Cisco/linux/windows IP Routing Detailed

1. As long as the essence of understanding, the name is not important!

Many of the network masters using Linux in the face of Cisco administrators such as management distance, routing metrics, and other vocabulary, there is no PK on the conscious defeat. I think it is really a pity that we are all family and why are we so embarrassed? If you understand the essence, how to describe it is not so important. How do you deal with a Cisco device administrator who tells you something you don't understand, or describes some features that are not on Cisco's Linux-based gateway device, and that person is defiant because he has a CCIE certificate? If you're a familiar and Linux-savvy person (like me), the first thing you need to know is that Linux is omnipotent, and if you want, you can write a netfilter based module to achieve all of Cisco IOS features, if you think you can't, then read this , give yourself some confidence. (Note: I do not belittle to Cisco for the industry buddies, in a sense, I was also one of them, just because there is no money to test CCIE, because too TM expensive, because there is no money, I turned to a grassroots platform, not noble, but free. The meaning of betrayal has become something like "Exodus" to me.

0. To read some history

An IT staff, it's a bit inappropriate to talk about history here, but I ask you to look at Richard Feynman, a versatile man, looking at the more fierce Vonna Carl Heisenberg, a history-trained urchin. Reading a bit of history can give you some common sense and make you understand why things are going to be the way they are. Everything is accumulated little by little, we now even the developed science and technology, are from the primitive people to invent the bow and arrow (not conventional thought of the invention of the fire began, if there is doubt, DMS) began. You may look down on primitive people because they don't have an ipad, they don't have a cell phone, they bite people. But we are not much better than them, we have the ipad, because the Apple has done it, we have the mobile phone, because someone sold, we do not bite people, not randomly hit and kill, because we fear the law of sanctions ...

Everything is not complicated at first, and its basic idea is extremely simple. This is my creed! And then it builds up, and it's the way it is, then the students began to recite, although they do not know why, but still recite, and then the test results are very good, is considered to be brilliant student, and then suddenly have a chance, dinner, or annual meeting, or blind date, suddenly heard the heavy metal rock, ... They are at a loss. Life can not be self-care, ... Alas, in short, we are the resurrection of the devil, and Satan is history!

1. Have class IP and no class IP

IP at the beginning, there is no such classification, at that time the concept is all "have class". Only later, in order to solve the problem of gradual discovery, only to introduce the concept of "no class", so there is this classification. Needless to stress, nothing can be found at the beginning of the problem and deficiencies, resulting in the subsequent discovery can be made up, so the technological evolution is gradually piled up, but also caused a technology will evolve more and more complex.

When people use IP in the experimental environment to connect to the Internet, the next step is to develop a set of how to distribute these IP addresses to the organizations that need to be networked, which is the only problem at the time, because the problems found in the experimental environment are solved in the experimental environment, Real-world problems can only be found when the IP address is assigned and everyone is using it! In view of this, the United States short-sighted and wishful thinking of the IP address space into 5 classes, each IP address "network number" marked the IP address of the owner of the scale, where a class address of the largest scale, C-class address of the smallest size, can only host 254 hosts.

1.1. Sub-Network Division

However, there are not many organizations that use Class A addresses, the number of a class address is so much that there is a problem of address waste, so the classification has become the only solution, after all, the address space has been divided into a good, can not be overturned, then only by classifying the subnet, so the host part of all IP addresses in an organization , you can also pull out part of it to be used as a subnet network number, which is called a subnet partition based on a classified IP address. So an organization can carry multiple sub bodies of the same size, attention is the same size! But this is only the first step in fission ...

1.1.1. Question: Why do subnets have to be the same size?

Subnet partition scale must be the same as the implication is that the subnet mask must be consistent, this becomes a class of IP subnet division of the hard rules, but why this? This has to be explained from another dimension of IP routing, the routing advertisement for the IP management plane.

In the class age, give an IP address, you can get all the information, you can get its main class network segment, that is, X.0.0.0/8 Class A network segment, Y.Z.0.0/16 Class B network segment, and so you know what the IP belong to the organization ... But subnetting is a matter within the organization, the outside world does not know how the subnet of your organization is divided, for the global routing notice, of course, can not carry any subnet information, that is, the routing notice can only notify the main class network segment route, do not carry subnet mask! For example, RIPV1 protocol can not be notified 1.2.3.0/24 such a route! What about the pinch? After all, a subnet is a small network segment, in the IP routing level is a real three-layer network segment, 172.16.1.0/24 and 172.16.2.0/24 although all belong to 172.16.0.0/16 this main class, but because of the subnet partition this operation, They are not a net segment after all! How do you identify and differentiate them? Well done (this is not to say that I am God, I am standing in a up-and perspective, using a historical perspective to comment on this matter)! is identified by the mask of the IP address configured on the interface. Because the IP address configuration is independent, even now, the automatic configuration of IP address is not a common thing, automatic configuration is mostly in the end system! In order not to lose the network segment that is masked by the mask, all interfaces with the same network segment must be configured with the same mask, to be honest, this is God's request, you can not follow, but you have to pay some host can not reach the price, for example, an interface a configured 172.16.1.0/24 address, And it is configured with a 172.16.1.128/25 IP address via an interface B directly attached to the two-layer switch, so can they reach a consensus? For interface B, 172.16.1.0/25 is not the same network segment, but for a, all 172.16.1.0/24 are a network segment, although in today's no class environment, this is completely no problem, can be routed to solve the problem of accessibility, in a class of IP environment , the subnet is identified entirely according to the main class and "Masks on IP on the interface", and any routing protocol notification route does not carry a mask, which is a problem, so there must be a consistent subnet mask in this kind of environment!

This reminds me of the novel "Monkey Claw" and the film "Pet Cemetery" (also known as "The Midnight Ghost Knocking"), based on Stephen King's novel, which has two parts. You want to get some compensation that's gone, but your price is more to die!

Why is it so complicated? Because there is a class of IP age, "IP class" implied a lot of hidden information, information is not a high degree of cohesion! You can get a lot of things from the class ... This is not the way of God.

1.2. No class and VLSM

Subnets are divided in varying degrees in each body, however, it is not enough to divide the subnet, first, the sub institutions in an organization are not necessarily the same size; Secondly, the sub institutions of larger institutions may have sub bodies, and the existing IP address allocation scheme cannot reflect the organizational structure relationship of actual organizations.

A classified IP segment (that is, the part of the network number of the classified IP address) has been assigned to an organization, so how to allocate the address within the paragraph is within the Organization, why also follow the rigid subnetting rules (divided into the same size of the king, that is, the subnet mask the same)? Because the network equipment that was done at that time was carried out according to the "have class" standard at that time, the result hindered people to use the IP address flexibly!

Finally, someone boldly asked to cancel the address classification, VLSM was proposed. After this standard is proposed, in no class environment, the subnet mask becomes VL (longer), is no longer a fixed "IP address category specified mask + same subnet mask in the category address segment", so you can write in the form of Ip/mask, IP no longer according to the first byte of the number of binary values based on the classification , mask also no longer follow the 8,16,24, such as classification based on the fixed division of the address, in fact, IP can be arbitrary in accordance with the specified IP address, mask if written in prefix prefix form (indicating how many consecutive 1), can be 0 to 32 of any value! In fact, so far, fission has already happened!

1.3. Merging into hyper NET and CIDR

The elimination of classification has brought a very fierce effect! The most drastic effect is to change the router routing lookup algorithm, in addition to change the way people interpret the IP address. The change to the routing lookup algorithm is to evolve the routing lookup to the "longest mask matching age", this is to say, for people to interpret the change in the way IP address, is in no class environment, a block IP address segment is no longer associated with the only mechanism, it contains all IP addresses in principle can belong to anyone, any organization And can be in any physical location. Of course, this also brings a lot of problems, in fact, the assignment of IP address to the implementation personnel, once the address space fragmentation, will lead to inability to converge, resulting in the route table to increase the number of entries.

It's irrelevant! Is saying no class of good, but also to its shortcomings ... Anyway The absence of a class address is actually the first thing to solve the problem of assigning addresses within an organization, but it actually brings a side effect, which is that a piece of address that belongs to an organization can be extended beyond that institution, i.e., the institution and address block are no longer associated! Since in the organization, a series of continuous subnets can be merged into a main class network segment, then it is now no longer care about the organization boundaries of the no class environment, whether the continuous VLSM subnets can be merged into a large level of the network? This is definitely possible, is for the super net. The abolition of the classification is to lift a kind of bondage, the liberation is the power of people to assign IP address, the distribution process becomes free, so although the continuous VLSM subnet can be merged into a network, but you can not assume that you can do so. It is entirely possible to 1.2.40.0/24 in the United States, while 1.2.41.0/24 is in Afghanistan, you certainly cannot merge it into 1.2.40.0/23, because they really do not belong to any intersection! What's the result? The result is a change in routing lookup algorithms, which can be said to be simplified. The reason for this evolution is that several subnets that can be merged into a network cannot be merged because they are allowed to belong to the same branch, so it is not possible to assume that IP addresses belonging to subnets in the classification environment must belong to their merged hyperlinks.

Get rid of the restrictions of classification, remove a lot of assumptions, the routing lookup algorithm becomes the "longest mask matching" algorithm, routing lookup and IP address allocation is completely no relationship, always find a list of all routes and the target network closest to the target to lock in a minimal range. This can be a more unified way to implement the lookup algorithm. and the implementation of classification IP routing lookup can not be unified.