I am learning about MPLS VPN networks. From my understanding an IGP runs on all core routers (P and PE), while BGP runs on all PE routers. Once the IGP has conveyed reachability information to all routers, and all routers have converged, the exact labels to be used to transfer packets are assigned using LDP.
My doubt is, how are BGP control packets transmitted between PEs.
There are two options.
1. To use the Label switched paths between PEs.
2. To use normal IP forwarding through the P routers.
Which of these two methods is actually used?
If both can be used how does the PE router make a decision on which one to use?
Do we have to manually configure it in the router?
Do these answers vary for different routers like Juniper, Cisco etc. ?
My doubt is, how are BGP control packets transmitted between PEs.
There are two options:
To use the Label switched paths between PEs.
To use normal IP forwarding through the P routers.
If both can be used how does the PE router make a decision on which one to use?
LSPs are preferred over per-hop IP forwarding, if an LSP is available.
Do we have to manually configure it in the router?
By 'it', do you mean configure use of the LSP for BGP control-plane information? It happens automatically on a Cisco IOS box
Do these answers vary for different routers like Juniper, Cisco etc. ?
Cisco will send BGP information through an LDP LSP, as long as the BGP endpoint prefix has an label binding.
I can't remember Juniper's behavior off-hand, they offer somewhat more granular control over LSP behavior.
BGP uses TCP te setup its connection and to send their packets to his neighbors.
This means that your neighbors need to see each other on layer 3 (ip) level.
I hope this is the info that you needed.
see: http://en.wikipedia.org/wiki/Border_Gateway_Protocol
section "operation" for more details on this matter.
Related
I am sorry if its basics, but I did not find the appealing answer for it over the Internet.
Why only MAC is used to transfer the packet to a device ? MAC address is only obtained by ARP for a specific IP address. So, why not just let the routers maintain IP addresses of the neighbouring routers and route packets using IP addresses of routers instead of MAC addresses ?
Why not redesign the architecture, to only use IP address for routing as well as moving the packet in the data link layer too ?
Why do we need MAC addresses?" Why can't network devices such as the routers just send the packet to the next router using the router's IP address?
Note : I know that MAC address is used to identify the system in a network. But you see the source never knew the MAC address of receiver. All it knew was its IP address and MAC address of next hop.
I'm reading Data Comm and Networking by Forouzan ( Ed 5) and it says that even routers have an IP address. So why use the mac address at all. The router can store the IP address of the source and route it to the next router .
EDIT : The question that I was getting as suggestion to this one does not answer my query. There are multiple counter points and proof that I have presented here which could have been done which is not answered by the one which is suggested. So please read my question before making any assumptions.
What do you think makes more sense: Having one protocol like Ethernet handle all the layer 2 details so that its layer 3 payload doesn't have to care, or force IP, ARP, WoL, IPX, MPLS, SLPP, and dozens more implement it on their own? The whole purpose of OSI layers is that upper layers need not know all the lower layer's details and lower layers need need not support the upper layer's features.
MAC addresses are used for the layer 2 protocol which encapsulates a layer 3 protocol. If all the necessary features were embedded into IP, then you'd be leaving other protocols to re-implement layer 2 routing on their own. This would be wildly inefficient.
As I understand it TCP is required for congestion control and error recovery or reliable delivery of information from one node to another and its not the fastest of protocols for delivering information.
Some routing protocols such as EIGRP and OSPF ride directly on top of IP. Even ICMP rides directly over IP.
Why is UDP even required at all? Is it only required so that developers/programmers can identify what application the inbound packet should be sent to based on the destination port number contained within the packet?
If that is the case then how is information gathered from protocols that ride directly on top of IP sent to the appropriate process when there is no port number information present?
Why are voice and video sent over UDP? Why not directly over IP?
(Note that I do understand thoroughly the use case for TCP. I am not asking why use UDP over TCP or vice versa. I am asking why use UDP at all and how can some protocols use directly the IP layer. Whats the added advantage or purpose of UDP over IP?)
Your question makes more sense in terms of why is UDP useful (than why is UDP required).
UDP is a recognized protocol by the Internet Assigned Numbers Authority. UDP can be useful if you want to write a network protocol that's datagram based and you want to play more nicely with Internet devices.
Routers can have rules to do things like drop any packet that doesn't make sense. So if you try and send packets using say an unassigned IP protocol number between hosts separated by one or more routers, the packets may well never get delivered as you've intended. The same could happen with packets from an unrecognized UDP protocol but that's at least one less door to worry about whether your packet can make it through.
Internet endpoints (like hosts) may do similar filtering too. If you want to write your own datagram based protocol and use a typical host operating system, you're more likely to need to write your software as a privileged process if not as a kernel extension if you're trying to ride it as its own IP protocol (than if you'll be using UDP).
Hope this answer is useful!
First of all, IP and UDP are protocols on the different layers, IP by definition is Internet layer when UDP is transport layer. Layers were introduced to simplify network protocols architecture and to separate concerns. Application layer protocols are supposed to be based on transport layer (with some exceptions).
Most popular transport protocols (in IP network) are UDP and TCP. While TCP is feature rich but with many tradeoffs UDP is very simple but gives a lot of freedom and so typically is a base for other protocols.
The main feature of UDP is multiplexing: ports that allow multiple protocol instances (aka sockets) to coexist on the same node. This means that implementing your own protocol over IP instead of UDP either you won't be able to have multiple instances of your protocol on the same machine or you'll have to implement multiplexing yourself.
There're other features like segmentation and checksum. These features are not mandatory.
And as was mentioned in another answer there're lots of middleware like routers, NATs and firewalls that can ruin the idea of a custom "right over IP" protocol, but it's more like a collateral damage than a feature of UDP.
I'm currently for a side project trying to setup a VPN with 2 linux box doing the encryption/decryption.
At the moment, I work on layer 3 with the linux framework xfrm (IP packets from host 1 are transformed into ESP when passing through the first box before being sent to host 2, decryption being done on the second box).
I'd like to act directly on layer 2 so I can remove the IP address of my boxes. I think I can do that by setting up ethernet bridges on each box, using netfilters hooks to redirect frames to a socket where a userspace program would do the encryption of the ethernet frames payload (transform the IP packets into ESP).
|Host 1|==|Ethernet Bridge|==Router --- (network not secure) --- Router==|Ethernet Bridge|==|Host 2|
Problem I have with this implementation lies in throughput as I think all these actions would greatly reduce it. Are there other ways I could implement what I'm looking for ?
Layer-2 only works from host-to-host (your router is just a host to layer-2) on a LAN. layer-2, including layer-2 encryption, does not cross a layer-3 device, e.g. router. MACsec (IEEE 802.1AE) is used for layer-2 encryption.
Layer-3 is used to connect LANs, and if you want end-to-end encryption from one LAN to another LAN, you need to encrypt on a layer higher than layer-2. Routers strip layer-2 frames from the packets, switch the packets, then create a new frame for the next hop. The next hop may not use MAC addresses; PPP is common for ISP connections, it doesn't use MAC addresses, and the frames are very different than ethernet. Unless you control all the links between the LANs, you need to encrypt at a high layer.
You're right, deploying a layer 2 VPN is costly (in the sense that you have to pay for internet bandwidth) and most of the time useless, since there are few applications that won't work without being on the same LAN.
What you will get with a layer 2 VPN is mostly broadcasts, things like SMB out-of-the-box name resolution (does not apply if you have to connect to an AD server or have a WINS server), DLNA, SPX/IPX or LAN-only games will work seamlessly, on the other hand your perception on having to relay lots of possibly useless information will also be correct.
Maybe the solution you're looking for is to use ebtables , which is a layer 2 firewall akin to iptables relating to layer 3 in such way that you can drop some packets while accepting others before relaying it over VPN/internet/etc.
PPP just one layer 2 protocol, there's nothing special about it, some VPN gateway use it (namely PPtP VPNs), others don't.
I know, how to write a C# application that works through a local network.
I mean I know, how to make my client-side application access my server-side application in a single local network.
But I wonder: How do such apps, as Skype, TeamViewer, and many other connect via global network?
I apologise, if this question is simple or obvious, but I couldn't find any information about this stuff.
Please, help me, I'll be very grateful. Any information is accepted - articles, plain info, books,and so on...
Question is very wide and I try to do short overview.
Following major difference between LAN (Local Area Network) and WAN (Wide Area Network):
Network quality:
LAN is more or less stable, WAN can be with network issues like:
Packet loss (you need use loss-tolerant transport like TCP or UDP with retransmits or packet loss concealment)
Packet jitter (interpacket intervals may differ a lot from sending part). Most common thing is packets bursts.
Packet reordering
Packet duplication
Network connectivity
WAN is less stable than LAN. So you need properly handle all things like:
Connection stale
Connection loss
Errors in the middle of the connection (if you use UDP for example)
Addresses:
In WAN you deal with different network equipment between client and server (or peers in case of peer-to-peer communication). You need to take in account:
NATs - most of the clients are behind NAT and you need to pass them through. According technics are called "NAT traversal"
Firewalls - may ISP has own rules what client can do or can't. So if you do something specific like custom transport protocol you may bump into ISP firewalls.
Routing - especially multicast and broadcast communication. In common case multicast is not possible to route. Broadcasts are never routed. So you need to avail this type of communication if you want to use WAN.
May be I forgot something. But these points are major. You can read many articles about any of them.
2 computers are in different subnets.
Both are Windows machines.
There are 2-5 IGMP-ready routers between them.
They can connect each other over multicast protocol (they have joined the same multicast group and they know about each other's existance).
How to establish a reliable TCP connection between them without any public server?
Programming language: C++, WinAPI
(I need a TCP connection to send some big critical data, which I can not entrust to UDP)
You haven't specified a programming language, so this whole question may be off-topic.
Subnets are not the problem. Routability is the problem. Either there is routing set up or there isn't. If they are, for example, both behind NAT boxes, then you're at the mercy of the configuration of the nat boxes. If they are merely on two different subnets of a routed network, it's the job of the network admin to have set up routing. So, each has an IP address, and either can address the other.
On one machine, you are going to create a socket, bind it to some port of your choice, and listen. On the other, you will connect to the first machine's IP + the selected port.
edit
I'm going to try again, but I feel like there's a giant conceptual gap here.
Once upon a time, the TCP/IP was invented. In the original conception, every item on the network has an IPV4 address, and every machine could reach every other machine, via routing, except for machines in the 'private' address space (10.x, etc).
In the very early days, the only 'subnets' were 'class A, class B, class C'. Later the idea of subdividing a network via bitmasks was added. The concept of 'subnet' is just a way of describing a piece of network in which all the hosts can deliver packets to each other by one hop over some transport or another. In a properly configured network, this is only of concern to operating system drivers. Ordinary programs just address packets over the network and they arrive.
The implementation of this connectivity was always via routing protocol. If you have a (physical) ethernet A over here, and a (physical) ethernet B over there, connected by some sort of point-to-point link, the machines on A need to know where to send packets for B. Or, to be exact, they need to know where to send 'not-A' packets, and whatever they send them needs to know where to send 'B' packets. In simple cases, this is arranged via explicit configuration: routing rules stuffed into router boxes or even computers with multiple physical interfaces. In more complex cases, routing boxes intercommunicate via protocols like EGP or BGP or IGMP to learn the network topology.
If you use the Windows 'route' command, you will see the 'default route' that the system uses to send packets that need to leave the local subnet. It is generally the address of the router box responsible for moving information from the local subnet to everywhere else.
The whole goal of this routing is to arrange that a packet sent from a.b.c.d to e.f.g.h will get there. TCP is no different than UDP, except that you can't get there by multicast or broadcast: you need to know the exact address of your correspondent.
DNS was invented to allow hosts to learn each other's IP addresses without having human being send them around in email messages.
All this stops working when people start using NAT and firewalls to turn off routing. The whole idea of NAT is that the computers behind the NAT box are not addressable at all. They all appear to have one IP address. They can send stuff out, but they can only receive stuff if the NAT box has gone to extra trouble to map them a port.
From your original message, I sort of doubt that NAT is in use here. I just don't understand your comment 'I don't have access to the network.' You say that you've sent UDP packets here and there. So how did you do that? What addresses did you use?