Chapter 1 Network Interconnection
The fundamental purpose of the network is very simple: to facilitate the exchange of acquired information. However, the application requirements of the network are very complex: some users want high bandwidth, but do not require a long transmission distance; some users require a long distance, but have very low bandwidth requirements; some require higher network reliability. high, while others are less demanding, and so on. These have led to the diversification of the network. Now the more common local area networks are Ethernet, Token Ring and FDDI, and the wide area networks are DDN, X.25, frame relay, ATM, etc. These networks meet user needs from different aspects. The physical media and protocols of these networks are different, and they cannot communicate with each other directly. The technology that connects them to each other so that users on different networks can exchange information is called network interconnection technology. There are two technologies for realizing network interconnection: protocol conversion and tunneling technology. TCP/IP and Novell's IPX are two common protocol conversion technologies. Novell's IPX was once prosperous, but now TCP/IP is the dominant one in network interconnection, and the popular internet is an example of using TCP/IP as an interconnection protocol. A router is a device that uses protocol conversion technology to interconnect heterogeneous networks. And now very fashionable VPN (Virtual Private Network, virtual private network) is the representative of tunnel technology.
Chapter 2 The basic structure and working principle of routers
A router is essentially a special-purpose computer that interconnects networks. A router is also called an IP gateway in TCP/IP. This chapter intends to use TCP/IP technology as an example to introduce routers. Everyone knows the seven-layer model of OSI, as shown in the figure
TCP/IP Hierarchical Model
The software structure of the router is based on the TCP/IP protocol stack. The following figure is a simple router software structure.
Router Software Architecture
The protocol translation of the router takes place at the IP layer. As shown in the figure below, the router is trying to interconnect the local area network and the Internet. The LAN is Ethernet, running IEEE802.2 and IEEE802.3. There is a dedicated line between the router and the access server, and the link layer protocol is PPP (Point to Point Protocol). The network layer protocol of the host on the Ethernet and the access server on the Internet is IP. The host encapsulates the IP packet in an Ethernet frame and sends it to the router; after receiving the Ethernet frame from the host, the Ethernet port of the router processes the frame header and submits it to the IP layer of the router; IP checks the packet header and submits the IP packet to the router. PPP to the WAN port; PPP encapsulates IP packets in PPP frames and sends them to the access server through a dedicated line. The above interconnection principle is universal: if a certain network device wants to interconnect heterogeneous networks N1 and N2 on the nth layer, the protocols (if any) of N1 and N2 on the nth layer and above must be the same. This is actually a necessary and sufficient condition for N1 and N2 to be interconnected.
The question is how does the host know to send the packets destined to the Internet to the correct router (assuming there are multiple masters/routers on the Ethernet), and how does the router know which access server to send the host packets to (assuming there are multiple routers) WAN ports, and each WAN port is connected to an access server)? The answer lies in addressing and routing mechanisms.
How routers work
An IP address is used to identify a network device working at the IP layer. IP addresses should be unique in interconnected networks, that is, an IP address cannot be used by multiple network devices at the same time. But TCP/IP allows a network device to occupy multiple IP addresses, which is called a "multihomed host". A router is a multi-homed host, and each port has an IP address, and even a port can have multiple IP addresses. An IP address is four bytes long. As shown in the figure below, TCP/IP divides IP addresses into three basic classes, A, B, and C (in fact, there are D and E classes, which are rarely used):
As shown in the figure, the IP address is divided into the network part and the host part, which are respectively equivalent to the office number and the subscriber line number in the telephone number. We usually use dotted decimal notation to represent IP addresses. For example, my IP address is 129.102.1.56, 129.102 refers to the LAN of the Beijing Institute of Technology, which is a class B network, and 1.56 is my host number. The RFC does not recommend using zero as a byte in an IP address, such as 129.102.1.0.
TCP/IP also allows the use of masks to non-standardly (meaning different from the three basic classes) divide IP addresses into a network part and a host part. If the mask is represented in binary, the bits of the IP address corresponding to "1" in the mask belong to the network part, and the part corresponding to "0" belongs to the host part. The customary notation for masks is also dotted decimal. If the basic division method is used, the mask of class A network is 255.0.0.0, the mask of class B network is 255.255.0.0, and the mask of class C network is 255.255.255.0. Still taking 129.102.1.56 (10000001.1100110. 00000001.00111000) as an example, if the mask is not used (actually, the basic mask is 255.255.0.0), its network part is 129.102, and its host part is 1.56. If you use the mask 255.252.0.0 (11111111.11111100.00000000.00000000), its network part is 129.100 and the host part is 2.1.56. The "1" in the mask may not be consecutive, but it is neither necessary nor laborious, nor recommended by the RFC.
The IP address belongs to the high-level address, and the physical layer can only rely on the physical address to communicate. How does the data sender find the corresponding physical address through the receiver's IP address? If the sender and the receiver are on the same physical network, the physical address of the receiver can be determined through the Address Resolution Protocol (ARP) or manual configuration.
ARP is used for shared networks such as Ethernet. Its working method is as follows: IP sends the message to be sent to the Ethernet link layer, and at the same time tells the link to which IP address (denoted as A) to forward the message; The network asks who is A; A receives the ARP request and answers its own physical address (denoted as P); the sender sends the IP packet to P after receiving the ARP response. The device can use the cache, and only make an ARP request if it cannot be found in the cache, and insert the learned physics into the cache after receiving the answer. This can improve the efficiency of ARP. In order to adapt to changes in the network, the cache must have a time limit, and the cache will be invalid after the timeout.
The manual configuration method is mainly used for non-shared networks that cannot run ARP. For example, the Dialer map needs to be configured on the 2501 to map IP addresses to phone numbers. The telephone number is equivalent to the physical address in the telephone network. Others, such as X.25 network, frame relay network, etc., need to manually match the IP address with the physical address.
Routing is required if the sender and receiver are not on the same physical network.
A route mainly includes the destination address and the next hop. A destination (denoted as D) can be a host, a network, or a subset of a network. The next hop (remembered as N) is a literal translation, called "next-hop" in English, which may be more vivid when understood as "the next station". The meaning of the positive routing information is that to reach D, go to N first. For example, "via Beijing to the United States" is a route. The purpose of a route is a composite member, consisting of an IP address and a mask. A route whose destination mask is all "1" (255.255.255.255) is commonly known as a host route, and its destination is a host. If the destination mask is not all "1", the route is destined to a certain network segment (subnet). According to the nature of the next hop, routing can be divided into two categories: direct routing and indirect routing. If the destination needs to be forwarded by a router, that is, the next hop is a router, the route is called an indirect route, otherwise it is called a direct route. It is a bit difficult to understand the direct router. For example, the Ethernet port of the router is connected to the LAN. After the router is started, there will be a route destined for the Ethernet. This route is automatically generated by the router and does not require manual configuration or operation. routing protocol to obtain. This route is a direct route. A more vivid example is: we are in Beijing and we are going to the United States, and Beijing has a direct flight to the United States, which does not require a transfer. The following figure is a comparison of direct routing and indirect routing.
Direct routing and indirect routing
There are two main ways for routers to obtain routes: manual configuration (static routing) and routing protocols (dynamic routing). Static routes are mainly used for smaller, relatively stable networks. If the network scale is large or changes frequently, such as frequent increase or decrease of networks, hosts, etc., routing protocols are required. Common routing protocols include RIP (Route Information Protocol), IGRP (Internal Gateway Route Protocl), EIGRP (Enhanced IGRP), and OSPF (Open Shortest Path First). The first three all use the VD algorithm, and OSPF uses the LS algorithm. IGRP, and EIGRP are cisco standards.
Chapter 3 Basic Configuration Methods of Routers
The "User Manual" of all routers will give a detailed introduction to the configuration method of the router. This article only introduces the general configuration framework of the router.
IP Address: Configure an IP address for each port to be used on the router
Line: The baud rate of the line needs to be configured in the private line mode; the configuration of the dial-up mode is more complicated. If it is an analog dial-up, in addition to the physical attributes (such as asynchronous, modem, baud rate, etc.), the connection between the IP address and the phone number should also be configured corresponding relationship.
Routing: After configuring the IP address and line attributes, you can configure the routing. To configure dynamic routing, just enable the dynamic routing protocol. If you need to configure static routes, it is recommended to draw a network sketch first, mark the addresses of each network and the addresses of all ports of all related routers, and then configure the routes one by one according to the sketch.
The command line configuration interface provided by the Quidway router divides the configuration status into four levels. The first level is called user mode and only provides some simple commands. Use the enable command to upgrade from normal user mode to privileged mode. Privileged mode provides some non-configuration commands, such as turning on the debug switch. To configure routing, first use the configure command to enter the global configuration state. In the global configuration mode, you can configure the global parameters of the router, such as configuring routes. Port-specific attributes such as IP addresses can be configured only in port configuration mode. Remembering the names and meanings of these four states can not only help everyone better understand the router's configuration commands, but also establish a common language with developers when seeking support from the project team.
Fourth, some common computer network concepts
Another name for an address proxy is address translation (NAT), which attempts to map IP addresses to transport-layer ports.
The working principle of the address proxy is
shown in the figure. When the local PC (the IP address is 129.102.1.56) wants to access the remote WWW server Foreign server (the IP address is 9.9.9.9), it sends a packet (9.9.9.9, 80;129.102.1.56,5000), the members in the packet are from left to right: destination address, destination port number, source address, source port. The packet becomes (9.9.9.9,80;202.38.161.1,10000) after address translation by the router, and the address proxy replaces the source address with the router's WAN port address. In order to maintain a one-to-one correspondence, the address proxy also modifies the source port number. When the router receives the foreign server's palindrome (202.38.161.1, 10000; 9.9.9.9, 80), the address proxy does the opposite and gets the message (129.102.1.56, 5000; 9.9.9.9, 80), this message The text can be sent to Local PC correctly by IP. In order to accomplish these tasks, the address proxy obviously needs to maintain a correspondence table between IP addresses and port numbers.
If the external Foreign PC (IP address is 8.8.8.8) wants to actively access the local WWW server (IP address is 129.102.1.5), the destination address of the message it sends obviously cannot directly fill in 129.102.1.5, but should fill in 202.38.161.1, only in this way can packets reach the router. So how does the router know who to forward the message to for processing (the router does not provide WWW services)? The answer is to rely on configuration. In the example shown in Figure 5-1, the router should configure 129.102.1.5 as the local WWW server.
Authentication is one of the functions of PPP. PPP provides two authentication methods, CHAP (Challenge Handshake Authentication Protocol) and PAP (Password Authentication Protocol). PAP uses plaintext (not encrypted) to transmit the password, which is one-way authentication and is only verified once at the beginning of negotiation; CHAP uses ciphertext to transmit the password, which is mutual authentication and is verified at any time during the transmission process.
Firewall is also one of the network security measures. Fire protection can be divided into packet filtering and application gateway. Packet filtering is to check the source address, destination address, source port and destination port of the packet, and filter out some packets. The packet filtering firewall can realize simple functions such as "forbid the local microcomputer whose IP address is 129.102.1.56 to be accessed". The firewall of the application layer is much more powerful, it can restrict the content of the message.
The main purpose of VPN is to obtain private network services with less capital. VPN uses the tunneling technology on the Internet, and PPP packets are encapsulated in UDP packets and transmitted to the remote end through the Internet. A branch of a company wants to access the remote center, he can choose DDN or telephone network as the connection method. These two methods are very convenient, because they are equivalent to users forming their own private network. But both methods are very expensive. Figure 5-2 provides a convenient and economical method. The ISP located in the branch provides VPN service for users. It establishes a TCP/IP tunnel in the Internet and connects its access server with the router (or server) in the center. After the ISP receives the data (PPP packet) from the branch, it does not parse it, but sends the PPP packet to the central router through the tunnel. The Internet actually provides a virtual private line from the branch to the center, and the cost paid by the user is the local communication cost and Internet access cost at both ends, which is lower than the long-distance telephone cost or the DDN cost.
Reprinted from: https://blog.csdn.net/zqixiao_09/article/details/51285547