses are designated for use on a single local network. Link-local addresses are automatically configured on all interfaces. This automatic configuration is comparable to the 169.254.0.0/16 APIPA automatically assigned IPv4 addressing scheme. The prefix used for a link-local address is fe80::/64. On a single-link IPv6 network with no router, link-local addresses are used to communicate between devices on the link.

Site-local addresses: Site-local addresses are equivalent to the IPv4 private address space (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16). As with IPv4, in which private address ranges are used in private networks, IPv6 uses site-local addresses that do not interfere with global unicast addresses. In addition, routers do not forward site-local traffic outside the site. Unlike link-local addresses, site-local addresses are not automatically configured and must be assigned through either stateless or stateful address configuration processes. The prefix used for the site-local address is FEC0::/10.

Multicast addresses: As with IPv4 addresses, multicasting sends and receives data between groups of nodes. It sends IP messages to that group rather than to every node on the LAN (broadcast) or just one other node (unicast).

Anycast addresses: Anycast addresses represent the middle ground between unicast addresses and multicast addresses. Anycast delivers messages to any one node in the multicast group.

Comparing IPv4 and IPv6 Addressing

Table 5.5 compares IPv4 and IPv6 addressing.

Table 5.5 Comparing IPv4 and IPv6

Assigning IP Addresses

Now that you understand the need for each system on a TCP/IP-based network to have a unique address, the following sections examine how those systems receive their addresses.

Static Addressing

Static addressing refers to the manual assignment of IP addresses to a system. This approach has two main problems:

Statically configuring one system with the correct address is simple, but in the course of configuring, say, a few hundred systems, mistakes are likely to be made. If the IP addresses are entered incorrectly, the system probably won’t be able to connect to other systems on the network.

If the IP addressing scheme for the organization changes, each system must again be manually reconfigured. In a large organization with hundreds or thousands of systems, such a reconfiguration could take a considerable amount of time. These drawbacks of static addressing are so significant that nearly all networks use dynamic IP addressing.

Dynamic Addressing

Dynamic addressing refers to the automatic assignment of IP addresses. On modern networks, the mechanism used to do this is Dynamic Host Configuration Protocol (DHCP). DHCP, part of the TCP/IP suite, enables a central system to provide client systems with IP addresses. Assigning addresses automatically with DHCP alleviates the burden of address configuration and reconfiguration that occurs with static IP addressing.

The basic function of the DHCP service is to automatically assign IP addresses to client systems. To do this, ranges of IP addresses, known as scopes, are defined on a system that is running a DHCP server application. When another system configured as a DHCP client is initialized, it asks the server for an address. If all things are as they should be, the server assigns an address to the client for a predetermined amount of time, which is known as the lease, from the scope.

A DHCP server typically can be configured to assign more than just IP addresses. It often is used to assign the subnet mask, the default gateway, and Domain Name System (DNS) information.

Using DHCP means that administrators do not have to manually configure each client system with a TCP/IP address. This removes the common problems associated with statically assigned addresses, such as human error. The potential problem of assigning duplicate IP addresses is also eliminated. DHCP also removes the need to reconfigure systems if they move from one subnet to another, or if you decide to make a wholesale change in the IP addressing structure.

Configuring Client Systems for TCP/IP

Configuring a client for TCP/IP can be relatively complex, or it can be simple. Any complexity involved is related to the possible need to configure TCP/IP manually. The simplicity is related to the fact that TCP/IP configuration can occur automatically via DHCP or through APIPA. At the least, a system needs an IP address and subnet mask to log on to a network. The default gateway and DNS server IP information is optional, but network functionality is limited without them. The following list briefly explains the IP-related settings used to connect to a TCP/IP network:

IP address: Each system must be assigned a unique IP address so that it can communicate on the network.

Subnet mask: The subnet mask allows the system to determine what portion of the IP address represents the network address and what portion represents the node address.

Default gateway: The default gateway allows the system to communicate on a remote network, without the need for explicit routes to be defined.

DNS server addresses: DNS servers allow dynamic hostname resolution to be performed. It is common practice to have two DNS server addresses defined so that if one server becomes unavailable, the other can be used.

BOOT Protocol (BOOTP)

BOOTP was originally created so that diskless workstations could obtain information needed to connect to the network, such as the TCP/IP address, subnet mask, and default gateway. Such a system was necessary because diskless workstations had no way to store the information.

When a system configured to use BOOTP is powered up, it broadcasts for a BOOTP server on the network. If such a server exists, it compares the MAC address of the system issuing the BOOTP request with a database of entries. From this database, it supplies the system with the appropriate information. It can also notify the workstation about a file that it must run on BOOTP.

In the unlikely event that you find yourself using BOOTP, you should be aware that, like DHCP, it is a broadcast-based system. Therefore, routers must be configured to forward BOOTP broadcasts.

APIPA

Automatic Private IP Addressing (APIPA) was introduced with Windows 98, and it has been included in all subsequent Windows versions. The function of APIPA is that a system can give itself an IP address in the event that it is incapable of receiving an address dynamically from a DHCP server. In such an event, APIPA assigns the system an address from the 169.254.0.0 address range and configures an appropriate subnet mask (255.255.0.0). However, it doesn’t configure the system with a default gateway address. As a result, communication is limited to the local network.

The idea behind APIPA is that systems on a segment can communicate with each other in the event of DHCP server failure. In reality, the limited usability of APIPA makes it little more than a last resort. For example, imagine that a system is powered on while the DHCP server is operational and receives an IP address of 192.168.100.2. Then the DHCP server fails. Now, if the other systems on the segment are powered on and are unable to get an address from the DHCP server because it is down, they would self-assign addresses in the 169.254.0.0 address range via APIPA. The systems with APIPA addresses would be able to talk to each other, but they couldn’t talk to a system that received an address from the DHCP server. Likewise, any system that received an IP address via DHCP would be unable to talk to systems with APIPA-assigned addresses. This, and the absence of a default gateway, is why APIPA is of limited use in real-world environments.

Identifying MAC Addresses

This book many times refers to MAC addresses and how certain devices use them. However, it has not yet discussed why MAC addresses exist, how they are assigned, and what they consist of. Let’s do that now.

A MAC address is a 6-byte (48-bit) hexadecimal address that allows a NIC to be uniquely identified on the network. The MAC address forms the basis of network communication, regardless of the protocol used to achieve network connection. Because the MAC address is so fundamental to network communication, mechanisms are in place to ensure that duplicate addresses cannot be used.

To combat the possibility of duplicate MAC addresses being assigned, the Institute of Electrical and Electronics Engineers (IEEE) took over the assignment of MAC addresses. But rather than be burdened with assigning individual addresses, the IEEE decided to assign each manufacturer an ID and then let the manufacturer further allocate IDs. The result is that in a MAC address, the first 3 bytes define the manufacturer, and the last 3 are assigned by the manufacturer.

For example, consider the MAC address of the computer on which this book is being written: 00:D0:59:09:07:51. The first 3 bytes (00:D0:59) identify the manufacturer of the card; because only this manufacturer can use this address, it is known as the Organizational Unique Identifier (OUI). The last 3 bytes (09:07:51) are called the Universal LAN MAC address: They make this interface unique. You can find a complete listing of organizational MAC address assignments at http://standards.ieee.org/regauth/oui/oui.txt.

You can discover the NIC’s MAC address in various ways, depending on what system or platform you are working on. Table 5.6 defines various platforms and methods you can use to view an interface’s MAC address.

Table 5.6 Methods of Viewing the MAC Addresses of NICs

NAT, PAT, and SNAT

This chapter has defined many acronyms, and we will continue with three more—NAT, PAT, and SNAT.

Network Address Translation (NAT)

The basic principle of NAT is that many computers can “hide” behind a single IP address. The main reason we need to do this (as pointed out earlier, in the section “IP Addressing”) is because there simply aren’t enough IP addresses to go around. Using NAT means that only one registered IP address is needed on the system’s external interface, acting as the gateway between the internal and external networks.

NAT allows you to use whatever addressing scheme you like on your internal networks, although it is common practice to use the private address ranges, which were discussed earlier in the chapter.

When a system is performing NAT, it funnels the requests given to it to the Internet. To the remote host, the request looks like it is originating from a single address. The system performing the NAT function keeps track of who asked for what and makes sure that when the data is returned, it is directed to the correct system. Servers that provide NAT functionality do so in different ways. For example, it is possible to statically map a specific internal IP address to a specific external one (known as the one-to-one NAT method) so that outgoing requests are always tagged with the same IP address. Alternatively, if you have a group of public IP addresses, you can have the NAT system assign addresses to devices on a first-come, first-served basis. Either way, the basic function of NAT is the same.

PAT and SNAT

NAT allows administrators to conserve public IP addresses and, at the same time, secure the internal network. Port Address Translation (PAT) is a variation on NAT. With PAT, all systems on the LAN are translated to the same IP address, but with a different port number assignment. PAT is used when multiple clients want to access the Internet. However, with not enough public IP addresses available, you need to map the inside clients to a single public IP address. When packets come back into the private network, they are routed to their destination with a table within PAT that tracks the public and private port numbers.

When PAT is used, there is a typically only a single IP address exposed to the public network and multiple network devices access the Internet through this exposed IP address. The sending devices, IP address, and port number are not exposed. As an example, an internal computer with the IP address of 192.168.2.2 wants to access a remote Web server at address 204.23.85.49. The request goes to the PAT router where the sender’s private IP and port number are modified and a mapping is added to the PAT table. The remote web server sees the request coming from the IP address of the PAT router and not the computer actually making the request. The web server will send the reply to the address and port number of the router. Once received, the router will check its table to see the packets actual destination and forward it.

Static NAT is a simple form of NAT. SNAT maps a private IP address directly to a static unchanging public IP address. This allows an internal system, such as a mail server, to have an unregistered (private) IP address and still be reachable over the Internet. For example, if a network uses a private address of 192.168.2.1 for a mail server, it can be statically linked to a public IP address such as 213. 23. 213.85.

TCP/UDP Port Functions

Each TCP/IP or application has a port associated with it. When a communication is received, the target port number is checked to determine which protocol or service it is destined for. The request is then forwarded to that protocol or service. For example, consider HTTP, whose assigned port number is 80. When a web browser forms a request for a web page, that request is sent to port 80 on the target system. When the target system receives the request, it examines the port number. When it sees that the port is 80, it forwards the request to the web server application.

TCP/IP has 65,535 ports available, with 0 to 1023 being labeled as the well-known ports. Although a detailed understanding of the 65,535 ports is not necessary for the Network+ exam, it is important to understand the numbers of some of the well-known ports. Network administration often requires you to specify port assignments when you’re working with applications and configuring services. Table 5.7 shows some of the most common port assignments.

Table 5.7 TCP/IP Port Assignments for Commonly Used Protocols

Managing TCP/IP Routing

Because today’s networks branch out between interconnected offices all over the world, networks may have any number of separate physical network segments connected using routers. Routers are devices that direct data between networks. Essentially, when a router receives data, it must determine the destination for the data and send it there. To accomplish this, the network router uses two key pieces of information—the gateway address and the routing tables.

The Default Gateway

A default gateway is the router’s IP address, which is the pathway to any and all remote networks. To get a packet of information from one network to another, the packet is sent to the default gateway, which helps forward the packet to its destination network. In fact, computers that live on the other side of routers are said to be on remote networks. Without default gateways, Internet communication is not possible, because your computer doesn’t have a way to send a packet destined for any other network. On the workstation, it is common for the default gateway option to be configured automatically through DHCP configuration.

Routing Tables

Before a data packet is forwarded, a chart is reviewed to determine the best possible path for the data to reach its destination. This chart is the computer’s routing table. Maintaining an accurate routing table is essential for effective data delivery. Every computer on a TCP/IP network has a routing table stored locally. Figure 5.3 shows the routing table on a Windows Vista system.

As shown in Figure 5.3, the information in the routing table includes the following:

Destination: The host IP address.

Network mask: The subnet mask value for the destination parameter.

Gateway: Where the IP address is sent. This may be a gateway server, a router, or another system acting as a gateway.

Interface: The address of the interface that’s used to send the packet to the destination.

Metric: A measurement of the directness of a route. The lower the metric, the faster the route. If multiple routes exist for data to travel, the one with the lowest metric is chosen.

FIGURE 5.3 The routing table on a Windows Vista system.

Routing tables play a very important role in the network routing process. They are the means by which the data is directed through the network. For this reason, a routing table needs to be two things. It must be up to date, and it must be complete. The router can get the information for the routing table in two ways—through static routing or dynamic routing.

Static Routing

In environments that use static routing, routes and route information are entered into the routing tables manually. Not only can this be a time-consuming task, but errors are more common. Additionally, when a change occurs to the network’s layout, or topology, statically configured routers must be manually updated with the changes. Again, this is a time-consuming and potentially error-laden task. For these reasons, static routing is suited to only the smallest environments, with perhaps just one or two routers. A far more practical solution, particularly in larger environments, is to use dynamic routing.

It is possible to add a static route to a routing table using the route add command. To do this, you specify the route, the network mask, and the destination IP address of the network card your router will use to get the packet to its destination network.

The syntax for the route add command is as follows:

route add 192.168.2.1 mask (255.255.255.0) 192.168.2.4

It is also important to remember that adding a static address is not permanent; in other words, it will most likely be gone when the system reboots. To make it persistent (the route is still in the routing table on boot), you can use the -p switch with the route add command.

Dynamic Routing

In a dynamic routing environment, routers use special routing protocols to communicate. The purpose of these protocols is simple: they enable routers to pass on information about themselves to other routers so that other routers can build routing tables. Two types of routing protocols are used—the older distance-vector protocols and the newer link-state protocols.

Distance-Vector Routing

With distance-vector router communications, each router on the network communicates all the routes it knows about to the routers to which it is directly attached. In this way, routers communicate only with their router neighbors and are unaware of other routers that may be on the network.

The communication between distance-vector routers is known as hops. On the network, each router represents one hop, so a network using six routers has five hops between the first and last router.

Several distance-vector protocols are in use today, including Routing Information Protocol (RIP and RIPv2), Enhanced Interior Gateway Routing Protocol (EIGRP), and Border Gateway Protocol (BGP):

RIP: As mentioned, RIP is a distance-vector routing protocol. RIP is limited to a maximum of 15 hops. One of the downsides of the protocol is that the original specification required router updates to be transmitted every 30 seconds. On smaller networks this is acceptable; however, this can result in a huge traffic load on larger networks. The original RIP specification also did not support router authentication, leaving it vulnerable to attacks.

RIPv2: The second version of RIP dealt with the shortcomings of the original design. Authentication was included to allow secure transmissions, also, it changed from a network-wide broadcast discovery method to a multicast method to reduce overall network traffic. However, to maintain compatibility with RIP, RIPv2 still supports a limit of 15 hops.

BGP: A routing protocol often associated with the Internet. BGP can be used between gateway hosts on the Internet. BGP examines the routing table, which contains a list of known routers, the addresses they can reach, and a cost metric associated with the path to each router, so that the best available route is chosen. BGP communicates between the routers using TCP.

EIGRP: A protocol that lets routers exchange information more efficiently than earlier network protocols. EIGRP uses its neighbors to help determine routing information. Routers configured to use EIGRP keep copies of their neighbors’ routing information and query these tables to help find the best possible route for transmissions to follow. EIGRP uses Diffusing Update Algorithm (DUAL) to determine the best route to a destination.

Distance-vector routing protocols operate by having each router send updates about all the other routers it knows about to the routers directly connected to it. The routers use these updates to compile their routing tables. The updates are sent automatically every 30 or 60 seconds. The interval depends on the routing protocol being used. Apart from the periodic updates, routers can also be configured to send a triggered update if a change in the network topology is detected. The process by which routers learn of a change in the network topology is called convergence.

Routing loops can occur on networks with slow convergence. Routing loops occur when the routing tables on the routers are slow to update and a redundant communication cycle is created between routers. Two strategies can combat potential routing loops:

Split horizon: Split horizon works by preventing the router from advertising a route back to the other router from which it was learned. This prevents two nodes from bouncing packets back and forth between them, creating a loop.

Poison reverse (also called split horizon with poison reverse): Poison reverse dictates that the route is advertised back on the interface from which it was learned, but it has a hop count of infinity, which tells the node that the route is unreachable.

Although distance-vector protocols can maintain routing tables, they have three problems:

The periodic update system can make the update process very slow.

The periodic updates can create large amounts of network traffic—much of the time unnecessarily, because the network’s topology should rarely change.

Perhaps the most significant problem is that because the routers know about only the next hop in the journey, incorrect information can be propagated between routers, creating routing loops.

Link-State Routing

A router that uses a link-state protocol differs from a router that uses a distance-vector protocol, because it builds a map of the entire network and then holds that map in memory. On a network that uses a link-state protocol, routers send link-state advertisements (LSAs) that contain information about the networks to which they are connected. The LSAs are sent to every router on the network, thus enabling the routers to build their network maps.

When the network maps on each router are complete, the routers update each other at a given time, just like with a distance-vector protocol; however, the updates occur much less frequently with link-state protocols than with distance-vector protocols. The only other circumstance under which updates are sent is if a change in the topology is detected, at which point the routers use LSAs to detect the change and update their routing tables. This mechanism, combined with the fact that routers hold maps of the entire network, makes convergence on a link-state-based network occur very quickly.

Although it might seem like link-state protocols are an obvious choice over distance-vector protocols, routers on a link-state-based network require more powerful hardware and more RAM than those on a distance-vector-based network. Not only do the routing tables have to be calculated, but they must also be stored. A router that uses distance-vector protocols need only maintain a small database of the routes accessible by the routers to which it is directly connected. A router that uses link-state protocols must maintain a database of all the routers in the entire network.

Link-state protocols include the following:

Open Shortest Path First (OSPF): A link-state routing protocol based on the SPF (Shortest Path First) algorithm to find the least-cost path to any destination in the network. In operation, each router using OSPF sends a list of its neighbors to other routers on the network. From this information, routers can determine the network design and the shortest path for data to travel.

Intermediate System-to-Intermediate System (IS-IS): A link-state protocol that discovers the shortest path for data to travel using the shortest path first (SPF) algorithm. IS-IS routers distribute topology information to other routers, allowing them to make the best path decisions.

So what’s the difference between the two? OSPF (a network layer protocol) is more often used in medium to large enterprise networks because of its special tunneling features. IS-IS is more often used in very large ISP networks because of its stability features and the fact that it can support more routers.

Review and Test Yourself

The following sections provide you with the opportunity to review what you’ve learned in this chapter and to test yourself.

The Facts

For the exam, don’t forget these important concepts:

A Class A address uses only the first octet to represent the network portion, a Class B address uses two octets, and a Class C address uses three octets.

Class A addresses span from 1 to 126, with a default subnet mask of 255.0.0.0.

Class B addresses span from 128 to 191, with a default subnet mask of 255.255.0.0.

Class C addresses span from 192 to 223, with a default subnet mask of 255.255.255.0.

The 127 network ID is reserved for the local loopback.

A valid IPv6 address is 42DE:7E55:63F2:21AA:CBD4:D773:CC21:554F.

A public network is a network to which anyone can connect, such as the Internet.

Subnetting enables bits from the node portion of an IP address to be used to create more network addresses.

A private network is any network to which access is restricted. Reserved IP addresses are 10.0.0.0, 172.16.0.0 to 172.31.0.0, and 192.168.0.0.

IP addresses can be assigned dynamically, via DHCP, or statically. In addition, some platforms such as Windows support APIPA addressing.

On a Windows platform, APIPA assigns addresses from the 169.254.x.x address range.

Convergence represents the time it takes routers to detect change on the network.

Link-state protocols include OSPF and IS-IS.

Distance-vector routing protocols include RIP, RIPv2, BGP, and EIGRP.

Key Terms

APIPA

DHCP

Convergence

FTP

SSH

Telnet

SMTP

DNS

HTTP

POP3

NTP

IMAP4

HTTPS

UDP

TFTP

BOOTP/DHCP

SNMP

IPv6

IPv4

MAC addressing

Subnetting

NAT

PAT

SNAT

Unicast

Multicast

Broadcast

Link state

OSPF

IS-IS

Distance vector

RIP

RIPv2

BGP

Hybrid

EIGRP

IGP

EGP

Exam Prep Questions

1. What is the IPv6 equivalent of 127.0.0.1? (Choose two.)

A. 0:0:0:0:0:0:0:1

B. 0:0:0:0:0:0:0:24

C. ::1

D. ::24

2. As the network administrator, you decide to block port 80. Which of the following services will be unavailable for network users?

A. DNS

B. POP3

C. FTP

D. HTTP

3. Which of the following is a Class B address?

A. 129.16.12.200

B. 126.15.16.122

C. 211.244.212.5

D. 193.17.101.27

4. You are the administrator for a network with two Windows Server systems and 65 Windows Vista systems. At 10 a.m., three users call to report that they are experiencing network connectivity problems. Upon investigation, you determine that the DHCP server has failed. How can you tell that the DHCP server failure is the cause of the connectivity problems experienced by the three users?

A. When you check their systems, they have an IP address of 0.0.0.0.

B. When you check their systems, they have an IP address in the 192.168.x.x address range.

C. When you check their systems, they have a default gateway value of 255.255.255.255.

D. When you check their systems, they have an IP address from the 169.254.x.x range.

5. Which of the following address types are associated with IPv6? (Choose three.)

A. Broadcast

B. Multicast

C. Unicast

D. Anycast

6. Which of the following IP addresses is not from a private address range?

A. 192.168.200.117

B. 172.16.3.204

C. 127.45.112.16

D. 10.27.100.143

7. You have been tasked with temporarily disabling Telnet access for external users. What is the best way to accomplish this?

A. Block port 53 on the corporate firewall.

B. Block port 23 on the corporate firewall.

C. Uninstall the Telnet service.

D. Configure ICS to ignore client-initiated Telnet requests.

8. You decide to move your network from NetBEUI to TCP/IP. For the external interfaces, you decide to obtain registered IP addresses from your ISP, but for the internal network, you choose to configure systems by using one of the private address ranges. Of the following address ranges, which one would you not consider?

A. 192.168.0.0 to 192.168.255.255

B. 131.16.0.0 to 131.16.255.255

C. 10.0.0.0 to 10.255.255.255

D. 172.16.0.0 to 172.31.255.255

9. You ask your ISP to assign a public IP address for the external interface of your Windows 2000 server, which is running a proxy server application. In the email message you get that contains the information, the ISP tells you that you have been assigned the IP address 203.15.226.12/24. When you fill out the subnet mask field on the IP configuration dialog box on your system, what subnet mask should you use?

A. 255.255.255.255

B. 255.255.255.0

C. 255.255.240.0

D. 255.255.255.240

10. Which of the following best describes the function of the default gateway?

A. It provides the route for destinations outside the local network.

B. It enables a single Internet connection to be used by several users.

C. It identifies the local subnet and formulates a routing table.

D. It is used to communicate in a multiple-platform environment.

Answers to Exam Prep Questions

1. A, C. The IPv4 address 127.0.0.1 is reserved as the loopback address, and IPv6 has the same reservation. IPv6 addresses 0:0:0:0:0:0:0:0 and 0:0:0:0:0:0:0:1 are reserved as the loopback addresses. The address 0:0:0:0:0:0:0:1 can be shown using the :: notation with the 0s removed, resulting in ::1.

2. D. The HTTP service uses port 80, so blocking port 80 prevents users from using the HTTP service. Answer A is incorrect because DNS uses port 53. Answer B is incorrect because POP3 uses port 110. Answer C is incorrect because FTP uses port 21.

3. A. Class B addresses fall into the range 128 to 191. Answer A is the only address listed that falls into that range. Answer B is a Class A address, and answers C and D are Class C IP addresses.

4. D. When a Windows XP Professional system that is configured to obtain an IP address via DHCP fails to obtain an address, it uses APIPA to assign itself an address from the 169.254.x.x address range. An address of 0.0.0.0 normally results from a system that does not support APIPA. APIPA does not use the 192.168.x.x address range. The IP address 255.255.255.255 is the broadcast address. A DHCP failure would not lead to a system assigning itself this address.

5. B, C, D. A key difference between IPv4 and IPv6 is in the address types. IPv6 addressing has three main types of addresses: unicast, multicast, and anycast. IPv4 uses broadcast addressing, but IPv6 doesn’t.

6. C. The 127.x.x.x network range is reserved for the loopback function. It is not one of the recognized private address ranges. The private address ranges as defined in RFC 1918 are 10.x.x.x, 172.16.x.x to 172.31.x.x, and 192.168.x.x.

7. B. By blocking port 23, you can disable the Telnet service. Answer A is incorrect because port 53 is used by DNS. Uninstalling the Telnet service is not a practical solution.

8. B. The 131.16 range is from the Class B range and is not one of the recognized private IP address ranges. All the other address ranges are valid private IP address ranges.

9. B. In CIDR terminology, the number of bits to be included in the subnet mask is expressed as a slash value. If the slash value is 24, the first three octets form the subnet mask, so the value is 255.255.255.0.

10. A. The default gateway enables systems on one local subnet to access those on another. Answer B describes Internet Connection Sharing (ICS). Answers C and D don’t describe the main function of a default gateway.

Need to Know More?

Mike Harwood. Network+ Exam Prep, Que Publishing, 2009.

Douglas Comer. Computer Networks and Internets, 5th Edition. Prentice Hall, 2008.

“TechEncyclopedia,” www.techencyclopedia.com.

Updated technology information, www.wikipedia.org/.

Subnetting information, www.howtosubnet.com.