User:Obaraka: Difference between revisions

From NET Wiki
Jump to navigation Jump to search
(Created page with "In this module you will learn how to set up static routing and how it works. ==Objectives== *How to turn a computer with multiple interfaces into a router *How to set up static ...")
 
(Blanked the page)
 
Line 1: Line 1:
In this module you will learn how to set up static routing and how it works.


==Objectives==
*How to turn a computer with multiple interfaces into a router
*How to set up static routing on Linux PC routers and Cisco routers
*How ICMP messages update routing table entries
*How Proxy ARP helps to connect different networks without reconfiguring the hosts
*How to work with different network masks
== Prerequisites ==
=== Network commands in Linux ===
Read the online man pages for the following commands:
* [http://linux.die.net/man/8/ip iproute2]
* [http://linux.die.net/man/8/traceroute traceroute]
The [http://linux.die.net/man/8/route route] command is obsoleted in favor of {{man|8|ip|||inline}}.
=== Proxy ARP ===
Read about proxy ARP [http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094adb.shtml]
===Cisco routers===
In this lab you will be working with Cisco routers. Go to Cisco's web page [http://www.cisco.com/ http://www.cisco.com/] and find out about the Cisco routers used in our lab (Cisco 2811).
=== Cisco IOS ===
The routers in the lab are running the Cisco Internet Operating System (IOS). Read about the IOS at [http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/12_4/cf_12_4_book.html]
=== Navigating IOS ===
Read "Using the Cisco IOS Command-Line Interface" [http://www.cisco.com/c/en/us/td/docs/ios/fundamentals/configuration/guide/15_1s/cf_15_1s_book/cf_cli-basics.html] for information on how to navigate and work with the Cisco IOS.
=== Console port access ===
{{man|1|screen|||inline}} may be used to connect to a console attached via serial port without any configuration:
{{r|screen /dev/ttyS0 9600}}
The baud rate argument (9600 here) is optional and may be omitted. How to use this in detail will be explained later in this Module.
===Pre-Module Questions===
{{Question|
Please answer the following questions in your lab report before starting this module:
# What is the IOS command to change the Maximum Transmission Unit (MTU) for an interface on a Cisco router?
# How does a router determine whether datagrams to a particular host can be directly delivered through one of its interfaces?
# Which systems generate ICMP route redirect messages: routers, hosts or both?
# What is the default maximum TTL value used by {{man|8|traceroute|||inline}} when sending UDP datagrams?
# Describe the role of a ''default gateway'' in a routing table.
# What is the network prefix of the IP address {{ipv4addr|10.10.10.10|24}}
# Explain the difference between a network IP address and network prefix.
# An organization has been assigned the network number {{ipv4addr|134.76.0.0|16}} and it needs to create networks that support up to 60 hosts on each IP network. What is the maximum number of networks that can be set up and why?}}
==First Network Setup==
This is the first network setup used in this Module:
[[File:Network-setup-003.svg|500px]]
Please connect all ethernet cables as shown in this diagram.
==Exercise 1: Pre-Routing Configuration Test==
# Configure the IP addresses for all Linux PCs. Ignore the router for now.
# Follow [[Wireshark Default Settings]] to set up a wireshark capture on {{iface|eth0}} of PC1.
# Send ICMP Echo Requests from PC1 to PC2, Router1 and PC4: {{command|{{PS1|PC1}}ping -c 5 10.10.10.21<br>{{PS1|PC1}}ping -c 5 10.10.20.1<br>{{PS1|PC1}}ping -c 5 10.10.30.41|PC1}}
{{savedata|Save wireshark captured packets and ping outputs into a file.}}
{{LabReport|Answer the following questions based on the data you just saved:
# What is the output of PC1 when the <code>ping</code> commands are issued?
# Which packets, if any, are captured by wireshark?
# Do you observe any ARP or ICMP packets? If so, what do they indicate?
# Which destinations are not reachable and why?}}
==Exercise 2: Configuring A Linux PC As An IP Router==
To enable IP forwarding you have at least the following 2 possibilities:
{{r|1=echo 1 > /proc/sys/net/ipv4/ip_forward}} or {{r|1=sysctl -w net.ipv4.ip_forward=1}}
Both commands change the net.ipv4.ip_forward setting to 1 and thus turn IPv4 forwarding on. If you want to undo this, simply
{{r|echo 0 > /proc/sys/net/ipv4/ip_forward}}
or execute
{{r|1=sysctl -w net.ipv4.ip_forward=0}}
Now enable IP forwarding on PC2.
==Exercise 3: Modifying Static Routing Table Entries In Linux==
Now we will add static entries to the Linux PC's routing table. This can be done using {{man|8|ip|||inline}}<code> route</code>:
* Show the (main) routing table: {{c|ip route}} Show all routing tables: {{c|ip route show table all}}
* Add routing table entries to networks: {{r|ip route add ''netaddress''/''mask'' via ''gw_addr''}} {{r|ip route add ''netaddress''/''mask'' dev ''iface''}}
* If you have to add a route to a single host, the syntax stays the same, just the prefix bit-length becomes 32: {{r|ip route add ''host''/32 via ''gw_addr''}}
* Replace <code>add</code> by <code>del</code> for deletion: {{r|ip route del ''netaddress''/''mask'' via ''gw_addr''}}
* To replace routes, use <code>replace</code>. For example, replacing the default route by a new one: {{r|ip route replace default via ''gw_addr''}}
Some examples are:
* Command for adding a route for the network prefix 10.21.0.0/16 with the next-hop address 10.11.1.4 is {{r|ip route add 10.21.0.0/16 via 10.11.1.4}}
* The command to add a host route to IP address 10.0.2.31 with the next-hop set to 10.0.1.21 is {{r|ip route add 10.0.2.31/32 via 10.0.1.21}}
* The command to add the IP address 10.0.4.4. as the default gateway is done with the command {{r|ip route replace default via 10.0.4.4}}
* The commands to delete the entries we just created: {{r|ip route del 10.21.0.0/24}} {{r|ip route del 10.0.2.31/32}} {{r|ip route del default}}
Now:
# Configure the routing table entries of PC1 and PC4. Use seperate routing table entries for every network. This would be the configuration of PC4: {{r|ip route add 10.10.20.0/24 via 10.10.30.1}} {{r|ip route add 10.10.10.0/24 via 10.10.30.1}}
# Also configure the routing table Entries for PC2.
# Display the routing tables of PC1, PC2 and PC4.
{{savedata|Save the routing tables you just displayed.}}
{{LabReport|Include the saved output. Explain the entries in the routing table and the value of each field for each entry.}}
==Exercise 4: Accessing The Routers==
The Cisco Routers in this lab are managed via a serial console. You can access the console of Router1 from PC1, Router2 from PC2, and so on with {{man|1|screen|||inline}}: {{r|screen /dev/ttyS0}}
# Connect to the serial console of Router1.
# Press '''ENTER''' to get a prompt. You will see something like this: {{S||Router1}}
# To see which commands are availabe, type a question mark: {{S|?|Router1}}
# To view and change system parameters of a Cisco router, you must enter the Privoleged EXEC mode: {{Router|{{PS3|Router1}}enable<br>Password : ''type lab here''<br>{{PS4|Router1}}}}
# Enter global configuration mode: {{Router|{{PS4|Router1}}configure terminal<br>{{PS4|Router1(config)}}}}
# You are now able to enter the network interface configuration mode: {{Router|{{PS4|Router1(config)}}interface FastEthernet0/0<br>{{PS4|Router1(config-if)}}}} FastEthernet0/0 is the name of the interface that you want to configure.
# To return from these specializations step by step: {{Router|{{PS4|Router1(config-if)}}exit<br>{{PS4|Router1(config)}}exit<br>{{PS4|Router1}}}} or all at once: {{Router|{{PS4|Router1(config-if)}}end<br>{{PS4|Router1}}}}
# And to return from Privileged EXEC mode: {{Router|{{PS4|Router1}}disable<br>{{PS3|Router1}}}}
# To exit the {{man|1|screen|||inline}} session, hold down the CTRL key and press first a and then k.
==Exercise 5: Configuring the IP interfaces of Router1==
While in interface configuration mode, you can set an IP address and netmask with the <code>ip address</code> command: <!--
-->{{Router|<!--
  -->{{PS4|(config-if)}}ip address ''<address>'' ''<netmask>''<!--
-->}}
Now:
# Connect to the serial console of Router1
# Configure Router1 with the IP addresses given in the first network setup diagram:<!--
-->{{Router|{{PS3|Router1}}enable<br /><!--
  -->Password :<br /><!--
  -->{{PS4|Router1}}configure terminal<br /><!--
    -->{{PS4|Router1(config)}}no ip routing<br /><!--
    -->{{PS4|Router1(config)}}ip routing<br /><!--
    -->{{PS4|Router1(config)}}interface FastEthernet0/0<br /><!--
      -->{{PS4|Router1(config-if)}}ip address 10.10.20.1 255.255.255.0<br /><!--
      -->{{PS4|Router1(config-if)}}no shutdown<br /><!--
      -->{{PS4|Router1(config-if)}}exit<br /><!--
    -->{{PS4|Router1(config)}}interface FastEthernet0/1<br /><!--
      -->{{PS4|Router1(config-if)}}ip address 10.10.30.1 255.255.255.0<br /><!--
      -->{{PS4|Router1(config-if)}}no shutdown<br /><!--
      -->{{PS4|Router1(config-if)}}end<br /><!--
-->}}
==Exercise 6: Setting static routing table entries on a Cisco router==
As with the PCs you now have to add the static routes. Routing configuration in IOS is done using the following few commands. Note the modes in which these commands are available.
===Privileged EXEC mode===
* Show the contents of the routing table: {{Router|<!--
-->{{PS4|Router1}}show ip route<br /><!--
-->}}
* Clear the routing table: {{Router|<!--
-->{{PS4|Router1}}clear ip route *<br /><!--
-->}}
* Show the contents of the routing cache: {{Router|<!--
-->{{PS4|Router1}}show ip cache<br /><!--
-->}}
===Global Configuration Mode===
* Add a static route to <code>''<dest>''/''<netmask>''</code> via <code>''<gw>''</code>: {{Router|<!--
-->{{PS4|Router1(config)}}ip route ''<dest>'' ''<netmask>'' ''<gw>''<br /><!--
-->}} <code>''<gw>''</code> may also be an interface.
: '''Example:'''
: {{Router|<!--
-->{{PS4|Router1(config)}}ip route ''10.10.10.0'' ''255.255.255.0'' ''10.10.20.22''<br /><!--
-->}}
* Delete a static route to <code>''<dest>''/''<netmask>''</code> via <code>''<gw>''</code>: {{Router|<!--
-->{{PS4|Router1(config)}}no ip route ''<dest>'' ''<netmask>'' ''<gw>''<br /><!--
-->}} <code>''<gw>''</code> may also be an interface.
===Interface Configuration Mode===
* Enable route-caching: {{Router|<!--
-->{{PS4|Router1(config-if)}}ip route-cache<br /><!--
-->}}
* Disable route-caching: {{Router|<!--
-->{{PS4|Router1(config-if)}}no ip route-cache<br /><!--
-->}}
===Actual Exercise===
# Display the routing table on Router1.
# Add routing entries to router1 so that it forwards datagrams to all networks in this setup.
# Again, display the routing table.
{{savedata|Save both routing tables.}}
{{LabReport|Include the saved data and explain every field of this table. Explain how the routing has changed from step 1 to step 3.}}
==Exercise 7: Testing==
# Test the configuration by issuing pings from each host and router to every other host and router. If there are any unsuccessful pings, check your configuration and test again until it works.
# Follow [[Wireshark Default Settings]] to set up a wireshark capture on {{iface|eth0}} of PC1.
# Execute a {{man|8|traceroute|||inline}} from PC1 to PC4.
{{savedata|
* Save the output of ''traceroute'' into file.
* Stop the capture and save wireshark captured packets into a file.
* Save the routing tables of all (used) PCs and Router1.}}
{{LabReport|Use the saved data to explain what <code>traceroute</code> does and how it works.}}
==Exercise 8: MAC Address Cache==
A Router usually does not change IP addresses in an IP datagram, however, the MAC addresses are changed in normal operation. In this exercise you will learn how to work with the ARP cache of Cisco Routers. Useful commands are:
===Privileged EXEC Mode===
* Show the contents of ARP cache: {{Router|<!--
-->{{PS4|Router1}}show ip arp<br /><!--
-->}}
* Clear the ARP cache: {{Router|<!--
-->{{PS4|Router1}}clear arp<br /><!--
-->}}
===Global Configuration Mode===
* Add <code>''<ip>''</code> to the ARP cache: {{Router|<!--
-->{{PS4|Router1(config)}}arp ''<ip>''<br /><!--
-->}}
* Delete <code>''<ip>''</code> from the ARP cache: {{Router|<!--
-->{{PS4|Router1(config)}}no arp ''<ip>''<br /><!--
-->}}
===Actual Exercise===
# Erase the ARP cache on all (used) PCs and Router1.
# Follow [[Wireshark Default Settings]] to set up a wireshark capture on {{iface|eth0}} of PC1 and {{iface|eth0}} of PC4.
# Send 5 ICMP Echo Requests from PC1 to PC4.
{{savedata|Save wireshark captured packets transmissions triggered by the <code>ping</code> command: ARP Requests and Replies and ICMP Echo Requests and Replies on both PCs into a file.}}
{{LabReport|# Determine the source and destination addresses in the Ethernet and IP headers for th ICMP Echo Request Messages on PC1.
# Do the same for PC4.
# Use these results explain how the source and destination Ethernet addresses are changed when a datagram is forwarded by a router.}}
==Exercise 9: Prioritization of Different Matching Routing Table Entries==
Sometimes a Router does have more than one matching routing table entry. In this case, the router has to determine which route to choose. Linux does that by sorting the routes by prefix length and then always uses the route with the longest matching prefix.
# Add the following routes to the routing table of PC1: <!--
-->{{Root|<!--
  -->{{PS2|PC1}}ip route add 10.10.0.0/16 via 10.10.10.71<br /><!--
  -->{{PS2|PC1}}ip route add 10.10.30.9/32 via 10.10.10.81<br /><!--
-->}}The routing table of PC1 should now look like this: FIXME: Add output of ip route here!
# Referring to the routing table, determine how many matches exist for the following IP addresses:
#* 10.10.30.9
#* 10.10.30.14
#* 10.10.40.1
# Follow [[Wireshark Default Settings]] to set up a wireshark capture on {{iface|eth0}} of PC1.
# Execute the following <code>ping</code> commands from PC1:<!--
-->{{Command|<!--
  -->{{PS1|PC1}}ping -c 1 10.10.30.9<br /><!--
  -->{{PS1|PC1}}ping -c 1 10.10.30.14<br /><!--
  -->{{PS1|PC1}}ping -c 1 10.10.40.1<br /><!--
-->}}
# Note that the gateways 10.10.10.71 and 10.10.10.81 do not exist, still PC1 does send ARP packages to these addresses.
{{savedata|Save wireshark captured packets and PC1's routing table into a file.}}
{{labReport|Use this to indicate the number of matches for each of the preceding IP addresses. Explain how PC1 resolves multiple matches in the routing table. Include only relevant output data in your report.}}
==Exercise 10: Default Routes==
{{attention|You have to delete the routes that were added in the last exercise before continuing}}
# Add a default route from PC1 with the interface {{iface|eth0}} of PC2 as gateway.
# Add a default route from PC2 with the interface {{iface|FastEthernet0/0}} of Router1 as gateway.
# Follow [[Wireshark Default Settings]] to set up a wireshark capture on {{iface|eth0}} of PC1 and both interfaces of PC2.
# Execute the following <code>ping</code> command on PC1 {{c|ping -c 5 10.100.10.110}}
{{savedata|Save wireshark captured packets into a file.}}
{{labReport|
# What is the output of the <code>ping</code> command?
# How far does the ICMP Echo message travel?
# Is an ICMP Echo Reply message returned? If yes, which?}}
==Exercise 11: Proxy ARP==
Proxy ARP enables a router to answer to ARP requests that would have to cross network segment boundaries to be answered successfully and thus enables the router to operate without a routing table. The following commands are used in IOS for Proxy ARP operation:
* Enable Proxy-ARP: {{Router|<!--
-->{{PS4|Router1(config-if)}}ip proxy-arp<!--
-->}}
* Disale Proxy-ARP: {{Router|<!--
-->{{PS4|Router1(config-if)}}no ip proxy-arp<!--
-->}}
Now:
# Enable Proxy ARP on both interfaces of Router1.
# Erase ARP cache and routing table of PC4.
# Set the ip address of PC4 to 10.10.30.41/8. This will lead to PC4 assuming that he belongs to the network 10.0.0.0/8 instead of 10.10.30.0/24
# Follow [[Wireshark Default Settings]] to set up a wireshark capture on {{iface|eth0}} of PC4, {{iface|eth1}} of PC2 and {{iface|eth0}} of PC1. Set the capture filter to only capture ICMP and ARP packets.
# Send 2 ICMP Echo Requests from PC4 to PC1: {{c|ping -c 2 10.10.10.11|PC4}}
# Interpret the outcome of this experiment. <span>{{savedata|Save the ARP table of PCs and the Wireshark capture.}}</span>
# Disable Proxy ARP on both interfaces of Router1.
# Is it still possible to ping PC1 from PC4?
{{labReport|Use the saved data to explain the outcome of this exercise. How does Proxy ARP allow communication between PC4 and PC1? Support your explaination by adding relevant parts of the capture to your lab report.}}
==Exercise 12: ICMP Route Redirect==
ICMP Route Redirect messages are sent if a packet should have been forwarded to another router, for example if a router knows that another router in the same network is responsible for the destination of a packet and he wishes the source to use this router instead of himself.
Linux implements ICMP Route Redirect handling in the routing cache instead of the routing table. In contrast to the routing table, the routing cache has a separate entry for each destination and thus only a simple match is required to determine the next hop. If a ICMP Route Redirect message is received and ICMP Route Redirect acceptance is enabled, Linux will create a new entry in the Routing Table Cache and use this to determine next hop of a packet to a matching destination until the entry expires.
The network setup for this Exercise is:
[[File:network-setup-004.svg|700px]]
If a message is sent from PC2 to PC4 with Router1 as first hop, Router1 can send a ICMP Route Redirect to PC2 to tell him that Router2 is responsible for this destination.
# Connect all Ethernet cables as shown in the diagram and configure all ethernet interfaces.
# Clear all Routes on Router1 by switching IP routing off an on again.
# Add a static route on Router1: {{P|ip route 10.0.3.0 255.255.255.0 10.0.2.2|Router1(config)}}
# Enable the net.ipv4.conf.all.accept_redirect kernel parameter on PC2: {{R|1=sysctl -w net.ipv4.conf.all.accept_redirects=1|2=PC2}}
# Set up the routing table of PC2 in a way that it provokes the transmission of an ICMP route redirect message.{{savedata|Save the contents of the routing table and routing cache of Router1, Router2 and PC2.}}
# Follow [[Wireshark Default Settings]] to set up a wireshark capture on {{iface|eth0}} of PC2.
# Send 5 ICMP Echo Requests from PC2 to PC3.
{{savedata|# Save the capture results
# Wait a few minutes and save the output of the routing caches again.}}
{{labReport| # Is there a difference between the routing table and routing cache immediately after the ICMP route redirect message?
# When you viewed the cache a few minutes later, what did you observe?
# Describe how the ICMP route redirect works using the output you saved. Include only relevant data from your saved ouput to support your explanations.
# Explain how Router 1 knows that datagrams destined to 10.0.3.10/24 should be forwarded to 10.0.2.2/24}}
==Exercise 13: Routing Loops==
{{attention|Especially in this exercise it is important that the PCs are connected to mirror ports on the switches.}}
One problem of static routing is that routing loops may arise from inconsistent routing tables.
The network setup for this lab is:
[[File:network-setup-005.svg|700px]]
# Configure all ethernet cables and network interfaces as shown in the diagram.
# Configure the routing tables of Router2, ~3 and ~4 in a way, that a ICMP Echo Request packet will enter an infinite loop.
# Verify this loop using traceroute:
{{R|traceroute 10.0.1.10|PC4}}
# Follow [[Wireshark Default Settings]] to set up a wireshark capture on {{iface|eth0}} of PC2, PC3 and PC4.
# Send a single ping from PC4 to PC1.
# Observe.
{{savedata|Save the routing tables of Router2, ~3 and ~4. Save some ICMP Echo Requests.}}
{{labReport|# Do two ICMP packets differ? If yes: How do they differ? Include both packets.
# Does the ICMP Echo Request travel forever in the network? Why?}}
==Exercise 14: Netmasks And Routing==
'''Warning:''' The standard configuration of the interfaces collide with the following settings! You have to change the IPs of eth1 to something different, e.g. 1.1.1.X
The network setup for this exercise is:
[[File:network-setup-006.svg|700px]]
# Connect the ethernet cables and configure the network interfaces as shown in the diagram.
# Set the default gateway of all hosts to Router1.
# Communication from PC1 to PC2 and PC3:
## Clear the ARP cache on all hosts
## Follow [[Wireshark Default Settings]] to set up a Wireshark capture on {{iface|eth0}} of PC1 and PC4 and capture only ICMP and ARP packets.
## Save the ARP cache, routing table and routing cache of each host.
## Send a <code>ping</code> from PC1 to PC2 and PC3.
## Save the output of these two <code>ping</code>s and the Wireshark capture.
# Communication from PC3 to PC4:
## Clear the ARP cache on all hosts
## Follow [[Wireshark Default Settings]] to set up a Wireshark capture on {{iface|eth0}} of PC3 and capture only ICMP and ARP packets.
## Send a <code>ping</code> from PC3 to PC4.
## Save the output of these two <code>ping</code>s and the Wireshark capture.
# Repeat step 4, but this time perform a ping from PC3 to PC2. Note that you have to wait until a routing cache entry expires before it can be replaced.
{{labReport|# Explain what you observed during this Experiment using the saved data. Explain everything that you observed.
# If PC3 had no default entry in its table, would you have seen the same results? Explain what would have changed for each <code>ping</code>.}}
==Epilogue==
{{attention|Have you saved everything to the usb sticks? Do you have everything to answer all questions in your lab report? }}
[[Category:Module]]
==Navigation==
[https://wiki.net.informatik.uni-goettingen.de/lab/Lab_2 <- Lab2] [https://wiki.net.informatik.uni-goettingen.de/lab/Lab_4 Lab4 ->]

Latest revision as of 11:18, 16 August 2016

Retrieved from "https://wiki.net.informatik.uni-goettingen.de/index.php?title=User:Obaraka&oldid=4539"