Endless looping of packets in TCP/IP networks (Routing Loops)

How endless looping of packets in a TCP/IP network might occur?

Router is a device used to interconnect two or more computer networks and routing is the process of properly, forwarding traffic between related computer networks. Endless looping of packets in the TCP/IP network will occur due to mistakes made in the routing process. This situation is called a routing loop and it’s discussed below.

Introduction to Routing Loops

Routing loops is a problem mainly associated with “distance vector routing protocol” which is one of three main types of routing protocols, namely “distance vector routing protocol”, “link state routing protocol” and “hybrid routing protocol”.

We’ll get back in to the subject with a brief introduction to “distance vector routing protocol”. A router maintains a table called “routing table” which consists of routes to various nodes on a network. These nodes could be any kind of compatible electronic device such as computers or other routers. There could be number of routes to access a given node from a location. However a routing algorithm is responsible for selecting the best path to access a node. In “distance vector routing protocol” this is calculated based on the distance to a remote network. Number of routers to a remote network from a router is called the number of hops to the remote location. Route with least number of hops is considered as the best route.

In “distance vector routing protocol”, entire routing table is passed to adjacent neighbor routers. The receiving router compares the received routing table with its routing table. If there is any update about a better route to a node, router updates its routing table with related record. The receiving router do not try to verity the route, instead it will believe that received information is 100% correct. Because of that, this method is also called “routing by rumors”. There are number of problems associated with this routing algorithm such as “pinhole congestion” and “routing loop”. As this discussion is about “routing loops”, we’ll leave pinhole congestion to self learners and start discussion routing loops.

Routing loop occurs when a data packet is routed through the same route again an again in an endless circle. Routing loops will end up causing serious problems including, increasing CPU processing, increasing link bandwidth and even completely disabling the network. We’ll discuss about such situations with examples in this discussion.

However, there are number of reasons that might result in routing loops. Two major reasons are slow convergence of distance vector routing protocol and, misconfigured or compromised routing tables. So what is “convergence”? As we discussed before, routers send updates to each other when change of a network is detected. Network is considered as “converged” once all the routers on a network are updated with the changes. Distance vector routing protocol is well know for its slow convergence, which means that this protocol takes longer to update a change all over the network. So that, in particular time some routers will contain updated information, while some routers contain previous details, leading to problems like routing loops.

Example Scenario 1

Diagram shows our sample network containing three routers used to connect four networks together. Minimized routing table of each router is shown in the diagram. Networks column lists all the accessible networks and interface column mentions the interface which is used to access each network. Metric field is used to mention the length of the route or the number of hops between the router and the network. This network is a converged and it’s the default state of the network.

Now, we’ll remove the “Network 4″ from the network and see what might cause a routing loop.

“Network 4″ is down. “Router C” updates its routing table as shown. However because of the slow convergence of distance vector routing protocol, “Router B” is still unaware of the unavailability of the network. In that case, Router B’s routing tables still says “Network 4″ is accessible through interface S1 and it is 1 hop away from the “Router B”. As mentioned before, routers send routing tables to neighboring routers.

Imaging “Router B” sends an update message to “Router C” in this occasion.

“Router C” knows that “Network 4″ is inaccessible at the moment through E0 interface. However, “Router C” gets the update from “Router B” saying that “Network 4″ is 1 hop away from “Router B”. Because of this update message “Router C” gets the idea that “Network 4″ is accessible through “Router B”. So that “Router C” updates its routing table, reflecting this change, mentioning that “Network 4″ is reachable through interface S0, in distance of two hops.

Imagine that it is necessary to send some data from “Network 2″ to “Network 4″.

“Network 2″ will forward data to “Router B”. “Router B” will refer its routing tables and identify that “Network 4″ is reachable through interface S1 in distance of 1 hop. So that it’ll forward traffic to “Router C”, which is the next hop in the route. “Router C” will refer its routing table and identifies that “Network 4″ is assessable through interface S0 in distance of 2 hops. So that “Router C” will forward traffic to “Router B”. “Router B” gets the traffic back, that is to be delivered to “Network 4″ and it will in turn forward traffic to “Router C”. It is clear that routing loop is created here. “Router B” and “Router C” will keep forwarding traffic between each other, which should be sent to “Network 4″. This will consume the bandwidth of communication line between “Router B” and “Router C” for a useless loop and also the processing power of router will be wasted.

Eventually, “Router C” might send an update back to “Router B” and “Router B” might send an update to “Router A”, messing all three touting tables as shown below.

Now, because of slow convergence of distance vector protocol a routing loop has been formed and entire network is containing wrong routing information.

Example Scenario 2

There is another situation Routing Loops are used to Misdirecting Traffic. This is a type of know network attack. Consider below scenario. “Router A” need to Access the database sever (10.5.0.5) which is connected to the Router D through “Router C” and B. In normal scenarios traffic from “Router A” to database server is forward to the server through “Router B”, C and D.

Imagine that an attacker gain access to “Router B” and “Router A”.

Attacker will create a new fake entry in routing table of “Router B”, mentioning that database server 10.5.0.5 is assessable through “Router A”. So that when an attempt to access database server is generated from any part of the network, “Router B” will check its routing table to identify the best path. 10.5.0.5 or database server is assessable through “Router C” in 2 hops and through “Router A” in single hop. “Router B” will consider that the best path is through “Router A” and forward traffic back to the place where it generated. “Router A” will receive traffic to be forwarded to database server and it’ll send data back again to “Router B”. This creates a routing loop and all the networks that are connected to databases server through “Router B” are affected with this routing loop. None of those networks will be able to access database server until touting loop is resolved.

According to the discussion it is clear that routing loops create serious issues like disabling entire network. So that, we’ll consider few solutions used in enterprise environments to prevent routing loops.

Resolving and Preventing

Maximum hop count

In IP datagram header there is an 8-bit field called Time-To-Live (TTL). The TTL value for a datagram is set at the initiation of the datagram and TTL value should be adjusted according to the span of the network. Default value for TTL is 64 according to RFC 1700 (check reference links).

For each hop or for each router which packet passes, the TTL value is decreased by one. If TTL value was set to zero at some point, the packet is dropped by that router. So that, if a routing loop occurs between two or more routers, the packet will keep moving back and forth until it passes sixty four or defined number of maximum hops allowed. When it reaches maximum allowed hop count or when the TTL field becomes zero, the packet is dropped from the network.

This method can not prevent routing loops but it can temporarily resolve problems like bandwidth and processor wastage.

Split Horizon

When split horizon method is used, routing information can not be advertised back in the direction where it came from. As an example consider below scenario, where “Network 4″ goes down.

Routing information about “Network 4″ was advertised from “Router C” to “Router B” at the first place. So routing information about “Network 4″ came to “Router B” from “Router C”. If split horizon method is used, it is not possible to advertise routing information back from “Router B” to “Router C” again, because routing information can not be advertised back in the direction where it came from.

However, it is not restricted to advertise information in the other way because routing information was advertised from “Router C” to “Router B” and “Router B” to “Router A”. So that, “Router C” will update “Router B” that “Network 4″ is down and “Router B” will update “Router A” that “Network 4″ is down. At the end of the cycle, the network is converged as shown below, without leading to a routing loop.

Route Poisoning

In this method, an infinite metric value is assigned to a network when ever it goes down. This process is called route poisoning.

(**) The maximum hop count of the example metric is 15. So that, 16 is considered as the infinite metric. However this value can be different from network to network and it can also be set to infinite value itself.

As shown in the example, “Router C” will in turn update “Router B” by sending a route poisoning message. “Router B” will update its routing table accordingly and send update to neighboring routers.

Once this process is done, “Router B” will send a update called poison reverse, informing “Router C” that all the routers in the segment received update about route poisoning.

Hold Down Timer

Hold down timer is another way of preventing routing loops. It prevents invalid routing information from restoring into routing tables, when every a network connection goes down. Consider blow example.

“Network 4″ goes down. “Router C” marks it as down in touting table and update “Router B” about the unavailability of “Network 4″. Routers send special update message called triggered updates to inform adjacent routers about changes of a network. Triggered updates are sent immediately with a change of a network and adjacent routers will generate their own triggered updates to update their adjacent routers.

“Router B” will start hold down timer as soon as it receives this update and it also marks the network as “possibly down” in routing table. When a router is in hold down state, it will not send any advertise or it will not accept advertisements about routes where metric value is larger than the original value. The time period of a hold down is calculated to be greater than the amount of time network takes to converge.

Consider previous example. The “Network 4″ was assessable from “Router B” in a metric of 1. So that, if “Router A” sent an update when “Router B” was in hold down state, it will see that metric of “Network 4″ in update is larger than the original value “Router B” had (2 > 1). Because of that “Router B” will simply ignore the update, preventing a routing loop and allowing network to converge.

However when router is in hold down state, “Network 4″ might come alive, if so “Router C” will send an update to “Router B” with an equivalent metric value as the original. So that, “Router B” will immediately remove the hold down and start passing data back to “Network 4″ through “Router C”. Also if some Router X which has access to “Network 4″ with equivalent or a smaller metric than the original, sent an update to “Router B” information about Router X’s accessibility to “Network 4″, the hold down will be immediately stopped and data will be sent through Router X.

It is possible to use any combination of these prevention and resolving methods to stop endless looping of packets in the TCP/IP network.

References-
CCNA Cisco Certified Network Associate Study Guide (Page 257-262)
omniSecu.com – What is Routing Loop and how to avoid Routing Loop
Certificationzone.com – Routing Loop Prevention
Cisco CCNA: Distance Vector Routing
Cisco.com – Examples of Network Attacks -Misdirecting Traffic to Form a Routing Loop
Tech-Faq.com – Routing Table
Linktionary.com – Convergence of Routing Tables
TLDP.org – Metric Values