The application and configuration of network routers

Abstract: A router is a network device connected to multiple networks or network segments, can the data "translation" between different networks or network segments to each other so that they can "read" to understand each other's data, and be able to the line speed selection messaging, greatly improve the communication speed to reduce network traffic load, to save network system resources to improve the patency of network systems, and so play a more effective network system.

Keywords: routers, IP addresses, routing, forwarding

With the rapid development of the Internet, people are no longer satisfied to share information only on the local network, and want to maximize the use of the various regions of the world, and all types of network resources, routing technology in network technology has gradually become a key part of the router also will become the most important network equipment In the present case, a certain scale computer networks (such as the enterprise network, campus network, intelligent building, regardless of fast the large network technology, FDDI technology, or ATM technology, are inseparable from the router, otherwise it can not be normal operation and management.

One router works. Devices in the network with the network address (IP address to communicate with each other in a TCP / IP network IP address is nothing to do with the hardware address of the "logical" address. Routers only forward data based on IP address. The IP address of the two parts, the part of the definition of the network number, host number in another part of the definition of network structure. subnet mask to determine the IP address of the network and host addresses. subnet mask and IP Internet network address as 32bit and two one-to-one, and provides the subnet mask number "1" in the part corresponding to the IP address for the network number, corresponding to "0" as compared to the host number network number and host number together, will constitute a complete IP address, host IP address in the same network, the network number must be the same, this network is called IP subnet. communication can only have the same network number between the IP address to communicate with other IP subnet host, you must go through a router or gateway on the same network (gateway out the IP address of the network number can not communicate directly, even if they are connected together not communicate the router has multiple ports for connecting multiple IP subnet IP address of each port network requires the network number of the connected IP subnet. different ports for different network number , corresponding to different IP subnets, in order to make each subnet host requirements out through its own IP address subnet IP packet to the router.

Links to the best path to free papers Download Center
Second, the main function of the router. Routing actions include two basic elements: routing and forwarding routing determines that reach their destinations by routing selection algorithm in order to determine the best path, the routing algorithm must initiate and maintain a routing table that contains the routing information, wherein the routing information is dependent on the routing algorithm used vary. route selection algorithm will be collected from different information fill into the routing table, according to the routing table to the destination network and the next stop (nexthop relationship tell the router to exchange information between the routers routing updates, update and maintain routing tables to correctly reflect the network topology changes, according to a measure by the router to decide on the best path forward that along routing good best path to send a packet of information. know how the packet is sent to the next site (router or host, if the router does not know how to send a packet router first in the routing table to find and fix the That is, usually, the packet is discarded, otherwise it sends the packet to the next station according to the corresponding entries of the routing table, if the destination network is directly connected with the router, the router packet put directly sent to the corresponding port. routing forwarding protocol ( routed protocol. routing forwarding protocols and routing protocols complement each other independent concept, the former using the latter to maintain routing tables, while the latter is to take advantage of the functionality of the former to publish the data packet routing protocol.

Routing protocol. Typical routing two types: static and dynamic routing Static routing is set in the router fixed routing table unless the network administrator intervention, or static routing will not change due to the static routing can not make changes to the network reflect generally used for small network, fixed network topology. advantage of static routing is simple, efficient and reliable. highest priority in all routing, static routing when dynamic routing subject to static routing conflict with static routing, dynamic routing between routers in the network to communicate with each other, passing routing information using the received routing information updated router table can meet the changes in the structure of the network in real time If the routing update information indicates that a network change, the routing software will recalculate the route, and issued new routing updates this information through various networks, causing each router to restart its routing algorithm, and update their own routing tables to reflect the dynamic changes in the network topology dynamic routing suitable for large-scale network, complex network topology of the network, of course, a variety of dynamic routing protocols will occupy network bandwidth and CPU resources. respective characteristics of static and dynamic routing and applicable range dynamic routing in the network usually supplement as static routing when routing a packet in the router, the router first looks static routing, if found, forwarding packets according to the static routing and dynamic routing, otherwise find.

Routing algorithm. Routing algorithm in accordance with the species can be divided into the following categories: static and dynamic, single and multi-channel, equality and grading, source routing and transparent routing, intra-and inter-domain link-state and distance vector. Chain road state algorithm (also known as the shortest path algorithm to send routing information to all nodes on the Internet, however, for each router transmits only in its routing table described in that part of its own link state and distance vector algorithm (also known Bellman-Ford algorithm requires each router to send all or part of its routing table information, but only sent to neighboring nodes In essence, link-state algorithms will be a small amount of updated information is sent to the network throughout, while the distance vector algorithm to send a large number of updates to the adjacent routers. due to link state algorithm converges faster to a certain extent than distance vector algorithm less prone to routing loops, but on the other hand, link-state algorithms require than distance vector algorithm strong CPU power and more memory space, so the link-state algorithms will be in the implementation is more expensive. addition to these differences, the two algorithms run in most circumstances.

, Routers, security maintenance router's vulnerability to attack events occur frequently. The router attack would be a waste of CPU cycles, misleading information flow network anomaly even paralyzed. Therefore need to take appropriate safety measures to protect the security of the router. ① avoid password leak crisis, according to Carnegie Mellon University's CERT / CC (Computer Emergency Response Team / control center, 80% of the security breakthrough event caused by weak passwords. hackers often use weak passwords or default passwords attack. The longer the password, the choice of 30-60 days the password is valid, such as measures to help prevent such vulnerabilities. (2) Close IP direct broadcast Smurf attack is a denial of service attack In this attack, the attacker uses a fake source address "ICMP echo" requests sent to the broadcast address of your network. require all hosts to respond to this broadcast request will reduce network performance. use the no ip source-route close the IP broadcast address directly. ③ disabled does not necessary services. stressed that the security of the router would have to disable some unnecessary local services, such as SNMP and DHCP service users rarely used, can be disabled, and only when absolutely necessary before use. possible closing Router HTTP settings, because the HTTP using identification protocol is equivalent to the entire network to send an unencrypted password. however, the HTTP protocol does not have a valid provisions used to verify passwords or one-time password ④ restrict logical access restrictions logical access mainly by means of rational disposal of the access control list to restrict remote terminal session to help prevent hackers from gaining system logical access. SSH priority logical access method, but if you can not avoid Telnet, may wish to use the terminal access control to restrict only have access to credible host. therefore, the user needs to add a visit to the Telnet virtual terminal on the router port list ⑤ block ICMP ping request. Control Message Protocol (ICMP helps troubleshooting, identification is being used to host, so attacker the network equipment used to browse, to determine the local timestamp and netmask OS amended version speculate information. receives the ping request response capacity by eliminating remote users will be able to more easily avoid those unattended scanning activities or the defense of those looking for easy targets "script kiddies" (script kiddies. ⑥ Close IP source routing IP protocol allows a host to specify the packet through Your network routing, rather than allow network components to determine the best path legitimate application of this feature is to diagnose connection failures, however, for such a purpose rarely been applied, in fact, it is the most common use network mirroring for reconnaissance purposes, or for the attacker in the private network to find a back door unless specified this function can only be used for diagnostic fault, or should turn this function. ⑦ monitor configuration changes router configuration changes need to be monitored. then be sure to select the function if the user uses SNMP, powerful shared string, it is best to use SNMP provides message encryption capabilities via SNMP management equipment, remote configuration, the best SNMP devices configured read-only. deny write access to these devices, users will be able to prevent The hacker changes or close the interface. addition, users need the system log messages sent from the router to the specified server.

In short, the routers in the network plays an important role, it works at the network layer, you can determine the destination address of the packet network, and the packet is sent to the shortest path to the destination, the router can also filter data package.


[1] still Xiaohang Internet technology and application of China Railway Publishing House .2007.

[2] IT power source router configuration and testing

Links to free papers Download Center http://eng.

Computer Application Papers