The Concept of Static & Dynamic Routing (Packet Tracer Examples with Configuration )

What is IP Routing?

Routing is the process of selecting a path in the network for the transfer of packets between different nodes. The path that a packet follows in the network is called a route. The routes are shared among different networks using a different set of rules and policies, which are called protocols. The decision of forwarding packets among different networks is done by an intelligent device called the router.

We have two main routing techniques, which are below.

• Static Routing

• Dynamic Routing

1- Static Routing

In this type of routing administrator configures the routers manually, routers cannot decide on their own. Administrators manually add routes on every router where routing is required, which provides the administrator full control over the network. Static routing is a simple way of configuring routers for exchanging packets, it does not use any complex algorithm. Static routing is also called non-adaptive routing.

Features of Static Routing

• In static routing, the usage of CPU is very low b/c router does not take decisions and reading overheads.

• Static routing is much secure routing as routes are not advertised to other routers and the administrator has full control over the network.

• In static routing, no updates are shared with connected routers, so usage of RAM and Bandwidth is very less.

• Static routing is not fault-tolerant as the router cannot take the decision and re-route traffic to any other path.

• Static routing is good for small networks but when networks get bigger, static routing becomes complex.

The default route is also a type of static route where whole network traffic is directed to a single hop.

2- Dynamic Routing

Dynamic routing is a type of routing in which routing decisions are taken by the router without any manual intervention of the administrator. In dynamic routing routers periodically share updates and thus inform others about every change that occurs in the network. Dynamic routing uses a complex network algorithm that continuously checks the network changes and calculates updated status to the destination network using the algorithms. These algorithms assisted by a set of rules and policies are called routing protocols which help the router to take decisions.

Features of Dynamic Routing

• It is suitable for all types of topologies even when we have many routers.

• Dynamic routing is less secure than static routes due to the broadcast and multicasts.

• Dynamic routing more fault-tolerant as the router takes the decision and re-routes traffic to other paths.

• It needs additional resources like CPU, RAM, and interface bandwidth for better performance.

• In dynamic routing, the router selects the best path to destination therefore we always experience better latency.

• When new routers are integrated into an existing network, we do not need to change the configuration of all routers in the new excepts the connected routers.

• When multiple policies are implemented against the same network, the router can decide on its own without administrator influence.

2b- Dynamic Routing Protocols

We have multiple protocols for implementing dynamic routing in our networks which are chosen based on the need and size of the network. Below is the list of dynamic routing protocols.

2c- Steps to perform Static Routing.

In static routing, we manually add the required routes in the router, which are saved in the routing table of the router, and packets are forwarded accordingly.

In the below network we have three routers R1, R2 & R3 connected but we want to reach the PCB from the PCA through the network. We will use the following commands and procedures to do that.

Router R3 Configuration

R3(config)#interface GigabitEthernet0/1

R3(config-if) #ip address 192.168.4.1 255.255.255.0

R3(config-if) #no shutdown

R3(config)#interface GigabitEthernet0/0

R3(config-if) #ip address 192.168.3.2 255.255.255.0

R3(config-if) #no shutdown

R3(config)#ip route 192.168.2.0 255.255.255.0 192.168.3.1

R3(config)#ip route 192.168.1.0 255.255.255.0 192.168.3.1

Router R2 Configuration

R2(config)#interface GigabitEthernet0/1

R2(config-if) #ip address 192.168.3.1 255.255.255.0

R2(config-if) #no shutdown

R2(config)#interface GigabitEthernet0/0

R2(config-if) #ip address 192.168.2.2 255.255.255.0

R2(config-if) #no shutdown

R2(config)#ip route 192.168.4.0 255.255.255.0 192.168.3.1

R2(config)#ip route 192.168.1.0 255.255.255.0 192.168.3.1

Router R1 Configuration

R1(config)#interface GigabitEthernet0/1

R1(config-if) #ip address 192.168.2.1 255.255.255.0

R1(config-if) #no shutdown

R1(config)#interface GigabitEthernet0/0

R1(config-if) #ip address 192.168.1.1 255.255.255.0

R1(config-if) #no shutdown

R1(config)#ip route 192.168.4.0 255.255.255.0 192.168.3.1

R1(config)#ip route 192.168.3.0 255.255.255.0 192.168.3.1

Routing Table Analysis-Static Routing

Routing Table at R1

R1#show ip route static

S 192.168.3.0/24 [1/0] via 192.168.2.2

S 192.168.4.0/24 [1/0] via 192.168.3.2

Routing Table at R2

R2#show ip route static

S 192.168.1.0/24 [1/0] via 192.168.2.1

S 192.168.4.0/24 [1/0] via 192.168.3.2

Routing Table at R3

R3#show ip route static

S 192.168.1.0/24 [1/0] via 192.168.3.1

S 192.168.2.0/24 [1/0] via 192.168.3.1

We will use the same topology for implementing dynamic routing and check the reachability.

RIP: Routing Information Protocol

We will use RIPV2 for checking the reachability on the same topology first.

The configuration related to interfaces will remain the same, below is the configuration related to routing protocol RIP only. The PCA-PCB are successfully reaching each other, the same is verified from routing Tables of the routers.

Router R3 Configuration

R3(config)#router rip

R3(config-router) #version 2

R3(config-router) #network 192.168.4.0

R3(config-router) #network 192.168.3.0

R3(config-router) #no auto-summary

Router R2 Configuration

R2(config)#router rip

R2(config-router) #version 2

R2(config-router) #network 192.168.2.0

R2(config-router) #network 192.168.3.0

R2(config-router) #no auto-summary

Router R1 Configuration

R1(config)#router rip

R1(config-router) #version 2

R1(config-router) #network 192.168.2.0

R1(config-router) #network 192.168.1.0

R1(config-router) #no auto-summary

Routing Table Analysis-RIP

Exterior Gateway Routing Protocol

The configuration related to interfaces will remain the same, below is the configuration related to routing protocol EIGRP only. The PCA-PCB are successfully reaching each other, the same is verified from the routing tables of the routers.

Router R3 Configuration

R3(config)#router eigrp 100

R3(config-router) #network 192.168.3.0 0.0.0.255

R3(config-router) #network 192.168.4.0 0.0.0.255

Router R2 Configuration

R2(config)#router eigrp 100

R2(config-router) #network 192.168.3.0 0.0.0.255

R2(config-router) #network 192.168.2.0 0.0.0.255

Router R1 Configuration

R1(config-router) #router eigrp 100

R1(config-router) #network 192.168.1.0 0.0.0.255

R1(config-router) #network 192.168.2.0 0.0.0.255

Routing Table Analysis-EIGRP

OSPF: Open Shortest Path First

The configuration related to interfaces will remain the same, below is the configuration related to routing protocol OSPF only. The PCA-PCB are successfully reaching each other, the same is verified from the routing tables of the routers.

Router R3 Configuration

R3(config)# router ospf 100

R3(config-router) #network 192.168.3.0 0.0.0.255 area 10

R3(config-router) #network 192.168.4.0 0.0.0.255 area 10

Router R2 Configuration

R2(config)#router ospf 100

R2(config-router) #network 192.168.3.0 0.0.0.255 area 10

R2(config-router) #network 192.168.2.0 0.0.0.255 area 10

Router R1 Configuration

R1(config-router) #router ospf 100

R1(config-router) #network 192.168.1.0 0.0.0.255 area 10

R1(config-router) #network 192.168.2.0 0.0.0.255 area 10

Routing Table Analysis-OSPF

BGP: Border Gateway Protocol

The configuration related to interfaces will remain the same, below is the configuration related to routing protocol BGP only. The PCA-PCB are successfully reaching each other, the same is verified from the routing tables of the routers.

Router R3 Configuration

R3(config)#router bgp 65532

R3(config-router) #neighbor 192.168.3.1 remote-as 65531

R3(config-router) #network 192.168.4.0

R3(config-router) #network 192.168.3.0

Router R2 Configuration

R2(config)#router bgp 65531

R2(config-router) #neighbor 192.168.3.2 remote-as 65532

R2(config-router) #neighbor 192.168.2.1 remote-as 65530

R2(config-router) #network 192.168.2.0

R2(config-router) #network 192.168.3.0

Router R1 Configuration

R1(config)#router bgp 65530

R1(config-router) #neighbor 192.168.2.2 remote-as 65531

R1(config-router) #network 192.168.1.0

R1(config-router) #network 192.168.2.0

Routing Table Analysis-BGP

Whenever we find the entry for a router in the routing table of a router, the router will reach the specific network. The routing table of all the protocols shows the entry for all remote routes and we will reach the remote network.

Hardening of Network Devices ( Router & Switch)

 

Hardening Routers and Switches

Hardening is a term used for the protection of network equipment’s against attacks and vulnerabilities to mitigate security risks. Network security is the major concern of every enterprise, so network security experts highly recommend the proper hardening of every network device.

A proper network design and key management of the system functions are the profound features of a good network that make sure all security measures have been taken. The security checks are implemented layers-wise to ensure security at each layer. Router and Switches are the key devices in a network where hardening can be performed to block intruders accessing the network.

Hardening a Router

The below checklist can be used for making sure a router and connected networks are fully secure.

 

·         Creating a Complex Password

To limit the access of a router, a secure and complex password must be created for both console and remote management. Both two-factor authentications must be enabled with more than 8 digits alphanumeric passwords. It will make sure that configuration cannot be altered even if the device is somehow accessed 

·         Password Encryption

Normally passwords are stored in plain text in the running configuration of routers and when the configuration is collected for back up. Therefore it is highly recommended to use encryption of all service passwords in the device. 

·         Integration of Router with External AAA

The local users accessing the system must be authenticated via an AAA server for better security.  The centralized AAA server will be Authenticating, Accounting, and Authorizing users and all their activities will be recorded. Using AAA, we may enforce the desired security policies which every network device does not support. 

·         Limiting the Number of Failed Attempts

In the case where no AAA is integrated, we must enable a limited number of attempts to access the device against each user account. That will protect the hit and trial attempts to crack a password. 

·         Configuring Access Control List (ACL)

Configuring an ACL will block all undesired access attempts from unknown source IPs. Only limited IP subnets should be used to access the device.

·         Enabling Syslog Server

To record the activities performed on the router, syslog should be enabled as it will store large data for auditing the router and will generate incident alerts whenever the device is accessed.

·         Integration of Network Time Protocol Server (NTP)

NTP is integrated to check the timestamp of the activities that have been performed on the device. It is highly helpful in incident handling. 

·         Enabling SSH on Router

For remote management, we use either telnet or SSH protocol, telnet sends the data in plain text and passwords are readable, so it is recommended to enable SSH for encrypted text.

·         Updated Security Patches

Latest updates related to all security patches must be installed on the router and latest router IOS must be available where threats and bugs are mitigated. 

·         Shutting down unused Interfaces.

Shutting down the unused router interfaces will not allow to hack or telnet into the system.

If interfaces are not shut, local connectivity maybe established and DDOS attacks can be generated to confuse the router which may lead to rebooting of the system.  

·         Disabling Unused Functions

Unused features of the router should be blocked, like CDP or LLDP’s should be disabled for the unnecessary discovery of devices. 

Hardening a Switch

·         Creating a Complex Password

To limit the access of a switch, a secure and complex password must be created for both console and remote management. Both two-factor authentications must be enabled with more than 8 digits alphanumeric passwords. It will make sure that configuration cannot be altered even if the device is somehow accessed. 

·         Password Encryption

Normally passwords are stored in plain text in the running configuration of switches and when the configuration is collected for back up. Therefore it is highly recommended to use encryption of all service passwords in the device.

·         Enabling SSH on Switch

For remote management, we use either telnet or SSH protocol, telnet sends the data in plain text and passwords are readable, so it is recommended to enable SSH for encrypted text. 

·         Shutting down unused Interfaces.

Shutting down the unused router interfaces will not allow to hack or telnet into the system.If interfaces are not shut, local connectivity maybe established and DDOS attacks can be generated to confuse the router which may lead to rebooting of the system.  

·         Disabling Unused Functions

Unused features of the router should be blocked, like CDP or LLDP’s should be disabled for the unnecessary discovery of devices.

·         Management VLAN

Normally users keep Vlan1 as management VLAN, but it is highly recommended to change the VLAN to some other VLAN and a limited number of interfaces should be bind with it the VLAN.

·         Description of Interfaces

The description should be added to all user interfaces to know the usage of ports based on their function whether uplink or downlink.

·         Port Security

Port security should be enabled in the switch to avoid MAC addressing spoofing and limiting the access of hackers into the switch. 

·         Enabling STP

Enabling STP protocol will ensure that no loops are existing in the system that will protect the device from a deliberate broadcast storm generation and MAC poisoning.

·         SNMP Community

SNMP protocol is used for transferring stats to a server over the network and may have a risk of a critical network information hack. The community string must not be the default and should be set to read-only.

 

 

 

 

 

 

Trending Technologies - 2021

The word "Technology" refers to the conversion of scientific knowledge for practical purposes. Science has developed with a very high speed since its development and has been through many ages reaching today.

Now we are living in the age of technology where every activity is being recorded and processed. This processing is done at a very high speed using different algorithms and software-assisted by highly efficient hardware. THE recent COVID-19 breakout has changed the working style of people and shown the significance of IT in daily life. The main challenge that brought every IT professional to learn more and remain updated about information Technology was COVID-19. COVID-19 not only changed the life of IT Persons but also non IT professional were compelled to know the usage of IT Platforms.

The technologies that are currently leading the market and creating job opportunities are below. To remain in ICT and excel in ICT, IT Professionals need to enhance their skills in either of the latest technologies.

• Artificial Intelligence 

• Cloud Computing

• 5G Technology

• Dev OPS

• Robotics Process Automation -RPA

• Cybersecurity.

• VR & AR (Virtual & Augmented Reality)

• IOET -Internet of Everything.

• Blockchain Technologies.

Artificial Intelligence 

We the Humans have always tried to shift our works towards machines for either fast delivery or accuracy or other benefits.

Here we must be thankful to machines for performing our jobs the way we like. Our level of relying on machines has increased to a level where we want machines to Think and Act like us.

Artificial intelligence is not a baby technology, It has already risen to prominence since its birth in the 1950s. In 1950 a scientist Alan Turing has started to think about getting mathematical jobs done by machines. Currently, AI & Machine learning is being used in all main business giants  Amazon, Ali Baba, Netflix, Alexa, Siri, and many other examples are there. 

If you want to make a career in AI & Machine learning we are recommending some really good courses which will build a good foundation for you and the good NEWS is they are free or financial aid is available.

AI For Everyone: A good course for foundation building, available on Coursera. Financial Aid is available, click the below link for starting the course.

https://www.coursera.org/learn/ai-for-everyone

 

Cloud Computing:

With the passage of time, technology focussed on the size and efficiency of hardware. Actually, the big hardware was a problem that had a high power consumption, large volume, and high hardware failure rate. These were some factors that compelled Engineers & Architects to think for small size and high efficiency. But in continuation to that, cloud services are introduced where no or some hardware is required at the user end.

In the cloud, hardware has been limited to data centers and users get services from the cloud service provider. Cloud Service providers have already established Edge Data Centers for providing services from the nearest server which will reduce latency. Currently, available best cloud service providers are below.

• Microsoft Azure 
• Amazon Web Services (AWS)
• Google Cloud.
• Alibaba Cloud.
• IBM Cloud.
• Oracle.

You can take start a career in any one of the above CSP's but free training courses for Azure, AWS, GCP & Ali Baba are readily available. You can with Ali Baba Cloud with the below course.

https://edu.alibabacloud.com/course/353   (Ali Baba Cloud Fundamentals)

5G Technology

The latest technology that is in demand is 5G and it will remain an evergreen field that will be launched using other technologies. 5G is nothing without Cloud Native, IPV6, IoT, and knowledge of 5G call flows. 5G will mainly be focussing on three main targets ( eMMB, URLLC, mMTC) I have defined their information below.

eMMB: Enhanced Mobile Broadband 

5G is targeting 10Gbps which is almost 10 times of 4G LTE, this high speed will enable us to use applications that are high bandwidth craving like Virtual reality (VR), Augmented Reality (AR) and other such uses.

URLLC: Ultra-Reliable Low Latency Communication

The normal latency in LTE is 10-30 ms but 5G is targeting 1ms of latency to support application that requires very low latency like Online Gaming, Connected Cars, and online Surgeries, etc.

mMTC: Massive Machine Type COmmunication:

The currently available device density for LTE is 1 lakh devices per square Kilometer, we are targeting 10 times of that for 5G and that is 1*10 Lakh or 1 million devices/Sq KM.

We are already having a large amount of study material on the internet but the below Huawei Online Portal is best for beginner to expert level 5G aspirants. You need to create your account for online study.  Link to HCIA 5G is pasted below. 

https://enclass.hiclc.com/sso/#/?returnUrl=https%3A%2F%2Fenclass.hiclc.com%2Fportal%2F%23%2Fsearch%2Fen%2F5G&area=en

DevOps:

The term DevOps is referred to the combination of practices in IT & Software development, that reduces the development cycle through high-quality software but in the small slot between the development and deployment. 

CKAD is one of the high privileged course in DevOps , below is the link 

https://www.udemy.com/courses/search/?src=ukw&q=CKAD

More to come on it.....