Network Security Notes: Network Protocols: Understanding EIGRP and IGRP Protocols

.
  • Agregar a Technorati
  • Agregar a Del.icio.us
  • Agregar a DiggIt!
  • Agregar a Yahoo!
  • Agregar a Google
  • Agregar a Meneame
  • Agregar a Furl
  • Agregar a Reddit
  • Agregar a Magnolia
  • Agregar a Blinklist
  • Agregar a Blogmarks

Network Security Notes: Network Protocols: Understanding EIGRP and IGRP Protocols


Network Security Notes: Network Protocols: Understanding EIGRP and IGRP Protocols

Posted: 03 Feb 2011 06:33 PM PST


Network Security Notes: Network Protocols: Understanding EIGRP and IGRP Protocols

Enhanced Interior Gateway Routing Protocol - (EIGRP) is a Cisco proprietary routing protocol loosely based on their original IGRP. EIGRP is an advanced distance-vector routing protocol, with optimizations to minimize both the routing instability incurred after topology changes, as well as the use of bandwidth and processing power in the router. Routers that support EIGRP will automatically redistribute route information to IGRP neighbors by converting the 32 bit EIGRP metric to the 24 bit IGRP metric. Most of the routing optimizations are based on the Diffusing Update Algorithm (DUAL) work from SRI, which guarantees loop-free operation and provides a mechanism for fast convergence.

What is IGRP?

Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing data within an autonomous system.

IGRP is a proprietary protocol. IGRP was created in part to overcome the limitations of RIP (maximum hop count of only 15, and a single routing metric) when used within large networks. IGRP supports multiple metrics for each route, including bandwidth, delay, load, MTU, and reliability; to compare two routes these metrics are combined together into a single metric, using a formula which can be adjusted through the use of pre-set constants. The maximum hop count of IGRP-routed packets is 255 (default 100), and routing updates are broadcast every 90 seconds (by default).

IGRP is considered a classful routing protocol. Because the protocol has no field for a subnet mask, the router assumes that all interface addresses within the same Class A, Class B, or Class C network have the same subnet mask as the subnet mask configured for the interfaces in question. This contrasts with classless routing protocols that can use variable length subnet masks. Classful protocols have become less popular as they are wasteful of IP address space.

What is Distance-vector routing protocol?

In computer communication theory relating to packet-switched networks, a distance-vector routing protocol is one of the two major classes of routing protocols, the other major class being the link-state protocol. A distance-vector routing protocol uses the Bellman-Ford algorithm to calculate paths.

A distance-vector routing protocol requires that a router informs its neighbors of topology changes periodically and, in some cases, when a change is detected in the topology of a network. Compared to link-state protocols, which require a router to inform all the nodes in a network of topology changes, distance-vector routing protocols have less computational complexity and message overhead.

Distance Vector means that Routers are advertised as vector of distance and direction. 'Direction' is represented by next hop address and exit interface, whereas 'Distance' uses metrics such as hop count.

Routers using distance vector protocol do not have knowledge of the entire path to a destination. Instead DV uses two methods:

1. Direction in which or interface to which a packet should be forwarded.
2. Distance from its destination.

Examples of distance-vector routing protocols include Routing Information Protocol Version 1 & 2, RIPv1 and RIPv2 and IGRP. EGP and BGP are not pure distance-vector routing protocols because a distance-vector protocol calculates routes based only on link costs whereas in BGP, for example, the local route preference value takes priority over the link cost.

A link-state routing protocol is one of the two main classes of routing protocols used in packet switching networks for computer communications, the other major class being the distance-vector routing protocol. Examples of link-state routing protocols include OSPF and IS-IS.

The link-state protocol is performed by every switching node in the network (i.e. nodes that are prepared to forward packets; in the Internet, these are called routers). The basic concept of link-state routing is that every node constructs a map of the connectivity to the network, in the form of a graph, showing which nodes are connected to which other nodes. Each node then independently calculates the next best logical path from it to every possible destination in the network. The collection of best paths will then form the node's routing table.

This contrasts with distance-vector routing protocols, which works by having each node share its routing table with its neighbors. In a link-state protocol the only information passed between nodes is connectivity related.

Link state algorithms are sometimes characterized by the 'Each router tells the world about its neighbors'.

Understanding About Diffusing Update Algorithm (DUAL):

DUAL, the Diffusing Update ALgorithm, is the algorithm used by Cisco's EIGRP routing protocol to ensure that a given route is recalculated globally whenever it might cause a routing loop. According to Cisco, the full name of the algorithm is DUAL finite-state machine (DUAL FSM). EIGRP is responsible for the routing within an autonomous system and DUAL responds to changes in the routing topology and dynamically adjusts the routing tables of the router automatically.

EIGRP uses a feasibility condition to ensure that only loop-free routes are ever selected. The feasibility condition is conservative: when the condition is true, no loops can occur, but the condition might under some circumstances reject all routes to a destination although some are loop-free.

When no feasible route to a destination is available, the DUAL algorithm invokes a Diffusing Computation to ensure that all traces of the problematic route are eliminated from the network. At which point the normal Bellman-Ford algorithm is used to recover a new route.

!!! DUAL Operation:

DUAL uses three separate tables for the route calculation. These tables are created using information exchanged between the EIGRP routers. The information is different than that exchanged by link-state routing protocols. In EIGRP, the information exchanged includes the routes, the "metric" or cost of each route, and the information required to form a neighbor relationship (such as AS number, timers, and K values). The three tables and their functions in detail are as follows:

* Neighbor table contains information on all other directly connected routers. A separate table exists for each supported protocol (IP, IPX, etc). Each entry corresponds to a neighbour with the description of network interface and address. In addition, a timer is initialized to trigger the periodic detection of whether the connection is alive. This is achieved through "Hello" packets. If a "Hello" packet is not received from a neighbor for a specified time period, the router is assumed down and removed from the neighbor table.
* Topology table contains the metric (cost information) of all routes to any destination within the autonomous system. This information is received from neighboring routers contained in the Neighbor table. The primary (successor) and secondary (feasible successor) routes to a destination will be determined with the information in the topology table. Among other things, each entry in the topology table contains the following:

"FD (Feasible Distance)": The calculated metric of a route to a destination within the autonomous system.
"RD (Reported Distance)": The metric to a destination as advertised by a neighboring router. RD is used to calculate the FD, and to determine if the route meets the "feasibility condition".
Route Status: A route is marked either "active" or "passive". "Passive" routes are stable and can be used for data transmission. "Active" routes are being recalculated, and/or not available.

* Routing table contains the best route(s) to a destination (in terms of the lowest "metric"). These routes are the successors from the topology table.

DUAL evaluates the data received from other routers in the topology table and calculates the primary (successor) and secondary (feasible successor) routes. The primary path is usually the path with the lowest metric to reach the destination, and the redundant path is the path with the second lowest cost (if it meets the feasibility condition). There may be multiple successors and multiple feasible successors. Both successors and feasible successors are maintained in the topology table, but only the successors are added to the routing table and used to route packets.

For a route to become a feasible successor, its RD must be smaller than the FD of the successor. If this feasibility condition is met, there is no way that adding this route to the routing table could cause a loop.

If all the successor routes to a destination fail, the feasible successor becomes the successor and is immediately added to the routing table. If there is no feasible successor in the topology table, a query process is initiated to look for a new route.

Do you know SRI?

SRI International, founded as Stanford Research Institute, is one of the world's largest contract research institutes. Based in the United States, the trustees of Stanford University established it in 1946 as a center of innovation to support economic development in the region. It was later incorporated as an independent non-profit organization under U.S. and California laws. SRI's headquarters are in Menlo Park, California, near the Stanford University campus. Curtis Carlson, Ph.D., is SRI's president and CEO. Year 2009 revenue for SRI, including its subsidiary, Sarnoff Corporation, was approximately $470 million. As of 2010, SRI and Sarnoff employ about 1,700 staff members combined.

SRI's mission is discovery and the application of science and technology for knowledge, commerce, prosperity, and peace. It performs client-sponsored research and development for government agencies, commercial businesses, and private foundations. It also licenses its technologies, forms strategic partnerships, and creates spin-off companies. SRI's focus areas include communications and networks, computing, economic development and science and technology policy, education, energy and the environment, engineering systems, pharmaceuticals and health sciences, homeland security and national defense, materials and structures, and robotics. SRI has been awarded more than 1,000 patents and patent applications worldwide.

Understanding About Convergence (routing protocol):


Convergence is an important notion for a set of routers that engage in dynamic routing. For a set of routers to have converged, they must have collected all available topology information from each other via the implemented routing protocol, the information they gathered must not contradict any other router's topology information in the set, and it must reflect the real state of the network. In other words: In a converged network all routers "agree" on what the network topology looks like.

All Interior Gateway Protocols rely on convergence to function properly; it is the normal state of an operational autonomous system. The Exterior Gateway Routing Protocol BGP typically never converges because the Internet is too big for changes to be communicated fast enough.

Convergence process:

When a routing protocol process is enabled, a router will attempt to exchange information about the topology of the network. The extent of this information exchange, the way it is sent and received, and the type of information required vary widely depending on the routing protocol in use, see e.g. RIP, OSPF, BGP4.

A state of convergence is achieved once all routing protocol-specific information has been distributed to all routers participating in the routing protocol process. Any change in the network that affects routing tables will break the convergence temporarily until this change has been successfully communicated to all other routers.

Basic operation of EIGRP:

The data EIGRP collects is stored in three tables:

* Neighbor Table: Stores data about the neighboring routers, i.e. those directly accessible through directly connected interfaces.

* Topology Table: Confusingly named, this table does not store an overview of the complete network topology; rather, it effectively contains only the aggregation of the routing tables gathered from all directly connected neighbors. This table contains a list of destination networks in the EIGRP-routed network together with their respective metrics. Also for every destination, a successor and a feasible successor are identified and stored in the table if they exist. Every destination in the topology table can be marked either as "Passive", which is the state when the routing has stabilized and the router knows the route to the destination, or "Active" when the topology has changed and the router is in the process of (actively) updating its route to that destination.

* Routing table: Stores the actual routes to all destinations; the routing table is populated from the topology table with every destination network that has its successor and optionally feasible successor identified (if unequal-cost load-balancing is enabled using the variance command). The successors and feasible successors serve as the next hop routers for these destinations.

Unlike most other distance vector protocols, EIGRP does not rely on periodic route dumps in order to maintain its topology table. Routing information is exchanged only upon the establishment of new neighbor adjacencies, after which only changes are sent. Also, it uses route tagging.

Another useful link about EIGRP and IGRP:

Introduction to EIGRP (CISCO)

NIST report aims to help U.S. agencies deploy cloud apps

Posted: 03 Feb 2011 08:05 AM PST


The ease with which cloud computing services can be deployed heightens the security and management risks, according to a National Institute of Standards and Technology report.

What security technology will be hot at RSA 2011?

Posted: 03 Feb 2011 07:16 AM PST


The annual RSA Conference, now in its 20th year, will be rocking this month as the security industry gathers in the weeklong extravaganza of product introductions and security experts arguing cloud and mobile computing security issues.

US indicts 27 in Apple product credit-card fraud ring

Posted: 03 Feb 2011 05:58 AM PST


New York prosecutors indicted 27 people on Wednesday as part of a crime ring that bought Apple iPods, iPads and other products with stolen credit card information for resale in the criminal underground.

NIST formalizes cloud computing definition

Posted: 03 Feb 2011 05:39 AM PST


The Guidelines on Security and Privacy in Public Cloud Computing provides a detailed overview of the associated challenges in public cloud, and provides a number of recommendations organizations should consider before leaping in.

Next generation banking malware emerges after Zeus

Posted: 03 Feb 2011 03:19 AM PST


The rumored combination of two pieces of advanced online banking malware appears to be fully underway after several months of speculation.

What security technology will be hot at RSA 2011?

Posted: 03 Feb 2011 07:16 AM PST


The annual RSA Conference, now in its 20th year, will be rocking this month as the security industry gathers in the weeklong extravaganza of product introductions and security experts arguing cloud and mobile computing security issues.

From cloud and mobile security to encryption, security concerns abound as RSA turns 20

Posted: 03 Feb 2011 02:00 AM PST


Microsoft's Bill Gates being a turning point at which RSA became an all-encompassing security forum. "It was a big acknowledgment for Microsoft to send its top executive here," she says. The conference has drawn Cisco's CEO John Chambers, U.S. department of Homeland Security secretaries Michael Chertoff and Janet Napolitano

Cisco employee breaks company silence on Egyptian Internet crisis

Posted: 02 Feb 2011 05:15 AM PST


Even though Cisco officially declined to comment on the Internet crisis in Egypt, that did not stop an employee over there from sharing some war stories with North American network operators in an e-mail.

Google bets $20K that Chrome can't be hacked

Posted: 03 Feb 2011 02:45 AM PST


Google will pay $20,000 to the first researcher who successfully exploits its Chrome browser at this year's Pwn2Own hacking contest.

Man used Facebook to try to blackmail girl for porn

Posted: 02 Feb 2011 11:58 PM PST


A 27-year-old California man pleaded guilty Wednesday to charges that he tried to coerce a 14-year-old girl into sending him pornographic videos by threatening to publicize sexually explicit pictures of her that he'd dug up.

ShmooCon: Eavesdropping easy on Evite

Posted: 02 Feb 2011 03:04 AM PST


A security researcher at ShmooCon shows how to harvest personal information on the Evite site

New Facebook vulnerability patched

Posted: 01 Feb 2011 09:48 PM PST


Facebook has quietly fixed a vulnerability discovered recently by two student researchers that allowed malicious websites to access a Facebook user's private data without permission and post malicious links onto their profile.

0 comments:

Post a Comment