Welcome to article number 24 in my 70-240 in 15 minutes a week series. This week's article covers part 1 of the Routing portion of the Routing and Remote Access Service (RRAS) in Windows 2000. This includes an overview of routing, as well as a look at static routing and RIP. The article again falls into the Windows 2000 Server networking services portion of the exam. Remaining articles in the series will cover the second part of routing, Certificate Services, IPSec, as well as article covering some smaller topics including NAT and the Windows 2000 RADIUS implementation, IAS.
The material to be covered in this article includes:
- Routing Overview
- Static Routing
- Routing Information Protocol (RIP) routing protocol
Those familiar with Windows NT 4.0 will remember that by adding more that one network card to a system and enabling IP forwarding, you could use Windows NT as a router. Though the functionality was limited to acting as a static router or one which could only exchange information with other routers using RIP version 1, the ability to have NT act as a router was often used where a hardware-based solution (such as a Cisco router or similar) was impractical or too expensive. Windows 2000 builds on this functionality, with the Routing and Remote Access service (RRAS) providing the ability to integrate with other routers using a variety of popular routing protocols including RIP versions 1 and 2, as well as OSPF. Further to this, RRAS will also allow your server to act as a demand-dial router, initiating dial-up connections (as well as VPN connections) via ISDN and standard phone lines. This demand-dial functionality provides what could potentially be a very cost-effective solution in offices where Internet or related dial-up costs (such as WAN connection) are prohibitively expensive.
Before having a discussion about configuring a router, I think it is first important to understand what a router actually does, especially besides the obvious (routing packets). For the sake of simplicity, lets consider a 2-subnet internet. In order for hosts on one subnet (who have a given address range) to talk to computers on another subnet, they must communicate using a router as an intermediary. Sometimes referred to as a gateway, the router has a connection on both networks, usually with separate network interface cards, one on each subnet. When a host on one subnet needs to talk to a host on another, it forwards the frame it has created to the local router interface. Upon receiving the frame, the router does a number of things. First, it strips off the associated frame addressing (for example the Ethernet MAC addresses), and then looks at the destination IP address. Though the router (usually) won't know about the whereabouts of a specific host, it will know about the networks to whom it is attached at a minimum, as well as any it has learned about via routing protocols. If the router has the destination network in its routing table, it will note the IP address to where the datagram should be sent next, either the destination host itself, or another router (if applicable). After decrementing the TTL of the datagram by 1 (as happens at every router), the router them frames the datagram for the underlying network technology, including the appropriate MAC addressing, and forwards the frame to that host.
Whenever you talk about routers you should be sure to distinguish between routing protocols and routed protocols. Quite simply, a routed protocol is one whose traffic has an addressing scheme that allows it to be routed, such as IP or IPX. On the other hand, a routing protocol is one that routers use to exchange information with one another, such as RIP or OSPF.
The most basic routing setup involves configuring a router to use static routing. In this scenario, you tell the router about networks explicitly, including information on the next-hop address (where packets destined for that network should then be sent - the destination host or another router). Note that a router will know about all networks or subnets on which in has a configured interface - as such, you need not usually add these to the routing table using static routes. For any network to which the router does not have directly connected interface, you much configure the information as described. Note that adding many static routes is time consuming, and as such most situations will dictate that a routing protocol be used. However, static routes provide a very quick, simple, and efficient method for setting up routing, especially in small environments.
In Windows 2000 Routing and Remote Access, static routing is configured under the IP Routing section, as shown below.
When configuring a static route, you need to provide the network address of the interface, destination network, the subnet mask, gateway (or next hop address), as well as a metric. If the static route will be used to initiate a demand-dial connection (to be discussed later in the article), you can also check the box at the bottom of the screen, as shown below:
Note that the routing table for the system can be viewed either by using the 'Show IP Routing tab option shown above, or by using the route print command from the command prompt. Note that the default destination network, 0.0.0.0 is used to route packets to networks not found in the table, usually to the configured default gateway.
Routing Information Protocol
Since static routing can become cumbersome in very large internetworks, companies will usually choose to have routing tables built dynamically by a routing protocol. It is via routing protocols that routers 'talk' to one another, exchanging information about the networks that they are aware of. Although a wide variety of routing protocols exist, Windows 2000 supports only three, RIP versions 1 and 2, as well as OSPF. In order for routers to exchange information with one another, they must be running a common routing protocol. By far the simplest routing protocol to implement is RIP, the Routing Information Protocol. RIP's simplicity comes from the fact that it requires very little in terms of configuration outside of simply 'turning it on'. In an internetwork that uses RIP, routers broadcast their routing tables to their neighbors at configurable intervals. The downside of this is that it has a negative impact on network performance, and changes in the network topology (such as a router going down) can take a long time to propagate through a network, thus compounding network communication problems.
As mentioned earlier, Windows 2000 supports both RIP versions 1 and 2. RIP version 1 is often considered a poor choice in larger environments, mainly because it only supports classful IP addressing, which in part means that subnet mask information is not propagated as part of the RIP v1 broadcasts. This also means that RIP version 1 is not suitable for networks that use either CIDR (classless interdomain routing) or VLSM (variable-length subnet masks). Another downfall of RIP v1 is the fact the security is very limited, since neighboring routers do not authenticate with one another. This would might allow any RIP router to exchange information with neighboring RIP routers, regardless of whether they should be.
On the other hand, RIP version 2 does support VLSM, CIDR, and basic authentication (a string value that must be the same on routers participating in the exchange, via clear text). RIP v2 routers also support the exchange of information via broadcast or multicast, which can be configured. Note that a router running only RIP v1 cannot exchange information with a router running only RIP v2.
RIP is added via the 'New Routing Protocol' menu choice off the General tab in the IP Routing section of Routing and Remote Access, as shown below: