Upgrading and Repairing Networks

What Routers Do

Bridges and repeaters can be used to add to the number of computers and extend the distance covered by an older Ethernet or Token-Ring LAN. Bridges, intelligent hubs, and most switches operate at level 2 in the OSI network model, making decisions by analyzing the hardwired MAC addresses of the installed network card for each system on the LAN. Remember that the hardware addressing scheme produces a flat address space. If you want to create a switch that communicates easily with all the computers hooked up to the Internet, it would need to store millions upon millions of these unorganized addresses in memoryan impossible task indeed.

Routers operate one step farther up the OSI model at the third layer, the Network layer. The Network layer offers a logical address space, which makes it easier to organize networks and route traffic between networks. This overcomes the flat address space provided by lower-level devices that use Media Access Control (MAC) addresses. Each router contains two or more network interfaces. One or more of these interfaces can be used to connect the router to a wide area network, whereas other interfaces can be used to connect to local network segments. Routers receive input from one network interface, and then make routing decisions based on which interface can best get the packet to its eventual destination. The port on which the packet is retransmitted can lead to another router or another LAN segment directly connected to the router.

	Switches are covered in Chapter 8, "Network Switches," and in Chapter 9, "Virtual LANs."

	If you're interested, the OSI network reference model is covered in Appendix A, "Overview of the OSI Seven-Layer Networking Reference Model."

Hierarchical Network Organization

The important difference between MAC addresses and logical network addresses (such as TCP/IP and IPX/SPX) is that the logical network addresses allow for the organization of a collection of networks into a hierarchy. This logical distribution of network addresses can be modeled after the logical organization of your business, as in a collection of departmental LANs based on an organizational chart. Or it can represent a geographical model of a business, with individual LANs located in branch offices. Or, as is usually the case, it can be a combination of both of these.

The router is the device that can connect all these different LAN segments so that larger networks can be created that go beyond the limits imposed by LAN topology standards, such as Ethernet and Token-Ring. The Internet is the prime example of a large collection of separate networks, all managed in a decentralized manner, but organized in a logical hierarchical address space. Routers connect these many thousands of networks and make decisions on how best to deliver network information from one client to another on a different network, all based on constantly changing, constantly updating routing information. They do this by storing information about how to deliver packets to different networks on the Internet.

A routing table keeps track of these routes, which can include multiple routing hops on the way to the eventual destination. A router does not always know the entire route that a packet will take to get to its destination. If the destination is on another LAN segment attached to the router, the router might not know the immediate network destination. If this is the case, the router uses a catch-all "default gateway" to send the packet to. On the Internet, a packet usually passes through many routers to reach its destination. In this case, a router simply keeps in its routing table the "next hop" that the packet needs to be sent to in order to reach its destination. Each router on the way to the destination knows the next hop in the path, or uses its default gateway entry in the routing table.

Routers are not limited to using the TCP/IP protocols, though perhaps most of the routers in the world todayon the Internetare used for IP routing. Most corporate and business-class routers can be configured to route many other protocols, such as IPX/SPX and AppleTalk, in addition to TCP/IP, and do it all at once. However, SOHO routers, such as those used to connect a network to a cable or DSL modem, use only the TCP/IP protocol.

Providing Security

When you think about how a router functionsit examines the header information of the network protocol portion of a packet so that it can make routing decisionsit also should become obvious that it is at the router that you can create a "chokepoint" for your network. That is, you can use router configuration rules to allow or deny network traffic based on information found in the network packet header. For example, when using a router as a first-defense mechanism in a firewall, you can enable or disable communication over specific TCP or UDP ports, to deny access to network traffic for selected applications. For example, this is how you could prevent someone from using Telnet to log in to a computer on your networkby blocking Telnet communications (port 23) at the router. You can also block certain network addresses from passing data through a router into your network (and vice versa). This is a very powerful capability used as part of a firewall.

A firewall, though, is usually composed of more than just a simple router, and includes things such as stateful-inspection techniques and application proxies. However, routers were the first devices used to create a "firewall" when it became obvious that the ever-expanding Internet no longer was the safe, academic environment it once was.

	You can learn more about routers and how they function in a firewall environment in Chapter 45, "Firewalls." Chapter 24, "Overview of the TCP/IP Protocol Suite," covers TCP and UDP ports.

Routers also provide logging facilities. You can use this data when trying to determine whether your network has been infiltrated. Although most serious hackers today are more sophisticated and would spoof IP addresses in a packet, newcomers who simply download the many free hacker utilities off the Internet can be found easily by checking log files on a router. To provide extra safety, some routers allow you to send log file information to the syslog daemon on the Unix/Linux host so that if the router itself is compromised, the log file data will still be available.