Using static route to realize network access control

When a host application needs to send packets to destinations located on different networks, routers accept data information from one interface. The network layer examines the packet to determine which network is expected to be sent, and then the router checks its own routing table and uses the information in the routing table to determine which port is expected to be sent. The router again encapsulates the datagram in a certain rule, and then forwards the packet to a port. This routing decision process occurs when the

router forwards any one of the packets. Routing decisions enable routers to select the most appropriate interface to forward packets. In other words, the router is mainly rely on the routing table to work, if there is no routing table or the information in the routing table is wrong, then the router will be like a heap of scrap metal, there is no value.

can be divided into static routes and dynamic routes, depending on the routing table Generation mechanism.

Dynamic routing means that routers automatically update the routing table according to certain methods. Because in the network, when adding a router or a link failure, on the network will generate some information to inform each other. Routers update their routing tables based on this information and adjust the associated routing information according to some predetermined rules. Visible, the use of dynamic routing, can facilitate our management. However, it can also bring some problems. such as dynamic routing will be all the visible routes in the network search out, that is, the use of dynamic router, as long as the data link does not occur, in general, each network is reachable, which is not conducive to network administrator control network access. The

Static route is a manual update of the routing table by the network administrator. When the network topology changes or routers increase and reduce, and so on, all require the network administrator to manually update the router's routing table, otherwise, network communication will have an impact. However, static routing compared to dynamic routing, the biggest drawback is that network administrators need to manually update the routing table, regardless of the enterprise's network changes. This is a very large amount of work for a network administrator.

However, static routing has its advantages, such as the need to enable dynamic routing protocol services on the one hand, thereby reducing the running resource overhead of routers. Moreover, in the network, also does not need to carry on the information sending and the transmission, may reduce this brings the bandwidth the occupation. To implement dynamic routing, there must be some protocol support, such as RIP and so on. These protocols specify the router's generation rules for routing tables. Running these protocols, after all, takes up the resources of routers, and these protocols often communicate with neighboring routers to determine whether the other side is functioning properly. There is no doubt that this will increase the burden on routers and corporate network bandwidth.

ButYes, the above advantage is not the main reason why we use static routing. Because with the upgrading of enterprise network, these routers resource or network bandwidth limit, is no longer the bottleneck resource in the process of enterprise network formation. The decision to let us adopt static routing technology is another feature. The network administrator can control the network access through static routing.

As the author of the Enterprise is a large group company, the group company and the following three subsidiaries are using the same network. Now in the formation of the network, the leaders hope that each subsidiary, the Group company's network can be independent of each other, work together to not interfere.

Of course there are many ways to implement this requirement, if you can for each subsidiary to apply for a separate Internet account, but, this way of handling, is a bit wasteful, because the group has a light brazing network, if again deliberately for other companies to open the network and do not take the group line, That requires a lot of extra money, and the speed may not be as fast as the fiber optic network, so it's not realistic.

Furthermore, the access control list for the Cisco router can be used to implement related controls. However, this requires the router to support this function, but also configured to have a certain method, maintenance is not very important. Therefore, according to the author's understanding, Access control List Although is a very good network access control mechanism, but, in the actual application, uses the enterprise to be relatively few, because of its disposition, still has certain difficulty.
In fact, we can use static routing technology to achieve network routing control. The

contains the following information in the routing table of the router. Destination network address, subnet mask, gateway, interface, and so on. Destination network address and subnet mask with the sending IP address of the packet, you can determine whether the sending address and destination address belong to the same network, if it belongs to the same network, the router will not carry out data forwarding or according to the predetermined rules for processing. If the sending address and destination address are not part of the same subnet, then the router will judge the path based on the information in the routing table. If the router cannot find the right path, the data forwarding will be terminated and our network administrator can control the routing access according to this feature.