In this module you will learn how to set up static routing and how it works.
Objectives
- How to turn a computer with multiple interfaces into a router
- How to set up static routing on Linux PC routers and Cisco routers
- How ICMP messages update routing table entries
- How Proxy ARP helps to connect different networks without reconfiguring the hosts
- How to work with different network masks
Prerequisites
Network commands in Linux
Read the online man pages for the following commands:
The route command is obsoleted in favor of Template:Man.
Proxy ARP
Read about proxy ARP [1]
Cisco routers
In this lab you will be working with Cisco routers. Go to Cisco's web page http://www.cisco.com/ and find out about the Cisco routers used in our lab (Cisco 2811).
Cisco IOS
The routers in the lab are running the Cisco Internet Operating System (IOS). Read about the IOS at [2]
Read "Using the Cisco IOS Command-Line Interface" [3] for information on how to navigate and work with the Cisco IOS.
Console port access
Template:Man may be used to connect to a console attached via serial port without any configuration:
The baud rate argument (9600 here) is optional and may be omitted. How to use this in detail will be explained later in this Module.
Pre-Module Questions
First Network Setup
This is the first network setup used in this Module:
Please connect all ethernet cables as shown in this diagram.
Exercise 1: Pre-Routing Configuration Test
- Configure the IP addresses for all Linux PCs. Ignore the router for now.
- Follow Wireshark Default Settings to set up a wireshark capture on Template:Iface of PC1.
- Send ICMP Echo Requests from PC1 to PC2, Router1 and PC4: Template:Command
Exercise 2: Configuring A Linux PC As An IP Router
To enable IP forwarding you have at least the following 2 possibilities: Template:R or Template:R
Both commands change the net.ipv4.ip_forward setting to 1 and thus turn IPv4 forwarding on. If you want to undo this, simply
Template:R
or execute
Template:R
Now enable IP forwarding on PC2.
Exercise 3: Modifying Static Routing Table Entries In Linux
Now we will add static entries to the Linux PC's routing table. This can be done using Template:Man route
:
- Show the (main) routing table: Template:C Show all routing tables: Template:C
- Add routing table entries to networks: Template:R Template:R
- If you have to add a route to a single host, the syntax stays the same, just the prefix bit-length becomes 32: Template:R
- Replace
add
bydel
for deletion: Template:R - To replace routes, use
replace
. For example, replacing the default route by a new one: Template:R
Some examples are:
- Command for adding a route for the network prefix 10.21.0.0/16 with the next-hop address 10.11.1.4 is Template:R
- The command to add a host route to IP address 10.0.2.31 with the next-hop set to 10.0.1.21 is Template:R
- The command to add the IP address 10.0.4.4. as the default gateway is done with the command Template:R
- The commands to delete the entries we just created: Template:R Template:R Template:R
Now:
- Configure the routing table entries of PC1 and PC4. Use seperate routing table entries for every network. This would be the configuration of PC4: Template:R Template:R
- Also configure the routing table Entries for PC2.
- Display the routing tables of PC1, PC2 and PC4.
Exercise 4: Accessing The Routers
The Cisco Routers in this lab are managed via a serial console. You can access the console of Router1 from PC1, Router2 from PC2, and so on with Template:Man: Template:R
- Connect to the serial console of Router1.
- Press ENTER to get a prompt. You will see something like this: Template:S
- To see which commands are availabe, type a question mark: Template:S
- To view and change system parameters of a Cisco router, you must enter the Privoleged EXEC mode: Template:Router
- Enter global configuration mode: Template:Router
- You are now able to enter the network interface configuration mode: Template:Router FastEthernet0/0 is the name of the interface that you want to configure.
- To return from these specializations step by step: Template:Router or all at once: Template:Router
- And to return from Privileged EXEC mode: Template:Router
- To exit the Template:Man session, hold down the CTRL key and press first a and then k.
Exercise 5: Configuring the IP interfaces of Router1
While in interface configuration mode, you can set an IP address and netmask with the ip address
command: Template:Router
Now:
- Connect to the serial console of Router1
- Configure Router1 with the IP addresses given in the first network setup diagram:Template:Router
Exercise 6: Setting static routing table entries on a Cisco router
As with the PCs you now have to add the static routes. Routing configuration in IOS is done using the following few commands. Note the modes in which these commands are available.
Privileged EXEC mode
- Show the contents of the routing table: Template:Router
- Clear the routing table: Template:Router
- Show the contents of the routing cache: Template:Router
Global Configuration Mode
- Add a static route to
<dest>/<netmask>
via<gw>
: Template:Router<gw>
may also be an interface.
- Example:
- Template:Router
- Delete a static route to
<dest>/<netmask>
via<gw>
: Template:Router<gw>
may also be an interface.
Interface Configuration Mode
- Enable route-caching: Template:Router
- Disable route-caching: Template:Router
Actual Exercise
- Display the routing table on Router1.
- Add routing entries to router1 so that it forwards datagrams to all networks in this setup.
- Again, display the routing table.
Exercise 7: Testing
- Test the configuration by issuing pings from each host and router to every other host and router. If there are any unsuccessful pings, check your configuration and test again until it works.
- Follow Wireshark Default Settings to set up a wireshark capture on Template:Iface of PC1.
- Execute a Template:Man from PC1 to PC4.
Exercise 8: MAC Address Cache
A Router usually does not change IP addresses in an IP datagram, however, the MAC addresses are changed in normal operation. In this exercise you will learn how to work with the ARP cache of Cisco Routers. Useful commands are:
Privileged EXEC Mode
- Show the contents of ARP cache: Template:Router
- Clear the ARP cache: Template:Router
Global Configuration Mode
- Add
<ip>
to the ARP cache: Template:Router - Delete
<ip>
from the ARP cache: Template:Router
Actual Exercise
- Erase the ARP cache on all (used) PCs and Router1.
- Follow Wireshark Default Settings to set up a wireshark capture on Template:Iface of PC1 and Template:Iface of PC4.
- Send 5 ICMP Echo Requests from PC1 to PC4.
Exercise 9: Prioritization of Different Matching Routing Table Entries
Sometimes a Router does have more than one matching routing table entry. In this case, the router has to determine which route to choose. Linux does that by sorting the routes by prefix length and then always uses the route with the longest matching prefix.
- Add the following routes to the routing table of PC1: Template:RootThe routing table of PC1 should now look like this: FIXME: Add output of ip route here!
- Referring to the routing table, determine how many matches exist for the following IP addresses:
- 10.10.30.9
- 10.10.30.14
- 10.10.40.1
- Follow Wireshark Default Settings to set up a wireshark capture on Template:Iface of PC1.
- Execute the following
ping
commands from PC1:Template:Command - Note that the gateways 10.10.10.71 and 10.10.10.81 do not exist, still PC1 does send ARP packages to these addresses.
Exercise 10: Default Routes
- Add a default route from PC1 with the interface Template:Iface of PC2 as gateway.
- Add a default route from PC2 with the interface Template:Iface of Router1 as gateway.
- Follow Wireshark Default Settings to set up a wireshark capture on Template:Iface of PC1 and both interfaces of PC2.
- Execute the following
ping
command on PC1 Template:C
Exercise 11: Proxy ARP
Proxy ARP enables a router to answer to ARP requests that would have to cross network segment boundaries to be answered successfully and thus enables the router to operate without a routing table. The following commands are used in IOS for Proxy ARP operation:
- Enable Proxy-ARP: Template:Router
- Disale Proxy-ARP: Template:Router
Now:
- Enable Proxy ARP on both interfaces of Router1.
- Erase ARP cache and routing table of PC4.
- Set the ip address of PC4 to 10.10.30.41/8. This will lead to PC4 assuming that he belongs to the network 10.0.0.0/8 instead of 10.10.30.0/24
- Follow Wireshark Default Settings to set up a wireshark capture on Template:Iface of PC4, Template:Iface of PC2 and Template:Iface of PC1. Set the capture filter to only capture ICMP and ARP packets.
- Send 2 ICMP Echo Requests from PC4 to PC1: Template:C
- Interpret the outcome of this experiment. Template:Savedata
- Disable Proxy ARP on both interfaces of Router1.
- Is it still possible to ping PC1 from PC4?
Exercise 12: ICMP Route Redirect
ICMP Route Redirect messages are sent if a packet should have been forwarded to another router, for example if a router knows that another router in the same network is responsible for the destination of a packet and he wishes the source to use this router instead of himself.
Linux implements ICMP Route Redirect handling in the routing cache instead of the routing table. In contrast to the routing table, the routing cache has a separate entry for each destination and thus only a simple match is required to determine the next hop. If a ICMP Route Redirect message is received and ICMP Route Redirect acceptance is enabled, Linux will create a new entry in the Routing Table Cache and use this to determine next hop of a packet to a matching destination until the entry expires.
The network setup for this Exercise is:
If a message is sent from PC2 to PC4 with Router1 as first hop, Router1 can send a ICMP Route Redirect to PC2 to tell him that Router2 is responsible for this destination.
- Connect all Ethernet cables as shown in the diagram and configure all ethernet interfaces.
- Clear all Routes on Router1 by switching IP routing off an on again.
- Add a static route on Router1: Template:P
- Enable the net.ipv4.conf.all.accept_redirect kernel parameter on PC2: Template:R
- Set up the routing table of PC2 in a way that it provokes the transmission of an ICMP route redirect message.Template:Savedata
- Follow Wireshark Default Settings to set up a wireshark capture on Template:Iface of PC2.
- Send 5 ICMP Echo Requests from PC2 to PC3.
Exercise 13: Routing Loops
Template:Attention One problem of static routing is that routing loops may arise from inconsistent routing tables.
The network setup for this lab is:
- Configure all ethernet cables and network interfaces as shown in the diagram.
- Configure the routing tables of Router2, ~3 and ~4 in a way, that a ICMP Echo Request packet will enter an infinite loop.
- Verify this loop using traceroute:
- Follow Wireshark Default Settings to set up a wireshark capture on Template:Iface of PC2, PC3 and PC4.
- Send a single ping from PC4 to PC1.
- Observe.
Exercise 14: Netmasks And Routing
Warning: The standard configuration of the interfaces collide with the following settings! You have to change the IPs of eth1 to something different, e.g. 1.1.1.X
The network setup for this exercise is:
- Connect the ethernet cables and configure the network interfaces as shown in the diagram.
- Set the default gateway of all hosts to Router1.
- Communication from PC1 to PC2 and PC3:
- Clear the ARP cache on all hosts
- Follow Wireshark Default Settings to set up a Wireshark capture on Template:Iface of PC1 and PC4 and capture only ICMP and ARP packets.
- Save the ARP cache, routing table and routing cache of each host.
- Send a
ping
from PC1 to PC2 and PC3. - Save the output of these two
ping
s and the Wireshark capture.
- Communication from PC3 to PC4:
- Clear the ARP cache on all hosts
- Follow Wireshark Default Settings to set up a Wireshark capture on Template:Iface of PC3 and capture only ICMP and ARP packets.
- Send a
ping
from PC3 to PC4. - Save the output of these two
ping
s and the Wireshark capture.
- Repeat step 4, but this time perform a ping from PC3 to PC2. Note that you have to wait until a routing cache entry expires before it can be replaced.