How endless looping of packets in a TCP/IP network might occur?

Router is a device used to interconnect two or more computer networks and routing is the process of properly, forwarding traffic between related computer networks. Endless looping of packets in the TCP/IP network will occur due to mistakes made in the routing process. This situation is called a routing loop and it’s discussed below.

Introduction to Routing Loops

Routing loops is a problem mainly associated with “distance vector routing protocol” which is one of three main types of routing protocols, namely “distance vector routing protocol”, “link state routing protocol” and “hybrid routing protocol”.

We’ll get back in to the subject with a brief introduction to “distance vector routing protocol”. A router maintains a table called “routing table” which consists of routes to various nodes on a network. These nodes could be any kind of compatible electronic device such as computers or other routers. There could be number of routes to access a given node from a location. However a routing algorithm is responsible for selecting the best path to access a node. In “distance vector routing protocol” this is calculated based on the distance to a remote network. Number of routers to a remote network from a router is called the number of hops to the remote location. Route with least number of hops is considered as the best route.

In “distance vector routing protocol”, entire routing table is passed to adjacent neighbor routers. The receiving router compares the received routing table with its routing table. If there is any update about a better route to a node, router updates its routing table with related record. The receiving router do not try to verity the route, instead it will believe that received information is 100% correct. Because of that, this method is also called “routing by rumors”. There are number of problems associated with this routing algorithm such as “pinhole congestion” and “routing loop”. As this discussion is about “routing loops”, we’ll leave pinhole congestion to self learners and start discussion routing loops.

Routing loop occurs when a data packet is routed through the same route again an again in an endless circle. Routing loops will end up causing serious problems including, increasing CPU processing, increasing link bandwidth and even completely disabling the network. We’ll discuss about such situations with examples in this discussion.

However, there are number of reasons that might result in routing loops. Two major reasons are slow convergence of distance vector routing protocol and, misconfigured or compromised routing tables. So what is “convergence”? As we discussed before, routers send updates to each other when change of a network is detected. Network is considered as “converged” once all the routers on a network are updated with the changes. Distance vector routing protocol is well know for its slow convergence, which means that this protocol takes longer to update a change all over the network. So that, in particular time some routers will contain updated information, while some routers contain previous details, leading to problems like routing loops.

Example Scenario 1

Diagram shows our sample network containing three routers used to connect four networks together. Minimized routing table of each router is shown in the diagram. Networks column lists all the accessible networks and interface column mentions the interface which is used to access each network. Metric field is used to mention the length of the route or the number of hops between the router and the network. This network is a converged and it’s the default state of the network.

Now, we’ll remove the “Network 4″ from the network and see what might cause a routing loop.

“Network 4″ is down. “Router C” updates its routing table as shown. However because of the slow convergence of distance vector routing protocol, “Router B” is still unaware of the unavailability of the network. In that case, Router B’s routing tables still says “Network 4″ is accessible through interface S1 and it is 1 hop away from the “Router B”. As mentioned before, routers send routing tables to neighboring routers.

Imaging “Router B” sends an update message to “Router C” in this occasion.

“Router C” knows that “Network 4″ is inaccessible at the moment through E0 interface. However, “Router C” gets the update from “Router B” saying that “Network 4″ is 1 hop away from “Router B”. Because of this update message “Router C” gets the idea that “Network 4″ is accessible through “Router B”. So that “Router C” updates its routing table, reflecting this change, mentioning that “Network 4″ is reachable through interface S0, in distance of two hops.

Imagine that it is necessary to send some data from “Network 2″ to “Network 4″.

“Network 2″ will forward data to “Router B”. “Router B” will refer its routing tables and identify that “Network 4″ is reachable through interface S1 in distance of 1 hop. So that it’ll forward traffic to “Router C”, which is the next hop in the route. “Router C” will refer its routing table and identifies that “Network 4″ is assessable through interface S0 in distance of 2 hops. So that “Router C” will forward traffic to “Router B”. “Router B” gets the traffic back, that is to be delivered to “Network 4″ and it will in turn forward traffic to “Router C”. It is clear that routing loop is created here. “Router B” and “Router C” will keep forwarding traffic between each other, which should be sent to “Network 4″. This will consume the bandwidth of communication line between “Router B” and “Router C” for a useless loop and also the processing power of router will be wasted.

Eventually, “Router C” might send an update back to “Router B” and “Router B” might send an update to “Router A”, messing all three touting tables as shown below.

Now, because of slow convergence of distance vector protocol a routing loop has been formed and entire network is containing wrong routing information.

Example Scenario 2

There is another situation Routing Loops are used to Misdirecting Traffic. This is a type of know network attack. Consider below scenario. “Router A” need to Access the database sever (10.5.0.5) which is connected to the Router D through “Router C” and B. In normal scenarios traffic from “Router A” to database server is forward to the server through “Router B”, C and D.

Imagine that an attacker gain access to “Router B” and “Router A”.

Attacker will create a new fake entry in routing table of “Router B”, mentioning that database server 10.5.0.5 is assessable through “Router A”. So that when an attempt to access database server is generated from any part of the network, “Router B” will check its routing table to identify the best path. 10.5.0.5 or database server is assessable through “Router C” in 2 hops and through “Router A” in single hop. “Router B” will consider that the best path is through “Router A” and forward traffic back to the place where it generated. “Router A” will receive traffic to be forwarded to database server and it’ll send data back again to “Router B”. This creates a routing loop and all the networks that are connected to databases server through “Router B” are affected with this routing loop. None of those networks will be able to access database server until touting loop is resolved.

According to the discussion it is clear that routing loops create serious issues like disabling entire network. So that, we’ll consider few solutions used in enterprise environments to prevent routing loops.

Resolving and Preventing

Maximum hop count

In IP datagram header there is an 8-bit field called Time-To-Live (TTL). The TTL value for a datagram is set at the initiation of the datagram and TTL value should be adjusted according to the span of the network. Default value for TTL is 64 according to RFC 1700 (check reference links).

For each hop or for each router which packet passes, the TTL value is decreased by one. If TTL value was set to zero at some point, the packet is dropped by that router. So that, if a routing loop occurs between two or more routers, the packet will keep moving back and forth until it passes sixty four or defined number of maximum hops allowed. When it reaches maximum allowed hop count or when the TTL field becomes zero, the packet is dropped from the network.

This method can not prevent routing loops but it can temporarily resolve problems like bandwidth and processor wastage.

Split Horizon

When split horizon method is used, routing information can not be advertised back in the direction where it came from. As an example consider below scenario, where “Network 4″ goes down.

Routing information about “Network 4″ was advertised from “Router C” to “Router B” at the first place. So routing information about “Network 4″ came to “Router B” from “Router C”. If split horizon method is used, it is not possible to advertise routing information back from “Router B” to “Router C” again, because routing information can not be advertised back in the direction where it came from.

However, it is not restricted to advertise information in the other way because routing information was advertised from “Router C” to “Router B” and “Router B” to “Router A”. So that, “Router C” will update “Router B” that “Network 4″ is down and “Router B” will update “Router A” that “Network 4″ is down. At the end of the cycle, the network is converged as shown below, without leading to a routing loop.

Route Poisoning

In this method, an infinite metric value is assigned to a network when ever it goes down. This process is called route poisoning.

(**) The maximum hop count of the example metric is 15. So that, 16 is considered as the infinite metric. However this value can be different from network to network and it can also be set to infinite value itself.

As shown in the example, “Router C” will in turn update “Router B” by sending a route poisoning message. “Router B” will update its routing table accordingly and send update to neighboring routers.

Once this process is done, “Router B” will send a update called poison reverse, informing “Router C” that all the routers in the segment received update about route poisoning.

Hold Down Timer

Hold down timer is another way of preventing routing loops. It prevents invalid routing information from restoring into routing tables, when every a network connection goes down. Consider blow example.

“Network 4″ goes down. “Router C” marks it as down in touting table and update “Router B” about the unavailability of “Network 4″. Routers send special update message called triggered updates to inform adjacent routers about changes of a network. Triggered updates are sent immediately with a change of a network and adjacent routers will generate their own triggered updates to update their adjacent routers.

“Router B” will start hold down timer as soon as it receives this update and it also marks the network as “possibly down” in routing table. When a router is in hold down state, it will not send any advertise or it will not accept advertisements about routes where metric value is larger than the original value. The time period of a hold down is calculated to be greater than the amount of time network takes to converge.

Consider previous example. The “Network 4″ was assessable from “Router B” in a metric of 1. So that, if “Router A” sent an update when “Router B” was in hold down state, it will see that metric of “Network 4″ in update is larger than the original value “Router B” had (2 > 1). Because of that “Router B” will simply ignore the update, preventing a routing loop and allowing network to converge.

However when router is in hold down state, “Network 4″ might come alive, if so “Router C” will send an update to “Router B” with an equivalent metric value as the original. So that, “Router B” will immediately remove the hold down and start passing data back to “Network 4″ through “Router C”. Also if some Router X which has access to “Network 4″ with equivalent or a smaller metric than the original, sent an update to “Router B” information about Router X’s accessibility to “Network 4″, the hold down will be immediately stopped and data will be sent through Router X.

It is possible to use any combination of these prevention and resolving methods to stop endless looping of packets in the TCP/IP network.

References-
CCNA Cisco Certified Network Associate Study Guide (Page 257-262)
omniSecu.com – What is Routing Loop and how to avoid Routing Loop
Certificationzone.com – Routing Loop Prevention
Cisco CCNA: Distance Vector Routing
Cisco.com – Examples of Network Attacks -Misdirecting Traffic to Form a Routing Loop
Tech-Faq.com – Routing Table
Linktionary.com – Convergence of Routing Tables
TLDP.org – Metric Values

Endless looping of packets in TCP/IP networks (Routing Loops)的更多相关文章

  1. TCP/IP Protocol Architecture

    原文: https://technet.microsoft.com/en-sg/library/cc958821.aspx 1. 主机到网络层 2.网络互连层(互连这个翻译好) ----------- ...

  2. Method of offloading iSCSI TCP/IP processing from a host processing unit, and related iSCSI TCP/IP offload engine

    A method of offloading, from a host data processing unit (205), iSCSI TCP/IP processing of data stre ...

  3. Introduction Sockets to Programming in C using TCP/IP

    Introduction Computer Network: hosts, routers, communication channels Hosts run applications Routers ...

  4. LINUX 中的 TCP/IP协议 参数详解

    Ipsysctl tutorial 1.0.4 Prev Chapter 3. IPv4 variable reference Next https://www.frozentux.net/ipsys ...

  5. TCP/IP卷一:第一章

    ================================================= 版權聲明:如需轉載,請列明出處:HingAglaiaWong@博客園 支持原創,是對作者最好的的鼓勵 ...

  6. TCP/IP协议栈与数据报封装 (802.3 Ethernet 以太网 802.11 WLAN 无线网 )

    http://blog.csdn.net/jnu_simba/article/details/8957242 一.ISO/OSI参考模型 OSI(open system interconnection ...

  7. tcp/ip 调优示例

    # Kernel sysctl configuration file for Linux # # Version 1.12 - 2015-09-30 # Michiel Klaver - IT Pro ...

  8. 计算机网络基础之TCP/IP 协议栈

    计算机网络基础之TCP/IP 协议栈 作者:尹正杰 版权声明:原创作品,谢绝转载!否则将追究法律责任. 一.TCP/IP 协议栈概述 1>.什么是TCP/IP协议栈 Transmission C ...

  9. 温故知新--计算机网络 iso/osi七层模型 tcp/ip四层模型

    ISO七层模型由下至上为1至7层,分别为: 应用层(Application layer) 表示层(Presentation layer) 会话层(Session layer) 传输层(Transpor ...

随机推荐

  1. Swift学习 (一)

    以后会自己总结学习Swift的笔记与深化.希望能够帮助已经有Objective-C经验的开发者更快地学习Swift.我们一起学习,同时也品味到Swift的精妙之处. 结论放在开头:我认为Swift比O ...

  2. node.js连接DB2实现fetchRows一行一行获取sql的源码

    参见程序中的queryResult那部分: /* * This example demonstrates how to fetch a single row from a large table * ...

  3. 使用Vulcan工具构建真实的业务负载进行网络压力测试,满足SD-WAN,White-box Switch的Performance,QoE,SLA测试要求

    工具链接#  https://xenanetworks.com/vulcan/ 使用Vulcan工具,可构建真实的业务负载进行网络压力测试 满足Performance,QoE,SLA等测试要求 硬件指 ...

  4. windwos提权-CVE-2019-1388

    windwos提权-CVE-2019-1388 guest→system(UAC手动提权) 利用高权限建立一个低权限账户orange 查看权限 win-vomjm1p7c71\orange 下载HHU ...

  5. element-ui image放大 v2.x版本 点击无反应

    1.官网文档:由于官网上没有写对应组件的版本信息,默认是最新版本.所以在老版本里,可能还没有这个功能. 2.github源码日志:提交时间是2019.07.25,确认后发现老版本的确没有此功能. 3. ...

  6. Laravel-admin图片本地上传配置问题

    先打开config/filesystems.php 修改添加其中的 'admin' => [ 'driver' => 'local', 'root' => public_path(' ...

  7. 十、LCD的framebuffer设备驱动

    在读者学习本章以及后续LCD相关章节之前,最好拥有LCD裸机基础,可以参考:LCD编程. 在内核中,表示LCD使用的是framebuffer(帧缓冲,简写为fb),其内容对应于屏幕上的界面显示.修改f ...

  8. SysTick系统定时器(功能框图和优先级配置)

    SysTick—系统定时器是属于 CM3 内核中的一个外设,内嵌在 NVIC 中.系统定时器是一个 24bit (2^24)的向下递减的计数器,计数器每计数一次的时间为 1/SYSCLK,一般我们设置 ...

  9. 少儿编程Scratch第四讲:射击游戏的制作,克隆的奥秘

    上周的宇宙大战射击游戏中,我们只完成了宇宙飞船发射子弹的部分.还未制作敌对方.这周制作了敌方-飞龙,飞龙随机在屏幕上方出现,如果被子弹打中,则得分,飞龙和子弹都消失. 敌方:飞龙:计分. 目的 目的: ...

  10. Spring邮件服务:Maven + Spring SMTP Mail (可发送附件)

    1  spring-smtp-mail.xml <?xml version="1.0" encoding="UTF-8"?> <beans x ...