70-240 in 15 minutes a week: Windows 2000 Routing (Part 2)

70-240 in 15 minutes a week: Windows 2000 Routing (Part 2)

April 2, 2003

by Dan DiNicolo

Welcome to article number 25 in my 70-240 in 15 minutes a week series. This week's article covers the second part of Windows 2000 Routing. This includes a look at OSPF, as well as demand-dial and multicast routing. This article again falls into the Windows 2000 Networking portion of the series.

The material to be covered in this article includes:

- The Open Shortest Path First (OSPF) routing protocol
- Demand-dial routing
- Multicast routing with IGMP

Open Shortest Path First

The OSPF routing protocol is the only other traditional routing protocol included with Windows 2000 outside of RIP versions 1 and 2. Traditionally RIP is used in small networks because it is easy to configure. However, certain scalability issues with RIP (such as the limitation that it only allows up to 15 hops) tend to make it a poor choice for larger networks. Whereas RIP is a distance-vector protocol, OSPF is a link-state protocol, meaning that each router has a database of the network routing topology. While this leads to more effective routing decision-making, it also increased the complexity of setting up an OSPF-based topology. Note that both RIP and OSPF can be run on routers at the same time.

In order to better understand how OSPF works, you need to be familiar with some key concepts. These include the idea of an Autonomous System (AS), areas, backbone areas, and the different types of OSPF routers (these differ in their responsibilities and how they function). The section below outlines these key concepts.

Autonomous System - an AS basically refers to a collection of areas that fall under the same administrative control, and has a backbone area between which different areas communicate directly. 

Area - An OSPF area is a portion of an AS that includes contiguous subnet ranges. One of the main purposes of an OSPF area is route aggregation, which allows routing within an area to be confined to that area and not travel over the backbone. This is also sometimes referred to as route summarization, where routers within an area know only about their area, and a default route to the backbone. This makes OSPF a more efficient routing protocol, since every router does not need to necessarily know the details of other network available. As a general rule, follow the idea that an OSPF area should be comprised of the same systems that make up an Active Directory site. Areas are usually numbed in the format 0.0.0.x, where x usually designates a subnet range (although this is convention, not any requirement).

Backbone Area - the backbone area is the (usually) high-speed area into which all other OSPF areas are connected (these other areas are generally referred to as stub areas. Any traffic moving between different areas should communicate via the backbone area. The backbone area is always designated as area in an OSPF implementation.

Stub Areas - A stub area is an area connected to the backbone area by an Area Boundary Router (ABR). When designing an OSPF-based topology, you should try to connect all stub areas to the backbone instead of connecting them to other stub areas. In a stub area, you can set up a single static route for all traffic destined outside of the area. The diagram below shows what an OSPF setup with a backbone and three stub areas might look like.

Area Border Router - any router in an OSPF system that borders and interconnects two or more areas (such as the backbone and a stub area) is considered an Area Border Router. Each ASB will carry an individual link state database for each area with which it is interconnected.

Autonomous System Boundary Router (ASBR) - a router than interconnects different Autonomous Systems in an OSPF topology. 

Backbone Router - Any router that interconnects to the backbone area, including ABRs with a backbone connection.

Internal Router - any router that has all interfaces connected within the same area. These routers only carry a single link state database, containing information about the area in which it exists.

Virtual Link - A logical link between the backbone area and an ABR when a physical link between them does not exist. It is usually recommended that you avoid using virtual links where possible, since they can sometimes cause routing problems that can be difficult to troubleshoot. 

While I could dedicate an entire article to OSPF and all of its workings, I'll spare you the majority of the details. The key things to understand are that an OSPF-enabled router speaks to the other routers in its own area directly, exchanging routing information. This ensures that every router within the area has the same link state database as every other router in the area, and changes are flooded within the area as they occur. If a network has been properly designed into a hierarchical VLSM (variable length subnet mask) scheme, routing will be much more efficient and effective, since OSPF usually exchanges less traffic than RIP. Note that OSPF and RIP version 2 both pass subnet mask information in their routing table updates, while RIP version 1 does not. For companies that use VLSM, this is a critical consideration in choosing a routing protocol.

In order to configure a Windows 2000 Server to act as an OSPF router, you need to add the OSPF protocol, as shown below:

Once OSPF has been added, you will need to configure an interface to use OSPF. As such, it is possible to have one or more interfaces use OSPF, while another (like a dial-up interface) might not. After an interface is added, you will be presented with the OSPF properties page, as shown below:

Note that by default, an OSPF interface will be made part of the backbone area. The General tab allows you to configure the network type as well as router priority, cost, and an authentication password. The NBMA Neighbors tab allows you to configure the IP addresses of other OSPF routers on non-broadcast networks (such as Frame Relay, for example). Finally, the Advanced tab allows you to configure OSPF properties such as the Hello interval (how often an OSPF router announces its existence on the network), MTU size and so forth, as shown below.

Note also that by right clicking on the OSPF heading under IP routing you can easily view neighboring routers, the link state database(s) of the system, and more.Demand-dial Routing

While the use of Windows 2000 as a traditional LAN or WAN router is debatable (based on the speed and popularity of hardware-based solutions), for smaller or branch offices the use of Windows 2000 as a demand-dial router can be both cost-effective and deliver decent performance. To configure Windows 2000 as a demand-dial router, you will of course need at least one dial interface, such as a modem or ISDN adapter.

When creating demand-dial connections, you have the ability to make them either one-way or two-way. In a one-way setup, only one system is allowed to dial the other. In a two-way setup, either system can initiate the connection. Before you can create a new demand dial interface, you must first ensure that the server is configured to allow demand-dial routing (configured in the properties of the server), as shown below:<

Right clicking on Routing Interfaces in Routing and Remote Access gives you the ability to create new demand-dial interfaces, which are configured via a wizard. The first input screen is shown below. Note that the naming of the connection is extremely important, since the user account that must later be created must match the name of the connection.

After choosing the device that you will use to connect, providing the phone number to be dialed and so forth, you will be presented with the screen below, which allows you to control which protocols will be routed, automate the creation of a user account, and so forth.

The next screen allows you to configure dial-out account properties for the connection. These will be used by the router when it initiates a connection, and an account much be configured on the receiving computer in order for this to function correctly. Dont forget that the user account that you create on each remote router must match exactly the name of the demand-dial connection. Note also that the account you create must have permission to dial-in, and is susceptible to any remote access policies that you might have created.

A few remaining things that you should be aware of when using demand-dial routing:

- Demand dial filtering (by port number) allows you to control which types of traffic will initiate the connection. For example, you might only allow HTTP traffic to initiate dial-up, while ignoring other traffic.
- A demand-dial router should be configured with static routes, using a routing protocol (such as RIP) would cause the connection to be repeatedly initiated because of routing table updates. Another option, called auto-static mode, allows you to configure the router such that static routes are automatically added to the routing table at pre-defined intervals.
- Note that you can also add static routes to the routing table upon connection by adding a static route to the dial-in properties of the user account that will be used for the connection.
- To troubleshoot demand-dial connections, use the Rasmon.exe utility.
Multicast Routing

Windows 2000 Routing and Remote Access also has the ability to act as a multicast router, using the IGMP router and proxy protocol (it supports IGMP version 2, which is backwards compatible with version 1). For those not familiar with multicasts, this is a type of transmission that is sent to a class D address. Multiple hosts listen in on a given class D address, and all hosts that are part of this group receive the transmission. Note that IGMP is not actually a data transmission protocol, but rather the protocol that keeps track of multicast group membership. The beauty of multicasting is that the transmission is sent only once by the sender, and can be received by many many hosts. The key in any multicast implementation is that the routers used should support the ability for hosts to register and unregister as part of the multicast group - this controls where multicasts go, which also ensures that the multicast only goes to network where it is required. Note that in cases where routers do not support multicasts, it is possible to set up IP-to-IP tunnels, while allow multicast traffic to be forwarded between two multicast-enabled routers, even if intermediary routers do not support this type of routing functionality.

Multicast registration is actually a simple idea. When a host on a given subnet wants to receive a multicast, it contacts its local router and asks it to forward traffic for the particular class D address onto this subnet. The router then contacts its upstream router, asking it to send the multicast, and so on and so forth. As other hosts on the original subnet ask to receive the multicast the router simply adds them to the multicast group, a list of who needs the multicast. Understand that this does not mean that the multicast will be sent onto the subnet multiple times. Instead, it will be forwarded once, and all hosts who are participating will grab the transmission. The router keeps track of who wants the multicast with periodic polling, and will cease forwarding it once nobody wants it. The portion of the Internet that supports multicasting is referred to as the MBONE. 

While Windows 2000 can act as a simple multicast router as mentioned earlier, it is actually not full-featured because it doesn't actually use a proper multicast routing protocol (such as DVMRP). Instead, it does something interesting. On the client side of the router, it acts as a multicast router, handling registration requests. However, on the Internet side of the connection is acts as just another multicast client, registering with its upstream router. The leads to the two 'modes' in which the interfaces on the system must be configured - Router mode and Proxy mode. For the sake of clarity, just remember that the Internet interface (or side) should always be configured in Proxy mode, while the private network interface should always be configured in Router mode. 

In order to configure Windows 2000 as a multicast router, first add IGMP under routing protocols in Routing and Remote Access, as shown below:

Once added, you next need to add interfaces, which is done by right clicking on IGMP and choosing New Interface. In adding the new interfaces, you must choose whether they will be configured in either Router mode or Proxy mode, as shown below.

Be sure that the interfaces have been configured in the correct manner, or the multicast routing will not function correctly. After both (or more) interfaces have been configured, Windows 2000 will function as a multicast router. Remember from previous articles that Windows 2000 can also be configured with Multicast scopes for automatic multicast address allocation (via MADCAP in DHCP).

Based on the length of this article, we'll have to pick it up from here next week. Thanks so much to all those who have contacted me recently with words of support, I appreciate your comments. Next week's article will most likely cover an assortment of topics including NAT, ICS, IAS and whatever else fits. Beyond that, you can expect articles covering certificate services and IPSec following shortly. Please remember that all technical questions should be posted to my message board. Until next week, best of luck with your studies.