Chapter 1 - Introduction to Windows NT Routing with Routing and Remote Access Service
Routing and Remote Access Service for Microsoft®Windows NT® Server version 4.0 is an open, extensible platform for routing and internetworking. It offers businesses LAN-to-LAN routing and remote office connectivity over private wide area networks (WANs), or over the Internet by using secure virtual private network (VPN) connections. Therefore, it is an easy, flexible way for businesses to deploy virtual private networks (VPNs).
Routing and Remote Access Service is intended for use by system administrators already familiar with routing protocols and routing services. Through the Routing and RAS Admin tool, administrators can view and manage both routers and RAS servers in their network.
Routing and Remote Access Service offers the advantage of being integrated with the Microsoft Windows NT Server operating system. It delivers many cost-saving features and can work with a wide variety of hardware platforms and hundreds of network interface cards. Routing and Remote Access Service is open and extensible with APIs that third-party developers can use to create custom networking solutions and that new vendors can use to participate in the growing open internetworking business.
Routing and Remote Access Service is designed for use with Windows NT Server version 4.0. The routing service already included with Windows NT Server version 4.0 — MultiProtocol Routing(MPR) version 1 — is suitable for smaller organizations and branch offices that require limited routing support over LANs. Routing and Remote Access Service extends the internetworking and routing capabilities available in MPR version 1 and enables routing over WANs and demand-dial networks.
Note Routing and Remote Access Service running on Windows NT Server version 4.0 is also referred to as the Windows NT router.
Routing and Remote Access Service includes the following features:
Finding Information About Routing and Remote Access Service
Routing and Remote Access Service is intended for use by system administrators already familiar with routing protocols and routing services.
This manual, Routing and Remote Access Service Administrator's Guide, provides conceptual information about routing in Windows NT as well as information on installing and monitoring Routing and Remote Access Service. You can find additional information about Routing and Remote Access Service in the following places:
Online Help file: The online Help file that is part of Routing and Remote Access Service includes information on how to use the Routing and RAS Admin tool.
To access online Help
There is also online context-sensitive Help available to describe particular controls in dialog boxes. To access this, in a dialog box, click the question mark in the upper right corner of the window, and then click the control on which you want help.
Additional files: The Readme.doc file on the Microsoft Routing and Remote Access Service Web site contains descriptions of product features that were added or changed after the documentation was created, and descriptions of any known issues.
Routing is the process of connecting networks and transferring information between them. A hardware router (sometimes called "box-based routing") is a dedicated hardware box for routing. A software router is a general-purpose computer that also runs routing software. For further information on routing and routers, see "References and Suggested Reading" at the end of this chapter.
A typical router is connected to two or more networks over LAN or WAN media. It learns network information (such as addresses and services) from one network, and then propagates this information to other networks to enable connectivity between all computers on all networks. Routing protocols — OSPF, RIP, SAP, and others — are used to learn and propagate address and service information. Computers on a network can send information to another network through the router. The router examines packets and uses the destination address in a packet header to decide which network the packet should be sent to.
You can use routers in many different topologies and network configurations. When placing a Windows NT router into your network, you must choose network and routing protocols, LAN or WAN media, as well as hardware (network adapters and modems or other remote access devices) for the router.
Routing and Remote Access Service also includes demand-dial suport. Setting up a demand-dial interface enables you to initiate a connection to a remote site. The connection becomes active only when there is data to be sent to the remote site or when you exchange routing information with the remote site. When no data has been sent over the link for a specified amount of time, the link closes. By making a demand-dial connection, you can use existing telephone lines (or other WAN media) instead of leased lines for low-traffic links. This can significantly reduce your connection costs.
Routing and Remote Access Service includes support for auto-static updates. Auto-static updates are supported in RIP for IP and RIP for IPX, but are not available for use with OSPF. When you configure an interface to use the auto-static update mode, the router sends a request to other routers and inherits routes. The routes are saved in the routing table as auto-static routes and are kept even if the router is restarted or if the interface goes down.
If you have many static routes to add, you can configure RIP for IP and IPX and SAP for IPX on an interface to use auto-static updates. Auto-static routes behave like static routes but are not manually configured.
Note When an auto-static update is requested, the existing auto-static routes are deleted before the update is requested from other routers. If there is no response to the request, then the router cannot replace the routes it has deleted. This might lead to a loss of connectivity to remote networks.
You can also schedule auto-static updates by using the routemon and at commands from a command prompt. For more information about scheduling auto-static updates, see Appendix B, "Command-Line Interface."
The next three sections describe typical scenarios for Routing and Remote Access Service in network environments. For more detailed routing scenarios, see Chapter 4, "Planning for Small-Scale Configurations," and Chapter 5, "Planning for Large-Scale Configurations."
A Simple LAN-to-LAN Connection
Figure 1.1 shows a simple configuration with a Windows NT router connecting two LAN segments (Networks A and B). In this configuration, routing protocols are not necessary because the router is connected to all the networks it needs to route packets to.
Figure 1.1 Simple routing scenario
A Connection Using Routing Protocols
Figure 1.2 shows a more complex routed configuration. In this configuration, there are three LAN segments (Networks A, B, and C) and there are two routers: Router 1 is on Networks A and B, and Router 2 is on Networks B and C. Router 1 must notify Router 2 that Network A can be reached through Router 1, and Router 2 must notify Router 1 that Network C can be reached through Router 2. This information can be communicated by using RIP or OSPF routing protocols. When a user on Network A wants to communicate with a user on Network C, Router 1 forwards the packet to Router 2, which then sends the packet directly to the user's computer.
Figure 1.2 Multiple router scenario
A Demand-Dial Routed Network
Routers make decisions based on routing tables, which are typically built from dynamic routing information. However, because routing updates cannot be sent over an inactive demand-dial connection, you must configure static routes or auto-static routes over the demand-dial interface to automatically activate a demand-dial connection.
Demand-dial routing supports the ability to schedule connections to remote sites to update routing information. This is done by using a combination of the routemon command and the at scheduler command. For more information, see "Scheduling Auto-Static Updates" in Appendix B, "Command-Line Interface."
Figure 1.3 illustrates a demand-dial routed network. Because Networks A and B are geographically separated, there is no LAN connection between them. Router 1 and Router 2 can connect over an analog phone line and modems on both ends (or another type of connectivity, such as ISDN). Router 1 establishes a phone connection with Router 2 when a computer on Network A initiates communication with a computer on Network B. The modem connection is maintained while there are packets going back and forth. When the link is idle, Router 1 hangs up to reduce connection costs.
For a detailed explanation of what happens during a demand-dial connection, see "Making a Demand-Dial Connection" in Chapter 4, "Planning for Small-Scale Configurations."
Figure 1.3 Demand-dial routing scenario
Routing Protocols Overview
Routing and Remote Access Service supports the network protocols IP and IPX.
The IP network protocol is part of the suite of Internet protocols known as TCP/IP (Transmission Control Protocol/Internet Protocol). IP is used to communicate across any set of interconnected networks. IP routing protocols are dynamic, which means the routes are updated at regular intervals. (In static routing, routes are established by an administrator and do not change until the administrator changes them.)
You can install TCP/IP by using the Protocols tab in Network in Control Panel.
IP routing specifies that IP packets travel through internetworks one hop at a time. An IP routing table consists of destination address/next-hop pairs. This means that, at each router, the next hop is calculated by matching the destination address within the packet with an entry in the routing table.
RIP and OSPF are IP routing protocols included with Routing and Remote Access Service. For more information, see "Routing Information Protocol" and "Open Shortest Path First" in this chapter.
IPX (Internetwork Packet Exchange) is used in NetWare environments and provides interoperability with NetWare networks. It is a fast LAN transport for Windows-based networking as well. To route packets in an internetwork, IPX uses RIP and SAP (Service Advertising Protocol). For more information on RIP, see the "Routing Information Protocol" section. For more information on SAP, see the "Service Advertising Protocol" section.
The implementation of IPX on Windows NT Server (NWLink IPX/SPX Compatible Protocol [NWLink] ) conforms to the Novell IPX Router Specification. You can install NWLink by using the Protocols tab in Network in Control Panel.
Both IP and IPX support packet filters in order to specify what type of traffic is allowed into and out of the router. Routing and Remote Access Service packet filtering is based on exceptions. Packet filters are set on a specific interface and can be configured to:
For more information about packet filters, see Chapter 3, "Administering Routing and Remote Access Service," and the Routing and Remote Access Service online Help file.
IP Routing Protocols
Routing and Remote Access Service includes support for two IP routing protocols:
However, these are not the only routing protocols you can use with Routing and Remote Access Service. Routing and Remote Access Service is an extensible platform to which third-party vendors can write any existing industry standard routing protocols, such as Border Gateway Protocol (BGP).
Routing Information Protocol (RIP)
The Routing Information Protocol was designed for exchanging information within a limited size network, such as a network of 250 routes or a maximum of 15 hops. A RIP router maintains a routing table and periodically sends announcements to inform other RIP routers of the networks it can reach. RIP also announces when it can no longer reach previously reachable networks. RIP version 1 uses IP broadcast packets for its announcements. A later enhancement, RIP version 2, also allows IP multicast packets for its announcements.
Each entry in a RIP routing table provides information, including the ultimate destination address, the next hop on the way to the destination, and a metric. The metric indicates the distance in number of hops to the destination, its "cost" to the router. Other information can also be present in the routing table, including various timers associated with the route. As an example, some typical RIP routing tables are shown below for the network shown in Figure 1.4.
Figure 1.4 Links in an example network
Initially, each router's table includes only the links to which it is physically connected. A router depends on periodic updates from other routers to keep current information on what routes are reachable through them.
Table 1.1 shows the routing table for Windows NT Router 2 in the network shown in Figure 1.4.
Table 1.1 Routing Table for Router B
The table for Router 1 at first has only the routes from 1 to 2 and from 1 to 4 because those are the links Router 1 is connected to.
Table 1.2 Routing Table for Router 1 Before Update
Router 2 sends its table to Router 1 during a periodic update. The updated table for Router 1 is shown in Table 1.3.
Table 1.3 Routing Table for Router 1 After Update
The table for Router 2 contained a route to Router 3, which Router 1 did not have in its table. Because Router 1 knows it can get to Router 2 and has learned that 2 has a route to 3, Router 1 adds the route to 3 with a metric of 2.
The table for Router 2 also had a route to Router 4, but Router 1 already had a route to 4 with a metric of 1. If Router 1 used the route to 4 through 2, that route would have a metric of 2. Therefore, Router 1 keeps the route with the lowest metric in its table and discards the update for 4.
RIP routers communicate through periodic broadcast messages typically sent at 30-second intervals, or triggered updates. Triggered updates occur when the network topology changes and routing update messages are sent that reflect those changes. For example, when a router detects a link failure or a router failure, it recalculates its routes and sends routing update messages (triggered updates). Each router receiving a routing update message updates its tables and propagates the change.
The biggest advantage of RIP is that it is extremely simple to configure and deploy. The biggest disadvantage of RIP is that as networks grow larger in size, the periodic announcements by each RIP router cause excessive traffic on the network. RIP is widely deployed in networks with up to 50 servers or so, but most larger organizations use other routing protocols.
Routing and Remote Access Service supports RIP versions 1 and 2.
The Routing and Remote Access Service router RIP implementation has the following features:
Open Shortest Path First (OSPF)
OSPF was developed in response to the inability of RIP to serve large, heterogeneous internetworks. The biggest advantage of OSPF is that it is efficient: It computes better routes and requires fewer broadcast messages. The biggest disadvantage of OSPF is its complexity: It is harder to configure and takes more management time.
Refer to the OSPF RFC 1583 for more information and administration details.
OSPF is a link state protocol based on the Shortest Path First (SPF) algorithm. This algorithm computes the shortest path between one source node and the other nodes in the network.
Instead of exchanging distances to destinations like RIP routers do, OSPF routers maintain a "map" of the network that is updated after any change in the network topology. This map is called the link state database. The link state database is used to compute the network routes, which must be computed again after any change in the topology. From this computation, the router derives the next hop for the destination, that is, the next router to which the data should be sent and the link that should be used for reaching this next router. Network changes are propagated or "flooded" across the entire network to ensure that each copy of the database is accurate at all times.
Because OSPF routers keep an overview of the network from the perspective of any router, some of the problems that are inherent in RIP (such as loops) are no longer problems.
For instance, in the network shown in Figure 1.5, a loop can develop while using RIP if the link to Router 3 goes down. Router 2 then advertises that the link is down and that it has no route to 3 anymore. Because Router 1 has a route to 3 with a metric of 2, it responds to Router 2 by sending its link to 3. Router 2 then updates its table to include a link with metric 3, and the routers continue to announce and update their links to C until they reach the number 16. This is called a count to infinity.
This loop will not occur in the same network while using OSPF because if Router 2 advertises that the link to 2 is down, Router 1 checks its routing table and sees that the only way to 3 is through 2. Therefore, Router 1 deletes the entry for 3 and does not send it.
Figure 1.5 Example network
Figure 1.6 is an example of an OSPF link state database as viewed through Routing and RAS Admin.
Figure 1.6 Example link state database in Routing and RAS Admin
As the size of the link state database increases, memory requirements and route computation times increase considerably. To address this, OSPF divides the network into many areas connected to each other through a backbone area. Each router inside the area keeps only the state of links within its area and advertises to only those routers within the area. Area border routers (ABRs) between each area and the backbone area keep a link state database for each area they belong to and send this database to other routers on the backbone area..
Figure 1.7 is a diagram of an OSPF network.
Figure 1.7 OSPF network with two areas
OSPF has the following advantages over RIP:
The Routing and Remote Access Service router OSPF implementation by Bay Networks supports the following features:
Routing and Remote Access Service does not implement the following feature:
IPX Routing Protocols
If you install NWLink before you install Routing and Remote Access Service, IPX routing is automatically installed and enabled on every LAN interface you have on the router.
You must assign a unique hexadecimal internal network number to your IPX router. If you have the default internal network number, 00000000, the router will not start. The IPX internal network number is configured in Network in Control Panel by selecting the NWLink IPX/SPX protocol and clicking Properties.
Routing Information Protocol (RIP) for IPX
RIP for IPX is a simple broadcast protocol used to exchange IPX network routes across a network. This protocol announces routes over each network segment. It is announced periodically so that the routing information kept in the routers is current.
Routing and Remote Access Service supports network route filters, which enable selective announcements and reception of network routes. Routing and Remote Access Service also enables configuration of the timers used for route announcements (for example, the periodic announcement timer).
Service Advertising Protocol (SAP)
The Service Advertising Protocol enables nodes that provide services, such as file servers and print servers, to advertise their addresses and the services they provide.
IPX routers send periodic SAP broadcasts to keep all routers on the internetwork synchronized. By default, these broadcasts are sent every 60 seconds. Routers also send SAP update broadcasts whenever they detect a change in the internetwork configuration.
You can configure an interface to respond to broadcast queries: On the General tab, select the Reply To Get Nearest Server Requests check box . This enables workstations to attach to the first server that replies to a "Get Nearest Server" SAP request.
You can set filters to selectively listen to service advertisements. Filters can also be set to enable you to broadcast some SAP packets, but not all of them.
References and Suggested Reading
Routing and Remote Access Service is intended for use by system administrators already familiar with routing protocols and routing services.
This document provides planning information and a brief overview on routing and assumes that the reader has a basic understanding of routing and dynamic routing protocols.
For more information on routing in general and on dynamic routing protocols, consult a book on TCP/IP or IPX protocol.
For more information about how to use a Windows NT RAS server, see the Remote Access Service sections of the Networking Supplement for Windows NT Server version 4.0.
To learn more about routing and the protocols, consult these references: