Routing with Windows Server 2003 Chapter 9
Objectives for this Chapter Manage Routing And Remote Access routing interfaces Manage packet filters Manage TCP/IP routing –Manage routing protocols –Manage routing tables –Manage routing ports Troubleshoot demand-dial routing Troubleshoot connectivity to the Internet Verify that the DHCP relay agent is working correctly
In This Chapter Configuring Windows Server 2003 for LAN Routing Configuring Demand-Dial Routing Configuring NAT Configuring and Managing Routing Protocols Configuring Packet Filters
To Complete the Exercises: On page 9-2
Configuring Windows Server 2003 for LAN Routing Routing is the process of transferring data across an internetwork from one local area network (LAN) to another. (Layer 3) A bridge connects network segments and shares traffic as necessary according to hardware addresses, a router receives and forwards traffic along appropriate pathways according to software addresses. (Layer 2)
Note Windows Server 2003 also supports AppleTalk routing. However, whereas Internetwork Packet Exchange (IPX) routing is supported in Microsoft Windows 2000, computers running Windows Server 2003 cannot function as IPX routers
RRAS Routing And Remote Access service is installed by Windows Server 2003 Setup in a disabled state.
Remote Access Service Remote access enables remote or mobile workers who use dial-up communication links to access corporate networks as if they were directly connected. Two different types of remote access connectivity: 1. Dial-up networking. 2. Virtual private networking.
Routing and Remote Access Features 1. Network address translation (NAT), 2. Layer Two Tunneling Protocol (L2TP), 3. Internet Authentication Service (IAS), and 4. Remote Access Policies (RAP).
Router Discovery 031 Router discovery provides an improved method of configuring and detecting default gateways. Router discovery is made up of two types of packets: 1. Router solicitations. 2. Router advertisements.
Network Address Translator NAT is a standard defined in RFC A NAT is a router that translates IP addresses of an intranet or home LAN to valid Internet addresses. A NAT allows Internet connectivity for a private network with private addresses through a single Internet IP address.
Multicast Routing Windows 2003 Server implements a limited form of multicast routing using a multicast proxy. This proxy can be used to extend multicast support beyond a true multicast router.
Layer Two Tunneling Protocol L2TP can be thought of as the next version of Point-to-Point Tunneling Protocol (PPTP). It works much like PPTP but is now a combined development effort with Cisco. L2TP combines Cisco's Layer 2 Forwarding (L2F) and PPTP technologies (created by Microsoft, Ascend, 3Com, U.S. Robotics, and ECI-Telematics).
Internet Authentication Service IAS is a Remote Authentication Dial-In User Service (RADIUS) server. RADIUS is a network protocol that enables remote authentication, authorization, and accounting of users who are connecting to a network access server (NAS). A network access server such as Windows Routing and Remote Access can be a RADIUS client or RADIUS server.
Remote Access Policies In Windows 2003, remote access connections are granted based on the dial-in properties of a user object and remote access policies. RAPs are a set of conditions and connection parameters that allow network administrators more flexibility in granting remote access permissions and usage.
Remote Access Policies RAPs are stored on the local computer and are shared between Windows 2003 Routing and Remote Access and Windows 2003 IAS. RAP is configured from the Internet Authentication Service Manager or from the Routing and Remote Access Manager.
Using the Routing And Remote Access Console
To Configure: Right-Click on the server and select configure and enable routing and remote access
To Configure: You can enable any of the following combinations of services: You can enable any of the following combinations of services:
To Configure: Custom Configurations
To Configure: When selected, the wizard will finish
To Configure: You can now start the services
To Configure: RRAS is ready to configure
Adding Interfaces A network interface is a software component that connects to a physical device such as a modem or a network card. Note: –Remember that a demand-dial interface does not necessarily refer to a dial-up connection. It can also refer to a VPN or PPPoE connection over a dedicated line.
Configuring Routing And Remote Access Service Properties There are Five tabs –General –Security –IP –PPP –Logging
Configuring Routing And Remote Access Service Properties There are Five tabs –General –Security –IP –PPP –Logging
Configuring Routing And Remote Access Service Properties There are Five tabs –General –Security –IP –PPP –Logging
Configuring Routing And Remote Access Service Properties There are Five tabs –General –Security –IP –PPP –Logging
Configuring Routing And Remote Access Service Properties There are Five tabs –General –Security –IP –PPP –Logging
Managing General IP Routing Properties There are Three Tabs for the General Properties: Logging Preference Levels Multicast Scopes
Managing General IP Routing Properties There are Three Tabs for the General Properties: Logging Preference Levels Multicast Scopes
Managing General IP Routing Properties There are Three Tabs for the General Properties: Logging Preference Levels Multicast Scopes
Working with Routing Tables Routers read the destination addresses of received packets and then route those packets according to directions provided by routing tables. Right-Click Static Routes and select Show IP Routing Table
Routing Table Three types of routes exist: –Host route A route to a specific destination host –Network route Provides a route to a specific destination network. –Default route This route is used to forward all packets whose destination address does not match any address listed in the routing table.
What Does It Mean? Network Destination –Entries that the router compares to the destination address of every received IP packet. Netmask –Determines which part of the IP packet’s destination address is compared to the entries in the Network Destination column. Gateway –The gateway value determines the next address or hop for which that packet is destined. Interface –Which local network interface is used to forward the packet to the next hop. Metric –The cost of using a route
Static and Dynamic Routing Addresses can occur in eight types: –The default address, –The loopback address, –The default gateway address, –The Locally configured addresses, –The Local subnet addresses, –The Local subnet broadcast addresses, –The Limited broadcast address, and –The Multicast addresses for each adapter.
Exploring LAN Routing Scenarios Simple Routing Scenario Multiple-Router Scenario
Simple Routing Scenario
Network ANetwork B Router
Multiple-Router Scenario Network A Network C Router 1 Router 2 Network B
Understanding Static Routes
Adding Static Routes route add destination mask netmask gateway metric route add mask route add –p mask This statement make the route Persistent. Use the Route Delete command to delete a route that you have added
Advantages of Static Routing –Static routing is advantageous in small networks for which configuring a few static routes is simpler than configuring a dynamic routing protocol. –Static routes are less resource-intensive than are dynamic routing protocols. –Static routes provide support for unnumbered connections:
Disadvantages of Static Routing –The main disadvantage of static routing is that it is a feasible means of maintaining only small routed networks. –The lack of fault tolerance
Practice: Enabling and Configuring Routing And Remote Access –Exercise: Running the Routing And Remote Access Server Setup Wizard Page 9-26
Configuring Demand-Dial Routing A demand-dial interface is a router interface that will be brought up on demand based on network traffic. The demand-dial link is only initiated if the routing table shows that this interface is needed to reach the IP destination address. The routing table does not provide any discretion on who or what protocol can bring up the demand-dial link. It is simply based on where the traffic needs to go.
Configuring Demand-Dial Interfaces You cannot configure demand-dial interface if you do not have an external connection. Once you have enabled demand-dial routing, you can launch the Demand-Dial Interface
Four commands unique to the demand-dial interface Set Credentials Unreachability Reason Set IP Demand-Dial Filters Dial-Out Hours
Deploying a Demand-Dial Router- to-Router Configuration Several features required to configure: –Connection Endpoint Addressing. –Differentiating Between Remote Access Clients and Routers. –Configuring Both Ends of the Connection. –Configuring Static Routes.
Troubleshooting Demand-Dial Routing Pages 37 – 39
Practice: Configuring Demand-Dial Routing –Exercise 1: Installing Internet Information Services on Computer2 –Exercise 2: Configuring Routing And Remote Access for Demand-Dial Routing Page 9-39 –Exercise 3: Testing the Configuration Page 9-42
Configuring NAT NAT is a service built into a router that modifies the header information in IP datagrams before sending them on to their destinations.
Difference Between NAT and ICS The main difference between NAT and ICS is configurability. ICS is preconfigured and automatically sets the internal address of the computer hosting the shared connection to Note the Table “Comparison of Translated Connections Features” on page 9-47
Exam Tip When assigning IP addresses, ICS does not check for conflicts with static addresses already owned by computers on the network. For this reason, you should not deploy ICS on a network whose essential servers are pre-configured with static addresses near the beginning of the /24 range. Note: –Also that if essential servers are preconfigured with static addresses in a different logical address space (such as /24), deploying ICS might render those essential servers inaccessible. Consequently, if in a scenario on the exam, any essential network services stop functioning after ICS is installed, look for an option to replace ICS with NAT.
Practice: Installing and Configuring NAT However you need two network interface cards to configure NAT.
Exam Tip For the exam, you need to know that the functionality provided by the Services And Ports tab and illustrated in Figure 9-28 is known as configuring special ports. To configure a special port means to map an internal service (such as a Web, Telnet, or FTP server) to the external interface of the NAT computer. This feature allows external requests for internal services to be forwarded to the proper computer.
Configuring and Managing Routing Protocols Routing protocols provide communication between routers. Two Types: –Distance Vector RIP –Link State OSPF Also the multicast routing protocol –IGMP Router And Proxy, and –DHCP Relay Agent.
Exam Tip You need to be familiar with these RIP security features for the exam
Configuring RIP RIP is a dynamic routing protocol that helps routers determine the best path through which to send given data. Routes to destinations are chosen according to lowest cost.
Exam Tip You need to be familiar with these RIP security features for the exam.
OSPF Overview OSPF is designed for exchanging routing information within a large or very large internetwork. The biggest advantage of OSPF is that it is efficient; OSPF requires little network overhead even in very large internetworks. The biggest disadvantage of OSPF is its complexity;
Understanding DHCP Relay Agent DHCP Relay Agent is a routing protocol that allows client computers to obtain an address from a DHCP server on a remote subnet.
Exam Tip Expect to see a topology question about DHCP Relay Agent and RFC 1542– compliant routers on the exam.
Configuring Packet Filters When Basic Firewall is enabled on an external interface in the Routing And Remote Access console, that interface blocks all unsolicited traffic from entering your network. –Packet filters are rules defined for a particular interface that allow or restrict traffic by source address, destination address, direction, or protocol type.
Exam Tip Watch for questions in which all packet filters are defined correctly, but whose filter action is improperly configured.
Exam Tip For the exam, know both the protocols numbers and ports required for PPTP and L2TP/IPSec.
Summary Case Scenario Exercise –Page 9-74 Troubleshooting Lab –Page 9-77 Exam Highlights –Key Points –Key Terms Page 9-78