Mahmmoud A.

Mahdi

The Routing Information Protocol

The important differences between RIPv1 and RIPv2:
The primary, or most important, difference between versions 1 and 2 of RIP is that:
RIPv2 supports variable-length subnet masking (VLSM). VLSM helps preserve IP address space by enabling networks to be subdivided into smaller blocks based on need.

RIPv2 supports simple (that is, plain text) username/password authentication

which is handy to prevent unwanted changes from cluttering your routing tables.

RIPv2 routers add the ability to receive triggered updates.

When you know that your network topology is changing. This trigger forces all the RIP routers you own to assimilate the changes immediately. Triggered updates are also useful because routers that detect a link or router failure can update their routing tables and announce the change, making their neighbors aware of it sooner rather than later.

You can use the Routing And Remote Access snap-in to set up two kinds of filters that screen out some types of RIP updates:
Route filters allow you to pick and choose the

networks that you want to admit knowing about and for which you want to accept announcements. Peer filters give you control over the neighboring routers to which your router will listen.

RIP has two operation modes:

Periodic update mode, a RIP router sends out its list

of known routes at periodic intervals (which you define). Autostatic update mode, the RRAS router broadcasts the contents of its routing table only when a remote router asks for it.

One drawback to RIP in either version is that it causes the router to send its entire routing table with every update. This can generate a large amount of traffic and makes RIP inappropriate for many of todays networks. Another routing protocol, Open Shortest Path First, solves this problem by sending updates for only routes that have changed.

Internal routing:
Refers to routing that occurs within your

internetwork. By contrast, border routing is what happens when packets leave your internetwork and go to another router someplace else.

Filters are usually used to block out undesirable traffic. In general, the idea is to keep out packets that your machines doesnt need to see. You can construct filters that allow traffic into or deny traffic out of your network based on rules that specify source and destination addresses and ports.

The basic idea behind packet filtering is simple:

1. You specify filter rules. 2. Incoming packets are measured against those

There are two types of filter rule:

Accept all packets except those prohibited by a

rules.

rule. Drop all packets except those permitted by a rule.

The following are some examples of filters:

Block all packets to a web server except those

on TCP ports 80 and 443. Block all outgoing packets on the ports used by the MSN and AOL instant messaging tools. Filters on a PPTP or L2TP server can screen out everything except VPN traffic.

You create and remove filters by using the Input Packet Filters and Output Packet Filters buttons on the General tab of the Local Area Network Properties dialog box. The mechanics of working with incoming and outbound filters are identical; just remember the following guidelines:
You create inbound filters to screen traffic coming to

the interface. You create outbound filters to screen traffic going back out through that interface.

This dialog box has the following six parts:

Receive All Packets Except Those That Meet The Criteria Below

excludes the packets you specify and accepts everything else.

This option is inactive until you create a filter rule.

Drop All Packets Except Those That Meet The Criteria Below
This option is inactive until you create a filter rule.

accepts only those packets you specify and excludes everything else.
defined on this interface.

The Filters list, which is initially empty, shows you which filters are
Each entry in the list shows the following: Source address and mask Destination address and mask Protocol, port, and traffic type specified in the rule

The New, Edit, and Delete buttons allow you to add, edit, and

remove filters.

To create a filter that blocks packets by their origin or source address, check the Source Network box, and supply the IP address and subnet mask for the source you want to block. To create a filter that blocks packets according to their destination address, check the Destination Network box, and fill in the appropriate address and subnet mask. To filter by protocol, choose the protocol you want to block:

Any, which blocks everything TCP TCP (Established) IP UDP ICMP Other, with a fill-in field for a protocol number

Packet filters provide a useful security mechanism for blocking unwanted traffic on particular machines.
Its a good idea to use packet filters to keep non-VPN traffic out of your VPN servers.

You need at least two filters to adequately screen out non-PPTP traffic:
The first filter allows traffic with a protocol ID of 47

the Generic Routing Encapsulation (GRE) protocolto pass to the destination address of the PPTP interface. The second filter allows inbound traffic bound for TCP port 1723 (the PPTP port) to come to the PPTP interface. You can add a third filter if the PPTP server also works as a PPTP client; in that case, the third filter needs the interfaces destination address, a protocol type of TCP (established), and a source port of 1723.

1.

2.

3.
4. 5.

Open the Routing And Remote Access snap-in by selecting Start\ Administrative Tools \Routing And Remote Access. Expand the server and IPv4 nodes to expose the General node of the server on which youre working. Select the General node. Right-click the Local Area Connection interface, and choose Properties. In the General tab of the interfaces Properties dialog box, click the Inbound Filters button. The Inbound Filters dialog box appears. Click the New button, and the Add IP Filter dialog box appears. Fill out the Add IP Filter dialog box as follows:
Check the Destination Network check box. Fill in the destination IP address field with the IP address of the remote VPN interface. (For this exercise, we entered 192.168.1.254. You can use the same.) Enter a destination subnet mask of 255.255.255.255. Select a protocol type of TCP, and then specify a source port of 0 and a destination port of 1723. Click the OK button.

6. The Inbound Filters dialog box reappears, listing

the new filter you created in step 5.

Add another new filter using the same IP address and subnet mask, but this time specify Other in the Protocol field and fill in a protocol number of 47. When youre done, click the OK button to return to the Inbound Filters dialog box.

7. In the Inbound Filters dialog box,

Click the Drop All Packets Except Those That Meet The Criteria Below radio button And click the OK button.

8. Close the interfaces Properties dialog box.

Four filters are requiredtwo input filters and two output filters:
Two input filters with a destination of the VPN

interface address and a netmask of 255.255.255.255, filtering UDP:

One with a source and destination port of 500 The second with a source and destination port of 1701

Two output filters with a source of the VPN

interface address and a netmask of 255.255.255.255, filtering UDP:

One with a source and destination port of 500 The second with a source and destination port of 1701

1.
2. 3.

Open the Routing And Remote Access snap-in by selecting Start \ Administrative Tools \Routing And Remote Access. Select the server whose status you want to monitor in the left pane of the MMC. Select the Network Interfaces node. Select the General node beneath IPv4.

4.

Notice that the right pane of the MMC now lists all known interfaces along with their status and connection state. Notice that the right pane of the MMC updates to show the IP interfaces, their IP addresses, their administrative and operational states, and whether IP filtering is enabled on each interface. Check the number of IP routes shown.

5.

Right-click the General node, and choose the Show TCP/IP Information command.

6.

Right-click the Static Routes node, and choose the Show IP Routing Table command.
Note that the number of routes listed corresponds to the route count in the TCP/IP Information window and that some of the routes listed are automatically generated.

IP multicasting works by sending to a single IP address a packet that is read by many hosts.
Multicasting uses a special range of IP

Internet Group Management Protocol (IGMP) is used to exchange multicast group membership information between multicast capable routers.

addresses, called the Class D address space, that is reserved exclusively for multicasting.

You can configure RRAS in two modes:

IGMP router mode
Listens for IGMP membership report packets and tracks group membership. Must be attached to any interfaces that connect to multicast configured hosts.

IGMP proxy mode

essentially acts like a multicast host, except that it forwards IGMP membership report packets to an IGMP router. This provides a list of multicast-enabled hosts to an upstream router that normally wouldnt be aware of the hosts. Typically, it is used on single-router networks connected to the Internet.

IP-in-IP interfaces (or IP-in-IP tunnels)

You may need to send multicast traffic across

non-multicast-compatible routers. An IP-in-IP interface actually encapsulates packets with an additional IP header. You create and manage IP-in-IP interfaces in RRAS the same way you configure other interfaces.

Lesson 1

What Are Static and Dynamic Routing? How the IP Protocol Selects a Route Demonstration: Viewing a Routing Table Troubleshooting Routing

Statically configured routers:

Do not automatically discover the IDs of remote

Dynamically configured routers:

other routers. Can be fault tolerant.

networks. Do not exchange information with other routers. Are not fault tolerant.
Discover the IDs of remote networks automatically. Use a routing protocol to exchange information with

Lesson 2

RRAS Routing Roles Routing Protocols Configuration Options for an Interface Information Available for an Interface Demonstration: Configuring RRAS as a LAN Router

Routing roles include:

Routing role LAN router Description Can route IPv4 and IPv6 packets between network segments Automatically create a connection to a remote location by using dial-up networking or a VPN connection Perform NAT and allow computers to access the internet by sharing a single internet addressable IPv4 address.

Demand-dial

NAT

Routing protocols include:

Description Allows a RRAS server to relay DHCP requests to a DHCP server on a remote network Allows a RRAS server to act as an IGMP router or proxy for multicast traffic Allows a RRAS server to act as a NAT router to share a single IPv4 address.

Routing Protocol DHCP Relay Agent IGMP Router Proxy NAT

RIP Version 2 for Internet Protocol

DHCPv6 Relay Agent

Allows a RRAS router to perform dynamic routing with other RIP routers.
Allows a RRAS server to relay DHCP request to a DHCPv6 server on a remote network.

Interface configuration options include:

Description Enables or disables TCP/IP for the interface. Clients use router discovery advertisements to dynamically discover default gateways. Filters similar to Windows Firewall.

Configuration Option IP Router Manager Router Discovery Advertisements Inbound/Outbound filters

Fragmentation checking Specifies whether filtering is performed on packet fragments. Multicast boundaries Multicast heartbeat detection Configures time to live for multicast traffic. Used to confirm that multicast infrastructure is functioning properly.

Available interface information includes:

Description

Interface information

TCP/IP Information
Address Translations IP Addresses IP Routing Table TCP connections UDP listener ports

Statistics such as number of packets sent and received.

Translations from IP address to physical address. IP addresses that are bound to this computer. Host and network routes in the routing table of this computer Active connection and listening TCP ports. A list of UDP ports listening to accept UDP packets.

Tool Routing and Remote Access

Use for Configuring Routing and Remote Access as a router, VPN server, dialup server, or RADIUS client. Views and modifies the routing table.

Where to find it Administrative Tools Computer Management.

Route
Ping Tracert Pathping Group Policy Management Console

Command prompt

Verifying host availability Command prompt and reachability Use to verify router status on a network path Use to verify router status on a network path Edit group policy objects Create QoS policies Command prompt Command prompt Administrative Tools

Contact Me: qursaan@gmail.com