NIVEL EDUCATIVO DE LAS VOLUNTARIAS VICENTINAS

ROUTING INFORMATION PROTOCOL (RIP)

RIP is a dynamic, distance vector routing protocol. RIP uses UDP port 520 for route updates. RIP calculates the best route based on hop count. This makes RIP very fast to converge

RIP sends full table updates at regular intervals specified by the route-update timer (30 seconds is the default). This means that a RIP router summarizes all routes it knows along classful boundaries and sends the summary information to all other RIP routing devices. RIP updates can contain up to 25 messages.

RIP TIMERS

TIMER DEFAULT CONTROLS

update 30 sec. Interval between route update advertisements

timeout 180 sec. Interval a route should stay 'live' in the routing table. This counter is reset every time the router hears an update for this route.

Flush 240 sec. How long to wait from the time the route was received to delete a route (60 seconds after timeout).

The routing-update timer controls the time between routing updates. Default is usually 30 seconds, plus a small random delay to prevent all RIP routers from sending updates simultaneously.

The route-timeout timer controls when a route is no longer available. The default is usually 180 seconds. If a router has not seen the route in an update during this specified interval, it is dropped from the router's announcements. The route is maintained long enough for the router to advertise the route as down (hop count of 16).

The route-flush timer controls how long before a route is completely flushed from the routing table. The default setting is usually 120 seconds.

BASIC RIP CONFIGURATION

According to the recollection of InetDaemon, configuring a Cisco router for a basic RIP configuration would look something like this:

router> enable Password: router# conf t

router(config)#interface ethernet 0

router(config-if)# ip address 192.168.42.1 router(config-if)# interface ethernet 1 router(config-if)# ip address 192.168.43.1 router(config-if)# exit

router(config)# router rip

router(config-router)# network 192.168.42.0 router(config-router)# network 192.168.43.0 router(config-router)# exit

router(config-router)# ^z router#

The example above assumes that the interfaces that will be running RIP have IP addresses on them that fall within the 192.168.42.0, and 192.168.43.0 class C ranges.

IGRP

IGRP is a distance-vector routing protocol that considers a composite metric which, by default, uses bandwidth and delay as parameters instead of hop count. IGRP is not limited to the 15-hop limit of RIP. IGRP has a maximum hop limit of 100, by default, and can be configured to support a network diameter of 255. With IGRP, routers usually select paths with a larger minimum-link bandwidth over paths with a smaller hop count. Links do not have a hop count. They are exactly one hop.

IGRP is available only on Cisco routers

IGRP will load-balance traffic if there are several paths with equal cost to the destination

IGRP sends its routing table to its neighbors every 90 seconds. IGRP's default update period of 90 seconds is a benefit compared to RIP, which can consume excessive bandwidth when sending updates every 30 seconds. IGRP uses an invalid timer to mark a route as invalid after 270 seconds (three times the update timer). As with RIP, IGRP uses a flush timer to remove a route from the routing table; the default flush timer is set to 630 seconds (seven times the update period and more than 10 minutes).

If a network goes down or the metric for the network increases, the route is placed in holddown. The router accepts no new changes for the route until the holddown timer expires. This setup prevents routing loops in the network. The default holddown timer is 280 seconds (three times the update timer plus 10 seconds).

IGRP Timer Default Time Update 90 seconds Invalid 270 seconds Holddown 280 seconds Flush 630 seconds

IP ACCESS LIST

IP access lists cause a router to discard some packets based on criteria defined by the network engineer. The goal of these filters is to prevent unwanted traffic in the network—whether to prevent hackers from penetrating the network, or just to prevent employees from using systems

that they should not be using. Key features of access lists:

• Packets can be filtered as they enter an interface, before the routing decision. • Packets can be filtered before they exit an interface, after the routing decision. • Deny is the term used in Cisco IOS software to imply that the packet will be filtered.

• Permit is the term used in Cisco IOS software to imply that the packet will not be filtered.

• The filtering logic is configured in the access list.

• At the end of every access list is an implied “deny all traffic” statement. Therefore, if a packet does not match any of your access list statements, it is blocked.

Access lists have two major steps in their logic: matching and action. Matching logic examines each packet and determines whether it matches the

access-list statement. As soon as an access-list statement is matched, there

are two actions to choose from: deny and permit. Deny means to discard the packet, and permit implies that the packet should continue on its way.

FIREWALL

As the limits of networking is increasing unfolded so the danger of information leaking in and leaking out increases. So a mechanism is required to keep good bits in and bad bits out. And for this we use FIREWALL.

A firewall is a device of some kind that separates and protects our network - in most cases, from the Internet. It restricts traffic to only what is acceptable, and monitors that what is happening. Every firewall has at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to. A firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet. It may be a hardware device or a software program running on a secure host computer.

Hardware device means a physical devise connected at the gateway which checks every incoming or outgoing packet.

Software program means that software is loaded in computer that determines as what to allow and what to reject.

A firewall examines all traffic routed between the two networks to see if it meets certain criteria. A firewall filters both inbound and outbound traffic.

Technologies

There are three different types of firewall technologies: 1) Packet Filtering

2) Proxy

3) Stateful Inspection

Packet Filtering

A packet filtering firewall simply inspects incoming traffic at the transport layer of the OSI model. The packet filtering firewall analyzes TCP or UDP packets and compare them to a set of established rules called as Access Control List (ACL). Packet filtering inspects packet nly for following elements

• Source IP address • Source Port • Destination IP address • Destination Port • Protocol Proxy

When a firewall is installed then no PC makes direct connection to the outside world. In that case they use proxy i.e each PC first of all sends request to proxy which then forwards the request to the internet or outside world for connection or data transfer.

Stateful Inspection

It is a combination of Packet filtering and proxy services. This is the most secure technology and provides the most functionality because connections are not only applied to ACL, but are logged into a static table. After a connection is established, all session data is compared to the static table. If the session data does not match the state table information for that connection, then connection is dropped.