This routing protocol, also known as RIP, is a dynamic routing protocol which is utilized in both local area and wide area networks. It is classified as distance vector protocol. The metric to calculate the distance between a source and a destination network is hop count. The routing information protocol has had several revisions thus leading to RIPv2. Both RIP and RIPv2 are still widely used although they are now considered as obsolete and have been replaced by newer protocols (such as OSPF, EIGRP, IS-IS) in many situations. RIP has been classified into three versions. These are RIPv1, RIPv2 and RIPng.

RIPv1

RIPv1 is the first version of RIP and it uses class-full routing. This version of RIP operates when there are only 0-15 hop counts. If the destination network is located more than 16 hops (routers) away, then it will fail to send the data packets to the destination network. This version does not support VLSM (Variable Length Subnet Mask) since the routing updates will not bring any subnet information. For this reason RIPv1 does not allow different sized subnets in the same network. For example, if the network to be advertised is 10.1.1.0, then RIPv1 assumes that the subnet mask of this network is Class A (i.e 255.0.0.0), even if the network administrator has broken down this network into a Class C subnet (10.1.1.0/24). RIPv1 is also vulnerable to many attacks since it does not support any router authentication.

RIPv2

RIPv2 was built based on RIPv1 so as to address certain deficiencies of RIPv1. To be compatible with the older version of RIP the hop count was left at 15. The new changes implemented in RIPv2 were its ability to carry the subnet information which in turn allow RIPv2 to support Classless Inter Domain Routing. In order to avoid any needless load on hosts which are not participating in routing, this version will multicast the whole routing table to all the neighboring routers at 224.0.0.9. There was also the addition of MD5 authentication for routing updates. Also, in order to distinguish the internal routes from the external routes, route tags were added to RIPv2.

RIPng

RIPng is an extended format of RIPv2 so as to support IPv6. There are a few differences between RIPng and RIPv2. RIPng will not support RIPv1 updates authentication. RIPng does not attach any tags to routers. In RIPv2 the next hop is encoded in each routes entry while in RIPng the next hop needs a specific encoding for a set route of entries.

Configuration

By default all RIP enabled routers will automatically run RIPv1. To activate RIP on a Cisco router one would need to issue the router rip command in global configuration mode. (RA, name of router)

RA (config)# router rip

To select the networks that should be advertised with RIP you would need to issue the network command in router configuration mode.

RA (config-router)#network 192.168.10.0
RA (config-router)#network 192.168.20.0

If you wanted to configure RIPv2 on a Cisco router then you would do basically the same configuration, only this time you would issue the version 2 command in router configuration mode.

RA (config)# router rip
RA (config-router)#version 2
RA (config-router)#network 192.168.10.0
RA (config-router)#network 192.168.20.0

Based on the kind of network you are operating you may need to allow updates between RIPv1 and RIPv2. To do so you would need to specify which version goes to which interface. You would issue the ip rip send version command in the interface configuration mode. To allow an interface to receive RIP on this basis you would need to issue the ip rip receive version command in interface configuration mode.

RA (config-if) ip rip send version
RA (config-if) ip rip receive version

Network Address Translation (NAT) is a networking process which is used to remap a specific IP address space into another IP address space by modifying the information in the TCP/IP packet header while the packets are being transmitted across a routing device. E.g.(router, firewall etc). Usually the modification is done on the source IP address of the packet which is changed to a different IP address.

Network Address Translation (NAT) is used to hide an entire IP address space which is usually of a private network. For example, a network administrator would utilize NAT to hide the private IP address space of his LAN network under a single IP address from a different IP address space.

Network Address Translation (NAT) is able to accomplish this by using a state-full translation table to map the private addresses into a single IP address and then readdress the outgoing IP packets so that they appear to be originating from the router’s Internet facing interface.

There are different types of NAT which can perform different functions. Some of these include Static NAT, PAT and Dynamic NAT. Many devices that support NAT today will allow you to configure the entries in the translation table permanently. This is known as Static NAT. You also have the process of translating the IP addresses as well as the port numbers. This process is known as Port Address Translation (PAT). It is also sometimes referred to as Network Address Port Translation (NAPT). Dynamic NAT is different from Static NAT in that Static NAT provides a one to one internal address to public address mapping. Dynamic NAT is not static and it usually utilizes a group of public IP addresses to translate a group of private IP addresses.

Here is a simple tutorial of how you can Implement NAT in a network.

We have 14 hosts that will need simultaneous Internet connection. Our hosts are assigned private IP addresses (192.168.100.17 to 192.168.100.30). We were given 6 IP addresses from our ISP (198.18.184.105 to 198.18.184.110).

After completing our basic router configuration (for example purposes we will assume that a static route is in place between the router and ISP) and configuration of the interfaces, we will use the following commands:

Router>enable
Router#configure terminal

Set the router name to R1

Router(config)#hostname R1

Configure this interface for Nat inside. This is connected to the network to be translated.

R1(config)#interface fastethernet 0/0
R1(config-if)#ip nat inside

Configure this interface for Nat outside. This is connected to the mapped network.

R1(config)#interface serial 0/0
R1(config-if)#ip nat outside

Create an access-list to match the router’s LAN address range that will be translated.

R1(config)#access-list 10 permit 192.168.100.16 0.0.0.15

Create a NAT Pool with pool name isp_adress and specify the public pool address range given by the ISP with their netmask.

R1(config)#ip nat pool isp_adr 198.18.184.105 198.18.184.110 netmask 255.255.255.248

Next we will use the Overload keyword to use Port based NATing to support the router’s LAN address range.
R1(config)#ip nat inside source list 10 pool isp_adr overload

Testing:
Our aim was to allow the 14 hosts on the private network to access the internet. We will simply ping the ISP for verification using the connected serial interface to that ISP. Let’s say it is S0/1. We would do the following:

Go to an internal host to test
C:\>ping 192.0.2.114

The ping should be successful to 192.0.2.114 which is the serial interface of the ISP.

On console of the router (R1):
Issue the show ip nat translation command to verify the NAT translations.
R1# show ip nat translation

If we used an internal host with IP address 192.168.100.17 we should receive this output:

Pro Inside global Inside local Outside local Outside global
icmp 198.18.184.105:434 192.168.100.17:434 192.0.2.114:434 192.0.2.114:434
icmp 198.18.184.105:435 192.168.100.17:435 192.0.2.114:435 192.0.2.114:435
icmp 198.18.184.105:436 192.168.100.17:436 192.0.2.114:436 192.0.2.114:436
icmp 198.18.184.105:437 192.168.100.17:437 192.0.2.114:437 192.0.2.114:437
icmp 198.18.184.105:438 192.168.100.17:438 192.0.2.114:438 192.0.2.114:438

One of the most popular dynamic routing protocols available is the Open Shortest Path First (OSPF). This is a link-state algorithm protocol (compared with distance-vector protocols like RIP) and is categorized as an Interior Gateway Protocol (IGP). IGP protocols are running within the same Autonomous System network (i.e a network under the same administration domain, such as a company’s LAN network, a university’s campus network, a corporation’s private WAN network etc).

The strength of the OSPF is that it is a hierarchical protocol using network areas. Routing information distribution becomes more structured and also simpler to troubleshoot.

OSPF is extensively used in Cisco networks and is fully supported by the Cisco IOS operating system. However, OSPF is also fully supported by other networking vendors such as Juniper etc.

The first step done by the OSPF is to establish communications with the neighboring routers. The aim is to obtain all possible network devices and links information by the neighboring routers so as to build a complete picture of the whole network topology.

Similarly, the neighboring routers will also receive information from other routers acting as neighbors. So that eventually all existing information in a network can be learned by all existing routers in the network (a topology table is built). The event of routers establishing full communication with their neighbors (adjacency) is often referred to as Convergence.

After all routers establish communication with their neighbors (neighbor adjacency – Convergence), then the routing information exchange process takes place with the help of some special packets that are in charge of carrying routing information. These packets are often referred to as Link State Advertisements (LSA packets). Apart from the hello packets, the OSPF routing protocol is also dependent on the LSA packets to work properly.

The algorithm used by OSPF to determine the shortest path to a specific destination is called Shortest Path First (SPF) and is very effective. Although stretching many paths to a specific destination, OSPF can determine which path is best with great precision.

But there is another advantage to OSPF, namely the concept of a hierarchical network that makes the process of updating routing information more efficient. In applying the concept of this hierarchy, OSPF uses network areas as a collection of routers and links within which routing information is distributed.

What’s the concept of “Areas” in OSPF:
OSPF is created and designed to serve large-scale private networks. This means that OSPF must have a mechanism for high scalability, not easily exhausted or “stuck” because the network is increasingly enlarged. In order for OSPF to be able to serve rapidly growing networks, the routing protocol is equipped with a hierarchical system in the form of grouping OSPF routers in an “Area”. By dividing up the routers in the network into “Areas”, it will have many advantages, particularly to address the problem when the number of network routes is getting bigger and troubleshooting becomes more difficult. For this purpose the concept of an area is used to create a hierarchy.

Why splitting the network into Areas will help:
When a network keeps growing bigger and bigger, OSPF routing protocol is no longer effective if carried within a single area only. As you already know, OSPF is a Link State protocol. That is, the routing protocol will collect data for the status of each link in the OSPF network.

What will happen if the OSPF network consists of hundreds or even thousands of links? Of course the process of collecting and updating all link information will take some time and a lot of processor resources. After that, the process of determining the best path for all destination networks by a specific OSPF process running on a router will become very slow.

Based on this limitation, the concept of Areas will help a lot. Now routers within an area are only responsible to monitor the status of links within that specific area only. The aim is to reduce the number of links that are monitored in order to distribute routing information as quickly and efficiently as possible, thus enhancing network stability.

How Link State Information is distributed
OSPF uses Link State Advertisements (LSA) to distribute link state information between the routers in the OSPF topology. In disseminating this information, the LSA mechanism uses special packets (LSA packets) that carry information in the form of link status – the status of an existing link in a router. This packet can then be spread to the entire OSPF network. All information contained in the router links and collected by the OSPF process, is then wrapped within LSA packets and then sent to the entire OSPF network.

What is an LSA Packet
As explained above, LSA packets contain information about the links that exist on a router and the status of each link (such information contain link bandwidth as well). LSA packets are then propagated to other routers from each router to its neighbor.

LSA packet exchange is not happening just at the beginning of the formation of the OSPF topology database, but there are continuous link status updates in the OSPF network. However, the LSA packets propagated at the first time are different from the subsequent packet distributions. Because the first LSA packet contains the most complete information about the status of the links in the network, while the next LSA packets are just updated information of the link status, thus less bandwidth is consumed by the update LSA packets.

LSA packets are also divided into several types. This division is made based on the information contained in each packet and for whom the LSA packet is intended. OSPF LSA packets are divided into seven types. Each type has its usefulness in transferring Link State information.

OSPF Router Types:

As we already said, OSPF uses the concept of areas to ensure proper routing information distribution and equipment stability. Based on the location and role that a router has within an OSPF area, the router can be categorized into different OSPF router types. The location of a router within an OSPF network also affects its function. Below are some types of OSPF routers based on their location and their function within the OSPF network:

* Internal Router

Routers that are classified as internal are those that are connected inside an OSPF area. Routers in the same area will perceive all other routers in that area as internal routers. An internal router has no connections with other areas, so that its function is only to give and receive routing information regarding its area only. The Internal Router’s task is to maintain a topology database and routing table that is accurate for every subnet in its area. This type of router does LSA flooding only to other routers that are considered as internal router (within the same are).

* Backbone Router

One of the rules that must be followed in OSPF networks is that if there are more than one network Areas, these must be connected to an area that is considered as the backbone area. Backbone area is usually marked by numbering 0.0.0.0 or often referred to as Area 0. Routers that are entirely within the Area 0 backbone are named as backbone routers. A Backbone router has knowledge of all the topology and routing information contained in the whole OSPF network.

* Area Border Router (ABR)

As the name implies, an “Area Border” router acts as a liaison between network Areas. This router connects together different Areas in the OSPF network. However, because all areas must be connected to the backbone Area, this means that the ABR router is just connecting Area 0 with other areas. So, ABR routers have connections to two distinct areas, one connection to Area 0 and another one to the other areas.  ABR routers store and maintain information for every area connected with. Its job also is to disseminate routing information to each area. However, the distribution of this information is done using a special LSA packet which is a summarization of the existing IP subnets in the network. With this summary update the process of exchanging routing information between areas does not consume too much processing resources for the routers and also it does not take a lot of bandwidth.

* Autonomous System Boundary Router (ASBR)

An Autonomous System (AS) is a group of routers that form a network that is under one administrative domain (a single ownership).Usually all routers within the same AS are running the same routing protocol (e.g OSPF or RIP etc). However, there are cases where a segment of the network is not possible to run the same routing protocol as the other routers. Maybe another IGP protocol is running. Therefore a router must be configured to run both OSPF and another routing protocol (e.g RIP or EIGRP etc) for connecting the two segments. Such a router is called ASBR. ASBR routers can be placed anywhere in the network, but the router must have a leg in OSPF Area 0.

OSPF Area Types

After dividing the network into areas and configuring routers, each area can be categorized according to its characteristics in the network. We have the following OSPF Area types:

* Backbone Area

Backbone area is the area meeting place for all other areas in the OSPF network. This area is often marked with the number 0 or referred to as Area 0.

* Standard Area

Areas of this type are all the other areas besides Area 0. All routers that exist in this area will have the same link state information because they will form adjacencies with each other and exchange information directly. Thus, all routers that exist in this area will have the same topology database, but their routing tables may be different.

* Stub Area

Stub literally means the extreme end. This term is used in OSPF networks to dub one or more areas which are located at the end of the network with no other branches. Stub area is an area with no other paths to any other network except the backbone. This Area does not receive LSA type 4 and 5 packets. That means this is an area of not receiving LSA packets from other areas delivered by the ABR router and not receiving LSA packets from other routing protocols that are outside of the ASBR router (LSA type 4 and 5). So in other words, the routers in this area will only accept information from other routers in the same area, no new routing information from other routers. However, the next question is how this type of area can communicate with the outside world if there is no routing information that can be received from the outside world. The answer is the default route. A default route exists in this area to send packets outside its boundaries via the default gateway router which is the router connecting the area with the backbone.

* Totally Stub Area

A Totally Stub area will never receive any routing information from the networks outside of its boundary. This area will block LSA type 3, 4, and 5 packets, so no information can get into this area. Areas of this type are also similar to stub areas, which rely on a default route to reach the outside world.

The Cisco 800 series routers are part of the “Branch Office” category, used mainly for SOHO purposes or for connecting remote branch offices to a central location. They are “fixed hardware configuration” devices, meaning that they don’t have any plug-in hardware slots for inserting additional interfaces to the device (all the interfaces are fixed).

All the 800 series models come with a 4-port 10/100 managed switch used for connecting the internal LAN computers, and with an IOS software that supports security features including the Firewall set. The main difference of each model is the WAN interface. All models that end with “1” in the model number (i.e 851, 861, 871, 881, 891) have a 10/100 Fast Ethernet interface as a WAN port. The other models have an xDSL type WAN port (i.e ADSL, G.SHDL, VDSL2). Also, all models have the option of a WiFi Radio interface (the model number ends with a “W”, e.g 851W, 857W, 861W etc).

In this post I will describe a basic configuration scenario for connecting a Cisco 800 router for Internet access. I will use a model with an Ethernet WAN interface (such as 851, 861, 871, etc) since those models are the most popular.

Something to have in mind for all 800 series routers, the four LAN interfaces (FE0 up to FE3) are Layer2 switch interfaces that are assigned by default to Vlan1. This means that you can not assign an IP address directly to the LAN interfaces. The IP address for the LAN-facing side of the router is assigned under “interface Vlan1”. On the other hand, the WAN interface (FE4) is a normal Layer3 router port, which means you can assign an IP address directly on the interface (“interface FastEthernet4”).

I will describe three basic scenarios which are frequently encountered in real networks.

1. Scenario 1: WAN IP address of router is assigned dynamically by the ISP. LAN IP addresses assigned dynamically from the router to the internal PCs.
2. Scenario 2: WAN IP address of router is static. LAN IP addresses assigned dynamically from the router.
3. Scenario 3: WAN IP address of router is static. An internal LAN Web Server exists. The router performs a static Port NAT (port redirection) to forward traffic from Internet towards the internal Web Server.

Scenario 1:

Configuration:

The following is the basic configuration needed for the simple scenario above.

configure terminal

enable secret somesecretpassword

! Configure the DHCP pool to assign addresses to internal hosts
ip dhcp pool vlan1pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 100.100.100.36

! Do not assign addresses 1 to 30
ip dhcp excluded-address 192.168.1.1 192.168.1.30

! This is the LAN facing interface of the 800 router. Used as gateway for PCs
interface vlan 1
ip address 192.168.1.1 255.255.255.0
ip nat inside
no shut

! Interfaces FE0 to FE3 are Layer 2 interfaces
interface FastEthernet0
no shut
interface FastEthernet1
no shut

interface FastEthernet2
no shut

interface FastEthernet3
no shut

! This is the WAN interface getting address via DHCP from the ISP
interface FastEthernet 4
no shut
ip address dhcp
ip nat outside

! Configure NAT. All internal hosts will be nated on the WAN interface
ip nat inside source list 1 interface fastethernet4 overload
access-list 1 permit 192.168.1.0 0.0.0.255

ip route 0.0.0.0 0.0.0.0 fastethernet4

line vty 0 4
password somestrongpassword

Scenario 2:

Configuration:

This is the same configuration as scenario 1 except that the WAN IP address is static and also the default gateway of our ISP is known.

The only difference from the configuration above is on the WAN interface and on default route:

! This is the WAN interface with static IP

interface FastEthernet 4
no shut
ip address 100.100.100.1 255.255.255.0
ip nat outside

ip route 0.0.0.0 0.0.0.0 100.100.100.2

Scenario 3:

Configuration:

Here the WAN address is static and we have also an internal Web Server for which we need to allow HTTP access from Internet. To do this we must configure a static NAT with port redirection. Traffic that comes towards our WAN public address 100.100.100.1 on port 80 will be redirected by the router to the internal Web Server at address 192.168.1.10 on port 80.

configure terminal

enable secret somesecretpassword

! Configure the DHCP pool to assign addresses to internal hosts
ip dhcp pool vlan1pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 100.100.100.36

! Do not assign addresses 1 to 30
ip dhcp excluded-address 192.168.1.1 192.168.1.30

! This is the LAN facing interface of the 800 router. Used as gateway for PCs
interface vlan 1
ip address 192.168.1.1 255.255.255.0
ip nat inside
no shut

! Interfaces FE0 to FE3 are Layer 2 interfaces
interface FastEthernet0
no shut

interface FastEthernet1
no shut

interface FastEthernet2
no shut

interface FastEthernet3
no shut

! This is the WAN interface with static IP
interface FastEthernet 4
no shut
ip address 100.100.100.1 255.255.255.0
ip nat outside

! Configure NAT. All internal hosts will be nated on the WAN interface
ip nat inside source list 1 interface fastethernet4 overload
access-list 1 permit 192.168.1.0 0.0.0.255

! Configure static NAT for port redirection
ip nat inside source static tcp 192.168.1.10 80 100.100.100.1 80 extendable

ip route 0.0.0.0 0.0.0.0 100.100.100.2

line vty 0 4
password somestrongpassword