Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book


In a common configuration, routers are used to create larger networks by joining two network segments. Such as a SOHO router used to connect a user to the Internet. A router can be a dedicated hardware device or a computer system with more than one network interface and the appropriate routing software. All modern network operating systems include the functionality to act as a router.

A router derives its name from the fact that it can route data it receives from one network onto another. When a router receives a packet of data, it reads the header of the packet to determine the destination address. Once it has determined the address, it looks in its routing table to determine whether it knows how to reach the destination and, if it does, it forwards the packet to the next hop on the route. The next hop might be the final destination, or it might be another router. Figure 3.5 shows, in basic terms, how a router works.

As you can see from this example, routing tables play a very important role in the routing process. They are the means by which the router makes its decisions. For this reason, a routing table needs to be two things. It must be up-to-date, and it must be complete. There are two ways that the router can get the information for the routing table—through static routing or dynamic routing.

Static Routing

In environments that use static routing, routes and route information are entered into the routing tables manually. Not only can this be a time-consuming task, but also errors are more common. Additionally, when there is a change in the layout, or topology, of the network, statically configured routers must be manually updated with the changes. Again, this is a time-consuming and potentially error-laden task. For these reasons, static routing is suited to only the smallest environments with perhaps just one or two routers. A far more practical solution, particularly in larger environments, is to use dynamic routing.

Figure 3.5

Figure 3.5 How a router works.

Dynamic Routing

In a dynamic routing environment, routers use special routing protocols to communicate. The purpose of these protocols is simple; they enable routers to pass on information about themselves to other routers so that other routers can build routing tables. There are two types of routing protocols used—the older distance vector protocols and the newer link state protocols.

Distance Vector Routing

The two most commonly used distance vector routing protocols are both called Routing Information Protocol (RIP). One version is used on networks running TCP/IP. The other, sometimes referred to as IPX RIP, is designed for use on networks running the IPX/SPX protocol.

RIP works on the basis of hop counts. A hop is defined as one step on the journey to the data’s destination. Each router that the data has to cross to reach its destination constitutes a hop. The maximum number of hops that RIP can accommodate is 15. That is to say that in a network that uses RIP, all routers must be within 15 hops of each other to communicate. Any hop count that is in excess of 15 is considered unreachable.

Distance vector routing protocols operate by having each router send updates about all the other routers it knows about to the routers directly connected to it. These updates are used by the routers to compile their routing tables. The updates are sent out automatically every 30 or 60 seconds. The actual interval depends on the routing protocol being used. Apart from the periodic updates, routers can also be configured to send a triggered update if a change in the network topology is detected. The process by which routers learn of a change in the network topology is known as convergence.

Although distance vector protocols are capable of maintaining routing tables, they have three problems. The first is that the periodic update system can make the update process very slow. The second problem is that the periodic updates can create large amounts of network traffic—much of the time unnecessarily as the topology of the network should rarely change. The last, and perhaps more significant, problem is that because the routers only know about the next hop in the journey, incorrect information can be propagated between routers, creating routing loops.

Two strategies are used to combat this last problem. One, split horizon, works by preventing the router from advertising a route back to the other router from which it was learned. The other, poison reverse (also called split horizon with poison reverse), dictates that the route is advertised back on the interface from which it was learned, but that it has a metric of 16. Recall that a metric of 16 is considered an unreachable destination.

Link State Routing

Link state routing works quite differently from distance vector-based routing. Rather than each router telling each other connected router about the routes it is aware of, routers in a link state environment send out special packets, called link state advertisements (LSA), which contain information only about that router. These LSAs are forwarded to all the routers on the network, which enables them to build a map of the entire network. The advertisements are sent when the router is first brought onto the network and when a change in the topology is detected.

Of the two (distance vector and link state), distance vector routing is better suited to small networks and link state routing to larger ones. Link state protocols do not suffer from the constant updates and limited hop count, and they are also quicker to correct themselves (to converge) when the network topology changes.

On TCP/IP networks, the most commonly used link state routing protocol is the Open Shortest Path First (OSPF). On IPX networks, the NetWare Link State Protocol (NLSP) is used. Table 3.1 summarizes the distance vector and link state protocols used with each network protocol.

Table 3.1 Routing Protocols

Network Protocol

Distance Vector

Link State







  • + Share This
  • 🔖 Save To Your Account