Roting Protocol

Routing Protocol Concepts :

Remmmber these notes about :

• Routing Protocol are some rules , messages and ? that help to ip -routing by route Routed protocol such as IP .
• Routing Protocol functions :

1. Learn routes
   
2. Advertise learned route
   
3. Pick the best route
4. Replace the failed route with a new best route
   

• there are 3 algorithms for routing protocol :

1. Distance Vector
   
2. Link State
   
3. Balanced Hybrid (Enhanced Distance Vector )

• Routing protocol : RIP , OSPF . IGRP , EIGRP
  
• Routed protocol (Routable Protocol) : IP , IPX
• AS(Autonomous System):Refers to a internet work under administrative control of single organization.
• Classfull Routing protocol : If the routing updates doesn't contain the subnet mask along with their respective advertised network .
• Classless Routing Protocols : If the subnet mask is tranmited alng with the network information ,, its charectrised as classless routing protocol.
• classless routing protocols support discontigues networks , VLSM and route summarization .
  
• IGP : (Interior Gateway Protocol ) Refers to routing protocols that they run in a specific network under a called AS (Autonomous System) management or etc . such as School Network , Provice or State network , company network or ....IGP protocols are : Rip , OSPf , EIGRP
• EGP : (Exterior Gateway protocol) Refers to routing protocol that runs between more than one AS. onle one EGP protocol is there that BGP (Border Gate way protocol ). for example BGP can run between some ISP .
• There are some differences between IGP routing protocols (Rip , OSPF and EIGRP ) . you can see them in below table :

Distance Vector in summary :
When using distance vector routing protocol , that is important to know how they are working.
lets look at to routing protocol functions again :

1. Learning
2. Advertising by sending routing table in routing protocol update.
   
3. Pick the best route by looking the received routing table and each routing protocol metric.
   
4. Replace failed route if congestion occurred.

those are most and specific function that routing protocols do .but to to them some rules need to enhanced the performance of routing protocol .these rules are :

1. Split-Horizon : Means that each router to send routing update on each interface ,check the routing update table and omits the routes that received from that interface .
2. Route - Poisoning : Refers to the practical of advertising a route but with a special metric value called infinity .Note that each distance vector routing protocol uses the concept of an actual metric value taht represents infinity . Rip defines infinity as 16
3. Triggerd Update : when a route fails dont wait for periodic update but imediantly send the triggend updates
4. Hold-Time : Prevent continuing loop in a redundant network .wait a time thats called holdtime and dont belive any oyher information about down route until ending holdtime.
   
5. Poison-Reverse :
Whena route failed suspend split-horizon rules and advertize a poisoned route.

• to Infinity over a single link : 1-Bandwith consumed 2- take several minutes 3-

• During periods of stability, routers send periodic full routing updates based on a shortupdate timer (the RIP default is 30 seconds). The updates list all known routes except the routes omitted because of split-horizon rules.
• However information sent by neighbors that originally advertized the working route can be belived befor the holdtime expires .
  

■ When changes occur that cause a route to fail, the router that notices the failure reacts
by immediately sending triggered partial updates, listing only the newly poisoned
(failed) routes, with an infinite metric.
■ Other routers that hear the poisoned route also send triggered partial updates,
poisoning the failed route.
■ Routers suspend split-horizon rules for the failed route by sending a poison reverse
route back toward the router from which the poisoned route was learned.
■ All routers place the route in holddown state and start a holddown timer for that route
after learning that the route has failed. Each router ignores all new information about
this route until the holddown timer expires, unless that information comes from the
same router that originally advertised the good route to that subnet.


Link State :

LSA : Link State Advertise
LSDB : Link State Data Base
Flooding : Sending LSA by a router to its neighbors (Only and only)

1. First it needs that each router creats a Router LSA for itself and a link LSA for each subnet.(LSA contains Router ID , IP address , state, cost)
   
2. then Floods LSAs to other routers in routing updates messages .(Flooding )
   
3. all router learn the same detailed information about routers and subnets in the internet work .
4. the individual pieces of topology information are called LSA , all LSAs are stored in LSDB & RAM.
5. The LSDB does'nt have routes but they has more detailed information that can be processed by Dijkstra SPF algorithm (For OSPF routing protocol ) to find best routes.
6. each router runs SPF process to find all routers to each subnet and SPF process to find all routes to each subnet and SPF algorithm can pick the best route as quickly as possible.
7. Link state protocol provides fast convergence with built-in loop avoidance.
   
8. link state protocol consume much more RAM and CPU than Distance vector.
9. Link state protocol inherenthly avoid loops .
10. Link state need much more palning and designing offort .
11. Routers flood LSA :

• When they are created
  
• On a regular time
  
• imediently after convergence accurs.

VPN

VPN (Virtual Private Network)

VPN can provide for us a secure communication link between such as leased line besides internet.VPN is a Flexible , scalable and Low-cost secure link.

VPN Features :

1. Authentication
   
2. Privacy
   
3. Data integrity
4. Anti reply

VPN types :

1. Intranet VPN
2. Extranet VPN
3. Access VPN

VPN Devices :

1. Router
2. ASA(Adaptive Security Applience )
3. Pix Firewall
4. VPNconnection
5. VPN client

Notes :

• Modern VPN powerd by IP sec .
• Because of VPN forms a tunnel through a public network , new IP headers must be generated and applied to the packet . this increase the network overhead for this type of connection.
  
• When Desighning VPN you must choose the appropriate of levels of Encryption ,Authentication & Diffre-Hiffen
• Protect data from the Transport Layer and above .
• IP sec have large advantage than other encryption protocol such as SSH and SSL .
• Encryption Protocol work at Transport layer ans restricted to specific ports .
  

IP Sec:
It's rule as an architecture and a frame for others VPN protocol .IP sec as a secure architecture use dynamic key exchange that is called Internet Key Exchange (IKE) and IKE calls for a process that called Diffie-Hellman (DH) key exchange .


AH & ESP
Two IP sec core protocol:

1. Authentication Header (AH)
2. Encapsulation Security Payload (ESP)

	ESP	AH
Authentication	yes(weak)	yes(strong)
Message Integrity	yes	yes
Encyption	yes	No
Anti reply	yes	No

------------------------------------------------------------

• AH is the older of the two IP sec core protocol .it supports only authentication and data integrity features .
  

use a pair of encryption algoritms :

1. Encrypt
   
2. Decrypt
   

IP packet + key =Encrypted Data

VPN encryption :

1. DES : Data Encryption Standard (56 bit)
2. 3 DES : 3*56 bit
   
3. AES : Advanced Encryption Standard

• AES currently offers the strongest level of encryption possible for symmetric encryption . it can reach up to 256 bit encryption .
  

Authentication :

the widely supported hashing algoritm are used :

1. MD5(Message Digital 5)
2. Secure Hash Algoritm (SH-1)

• Hashing features pass data through a mathematical algorithm to generate a hash for data integrity nn
  

DH (Deffie-Hellman) :

The goog of DH algorithm is to give devices a way to security exchanges the shared key over a public network .

• DH1 : 768 bit
• DH2 : 1024 bit
• H3 : 1536 bit

SSL:

SSL :Secure Socket Layer: SSL encrypt the segments of network connections at the Transport Layer end-to-end.

Several versions of the protocols are in wide-spread use in applications like web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP).(Wikipediya)

To support SSL vpm connection you need a router or cisco ASA that be configured with SSL VPN and the client can connect using standard web browser.SSL use port 443.(SSL is a transport layer protocol)

Cisco introduce web VPN server acts as a web server can be implemented by many devices including as ASA . this connection uses SSL for all communication.

SSL VPN types :

• Clientless :Doesn't allow user to use application on their PC over the VPN
  
• Thin Client : Install Activex or Java based plugins after the user has successfully authenticated to the VPN . this plugin allow user to use application (only TCP based application ). CISCO released a new implemention called "CISCO Secure Desktop".