Endless looping of packets in TCP/IP networks (Routing Loops)
How endless looping of packets in a TCP/IP network might occur?
Router is a device used to interconnect two or more computer networks and routing is the process of properly, forwarding traffic between related computer networks. Endless looping of packets in the TCP/IP network will occur due to mistakes made in the routing process. This situation is called a routing loop and it’s discussed below.
Introduction to Routing Loops
Routing loops is a problem mainly associated with “distance vector routing protocol” which is one of three main types of routing protocols, namely “distance vector routing protocol”, “link state routing protocol” and “hybrid routing protocol”.
We’ll get back in to the subject with a brief introduction to “distance vector routing protocol”. A router maintains a table called “routing table” which consists of routes to various nodes on a network. These nodes could be any kind of compatible electronic device such as computers or other routers. There could be number of routes to access a given node from a location. However a routing algorithm is responsible for selecting the best path to access a node. In “distance vector routing protocol” this is calculated based on the distance to a remote network. Number of routers to a remote network from a router is called the number of hops to the remote location. Route with least number of hops is considered as the best route.
In “distance vector routing protocol”, entire routing table is passed to adjacent neighbor routers. The receiving router compares the received routing table with its routing table. If there is any update about a better route to a node, router updates its routing table with related record. The receiving router do not try to verity the route, instead it will believe that received information is 100% correct. Because of that, this method is also called “routing by rumors”. There are number of problems associated with this routing algorithm such as “pinhole congestion” and “routing loop”. As this discussion is about “routing loops”, we’ll leave pinhole congestion to self learners and start discussion routing loops.
Routing loop occurs when a data packet is routed through the same route again an again in an endless circle. Routing loops will end up causing serious problems including, increasing CPU processing, increasing link bandwidth and even completely disabling the network. We’ll discuss about such situations with examples in this discussion.
However, there are number of reasons that might result in routing loops. Two major reasons are slow convergence of distance vector routing protocol and, misconfigured or compromised routing tables. So what is “convergence”? As we discussed before, routers send updates to each other when change of a network is detected. Network is considered as “converged” once all the routers on a network are updated with the changes. Distance vector routing protocol is well know for its slow convergence, which means that this protocol takes longer to update a change all over the network. So that, in particular time some routers will contain updated information, while some routers contain previous details, leading to problems like routing loops.
Example Scenario 1
Diagram shows our sample network containing three routers used to connect four networks together. Minimized routing table of each router is shown in the diagram. Networks column lists all the accessible networks and interface column mentions the interface which is used to access each network. Metric field is used to mention the length of the route or the number of hops between the router and the network. This network is a converged and it’s the default state of the network.
Now, we’ll remove the “Network 4″ from the network and see what might cause a routing loop.
“Network 4″ is down. “Router C” updates its routing table as shown. However because of the slow convergence of distance vector routing protocol, “Router B” is still unaware of the unavailability of the network. In that case, Router B’s routing tables still says “Network 4″ is accessible through interface S1 and it is 1 hop away from the “Router B”. As mentioned before, routers send routing tables to neighboring routers.
Imaging “Router B” sends an update message to “Router C” in this occasion.
“Router C” knows that “Network 4″ is inaccessible at the moment through E0 interface. However, “Router C” gets the update from “Router B” saying that “Network 4″ is 1 hop away from “Router B”. Because of this update message “Router C” gets the idea that “Network 4″ is accessible through “Router B”. So that “Router C” updates its routing table, reflecting this change, mentioning that “Network 4″ is reachable through interface S0, in distance of two hops.
Imagine that it is necessary to send some data from “Network 2″ to “Network 4″.
“Network 2″ will forward data to “Router B”. “Router B” will refer its routing tables and identify that “Network 4″ is reachable through interface S1 in distance of 1 hop. So that it’ll forward traffic to “Router C”, which is the next hop in the route. “Router C” will refer its routing table and identifies that “Network 4″ is assessable through interface S0 in distance of 2 hops. So that “Router C” will forward traffic to “Router B”. “Router B” gets the traffic back, that is to be delivered to “Network 4″ and it will in turn forward traffic to “Router C”. It is clear that routing loop is created here. “Router B” and “Router C” will keep forwarding traffic between each other, which should be sent to “Network 4″. This will consume the bandwidth of communication line between “Router B” and “Router C” for a useless loop and also the processing power of router will be wasted.
Eventually, “Router C” might send an update back to “Router B” and “Router B” might send an update to “Router A”, messing all three touting tables as shown below.
Now, because of slow convergence of distance vector protocol a routing loop has been formed and entire network is containing wrong routing information.
Example Scenario 2
There is another situation Routing Loops are used to Misdirecting Traffic. This is a type of know network attack. Consider below scenario. “Router A” need to Access the database sever (10.5.0.5) which is connected to the Router D through “Router C” and B. In normal scenarios traffic from “Router A” to database server is forward to the server through “Router B”, C and D.
Imagine that an attacker gain access to “Router B” and “Router A”.
Attacker will create a new fake entry in routing table of “Router B”, mentioning that database server 10.5.0.5 is assessable through “Router A”. So that when an attempt to access database server is generated from any part of the network, “Router B” will check its routing table to identify the best path. 10.5.0.5 or database server is assessable through “Router C” in 2 hops and through “Router A” in single hop. “Router B” will consider that the best path is through “Router A” and forward traffic back to the place where it generated. “Router A” will receive traffic to be forwarded to database server and it’ll send data back again to “Router B”. This creates a routing loop and all the networks that are connected to databases server through “Router B” are affected with this routing loop. None of those networks will be able to access database server until touting loop is resolved.
According to the discussion it is clear that routing loops create serious issues like disabling entire network. So that, we’ll consider few solutions used in enterprise environments to prevent routing loops.
Resolving and Preventing
Maximum hop count
In IP datagram header there is an 8-bit field called Time-To-Live (TTL). The TTL value for a datagram is set at the initiation of the datagram and TTL value should be adjusted according to the span of the network. Default value for TTL is 64 according to RFC 1700 (check reference links).
For each hop or for each router which packet passes, the TTL value is decreased by one. If TTL value was set to zero at some point, the packet is dropped by that router. So that, if a routing loop occurs between two or more routers, the packet will keep moving back and forth until it passes sixty four or defined number of maximum hops allowed. When it reaches maximum allowed hop count or when the TTL field becomes zero, the packet is dropped from the network.
This method can not prevent routing loops but it can temporarily resolve problems like bandwidth and processor wastage.
Split Horizon
When split horizon method is used, routing information can not be advertised back in the direction where it came from. As an example consider below scenario, where “Network 4″ goes down.
Routing information about “Network 4″ was advertised from “Router C” to “Router B” at the first place. So routing information about “Network 4″ came to “Router B” from “Router C”. If split horizon method is used, it is not possible to advertise routing information back from “Router B” to “Router C” again, because routing information can not be advertised back in the direction where it came from.
However, it is not restricted to advertise information in the other way because routing information was advertised from “Router C” to “Router B” and “Router B” to “Router A”. So that, “Router C” will update “Router B” that “Network 4″ is down and “Router B” will update “Router A” that “Network 4″ is down. At the end of the cycle, the network is converged as shown below, without leading to a routing loop.
Route Poisoning
In this method, an infinite metric value is assigned to a network when ever it goes down. This process is called route poisoning.
(**) The maximum hop count of the example metric is 15. So that, 16 is considered as the infinite metric. However this value can be different from network to network and it can also be set to infinite value itself.
As shown in the example, “Router C” will in turn update “Router B” by sending a route poisoning message. “Router B” will update its routing table accordingly and send update to neighboring routers.
Once this process is done, “Router B” will send a update called poison reverse, informing “Router C” that all the routers in the segment received update about route poisoning.
Hold Down Timer
Hold down timer is another way of preventing routing loops. It prevents invalid routing information from restoring into routing tables, when every a network connection goes down. Consider blow example.
“Network 4″ goes down. “Router C” marks it as down in touting table and update “Router B” about the unavailability of “Network 4″. Routers send special update message called triggered updates to inform adjacent routers about changes of a network. Triggered updates are sent immediately with a change of a network and adjacent routers will generate their own triggered updates to update their adjacent routers.
“Router B” will start hold down timer as soon as it receives this update and it also marks the network as “possibly down” in routing table. When a router is in hold down state, it will not send any advertise or it will not accept advertisements about routes where metric value is larger than the original value. The time period of a hold down is calculated to be greater than the amount of time network takes to converge.
Consider previous example. The “Network 4″ was assessable from “Router B” in a metric of 1. So that, if “Router A” sent an update when “Router B” was in hold down state, it will see that metric of “Network 4″ in update is larger than the original value “Router B” had (2 > 1). Because of that “Router B” will simply ignore the update, preventing a routing loop and allowing network to converge.
However when router is in hold down state, “Network 4″ might come alive, if so “Router C” will send an update to “Router B” with an equivalent metric value as the original. So that, “Router B” will immediately remove the hold down and start passing data back to “Network 4″ through “Router C”. Also if some Router X which has access to “Network 4″ with equivalent or a smaller metric than the original, sent an update to “Router B” information about Router X’s accessibility to “Network 4″, the hold down will be immediately stopped and data will be sent through Router X.
It is possible to use any combination of these prevention and resolving methods to stop endless looping of packets in the TCP/IP network.
References-
CCNA Cisco Certified Network Associate Study Guide (Page 257-262)
omniSecu.com – What is Routing Loop and how to avoid Routing Loop
Certificationzone.com – Routing Loop Prevention
Cisco CCNA: Distance Vector Routing
Cisco.com – Examples of Network Attacks -Misdirecting Traffic to Form a Routing Loop
Tech-Faq.com – Routing Table
Linktionary.com – Convergence of Routing Tables
TLDP.org – Metric Values
Endless looping of packets in TCP/IP networks (Routing Loops)的更多相关文章
- TCP/IP Protocol Architecture
原文: https://technet.microsoft.com/en-sg/library/cc958821.aspx 1. 主机到网络层 2.网络互连层(互连这个翻译好) ----------- ...
- Method of offloading iSCSI TCP/IP processing from a host processing unit, and related iSCSI TCP/IP offload engine
A method of offloading, from a host data processing unit (205), iSCSI TCP/IP processing of data stre ...
- Introduction Sockets to Programming in C using TCP/IP
Introduction Computer Network: hosts, routers, communication channels Hosts run applications Routers ...
- LINUX 中的 TCP/IP协议 参数详解
Ipsysctl tutorial 1.0.4 Prev Chapter 3. IPv4 variable reference Next https://www.frozentux.net/ipsys ...
- TCP/IP卷一:第一章
================================================= 版權聲明:如需轉載,請列明出處:HingAglaiaWong@博客園 支持原創,是對作者最好的的鼓勵 ...
- TCP/IP协议栈与数据报封装 (802.3 Ethernet 以太网 802.11 WLAN 无线网 )
http://blog.csdn.net/jnu_simba/article/details/8957242 一.ISO/OSI参考模型 OSI(open system interconnection ...
- tcp/ip 调优示例
# Kernel sysctl configuration file for Linux # # Version 1.12 - 2015-09-30 # Michiel Klaver - IT Pro ...
- 计算机网络基础之TCP/IP 协议栈
计算机网络基础之TCP/IP 协议栈 作者:尹正杰 版权声明:原创作品,谢绝转载!否则将追究法律责任. 一.TCP/IP 协议栈概述 1>.什么是TCP/IP协议栈 Transmission C ...
- 温故知新--计算机网络 iso/osi七层模型 tcp/ip四层模型
ISO七层模型由下至上为1至7层,分别为: 应用层(Application layer) 表示层(Presentation layer) 会话层(Session layer) 传输层(Transpor ...
随机推荐
- Windows server 2008 R2 桌面服务器管理器打开提示:试图引用不存在的令牌
来源:https://social.technet.microsoft.com/Forums/zh-CN/90f376a3-2b52-46c1-be34-4a2dbf4fdea2/winserver2 ...
- react中,用key值来解决一些奇葩问题
编辑用户信息,角色信息无法加载到值 改进之后:思路:由于值是设置在state里面的,界面编辑时,会重服务器拉去数据,值也设置在state里面了,但是CheckboxGroup依然不会去渲染选中的值, ...
- CenOS 7 安装Tomcat
1.首先需要安装jdk yum install java-1.8.0-openjdk-devel.x86_64 2.下载 http://mirrors.tuna.tsinghua.edu.cn/apa ...
- element-ui image放大 v2.x版本 点击无反应
1.官网文档:由于官网上没有写对应组件的版本信息,默认是最新版本.所以在老版本里,可能还没有这个功能. 2.github源码日志:提交时间是2019.07.25,确认后发现老版本的确没有此功能. 3. ...
- 剑指offer30:连续子数组的最大和
1 题目描述 HZ偶尔会拿些专业问题来忽悠那些非计算机专业的同学.今天测试组开完会后,他又发话了:在古老的一维模式识别中,常常需要计算连续子向量的最大和,当向量全为正数的时候,问题很好解决.但是,如果 ...
- 模块 json 和 pickle
目录 序列化 json 和 pickle 模块 序列化 序列:字符串 序列化:将其它数据类型转换成字符串的过程. 反序列化:字符串转成其它数据类型. 序列化的目的 1:以某种存储形式使用自定义对象持久 ...
- 安全篇-AES/RSA加密机制
在服务器与终端设备进行HTTP通讯时,常常会被网络抓包.反编译(Android APK反编译工具)等技术得到HTTP通讯接口地址和参数.为了确保信息的安全,我们采用AES+RSA组合的方式进行接口参数 ...
- 【Polya计数】Buildings II
Buildings II 题目描述 As a traveling salesman in a globalized world, Alan has always moved a lot. He alm ...
- linux中部署jenkins(war包)及jenkins忘记登录账号密码
未登录状态 登录状态 一:部署jenkins(war包) 1.直接下载war包jenkins.war,下载地址https://jenkins.io/download 2.将下载的war包放到服务器上t ...
- (十)easyUI之折叠面板+选项卡+树完成系统布局
一.效果 二 .编码 数据库设计 数据库函数设计,该函数根据父节点id 查询出所有字节点(包括孙子节点) BEGIN #声明两个临时变量 ); ); '; SET tempChd=CAST(rootI ...