Routing takes place on the Network layer (Layer 3) of the OSI model, and on the Network layer of the Network model. While switches are store-and-forward devices that use MAC addresses to identify nodes, routers are also store-and-forward devices, but they use IP addresses to identify nodes. Routers (and Layer 3 switches, for that matter) allow us to move data between networks. A router is also responsible for maintaining information about other routers on the network, which it stores in tables. There are also several different protocols that enable a router to learn the topology of a network.
A router can do everything a switch or hub can, and has more functionality. The obvious difference is that it is capable of handling internetwork traffic, but many routers also have firewall capabilities and the ability to use the shortest path to a node. As our networks become more complex, these features become tremendously useful.
There are two broad categories of routing, and both of them will be discussed in this chapter:
- Static routing: A static route is a routing entry that we enter manually into the router's routing table. Sometimes adding a static route is unavoidable. In the previous chapter, we needed to add a static route for DNS traffic for additional WAN interfaces. We may also have networks that are not directly connected to pfSense. In this case, pfSense will not know where to send traffic to this network; creating a static route would solve this problem. It is not an ideal solution, though: a router that relies on static routes is not very fault tolerant; it cannot detect changes on the network. This brings us to dynamic routing.
- Dynamic routing: This is implemented by dynamically configuring routing tables through an algorithm. The means by which this is done is through dynamic routing protocols. This includes Routing Information Protocol (RIP) and Open Shortest Path First (OSPF). Both of these protocols work on Layer 3 of the OSI model and the Network layer of the Network model. We can divide routing protocols into the following two broad categories:
- Distance-vector routing protocols: This group of protocols determine the best path to a node based on distance. These protocols count the number of routers through which a packet must pass in order to reach the destination, with each router having a hop count of one. It has the advantage of only having to communicate with neighboring routers that are configured to use the same distance-vector protocol. A router sends all or part of its routing table to such routers, who then amend their routing tables and inform their neighbors of the changes. Algorithms used in distance-vector protocols include the Bellman-Ford algorithm, the Ford-Fulkerson algorithm, and DUAL FSM. One of the problems with this method is the possibility of infinite loops. For example, consider the case of routers A, B, and C. A is connected to B, while B is connected to both A and C. B advertises its route to C back to A, which in turn updates its routing tables and advertises its route to C back to B, even though the route runs through B. If the link between B and C goes down, B will consult its routing table, sees that A has a route to C, and sends traffic destined for C to A. A will in turn send this traffic back to B, resulting in an infinite loop. Two ways of avoiding this outcome are split-horizon and split-horizon with poison reverse. Split horizon simply means that a router will not advertise a route back to the router from which it learned the route. This would solve the case in our example; A would not advertise its route to C back to B, since it learned the route from B. Split-horizon with poison-reverse allows a router to advertise a route back to the router from which it learned the route, but the route metric is set to infinity, which also solves the problem. Once the link between B and C goes down, B will not send packets destined for C to A, since A's path to C has a route metric of infinity. Some examples of distance-vector protocols include RIPv1, RIPv2, and Interior Gateway Routing Protocol (IGRP).
- Link-state routing protocols: This is the other main class of routing protocols and involves each router constructing a map of its connectivity to the entire network. This map takes the form of a graph. Thus, each router independently calculates the best logical path to each destination and adds the information to its routing table. These protocols have advantages over distance-vector protocols: each router has a complete map of the network, making it less likely that there will be a loop. It is easier to troubleshoot networks using link-state protocols, and changes in the network will tend to be detected more quickly. There are also some disadvantages. The database of paths requires more memory and processor power than a distance-vector routing table would. The database size, however, can be minimized if it is carefully designed. The initial discovery process generates a great deal of traffic as well. This can degrade network performance during this initial period. One example of such a protocol is OSPF.
There are several dynamic routing protocols available; not all of them are available with pfSense. They are explained as follows:
- RIP: This is an old—in fact, it's the oldest—and popular distance-vector protocol. RIPv1 used classful routing. Since the routing updates did not have subnet information, all subnets had to be of the same size within the same network class. The distance between routers was known as a hop. The maximum distance between hops was 15; 16 hops represented infinity, or an unreachable route. RIPv1 also did not have support for router authentication. Updates were done via broadcast packets. RIP uses UDP over port 520. RIPv2 improved upon RIPv1 in many ways. It introduced support for classless routing, and also support for using multicasts to send the routing table, as well as MD5 authentication. The maximum hop count remained at 15, primarily to maintain compatibility with RIPv1. The latest version of RIP, RIP next generation (RIPng), is an extension of RIPv2, which supports IPv6, does not support RIPv1 update authentication, and sends updates on port 521 instead of the reserved RIP port 520.
- OSPF: This link-state protocol constructs a topology map of the network using link-state information, in other words, which routers have turned on, off, or restarted.
- IGRP: This is a proprietary distance-vector protocol. It was developed by Cisco and increases the maximum hop count to 255. It also allows multiple metrics for each route, and is a classful routing protocol (so all addresses within an address class must have the same subnet mask). The increase of the maximum hop count addressed one of the main shortcomings of RIP.
- Enhanced Interior Gateway Routing Protocol (EIGRP): This is an update to IGRP, and as with RIPv2, it supports classless routing. Furthermore, it does not send the entire routing table to neighboring routers. Rather, it only sends incremental updates. Although EIGRP began life as a proprietary protocol, parts of the protocol were converted to an open standard in 2013.
- Border Gateway Protocol (BGP): This is a distance-vector protocol that uses TCP and is used for routing within an autonomous system.