ITM 09102: ADVANCED COMPUTER NETWORKS

INDIVIDUAL ASSIGNMENT

NAME: ANGELA NEMES MASAWE

3. Describing how the following routing protocols used by a router to determine the appropriate
path over which data is transmitted.

i. RIP

Routing information protocol (RIP) is an interior gateway protocol designed to manage a

relatively a small network. It is based on the Bellman Ford or distance vector algorithm.

RIP uses the number of hops or hop count to determine the best possible route to the destination
of the network. The maximum hop count allowed for RIP is 15.Each router maintains a routing
table which is a list of all destinations the router knows how to reach. The router broadcasts its
entire routing table to its neighbors every 30 seconds. Further the neighbors pass information to
their nearest neighbors until the whole network has the same knowledge of the routing paths.

When a router receives an update on a route and the route is shorter it updates the table entry
with length and next hop address of the shorter path. If the new path is longer it will wait through
a hold down period to see if later updates reflect the higher value as well. It will only update the
entry if the new longer path has been determined stable. If a router crashes the network discovers
this as it stops sending updates to neighbors. If a route in the routing table isn’t updated across 6
update cycles it will be dropped.

RIP has three versions which are RIP version one which is referred as classful routing protocol
because it does not send information of the subnet mask in routing update and RIP version two
which is referred as classless routing protocol because it sends information of the subnet mask in
its routing update and the RIPng which is an extension of RIP version two made to support IPV6.

ii. EIGRP
Is an advanced distance vector routing protocol normally used in large computer networks for
automating routing decisions and configuration. It basically uses five metrics to determine an
appropriate path for data transmission. These metrics include bandwidth, delay, reliability, load
and maximum transmission unit values along the route. This protocol uses a diffusing update
algorithm (DUAL) to identify network paths and provides for fast convergence using pre
calculated loop-free backup paths.

iii. OSPF

Open shortest path first is a link state open standard based routing protocol which also falls in the
group of interior gateway protocols (IGP). It uses its own shortest path first (SPF) algorithm to
find the best path between the source and destination router. It supports trigger updates for fast
convergence and guarantees loop free paths. It supports unlimited hop counts.

iv. IS-IS

Intermediate system to Intermediate system is an interior gateway protocol (IGP), link state
routing protocol. It shares similarities with OSPF protocol in terms of forming neighbor
adjacencies, utilizing areas, exchanging link state packets, building a link state database and
using the Dijkstra SPF algorithm to find the best path to each destination and update the routing
table.

V. BGP

Border gateway protocol is an exterior gateway protocol that determines the best routes for data
transmission on the internet. It controls how packets get routed from network to network by
exchanging routing and reachability information among edge routers. BGP uses the best path
algorithm which decides the best path to install in the IP routing table and to use for traffic
forwarding .It selects the best path by considering the highest weight, highest local preferences,
current reachability, hop counts and the oldest route.
4. Discussing security parameters on
i. Routing
A crucial component of networking is security, and routing is essential to guaranteeing the safe
and dependable transfer of data between networks. Routing is linked to a number of security
factors and considerations to protect network infrastructure. The following are some crucial
routing-related security parameters:

1. Authentication

.Authentication of routing information: Ensure that routers authenticate information they

receive from neighboring routers. This prevents fake routing information from being
introduced in the network by unauthorized routers.

.Neighbor authentication: To make sure that only reliable routers take part in routing
establish authentication procedures between nearby routers.

2. Encryption

Routing protocol encryption: Routing protocol encryption can protect against eavesdropping
and tampering. Some protocols, such as BGP, do not have built-in encryption, so using
technologies such as virtual private networks (VPN) or IPsec can help protect communication
channels between routers.

3. Access control

Access lists: Implementing access control lists (ACLS) on routers helps control
which devices are allowed to exchange routing information by filtering incoming
and outgoing traffic routers can prevent unauthorized access and protect against
certain types of attacks.
 4. Route filtering

Prefix filtering where by routers must be configured to filter and validate received routing
information. This helps prevent the spread of malicious routing updates. Implementing route
filtering based on the prefix lists or route maps can be a powerful way to manage routes
advertised or accepted by a router.

5. Distributed Denial of service (DDOS) protection

DDOS mitigation deploys DDoS defenses to protect routers from excessive traffic that can
disrupt routing services. Implementing a comprehensive security strategy that incorporates these
parameters is critical to protecting your network's road infrastructure. Regular security audits and
assessments can help identify and fix vulnerabilities before they are exploited by malicious
actors. This can be archived by load balancing, application layer protection through web
application firewalls and content delivery networks which distribute content across multiple
servers and data centers.

6. Redundancy and Resilience

Redundant Paths: Implementing redundant paths and protocols such as HSRP(Hot standby router
protocol) which allows you to configure two or more routers as standby routers and a single
router as an active router at a time or VRRP(Virtual router redundancy protocol) which is a
networking protocol that allows the automatic assignment of available internet protocol routers
to participating hosts .This increases reliability of routing through automatic IP subnet default
gateway options .These protocols ensure network resilience. This helps maintain connectivity
even in the event of failures or attacks.

ii. Interface ports

Protecting interface ports is crucial to maintain the overall security of network devices. Interface
ports, whether on routers, switches, or other network devices, act as entry and exit points for data
traffic. Here are some key security parameters and considerations related to interface ports.
1. Port security
This is a feature of network devices that help manage and secure the network access by
controlling devices connected to individual ports. This uses main aspects such as MAC
address filtering which allows specification of MAC addresses allowed to connect to
specific port and thus blocking unauthorized MAC addresses. Another main aspect in port
security is the violation modes which determine what actions to be taken in case of
violation. These modes include the shutdown where port is disabled in case of violation, the
restrict mode where traffic from violating device is dropped but remains operational and the
protect mode which resembles restrict but an SNMP trap is generated instead of dropping
the traffic.
2. IP Source Protection:
IP Source Guard helps prevent IP addresses by associating IP addresses with specific MAC
addresses. This feature restricts interface traffic to only IP addresses assigned via DHCP.

3. 802.1X authentication:
Port-based network access control (802.1X) whereby 802.1X authentication is used to
control access to network resources based on device or user credentials. This adds an
additional layer of security by requiring authentication before allowing access through the
interface port.

4. ACLs(Access control lists)

Ingress and Egress ACLs: Apply Access control lists to interface ports to control the types
of ingress (inbound) and egress (outbound) traffic allowed. The ingress and egress ACLs
can filter traffic based on source and destination IP addresses, ports and protocols improving
overall security.

5. DHCP snooping
Dynamic Host Configuration Protocol (DHCP) Snooping: Enable DHCP snooping to
reduce DHCP-based attacks. This feature ensures that only authorized DHCP servers can
assign IP addresses to devices on the network, preventing rogue DHCP servers from causing
network problems.

6.
Verma, A. and Bhardwaj, N., 2016. A review on routing information protocol (RIP) and open shortest path
first (OSPF) routing protocol. International Journal of Future Generation Communication and
Networking, 9(4), pp.161-170.