In order to communicate on the Internet at all, we must find a way to each other. I am not talking here about the path that ensures the perception of thoughts by the other party, although this is also a demanding discipline. I mean the path that ensures the delivery of packets or messages. This is based on routing algorithms that map the Internet. Or at least its immediate surroundings. Thanks to this, it is the routing protocols that govern the Internet. But their protection is currently dismal.
The original idea of ARPANET (October 29, 1969) was a fully distributed computer network, able to survive even a massive outage. It was not supposed to have any center. With the transition to TCP/IP on January 1, 1983, it practically became the Internet. But the beginnings were harder. Machines needed to know the path to other machines, so they used IMP (Interface Message Processor). Initially, these were static routing tables, later the possibility of dynamic updates (ARPANET Routing Algorithm) was added, which was actually a Link-state protocol. When TCP/IP was introduced, the transition to the newer protocols RIP and OSPF took place.
The exchange of information about the possible path of packets is a critical part of the infrastructure from a network perspective. However, from the beginning there has been a problem regarding the authenticity of the sender, integrity checking and under certain conditions, ensuring the confidentiality of the content of the transmitted information. If communication is redirected over a public channel via an attacker, it is possible to eavesdrop, analyze, or attack errors in protocols of other layers. Each of these methods offers the attacker certain attack vectors, so it is advisable to prevent such an attack.
Publicly available routes can and do be attacked. In the case of routing information, this is sensitive data with a high impact. For these reasons, it is necessary to ensure a controlled exchange of information, where protection of authenticity, integrity and appropriate authorization must be ensured. There are several methods for these steps that can be combined:
Due to the limitations of routing algorithms, it is advisable to support the control of the distribution of this information using ACL. A check for correct ACL functionality should always be part of the deployment, some devices suffer from interesting communication control issues. In general, procedures using authorization (ACL) can be divided into the following groups:
For the following information to make sense, it is necessary to state how the basic types of routing algorithms differ.
Distance-vector
A router knows its directly connected neighbors and for remote networks it only knows the best known next
hop and the corresponding metric, in other words it uses the distance metric and the vector (direction). Thanks
to the information from neighboring routers, it is able to calculate the best known metric for individual target
networks. The route vector determines the direction through which communication is necessary. The distance metric
can be, for example, the number of hops between routers. The vector determines the neighbor (next hop), or
the output interface through which we can reach the destination. Each distance-vector protocol defines its own
metric and method of determining the next hop, a combination of bandwidth, latency, route delay and other
properties can be used as the metric. The protocol is usually updated at regular intervals,
on the other hand, it has lower memory requirements. The protocol thus knows only the information that is reported
to it by its neighbors, and uses the Bellman-Ford algorithm or its derivatives to determine the route. Mechanisms
such as split horizon, route poisoning, poison reverse, hold-down timers are used to protect against the formation
of loops.
Link-state
The router knows the topology of the entire area and calculates the best route itself, and in reality it uses
the link state and its costs to determine the optimal path. Each link is assigned a metric (cost),
which is usually derived from the line speed, for example. If necessary, the administrator can modify it
to influence the choice and priority of routes. Based on the exchange of this information, each router creates
a network topology database and uses the SPF (Dijkstra) algorithm to calculate the route with the lowest total
cost. The route selection is thus determined by the lowest cost for the entire route, based on the protocol
definition. Information about the topology is normally propagated when the network state changes, rather
than by regularly broadcasting the entire routing table, which reduces the cost of operation. On the other
hand, the router must maintain the entire network structure in memory, which increases the memory requirements
accordingly.
Currently, certain types of routing protocols are available within IPv4 and IPv6. They can be classified roughly as follows.
| Protocol | IPv4 | IPv6 | Class | Interior/Exterior | Principle |
| RIP v1 | Yes | No | Control-plane | IGP | Distance-vector |
| RIP v2 | Yes | No | Control-plane | IGP | Distance-vector |
| RIPng | No | Yes | Control-plane | IGP | Distance-vector |
| OSPFv2 | Yes | No | Control-plane | IGP | Link-state |
| OSPFv3 | Yes | Yes | Control-plane | IGP | Link-state |
| IS-IS | Yes | Yes | Control-plane | IGP | Link-state |
| IGRP | Yes | No | Control-plane | IGP | Distance-vector |
| EIGRP | Yes | Yes | Control-plane | IGP | Advanced distance-vector |
| EGP | Yes | No | Control-plane | EGP | Distance-vector |
| BGP | Yes | Yes | Control-plane | EGP | Path-vector |
The actual BGP protocol mentioned here is not actually the only protocol. It is to some extent a group of protocols. Alternatively, it can be viewed as a protocol with the possibility of using specific configurations, which can be designated as subprotocols with specific properties. Therefore, they are often referred to by their own name.
| Protocol | IPv4 | IPv6 | Class | Interior/Exterior | Principle |
| BGP | Yes | Yes | Control-plane | EGP | Path-vector |
| eBGP (BGP) | Yes | Yes | Control-plane | EGP | Path-vector |
| iBGP (BGP) | Yes | Yes | Control-plane | EGP | Path-vector |
| mBGP/MP-BGP (BGP) | Yes | Yes | Control-plane | EGP | Path-vector + multiprotocol extension |
| MBGP (BGP) | Yes | Yes | Control-plane | Control-plane | Path-vector + multicast AFI/SAFI |
The advent of IPv6 brought further development, in this case development in the area of automatic definition of backup routes. The protocol detects and sets the route using Router Advertisement and then uses FHRP (First Hop Redundancy Protocol) to create the mentioned backup route. The entire IPv6 is strongly self-configuring and therefore it is necessary to ensure automatic configuration for backup routes for fault tolerance. In this case, it is not directly a routing protocol, but rather a service protocol.
| Protocol | IPv4 | IPv6 | Class | Interior/Exterior | Principle |
| HSRP v1 | Yes | No | First-hop redundancy | N/A | Active/standby |
| HSRP v2 | Yes | Yes | First-hop redundancy | N/A | Active/standby |
| VRRP v2 | Yes | No | First-hop redundancy | N/A | Master/backup |
| VRRP v3 | Yes | Yes | First-hop redundancy | N/A | Master/backup |
| GLBP | Yes | No | First-hop redundancy | N/A | Load balancing + redundancy |
A subtle addition could be the introduction of other properties of the protocol that may be meaningful from the point of view of network traffic management. This is a rough overview that should show the issues of routing protocol management.
| Protocol | Unicast | Broadcast | Multicast | Point to Point | Point to MultiPoint | CIDR |
| RIP v1 | No | Yes (UDP/520) | No | No | Yes | No |
| RIP v2 | Optional | No | L3: (UDP/520) 224.0.0.9 | No | Yes | Yes |
| RIPng | Optional | No | L3: (UDP/521) ff02::9 | No | Yes | Yes |
| OSPFv1 | No | No | L3: (IP/89) 224.0.0.5 (AllSPFRouters) 224.0.0.6 (AllDRouters) | Yes | Yes | Partial |
| OSPFv2 | No | No | L3: (IP/89) 224.0.0.5 (AllSPFRouters) 224.0.0.6 (AllDRouters) | Yes | Yes | Yes |
| OSPFv3 | No | No | L3: (IP/89) ff02::5 (AllSPFRouters) ff02::6 (AllDRouters) | Yes | Yes | Yes |
| IS-IS | No | No | L2: 01:80:C2:00:00:14 (L1) 01:80:C2:00:00:15 (L2) | Yes | Yes | Yes |
| IGRP | No | Yes (IP/9) | No | No | Yes | No |
| EIGRP | Yes (IP/88) | No | L3: (IP/88) 224.0.0.10 | Yes | Yes | Yes |
| EGP | Yes (IP/8) | No | No | Yes | No | No |
| BGP | Yes (TCP/179) | No | No | Yes | No | Yes |
| eBGP | Yes (TCP/179) | No | No | Yes | No | Yes |
| iBGP | Yes (TCP/179) | No | No | Yes | No | Yes |
| MP-BGP (mBGP) | Yes (TCP/179) | No | No | Yes | No | Yes |
| MBGP | Yes (TCP/179) | No | No | Yes | No | Yes |
| HSRP v1 | No | No | L3: (UDP/1985) 224.0.0.2 (HSRP group) | No | Yes | N/A |
| HSRP v2 | No | No | L3: (UDP/1985) 224.0.0.102 (HSRPv2 group) | No | Yes | N/A |
| VRRP v2 | No | No | L3: (IP/112) 224.0.0.18 (VRRP routers) | No | Yes | N/A |
| VRRP v3 | No | No | L3: (IP/112) 224.0.0.18 (IPv4) ff02::12 (IPv6) | No | Yes | N/A |
| GLBP | No | No | L3: (UDP/3222) 224.0.0.102 (GLBP group) | No | Yes | N/A |
The first part describes the algorithms themselves, the second focuses on participant verification and the integrity of transmitted messages.
1. Introductory Provisions
1.1. These General Terms and Conditions are, unless otherwise agreed in writing in the contract, an integral part of all contracts relating to training organised or provided by the trainer, Jan Dušátko, IČ 434 797 66, DIČ 7208253041, with location Pod Harfou 938/58, Praha 9 (next as a „lector“).2. Creation of a contract by signing up for a course
2.1. Application means unilateral action of the client addressed to the trainer through a data box with identification euxesuf, e-mailu with address register@cryptosession.cz or register@cryptosession.info, internet pages cryptosession.cz, cryptosession.info or contact phone +420 602 427 840.3. Termination of the contract by cancellation of the application
3.1. The application may be cancelled by the ordering party via e-mail or via a data mailbox.4. Price and payment terms
4.1. By sending the application, the ordering party accepts the contract price (hereinafter referred to as the participation fee) indicated for the course.5. Training conditions
5.1. The trainer is obliged to inform the client 14 days in advance of the location and time of the training, including the start and end dates of the daily programme.6. Complaints
6.1. If the participant is grossly dissatisfied with the course, the trainer is informed of this information.7. Copyright of the provided materials
7.1. The training materials provided by the trainer in the course of the training meet the characteristics of a copyrighted work in accordance with Czech Act No 121/2000 Coll.8. Liability
8.1. The trainer does not assume responsibility for any shortcomings in the services of any third party that he uses in the training.9. Validity of the Terms
9.1 These General Terms and Conditions shall be valid and effective from 1 October 2024.Consent to the collection and processing of personal data
According to Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as "the Regulation"), the processor xxx (hereinafter referred to as "the Controller") processes personal data. Individual personal data that are part of the processing during specific activities at this web presentation and in the course of trade are also broken down.Information about the records of access to the web presentation
This website does not collect any cookies. The site does not use any analytical scripts of third parties (social networks, cloud providers). For these reasons, an option is also offered for displaying the map in the form of a link, where the primary source is OpenStreet and alternatives then the frequently used Maps of Seznam, a.s., or Google Maps of Google LLC Inc. The use of any of these sources is entirely at the discretion of the users of this site. The administrator is not responsible for the collection of data carried out by these companies, does not provide them with data about users and does not cooperate on the collection of data.Information about contacting the operator of the site
The form for contacting the operator of the site (administrator) contains the following personal data: name, surname, e-mail. These data are intended only for this communication, corresponding to the address of the user and are kept for the time necessary to fulfil the purpose, up to a maximum of one year, unless the user determines otherwise.Information about the order form
In case of an interest in the order form, the form contains more data, i.e. name, surname, e-mail and contact details for the organisation. These data are intended only for this communication, corresponding to the address of the user and are kept for one year, unless the user determines otherwise. In the event that a business relationship is concluded on the basis of this order, only the information required by Czech law on the basis of business relations (company name and address, bank account number, type of course and its price) will continue to be kept by the administrator.Information about the course completion document
Within the course, a course completion document is issued by the processor. This document contains the following data: student's name and surname, the name and date of the course completion and the employer's name. The information is subsequently used for the creation of a linear hash tree (non-modifiable record). This database contains only information about the provided names and company names, which may or may not correspond to reality and is maintained by the processor for possible re-issuance or verification of the document's issuance.Rights of the personal data subject
The customer or visitor of this website has the possibility to request information about the processing of personal data, the right to request access to personal data, or the right to request the correction or deletion of any data held about him. In the case of deletion, this requirement cannot be fulfilled only if it is not data strictly necessary in the course of business. The customer or visitor of this website also has the right to obtain explanations regarding the processing of his personal data if he finds out or believes that the processing is carried out in violation of the protection of his private and personal life or in violation of applicable legislation, and the right to request removal of the resulting situation and to ensure the correction.