70-240 in 15 minutes a week: Windows 2000 Routing

by ServerWatch Staff

Article 24 in Dan DiNicolo's 70-240 in 15 minutes a week series covers part one of the Routing portion of the Routing and Remote Access Service (RRAS) in Windows 2000. The article offers an overview of routing, as well as a look at static routing and RIP.

by Dan DiNicolo

Welcome to article number 24 in my 70-240 in 15 minutes a week series. This week's article covers part 1 of the Routing portion of the Routing and Remote Access Service (RRAS) in Windows 2000. This includes an overview of routing, as well as a look at static routing and RIP. The article again falls into the Windows 2000 Server networking services portion of the exam. Remaining articles in the series will cover the second part of routing, Certificate Services, IPSec, as well as article covering some smaller topics including NAT and the Windows 2000 RADIUS implementation, IAS. 

The material to be covered in this article includes:

- Routing Overview
- Static Routing
- Routing Information Protocol (RIP) routing protocol

Routing Overview

Those familiar with Windows NT 4.0 will remember that by adding more that one network card to a system and enabling IP forwarding, you could use Windows NT as a router. Though the functionality was limited to acting as a static router or one which could only exchange information with other routers using RIP version 1, the ability to have NT act as a router was often used where a hardware-based solution (such as a Cisco router or similar) was impractical or too expensive. Windows 2000 builds on this functionality, with the Routing and Remote Access service (RRAS) providing the ability to integrate with other routers using a variety of popular routing protocols including RIP versions 1 and 2, as well as OSPF. Further to this, RRAS will also allow your server to act as a demand-dial router, initiating dial-up connections (as well as VPN connections) via ISDN and standard phone lines. This demand-dial functionality provides what could potentially be a very cost-effective solution in offices where Internet or related dial-up costs (such as WAN connection) are prohibitively expensive.

Before having a discussion about configuring a router, I think it is first important to understand what a router actually does, especially besides the obvious (routing packets). For the sake of simplicity, lets consider a 2-subnet internet. In order for hosts on one subnet (who have a given address range) to talk to computers on another subnet, they must communicate using a router as an intermediary. Sometimes referred to as a gateway, the router has a connection on both networks, usually with separate network interface cards, one on each subnet. When a host on one subnet needs to talk to a host on another, it forwards the frame it has created to the local router interface. Upon receiving the frame, the router does a number of things. First, it strips off the associated frame addressing (for example the Ethernet MAC addresses), and then looks at the destination IP address. Though the router (usually) won't know about the whereabouts of a specific host, it will know about the networks to whom it is attached at a minimum, as well as any it has learned about via routing protocols. If the router has the destination network in its routing table, it will note the IP address to where the datagram should be sent next, either the destination host itself, or another router (if applicable). After decrementing the TTL of the datagram by 1 (as happens at every router), the router them frames the datagram for the underlying network technology, including the appropriate MAC addressing, and forwards the frame to that host. 

Whenever you talk about routers you should be sure to distinguish between routing protocols and routed protocols. Quite simply, a routed protocol is one whose traffic has an addressing scheme that allows it to be routed, such as IP or IPX. On the other hand, a routing protocol is one that routers use to exchange information with one another, such as RIP or OSPF.

Static Routing

The most basic routing setup involves configuring a router to use static routing. In this scenario, you tell the router about networks explicitly, including information on the next-hop address (where packets destined for that network should then be sent - the destination host or another router). Note that a router will know about all networks or subnets on which in has a configured interface - as such, you need not usually add these to the routing table using static routes. For any network to which the router does not have directly connected interface, you much configure the information as described. Note that adding many static routes is time consuming, and as such most situations will dictate that a routing protocol be used. However, static routes provide a very quick, simple, and efficient method for setting up routing, especially in small environments.

In Windows 2000 Routing and Remote Access, static routing is configured under the IP Routing section, as shown below.

When configuring a static route, you need to provide the network address of the interface, destination network, the subnet mask, gateway (or next hop address), as well as a metric. If the static route will be used to initiate a demand-dial connection (to be discussed later in the article), you can also check the box at the bottom of the screen, as shown below:

Note that the routing table for the system can be viewed either by using the 'Show IP Routing tab option shown above, or by using the route print command from the command prompt. Note that the default destination network, is used to route packets to networks not found in the table, usually to the configured default gateway.

Routing Information Protocol

Since static routing can become cumbersome in very large internetworks, companies will usually choose to have routing tables built dynamically by a routing protocol. It is via routing protocols that routers 'talk' to one another, exchanging information about the networks that they are aware of. Although a wide variety of routing protocols exist, Windows 2000 supports only three, RIP versions 1 and 2, as well as OSPF. In order for routers to exchange information with one another, they must be running a common routing protocol. By far the simplest routing protocol to implement is RIP, the Routing Information Protocol. RIP's simplicity comes from the fact that it requires very little in terms of configuration outside of simply 'turning it on'. In an internetwork that uses RIP, routers broadcast their routing tables to their neighbors at configurable intervals. The downside of this is that it has a negative impact on network performance, and changes in the network topology (such as a router going down) can take a long time to propagate through a network, thus compounding network communication problems. 

As mentioned earlier, Windows 2000 supports both RIP versions 1 and 2. RIP version 1 is often considered a poor choice in larger environments, mainly because it only supports classful IP addressing, which in part means that subnet mask information is not propagated as part of the RIP v1 broadcasts. This also means that RIP version 1 is not suitable for networks that use either CIDR (classless interdomain routing) or VLSM (variable-length subnet masks). Another downfall of RIP v1 is the fact the security is very limited, since neighboring routers do not authenticate with one another. This would might allow any RIP router to exchange information with neighboring RIP routers, regardless of whether they should be.

On the other hand, RIP version 2 does support VLSM, CIDR, and basic authentication (a string value that must be the same on routers participating in the exchange, via clear text). RIP v2 routers also support the exchange of information via broadcast or multicast, which can be configured. Note that a router running only RIP v1 cannot exchange information with a router running only RIP v2.

RIP is added via the 'New Routing Protocol' menu choice off the General tab in the IP Routing section of Routing and Remote Access, as shown below:

Note that you first add a routing protocol, and then configure that protocol on an interface-by-interface basis. Note also that even though the screen above suggests that only RIP version 2 can be added, this option also allows you to configure interfaces using RIP 1 if desired. 

By accessing the properties of RIP via the shortcut menu, you are actually configuring what are sometimes referred to as global parameters. The options here are limited, since an interface hasn't actually been added yet, as will be discussed in a moment. The general tab controls how long a router will wait before sending a triggered update (meaning that its table has been updated), as well as RIP logging options. The Security tab is actually a little more important, since it allows you to control exactly which RIP routers this router is allowed to interact with. While the router will be able to accept announcements from all other RIP routers (running the same version) by default, you can also specify which routers it can or cannot accept announcements from explicitly by IP address, as shown below.

After adding the routing protocol, you must then define the interfaces for which this protocol is valid. This might be a permanent interface such as with Local Areas Connections, or it might be demand-initiated connections such as dial-up connections or VPN tunnels. The screen shot below shows the addition of an interface to a protocol.

The configuration of the interface is handled by accessing its properties after it has been added. For any RIP interface, there are 4 configuration tabs, including General, Security, Neighbors, and Advanced, as shown below:

The General tab allows you to control the incoming and outgoing packet protocol allowed, an authentication string (only valid for version 2), as well as an operation mode, where 'Periodic update' is the default (another option, Auto-static mode, will be discussed in the next article). The Security tab allows you to control actions for both incoming and outgoing routes, specifically ranges that should be accepted or declined on this interface. This gives you a more granular level of control over which networks this router knows about.

The Neighbors tab allows you to control how this router interacts with other routers on the network. For example, you can specify that broadcasts or multicast get used (as they do by default), or you can add the specific IP addresses of other routers with whom information should be shared via unicast traffic. Although this may seem to be a great deal of work, it may also be a good idea from a security perspective, especially if you are worried about rogue RIP routers being created on your network and interfering with your routing infrastructure.

Finally, the Advanced tab allows you to control advanced RIP properties, including whether routes to individual hosts can be included in the announcement (they are not by default), intervals for announcements and route expiry (30 seconds and 180 seconds respectively by default) as well as other advanced RIP properties. While it would be worthwhile from a learning perspective to take the time go through each advanced setting individually, it is probably not necessary to know each setting in tremendous detail outside of a setup in a production environment.

As a side note, you should also recognize that if you are running NWLink, Windows 2000 can also run RIP for IPX and SAP (the Netware Service Advertising Protocol). These settings do not appear in the Routing and Remote Access interface until at least one interface is running IPX. Note the difference in my interface once NWLink is added below.

That does it for yet another week. I had originally planned to try and cover all of the routing section in a single article, but it just would have been much too long and time didn't permit it this week. The next article will cover the remaining routing areas, including a look at OSPF, IGMP, NAT, and related settings. Thanks to everyone who has been supporting the series, especially all of you who have been making the effort to post your question (and especially your answers!) to the message board. Best of luck with your studies this week.


This article was originally published on Wednesday Apr 2nd 2003
Mobile Site | Full Site