Chapter 7
The Router
A router is a device that connects two or more different computer networks. As a corporate network to the Internet. The figure below shows that a router can be seen as an exchange of data packets that operate at layer 3 of the OSI model.
Message Routing
Different routers must process it, a message to be sent from one computer to another over a network. First, a transmitter sends the IP packet to a first router. To this end, the sender encapsulates the IP packet in a frame and adds a header, as is the physical network in which stations and routes are predetermined.
If the frame reaches the router, it removes the content and examines the IP packet. The router needs to know which port the message must end. To determine the correct output port, the router looks up the destination address of the packet to be routed in the routing table when TCP / IP protocol is a routing table from a table of IP addresses and clustered IP addresses (subnet) and the respective next nodes (Next Hop).
If the destination address is found in the routing table and therefore can be routed, the router the output port sets where the thus found node. The reroute captured IP packet will be sent to the output port. The router encapsulates to the IP packet, again and again, adds a header as is the physical network that the two routers are connected to each other, predetermined. The above figure shows that an IP packet is always encapsulated in a frame that matches the respective physical network.
A router for each port has an IP address belonging to the network area of the Net-ID, to which the router is connected. Each port has its own MAC address.
A router is considered as a monitor. A data packet may not normally happen only limited by the TTL (time to live) of the packet number of routers before it reaches its final destination.
Router Types
There are many different types of routers. They can be based on their shapes, the connections, and the necessary additional functions (e.g., modem, firewall or switch) differ.
Further can be distinguished software and hardware router. Using special software is used as a conventional router, equipped with two network interface PC. A hardware router, however, is a separate device, actually a small, simple computer that has been specially developed for routing.
Commercial routers for home use are often combined with a switch,
have a modem, and a wireless AP so that only a single device is required to connect to a small home network with the Internet.
There are also switches me router function on the market. The name Layer 3 Switch "is often used for these devices.
The remainder of this chapter focuses on industrial routers. In its simplest form, such a router to a LAN and a WAN interface. Herewith an industrial network can be connected to a corporate network or the Internet. The industrial router can also optionally include a firewall so that they can be used as a full-fledged security module for the connection of industrial to corporate networks.
Layer 3 Switch
As already explained, the OSI model switches operate at layer 2, while the routers operate at layer 3. A Layer 3 switch, however, is a powerful device for routing in the network.
Layer 3 switches differ little from ordinary network routers. Both process the incoming packets and choose on the basis referred to in these addresses dynamically via the forwarding of these packets (routing). They have their origin in demand for routers that easily in large networks, for themselves leave as company intranets use.
The main difference between a Layer 3 switch and an ordinary routing is to build the hardware. In a Layer 3 switch, the hardware is one switch provided combined with a router to ensure better performance when routing in large LAN infrastructures. The Layer typically used for intranets 3 switches usually have no WAN ports and usually support no typical WAN applications.
Connecting a Private Network to the Internet
An automation network may be associated with an industrial router with a corporate network, or the Internet-based Ethernet for the automation network must be a Net-ID selected, preferably the RFC 1597 corresponds.
The below Figure shows an example. The router receives on the LAN side IP address of the selected address space for Net ID belongs. In general, this is the first or last free IP address of the network. The network interface, on the other hand, on the LAN side and a MAC address. The router acts on the network as the default gateway.
The network can through the WAN interface of the router connected to the Internet advertising. For this, get the router, usually via DHCP, assigned by the ISP (Internet Service Provider- of) a unique IP address on the Internet.
Each device on the network can now be configured as follows:
IP address
172.23.22.14
subnet Mask
255.255.0.0
default gateway
172.23.0.1
Each participant gets an IP address with the Net-ID, but the host ID is different for all participants the same for each participant.
If an application running on a networked PC application wants to initiate communication with a server on the Internet, the PC must first create an IP packet to the connection request. This IP packet is sent out via the default gateway to the Internet. For this purpose, the PC, the IP packet encapsulates in an Ethernet frame. The next figure shows the need for the creation of Ethernet frames data. The MAC address of the routers is requested via the ARP protocol.
Once the ARP reply has arrived at the router, it sends the IP packet through the WAN interface to another router on the Internet. Since the private network is disconnected from the Internet, the router replaces the source IP address of the PC with its own address on the WAN side. The private network is accessible only via these external IP address of the router over the Internet.
The server can then send a reply to the external IP address of the router. The router is now to determine at which PC this response
must be sent on the task. In response, the server details are on the original sender. To solve this problem, the IP NAT has been developed.
IP NAT
NAT: IP Masquerading
Network Address Translation (NAT) is a protocol that enables networks with unregistered IP addresses (private networks, 1597 correspond to the RFC) advertising connected to the Internet. The router recorded as described above in each message that is sent from the private network to the Internet, always its external IP address as the source address.
Each answer word that is directed from the Internet to a PC on the private network goes to the external IP address of the router but contains as TCP destination port a port number from the NAT table of the router. In this way, the router for which end the respective message is intended white.
Practically speaking, NAT a protocol of a network translates an IP address into a valid in other network IP addresses. One network is called Inside, the other outside. Generally, a company translates its local internal IP addresses in one or multiple global external IP addresses and translates incoming messages from global IP addresses.
NAT makes it, therefore, possible that operation only a single global IP address used for its communication with the outside world, the Internet. This contributes to the safety concept, as all outgoing and incoming are subject to the news an address translation.
The below Figure shows the operation of the NAT protocol. Here, the NAT protocol is used dynamically. This use is also dynamic NAT.
Port Forwarding
The static use of the NAT protocol is known as port forwarding or
port forwarding. If there is the private network server that must be accessed directly from the Internet, the endpoints of these servers can be static port numbers are assigned in the NAT table of the router to these servers from the Internet.
to achieve must be connected as the endpoint of the external IP address of the router with the port number of the NAT table. The router translates in for the special Server On outgoing messages from the endpoint to the correct endpoint of the server. This is an additional form of security. The exact IP data of the server must not be published, and any hackers know nothing about the architecture of the network are the servers in the. The next Figure shows the configuration for port forwarding or port forwarding.
1: 1 NAT
At 1: 1 NAT is an IP address translated to another without changing the TCP / UDP ports used.
If a router on the LAN side to the network 192.168.1.0/24 and via the WAN port is connected to the network 10.1.0.0/16 and has as external IP address 10.1.1.0/16, then using the 1: 1 NAT LAN nodes with the IP address 192.168.1.100 accessible on the WAN side through the IP address of 10.1.1.100.
1: 1 NAT offers interesting possibilities for the automation world:
-
Different subnets can be connected together; in all subnet zen same IP address is used.
-
No need additional routes are defined in the corporate network.
-
An ARP demon on the mGuard processes the ARP request from the external network.
-
Systems subnetworks can be addressed via the IP mapping directly from the corporate network. In this mapping, the host ID is retained; only the net ID is adjusted.
The below Figure illustrates the operation of 1: 1 NAT.