Which way??? (How routers choose where to send your traffic!)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
good morning everybody and welcome back to next door netadmin we're back in the same place as usual pardon the interruption last week while I was on the road but before I left we were last talking about the seven layers of the OSI networking stack and the last thing I talked about was about some of the lower levels in the stack specifically layer one where we had hubs and repeaters Layer Two where we had Bridges and switches today I'm going to talk a little bit about layer three where we find routers there's a lot to talk about in the world of routing but specifically what I'm going to be talking about today is just the basics is how do routers know where to send your traffic how how do they figure out out where to send it how does this whole process work okay so the first thing that I will mention is the exception to the rule and then we'll get on to the rule where 99.995% of your traffic will actually be handled the exception here is something called IP Source route technically speaking there's an option in IP that allows the sender to specify the route they want their traffic to take and any network admin worth his salt will disable that option on their routers completely why what's the problem with letting the sender tell you what path he wants his own traffic to take the problem with that is what if it's not the sender who set that option what if it is some malware on the PC that says oh I see that you're wanting to uh log into to Facebook tell you what why don't I let your browser say that you're talking to Facebook but I will just quietly redirect your traffic to go through my attacker server first and then it will continue on to Facebook just so that I can kind of be a man in the middle and read the traffic that you're sending and as a part of that they might also strip away the SSL so that there's no security on that that used to be a big thing so for security reasons most Network admins will disable IP Source routing as an option if it is set the router will ignore it and it will just go on and do its standard routing algorithm so that being covered let's get on to the actual normal routing algorithm and we'll talk about that because this is where almost all of your traffic is going to be processed one of the first things to understand about routing is that all routing decisions are local period the router may get information from other routers on the network but it cannot use information that only another device knows so if it's not told that a network is over on this other section serviced by this other router then it doesn't know about it all routing decisions are local if you get a packet that is destined for some Network and you don't know where to send it you drop it you don't route it anywhere at all period that's just the way it goes this could lead to problems s yeah cuz how do you expect every router on the network on the entire internet for that matter to know where every single address should go so there are some rules that we can use to kind of tell routers hey this is where things should go some of the rules might be redundant if you've looked at IP addresses you know that along with the IP address there's usually a subnet mask and getting into subnetting is a discussion all on its own so I'm not going to cover all the ins and outs of subnetting today but the most important thing to know is the longer the mask the more specific the root if I it's a little bit if you think about street addresses for the moment I can tell you what City I live in that is still going to be kind of difficult to find me if I tell you what street I'm on as well as the city that's a little easier if I go all the way down to the house number I am at plus the street plus the city now that is the most specific version of an of an address of a location so the longer the subnet mask the more information you have and the more specific the route a router will always use the most specific rout first period if you can say I know about this specific root and I know about this General roote over here I'm going to use the specific root first this is what allows us to put in a default rout you if you set up a router with just a default gateway or a default route it'll say this is the least specific route of all it's actually got a length of zero that's how non-specific this is so if I have literally no other place to send this traffic I can send it to the default route then and only then can I send it to the default route if you have any information that is more specific use that first how does it get these more specific Roots how does it know about these more specific networks well first of all it knows what it's actually connected to and so it'll know the subnet mask of what it's already connected to and that that goes into its internal routing table if it is running a Dynamic routing protocol and there are many of these some of the more common ones are like R ospf eigrp bgp Isis if it's running a dynamic routing protocol it may be receiving information from other routers on the Internet or on the local network that tell it I have a specific route for this network over here you can send it through this router to get there cool if it has that information locally then the router will act on it but it has to know about it locally if it doesn't know about it locally it can't use it and conversely if configured to do so the router will also advertise to other routers in the network hey I am locally connected to networks a b and c if you want to send something to networks a b and c you can send it through me and I will forward it accordingly that works as well you can also configure the different routing protocols to talk to each other or what is called route redistribution so if you get a bunch of routes through say ospf cool they're pointing elsewhere you can redistribute that into something like bgp and advertise that elsewhere it's possible it and the exact process of doing so is fairly Advanced and for most Network admins you're never going to need to touch that if you're on the small to medium business level if you're on the home level all you really need is your default route your default gateway the router knows what it's Direct directly connected to that's all it's responsible for everything else can just go out the default gateway to your ISP and it's good you really only need to worry about more than that in larger networks and of course I've left out the thing that most Network admins will use in a medium to large Network up to a certain size and that is static routes you the network admin are perfectly capable of telling the router hey I the human know about a route that you can get to through this router over there if you want to reach that Network just send it over there and that's perfectly valid but you have to remember to program that in and anytime it changes you have to go back and change that programming yourself it will not automatically update for most small to medium Enterprise networks this is sufficient most of them will only have one router anyway and if you only have one router there's no need to do any static anything and no Dynamic anything because everything connects directly to the router but if you have something like a VPN Gateway that isn't on the router you might need a route to tell the router hey if you're sending something to somebody on the VPN don't send it straight out to the internet send it over to the VPN Gateway first and then it'll go in the right direction if you have multiple routers for redundancy say and they're connected to a different set of networks then you might also say hey if you want to send something that's actually on the other side of the network that's handled by the other router you need to send it via the other router don't send it just straight out to the internet CU it's never going to get to where it needs to go and in a small to mediumsized network you can get away with that because that kind of uh setup that kind of structure is not likely to change very often in much larger networks think of a network on the side on the size of Microsoft or Amazon something where you have hundreds of buildings hundreds of routers in this internal Network and there's probably a fair degree of interconnection for redundancy it's not just a single link between each building because that would be nuts that would be so unreliable in that case you're going to move to one of the dynamic rout routing protocols so it can say okay I have two ways of of getting to this particular Network one is a single hop it's just a single link to Traverse and the other one takes me through three hops it takes me through two other routers before I can get to the network because it has a bit more of a loop to travel for redundancy sake under normal circumstances you want the router to say well I'm going to choose the the shortest distance the lowest hop count um that's just what I want to do [Music] but if that link goes down and the router stops hearing the advertisement through that shorter distance it still has a route to the network it just sends it on a longer Journey because the shorter path is down for whatever reason whether that's an internet trouble or somebody dug through the line or somebody goofed up a set of configuration and the equipment's not talking to you anymore or it's down for maintenance or anything else like that having multiple routes to a destination is a good thing but only one will ever show up in your routing table the others are candidate routes and the router is only going to look at the actual routes that are in the routing table if it needs to send traffic to that destination and then if that route goes away then it has substitutes that it can just promote into the routing table and we keep going then there's the concept of administrative distance administrative distance can be considered to be a measure of how much do I trust the source of this routing information if the network is directly connected that usually has an administrative distance of zero that is the most reliable information you can have the router actually has an address on this network it's directly connected it's just there 100% true reliable it's there statically configured roots that are inserted by the administrator will typically have a very low administrative distance on a Cisco device by default it has a distance of one I think on a foret device by default it has an administrative distance of I want to say either 5 or 10 and I'm not 100% sure which but it's still fairly low a rout that you get from DHCP that is just dynamically configured will typically have a very high administrative distance it is considered very unreliable again on a Cisco device that has an administ ative distance of 254 and the maximum is 255 so if you have a default route assigned through DHCP that is what you want to trust the least because if you're getting an administratively configured default you want to trust that if you have something that's directly connected you want to trust that if you have information that's been delivered through other Dynamic routing protocols you might trust ospf more than you trust rip which is pretty standard actually because they're different classes of routing protocols ospf is a link distance protocol that actually figures out the shortest distance in the network whereas RP is just a pure hop count metric how many other devices does it pass through which may not actually be an accurate way of looking at it if you go through two routers running at 100 gabit a second versus one router running at 1 megabit per second sure rip will say well there's two routers there it's a longer distance but a network distance view will often go hey that's 200 gigabit links that's going to be way faster than a single one megabit link I should prioritize this one even though technically it's more routers to go through so because of that ospf and other link distance routing protocols will typically have a lower administrative distance making them more reliable for a given route than a pure hop count protocol but what I said before still applies the most specific route wins so if I have a very specific route say to a sl28 that is delivered to me by rip and then I have a less specific route say a sl24 that is delivered by ospf OPF is generally speaking going to have the lower administrative distance but the root from rip has the more specific root and so I'll use that root first administrative distance really only comes into play if you have two roots that have the same specificity okay if they have the same specificity they're both sl24 networks which one do I prioritize first the first thing to prioritize is the one that's directly connected that is always believable the second one to prioritize is the one that the admin has configured because if you're not going to trust your admin what good are you um speaking as a machine and then you go through the the different protocols in their reliability and then the last one the lowest one on the totem pole is DHCP ah if nothing else I can I suppose I can use the default gateway that's advertised by DHCP no idea if it works or not but it's worth a go in the end so there's a lot of complexity that goes into figuring out where the traffic actually goes and like I said all routing decisions are local all of them which means if you have multiple routers in the path one router may say oh to reach this network I sent to you and if the other router says oh well to reach that Network I send it over here now you've got a problem the the the traffic's not going anywhere it's just going in a loop back and forth between the routers it will eventually figure that out and the packet will just die having not been sent anywhere and the sender will hopefully receive a TTL time expired which is the time to live if it reaches zero then the packet is considered unroutable and it just gets killed but if when you have a routing Loop like that neither one of these devices know about it if they were set up statically and that's why static roots are feasible for smaller networks where an admin has insight into everything but not at all for larger networks particularly as link go up and down equipment is taken in and out of service it's a little crazy so for an admin if you're troubleshooting through several routers where each packet is going you cannot simply rely on well it's going to the internet you you cannot rely on that for a network admin to be able to correctly trace the path you need to go through every router along the path and say what's your routing table what's the administrative distance what's the network mask that you've assigned to this route how specific is it and you have to understand how the router will prioritize that before it figures out where it's going to send that traffic and then you also have to consider how does it know where to send the reply cuz that that got the packet to it destination great but how does the destination send back to the source again you have to go through every routing table along the way but now you need to look for do you know how to send traffic back because communication is a loop you can have one-way communication but then it's just going to look like I never reached the destination because I never got a response maybe you did reach the destination and it's the response that has the problem so a network admin has to look at the entire Loop of traffic and that often means going through every single device along the way and assessing every single device and going does this make sense if it doesn't make sense how do I fix it so that it does make sense and if it does make sense and you verified the entire layer three path which you can easily test by just running ping like I said because icmp runs at layer 3 if you verified your layer 3 is good and you've got communication forward and back then you need to look at a higher layer because a layer three check will make sure that layer two and layer one are also working as part of that and so cool if you can't ping but your Layer Two looks good then you're looking at routing tables and figuring that stuff out and once that's resolved if it's still not working you're looking at a higher level whether it's TCP or the protocol or everything else higher in the stack which we're not going to go into today because for one day I've rattled on long enough so hope you found that interesting thank you very much for watching I am your next door nadman and we'll see you next time
Info
Channel: NextDoorNetAdmin
Views: 6
Rating: undefined out of 5
Keywords:
Id: PJ0RAOEy6qI
Channel Id: undefined
Length: 22min 55sec (1375 seconds)
Published: Mon Jun 03 2024
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.