A thorough understanding of Cisco, Linux, and Windows IP routing

Source: Internet
Author: User
Tags block ip address

A thorough understanding of Cisco, Linux, and Windows IP routing-1. As long as you understand the essence, the name is not important! Many Linux-based network experts consciously beat Cisco administrators in terms of management distance, route measurement, and other words. I think it's a pity that everyone is a family. Why is it so difficult for each other? If you understand the essence, it is not that important to describe it. If a Cisco device administrator gives you some terms that you do not understand, or describes the features that are available on Cisco but not available on Linux gateway devices, what should you do if that person has a CCIE certificate and has no one in sight? If you are a familiar and proficient in Linux (such as me), you must first understand that Linux is omnipotent. As long as you are willing, you can write a Netfilter-based module when you go home from work, achieve all the features of Cisco IOS. If you think you can't do it, read this article and give yourself some confidence. (Note: I am not a cool-down Cisco-based buddy. In a sense, I was one of them. I didn't take the CCIE exam because I had no money, because it was too expensive because I had no money, I switched to a grass-roots platform, not noble, but free. The meaning of betrayal has become something similar to the "Exit of Egypt" here ...) 0. I want to read some history IT staff. IT's a bit difficult to talk about history here, but I 'd like to take a look at Richard. feynman, a talented man, is focusing on the more intense wona Karl heenburg, a stubborn child from the history division. Reading a little history will let you know some common sense, and let you know why things are like this. Everything is accumulated in 1.1 drops. Even if we develop more advanced science and technology, we start from the original man's invention of bows and arrows (not the conventional invention of fire. If you have any doubts, private Message. You may look down on the original people, because they do not have an iPad, no mobile phone, and bite people if they don't move... but we do not have much better than them. We have an iPad. because Apple has made it, we have a mobile phone. Because someone sells it, we don't bite people or beat people at will, because we are afraid of legal sanctions... everything is not complicated at the beginning, and its basic philosophy is extremely simple. This is my Creed! Then the accumulation gradually became the present, and the students began to recite the questions. Although they did not know why, they still recited the questions. Then they scored very well and were considered as talented students, then, suddenly there was a chance, dinner, annual meeting, or dating, and suddenly I heard heavy metal rock ,... they are overwhelmed ,... life cannot be self-care ,... alas, in short, we are the Resurrection devil, and Satan is history! 1. This category was not found at the beginning when there were class IP addresses and non-class IP addresses. The concept at that time was "class. It was only later that the concept of "no class" was introduced to solve the problems gradually discovered, so we had this classification. No longer need to emphasize that problems and deficiencies cannot be found at the beginning of everything. As a result, problems and deficiencies can be rectified only when they are discovered later. Therefore, technological evolution is gradually built up, it also makes the development and evolution of a technology more and more complex. When people use IP addresses to connect to the Internet in an experimental environment, the next plan is to develop a solution to distribute these IP addresses to institutions that need to connect to the Internet. This is actually the only problem at that time, the problems found in the experiment environment are all solved in the experiment environment. The real-world problems can only be discovered after IP addresses are allocated and used by everyone! In view of this, the United States is short-sighted and wishful thinking to divide the IP address space into five categories, each IP Address "network number" indicates the size of the IP address owner, class A addresses have the largest capacity, and class C addresses have the smallest capacity. They can only host 254 hosts. 1. 1. however, there are not many organizations that use Class A addresses, and the number of class A addresses is so large that there is A waste of addresses, so classification becomes the only solution, after all, the address space has been divided and cannot be replayed. Therefore, the subnet can only be divided by classification. Therefore, the host part of all the IP addresses of an organization can also be pulled out as the subnet network number, this is called the subnet division based on the classified IP address. As a result, one organization can carry multiple sub-organizations of the same size. Note that they are of the same size! However, this is only the first step of fission... 1.1.1. Question: Why must the subnet size be the same? The subnet division must be of the same scale. The implication is that the subnet mask must be consistent. This is a rigid rule for subnet division of IP addresses. Why? This has to be explained in the route announcement of the IP management plane in another dimension of IP routing. In the age of class, you can get all the information by providing an IP address. You can get the main class CIDR block, that is, the Class a cidr block of x.0.0.0/8, y. z.0.0/16 class B network segment, and then you will know what institution the IP belongs... however, subnet division is a matter inside the organization. The outside world does not know how the subnets in your organization are divided. For global routing announcements, of course, it cannot contain any subnet information, that is to say, the route advertisement can only advertise the routes of the main class CIDR block without the subnet mask! For example, the r1_1 Protocol cannot advertise routes like 1.2.3.0/24! What should I do? After all, a subnet is a small CIDR block and a real three-tier CIDR block at the IP routing layer. 172.16.1.0/24 and 172.16.2.0/24 both belong to the primary class 172.16.0.0/16, however, due to subnet division, they are not a network segment after all! How can we identify and distinguish them? It's easy (in this case, it doesn't mean that I am God. I stand in the background and use a historical perspective to comment on this matter )! The IP Address Mask configured on the interface for identification. Because the IP Address Configuration is independent, even now, the automatic configuration of the IP address is not common, and most of the automatic configuration is in the terminal system! In order not to lose the CIDR Block masked by the mask, all interfaces of the same CIDR block must be configured with the same mask. To be honest, this is God's requirement. You may not follow it, however, you have to pay for some host failures. For example, if an interface A is configured with the address 172.16.1.0/24, I have configured a 172.16.1.128/25 IP address with an interface B that is directly connected to the L2 Switch. Can they reach consensus? For interface B, 172.16.1.0/25 is not in the same network segment, but for A, all 172.16.1.0/24 are in the same network segment, although in today's no-class environment, there is no problem at all. You can solve the problem of accessibility through routing. In a class IP environment, the subnet is identified based on the primary class and the mask configured on the IP address on the interface. No route advertised by any routing protocol carries a mask. This becomes a problem, therefore, in a class environment, the subnet mask must be consistent! This reminds me of the novel "monkey claw" and the movie "Pet cemetery" (also known as "knocking at night") based on Stephen King's novel ). You want to get some compensation for the loss, but your price is more! Why is it so complicated? In the age of class IP, "IP" implies a lot of hidden information, and the information is highly independent! You can get a lot of things from the class... This is not God's way. 1. 2. classless and VLSM subnets are divided into different degrees in each organization. However, it is not enough to divide subnets in this way. First, the sub-organizations in one organization are not necessarily of the same size. Second, the sub-organizations of large organizations may also have sub-organizations. The existing IP Address Allocation Scheme cannot truly reflect the organizational structure of the actual organizations. A classification IP segment (that is, the part marked by the network number of the classification IP address) has been assigned to an organization, so how to assign the address within the segment is a matter inside the organization, why do we need to follow the rigid subnet division rules (divided into sub-kings with the same size, that is, the same subnet mask? Since the network devices created at that time were all executed according to the "class" standard at that time, the results hindered the flexible use of IP addresses! Finally, someone boldly asked to cancel the address classification, and VLSM was proposed. After such a standard is proposed, the subnet mask becomes VL (variable length) in a non-class environment, it is no longer a fixed "mask specified by the IP address category + same subnet mask in the same category address segment", so you can write it as an IP address/mask, the IP address is no longer classified based on the first byte's first binary value, and the mask does not follow the fixed classification based on the classification address, such as 8, 16, and 24. In fact, the IP address can be any compliant IP address. If the mask is written as a prefix (indicating the number of consecutive 1), it can be any value ranging from 0 to 32! In fact, as of now, fission has already occurred!. Merged into a super-network and CIDR to cancel the category, bringing the super-fierce effect! The most violent effect is to change the router routing search algorithm and the way people interpret IP addresses. The change in the routing search algorithm is to evolve the routing search to the "Longest mask matching age". Next we will talk about the change in the way people interpret IP addresses in a non-class environment, A block IP address segment is no longer associated with a unique organization. All the IP addresses it contains can belong to anyone, any organization, or any physical location. Of course, this also brings about a lot of problems. In fact, the IP Address Allocation task is handed over to the implementer. Once there is an address space fragmentation, it will lead to the convergence failure, as a result, the number of route table entries increases. A little problem! I'm talking about classless things, and it's all about its shortcomings. The proposal of non-class addressing is actually aimed at solving the internal address allocation problem, but it actually brings a side effect, that is, the address segment of an organization can be extended beyond the organization, that is, the organization and the address block are no longer associated! Since a series of continuous subnets in an organization can be merged into a primary network segment, it is no longer a class environment that cares about the boundaries of the Organization, can I combine consecutive VLSM subnets into a large level-1 network? This is certainly possible, but it is for the Internet. Canceling the classification removes the constraint that people can assign IP addresses and the allocation process becomes free. Therefore, although consecutive VLSM subnets can be merged into supernetworks, however, you cannot assume that you can do this. It is entirely possible that 1.2.40.0/24 is in the United States, while 1.2.41.0/24 is in Afghanistan. Of course, you cannot merge it into 1.2.40.0/23, because they really do not belong to any intersection! What is the result? The result is a change in the routing search algorithm, which can be simplified. The reason for this evolution is that it can be merged into several subnets of the supernetwork and cannot be merged because they are not allowed to belong to the same branch, therefore, it cannot be assumed that IP addresses belonging to subnets in the classification environment must belong to the hyper-network they are merged. Without the limitation of classification, the routing search algorithm is replaced by the longest mask matching algorithm. The routing search and IP Address allocation are completely irrelevant, always find the closest route table entry to the target network and lock the target in the smallest range. You can use a more unified method to implement the search algorithm. However, the implementation of classless IP routing cannot be unified.. There are two steps for a classless IP routing search algorithm, which can be referred to as "target address classification" and "subnet search. First, classify the target address to the primary CIDR block. Then, check whether there is any route for this primary CIDR Block in the system route table. If not, discard the route directly. If yes, check whether there are subnets, if no subnet is divided, the next hop packet is taken out. If there is subnet division, check whether the destination address is in one of the subnets. If no subnet is found, discard it, if the IP address is found, the IP address belongs to the subnet and the next hop packet is taken out. This algorithm is a bit strange to modern network people. Why is this search? In fact, in the age of IP address classification, if the primary network segment is extracted from an IP address, therefore, it must be in the network directly connected to the primary CIDR block or the subnet carried by the directly connected vro. This is also the primary principle for initial IP Address allocation, IP address space can only be divided by organization, not scattered! If no primary route is found or a primary route with a subnet is found but the corresponding subnet is not found, can you expect the target to be located in another place? The allocation of IP addresses by category is the correspondence between the organization and the primary IP address category. In this case, the unique meaning of setting the default route is to perform default forwarding when "the main route cannot be found. As long as the master-class route is found, the forwarding or discarding is determined! The algorithm is as follows: Network = determine the Master Class address (DST) Route Entry = Search the master class if (Route Entry) if (contains the complete next hop information) forward else // only Entry Route Entry of Level 2 subnet Route = Search Level 2 Route of this main class if (Route Entry) Forward else discard else if (default Route exists) A typical but not absolute way to discard the forwarding else Is to save N route tables (N is the number of IP address categories). When adding route table entries, place the target address in a route table of a specific category. During forwarding, the IP address category is calculated based on the target IP address and then queried in the route table. 1. 5. classless IP routing lookup algorithms are actually the "Global longest mask match" algorithm, which has become the only search algorithm that everyone thinks is today. Although many network administrators know, this algorithm is not used in the classification environment. The content of the longest mask match is not described in detail. The algorithm is relatively simple. Typical Linux implementations include HASH and TRIE. No matter which one is a single mask search from a 32-bit mask to a 0-bit mask, find the one that matches first. 1. 6. currently, in the mainstream operating system Linux, the Windows route lookup is classless, but the Windows IP address retains a class feature, that is, the broadcast address of the newly added IP address primary class is retained. For a network device OS, such as Cisco IOS and H3C VRP, IP address classification and route classification can still be enabled. To be honest, with the development of the IP management plane, the classless IP address will gradually replace the classless IP address. However, it is undeniable that the use of the IP address can improve the efficiency of a specific manual intervention, especially when the Administrator is aware of the IP address distribution and the number of route table items is large. 2. dynamic Routing and Routing Management Distance are in the original society of the network. Static Routing is the only choice. In fact, it is enough, because at that time, the Internet did not exceed the two vertical and horizontal scales, and the maximum degree of entry of a node would not exceed 4, or even only 2. Generally, administrators can keep this network in mind or book. However, with the expansion of the network scale, static routing becomes a major bottleneck. In a large network, if you change an IP address or disconnect a link, how powerful manual intervention is required. In fact, even if a group is dispatched, the network topology changes cannot be monitored. Dynamic Routing is called out. Dynamic Routing helps administrators to reduce their burden on configuring static routes! There are multiple types of dynamic routes. They use different routing protocols for only one purpose. You can dynamically calculate the shortest distance to any node in the connected network. Different algorithms can be divided into distance vector algorithms and link state algorithms.. The distance vector algorithm is a distributed algorithm that operates between all router nodes in the network. We can imagine that each vro is a vertex, And the link connecting the vro is the edge of the connection point. All nodes start computing together until a stable State. The calculation method is that information is continuously transmitted between nodes through edges, and the distributed Dijkstra algorithm is used, because each node does not calculate the shortest path based on its own information, instead, the shortest path is calculated based on the information provided by others. Because each node is involved in computing-it only interacts with adjacent nodes and is dependent on the computing results of adjacent nodes. Therefore, once a topology is changed, the information dependency chain is broken, therefore, the convergence speed from the vector algorithm is relatively slow. 2. Link Status algorithms: these algorithms are independently calculated on each vro node and are a centralized algorithm. However, to perform centralized operations, it is necessary to have necessary and complete information in advance. Therefore, information must be synchronized before the computing starts. When the information obtained by all nodes is consistent, computing is performed independently on each node. In the case of a topology change, you only need to detect and synchronize the changed parts. recalculation is performed only when necessary and requires no full participation. Because each node operates independently and is separated from information (link status), the computing of related nodes can be performed simultaneously after the link status information is synchronized, unlike the distance vector distributed algorithm, which must depend on the neighbor's computing results, the algorithm itself must be synchronized. Before the previous node is computed, the latter node cannot be computed. Therefore, the Link Status Protocol converges fast.. There are a variety of dynamic routing protocols for reliability and dependency. What if multiple protocols discover multiple paths that reach the same target at the same time? Based on the evaluation results of the algorithm, a concept of management distance is introduced. It is better to evaluate an algorithm than to directly set A route priority. If A uses the route generated by RIP and B uses the OSPF route generated by Network A, it must be extremely chaotic, therefore, the management distance is separated. A route generated by a dynamic routing protocol is better than that generated by other protocols. This is the result of evaluating the algorithm. The evaluation points include but are not limited to the convergence speed. Management distance is a hard priority. That is to say, a route with a high management distance is only an alternative route. As long as a route with a low management distance exists, highly managed routes will never be used. Similarly, the routing priority is also such a hard priority. With a well-designed user-State program, you can unify the Management Distance and routing priority into a field of a routing item. 3. The distance between the measurement and priority of a route is just described. Now we can see the priority of a route. If multiple routes of the same target are found, the application management distance is low first. If there are multiple routes with a low management distance, a high priority (a low value) is used. The routing priority level is only different from the management level. Manage distance labels to generate the program reliability of the route, and the route priority here indicates the measurement of the route, that is, the cost of the route or the quality of the route, also known as the Metric value. When a route is added to a Linux system, if the target is the same, it will be sorted Based on the Metric value you set. In this way, a route with a relatively small Metric will be placed first, in Linux, route lookup is the first match based on the longest mask match, that is, if there is a match, it will jump out the output result. 3. 1. for "Hop", if man runs The Linux route command, the following error occurs: Metric The 'distance 'to the target (usually counted in hops ). it is not used by recent kernels, but may be needed by routing daemons. yes, there is no "Hop" on the Linux kernel today, but on Windows, When you configure the nic ip address, in "advanced", there is an "automatic hop count" selection box. The automatic hop count is generally 20. You can also manually write a value. The value indicates the Metric value of the direct connection route generated by the kernel when the configured IP address takes effect. The Linux kernel removes this configuration, that is, the Metric of the direct connection route is the default value 0. The translation of "Hop" is really not very good. It may be better to call it an interface price. 4. the metrics of Linux route finally has a Linux route configuration problem. The field name in the kernel struct fib_info is really misleading! The fib_priority corresponds to metric in iproute2, while the fiber _ metrics (pay attention to the plural number) is actually irrelevant to the routing metric understood in the general sense, it only indicates some feature count values of the route, such as the MTU of the route. A route refers to the path to the destination, so the fiber _ metrics array in the fiber _ info is the Count value of the path, for example, the fiber _ metrics [RTAX_MTU-1] represents the MTU of the path, using it eliminates the MTU discovery process, or you can direct the multipart in the terminal system. The purpose of these count values is to tell the passers-by, that is, some features of the packet path, so that the end system or intermediate system can initialize some protocol fields based on these count values directly. If these count values are not available, the protocol may be required to execute some action to "Discover" these values. 5. For route translation, it is difficult to translate the term "route" into "routing" in any case. In fact, google Translate has better results: routes, paths, and routes. The result of "routing" is somewhat similar to that of "Memory" and "network. If translated as "Route" and "path", I think many people will understand the concept of "Next Hop. Now let's just say "next hop", that is, nexthop. Note that the end of hop is very good. It directly hides the link layer below, just like flying over. If it is written as next station, then you will think of "going through a road", a long and bumpy road. At the next stop, bus or train may drill into the cave... in fact, this is a fact for IP routing! Therefore, I think that since the term nexthop is confirmed, route should be translated into a "route" to add mail, DA, and ya.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.