Routing Basics

by Craig Miller

Getting from here to there

Routers are everywhere. Everyone who has more than one device at home, has one. Perhaps it was supplied by your ISP, and integrated with your cable/DSL modem. Or perhaps you bought one off of UsedVic, and put OpenWrt on it. But more than likely, you only have one router running at your house. Why?

• Why would you need more than one?
• How would I plug them together?
• I can't get to parts of my network?
• Don't want to run double NAT?

The Basics of Forwarding

Remember that Ethernet is to transport packets on a local network (e.g. between your computer and the router). Wifi, or 802.11, is another layer 2 transport, similar to Ethernet that is common in home networking. Ethernet or Wifi headers are discarded by routers, with new headers prepended after a forwarding decision has been made, and the packet is sent to the next hop.

The router does this for each and every packet

In straight IP forwarding (for v4 and v6) there is no manipulation of the IP header. That doesn't mean that the router isn't doing any work when just forwarding packets. As it has been shown, ethernet headers are stripped and added, and in IPv4 the header checksum is validated.

The Basics of IP

The Internet Protocol is a Layer 3 (network) protocol. But in the earlier days of networking there were many other networking protocols, such as Novell (IPX), AppleTalk, and NetBEUI (NetBIOS Extended User Interface used by Windows). Most of the other networking protocols were created by companies to allow their brand of computers to share info on a network, but were incompatible with other computer brands (think Apple not talking to Windows).

The Internet Protocol was independent of the companies promoting their own solutions, and it provided a path to much larger networks, eventually a world-wide network.

Both IPv4 and IPv6 ride on top of Ethernet. When looking at a wireshark capture, it is presented as IP is encapsulated in Ethernet. A handy Python networking tool, called Scapy represents the header layers with a slash "/". It is an easy way to represent the headers of the packets. For example, a basic web request might look like:

/Ethernet/IP4/TCP/HTTP/
/Ethernet/IP6/TCP/HTTP/

As you can see, because of the OSI model, it doesn't matter whether IPv4 or IPv6 is used as the network layer, when transporting HTTP requests.

A Single Router with two networks

An example of a more secure network setup. SubnetA with your personal laptop and computers, and Subnet DMZ where all of your third part devices (e.g. IoT) reside.

Having a DMZ network on a Home Network is recommended. In the future, there will be many IoT (Internet of Things) devices in your home. Placing them on their own network means that when they get hacked (security is usually an afterthought in IoT) your own IoT devices will not be able to attack your PC. Of course this means putting in router firewall rules to:

LAN -> DMZ  = ALLOW
DMZ -> LAN  = DENY

Connecting more than one router together

NAT in this network can cause network reachability issues (e.g. Client can't talk to the NAS server). Think of NAT as a one-way valve that only lets packets flow toward the ISP. This works well for the single router home network, but as soon as you add another router, NAT prevents access to part of your network (specifically the part behind the second router).

So how to connect more than one router?

There are the easy and the hard ways.

The hard way, retain NAT (example 1):

On Router 2, configure reverse-port-forwarding to allow a reverse path to the NAS. Although this sounds simple, you will need to have intimate knowledge of the protocols you wish to pass towards the NAS. Why? Because you wil need to configure a reverse-port-forwarding rule for each TCP/UDP port the protocol uses.

While possible, this makes your network more complex, and that complexity continues to grow as you add more reverse-port-forwarding rules in downstream routers as well. Additionally, this example doesn't solve network loops (no network redundancy)

The hard way, remove NAT, add static routes (example 2):

On Router 2 (and 3) disable NAT, setup the firewall to allow incoming traffic, and create static routes to point to Subnet B & Subnet C in Router 1.

For example, you would create routes in Router 1 as follows (assuming a linux system):

ip route add 192.168.40.0/24 via 192.168.0.40
ip route add 2001:db8:ebbd:40::/64 via fe80:ea9f:80ff:fef3:fd40

The static routes method works well in a small network without loops. If there was a connection between Router 2 and Router 3, say via subnet D, then static routes will not prevent the loop, and your network will become unusable.

Static routers don't solve network loop problems.

First Easy way, using bridging (example 3):

An easy way to use multiple routers in your home network, is to only have one (1) router do the routing, and all the other routers are just layer 2 (L2) switches with Wifi (think: Managed Access Points (AP)).

When using a router as a Managed AP, it is important to do the following:

1. Do NOT use the WAN port
   • Instead connect a LAN port to the rest of your network
2. Disable DHCPv4 server on the Managed AP
   • Having 2 (or more) DHCPv4 servers on the same network is nothing but problems, don't do it, it will save you a ton of troubleshooting time
3. Configure a static IP address on the LAN in your Network range, but give it a high number, preferably outside the range of your DHCP server address pool.
   • For example, your network is 192.168.1.1-254, give your Managed AP an address such as 192.168.1.200
4. Run IPv6, there are 2^64 (or 18,446,744,073,709,551,616) addresses per subnet. There are plenty of Addresses for your Single home network with several Managed APs.

Careful when setting up this kind of network, that you don't create loops. If you need a loop (for redudancy), then be sure to run Spanning Tree (802.1D) on all of your Managed AP switches. However Spanning Tree can take up to 40 seconds to reconverge (stop the loop and allow traffic to flow again). There's another way...use a routing protocol.

The second Easy Way, run a routing protocol (example 4):

Routing protocols is a method by which routers talk to each other and share routing information between them. There are two basic types of routing protocols:

• Distance-Vector (RIP2, RIPng)
• Link-State (OSPF, IS-IS)
• Policy-based (BGP)

While link state routing protocols are more efficient, and can handle large Enterprise sized networks, they require much more detailed knowledge about routing, and are over kill for home networks.

While Policy-based routing protocol such as Border Gateway Protocol (BGP) can be used as an Interior Gateway Protocol (IGP), it has limitations (requires a full mesh), and is more commonly used between Autonomous Systems (AS).

Distance-Vector protocols were the first to be created in the early 1980s, when the internet grew too large for static routes alone. Routing Information Protocol (RIPv1) was included in BSD release 4.2 (in 1983).

Counting Hops

The concept of RIP is easy to understand. Each router hop is counted as a hop. The path to the destination with the fewest hops must be the best path.

We can see router hops in action by using traceroute. In the following example google.com is seven (7) hops away.

(buster)cvmiller@localhost:~$ traceroute6 google.com
traceroute to google.com (2607:f8b0:400a:808::200e) from 2607:c000:8011:fd00:9916:a8d9:525e:b68c, port 33434, from port 44343, 30 hops max, 60 bytes packets
 1  2607:c000:8011:fd00::1 (2607:c000:8011:fd00::1)  3.440 ms  3.546 ms  3.272 ms 
 2  2607:c000:8004::1 (2607:c000:8004::1)  40.701 ms  26.183 ms  24.900 ms 
 3  ae0-10-agg01-van2.teksavvy.com (2607:f2c0:ffff:4:4::151)  26.627 ms  26.894 ms  24.586 ms 
 4  v6-pr01-et-0-3-0-0.sea09.net.google.com (2001:504:16::3b41)  30.168 ms  27.902 ms  27.878 ms 
 5  2001:4860:0:1041::1 (2001:4860:0:1041::1)  39.874 ms  38.437 ms  39.881 ms 
 6  2001:4860:0:1::9bd (2001:4860:0:1::9bd)  27.977 ms  29.292 ms  28.964 ms 
 7  sea15s11-in-x0e.1e100.net (2607:f8b0:400a:808::200e)  41.566 ms  41.445 ms  41.291 ms 

But what if there are two paths to the destination with the same number of hops? Then there are additional tie-breaking routing rules which might be:

If hops are equal, then chose the lowest numbered interface

Using a Routing Protocol (example 3):

Using a Distance-Vector protocol such as RIP2 (IPv4) or RIPng (IPv6) is the easiest, and pretty much plug-and-play.

In DV protocol, there is also the concept of cost, where slower links would have a higher cost. in this scenario, the lower cost link is the better choice. By adding hops and cost, it is a simple routing decision to the best path.

When using multiple routers, it is important that they share information about the networks they are attached to with the other routers in the overall network. Take the following example:

In the above network for A to get to D, there are two paths:

1. A->C->D
2. A->B->C->D

It may seem like path 1 is the natural choice to take, but in this example, there is a path cost between A & B of 23 (perhaps it is a slow dial-up link). So taking the A->C link is expensive, so the shorter cost route is actually path 2.

Each node (A,B,C,D) advertise their directly connected links (e.g. Node A would advertise the A->B and A->C links) to the other nodes. Eventually these advertisements reach node D, and D now knows about links A->B and A->C even though it is not directly connected to either.

Self Healing

Should node B be turned off, the remaining routers will advertise that the links A->B and B->C are down, and traffic from A to D will be automatically re-routed to path 1.

Getting from here to There

Back to the home network, when running a Routing Protocol, Router 3 where the laptop is located, will know about Subnet B (connected to Router 2) via the routing protocol. When the Laptop wants to connect to the NAS, because the routers have shared routing info, a connection can be made.

Next Month

We'll dig deeper into RIPv2 & RIPng

---

6 March 2022
Updated 19 March 2022