We are not exactly bandits. Bandwidth-Bandits (b2) is a group of IT Pros tackling packets on a daily basis. Each member has their own colorful and unique experience in the evolving field of enterprise data networks, IT security and routing multimedia over IP. The goal of this collaboration is to share knowledge gained from years of experience and pick up new ones from readers. Welcome to our space in the web, please feel free to post what you have in mind.
(b2)
Thinking of creating your own VoIP application Part II. Layer 1: The Packet Infrastructure
Let's say I am Superman and I have X-ray vision. My goal is to look at the inner-workings of a VoIP application or clients like Skype, Yahoo Messenger and Five9 Virtual Contact Center (VCC) Agent.
Like Superman, my goal is to "see-through" this VoIP application because I need to investigate on something. Apparently, Lex Luthor, being a rich genius that he is, has managed to create his own secure VoIP client. Lex Luthor is using this VoIP client application to make calls to his henchmen. So its up to me to investigate on this, retrieve evidence and prove to that he is the mastermind.
If I was Superman, all I need to do is use my X-ray vision to see-through the VoIP application Lex Luthor is using. I will immediately see hundreds of lines of programming codes, specifically variables, commands, and on the networking side, what communication protocols and their corresponding ports this application is using to communicate over the Internet. Now that's interesting.
Luckily, we do not need to be a man of steel or someone who wears blue and red tights and fly around the city saving people and still look cool in the process. Thank goodness for protocol analyzers. It is the X-ray vision of us guys in the voice and data networking field.
Wireshark, (known as Ethereal from its early days) is one of the leading protocol analyzers out there, and its free. If you need to investigate the inner-workings of an application connected to a network, Wireshark is your answer. It is slowly becoming the tool of choice for network sniffers and VoIP phreakers, black hat or white hat. There's tons of things you can do with Wireshark once you have it installed and running on your network, but that is beyond the topic of this post.
For this post, I will refer and use Wireshark extensively to show to you what networking protocols and ports Five9 Agent VCC is using. Five9 Agent VCC is a VoIP client used by Call Center Agents around the globe in making and receiving calls. Five9 VCC Agent utilizes a Softphone feature, the dial pad and other telephone features are on the screen, just push the buttons you need. All you need is a reliable Internet connection, a USB headset with microphone and an account with Five9, and that's it.
Voice-Over-Internet Protocol, a.k.a VoIP, was labeled as a disruptive technology during its infancy. Disruptive in a sense that it will have a massive effect on the current Telecom industry. There were even rumors that it will totally replace the traditional Public Switched Telephone Network (PSTN), or what Cisco-fellows commonly call as POTS for Plain-Old Telephone Service. My belief is that VoIP was and should be developed to work with PSTN, not make it obsolete. Using PSTN and VoIP technology together is even better.
Contrary to public notion, VoIP is not that new to Telecom providers or carriers. In fact, a lot of them has been using VoIP for years now. Carriers mostly use VoIP in transferring international calls and trunking with other major carriers around the globe. They still use Signaling System 7 or SS7 (SS7 is the standard signaling method/protocol of PSTN, which is digital as well) as the primary method of signaling for the majority of their calls, but a consumer doesn't know that sometimes, to cut costs and connect with other carriers faster, a specific international call made by a subscriber is routed using VoIP to connect to another country. Then once the call hits the terminating carrier, the call is then transformed and/or encoded back to analog, then routed using SS7 to the destination telephone number. This method has been saving carriers around the world thousands of dollars.
The beauty of VoIP communication on a technology level is you do not need a dedicated physical or virtual circuit, always reserved for a communication to take place. With IP technology, the voice traffic can use the current available bandwidth of a circuit, then make it open and available for other applications or traffic once the communication has ended. This has been made possible because of Time-Division Multiplexing (TDM) technology.
The current state of VoIP is amazing. Despite not yet being fully-mature in my opinion, hundreds of start-up companies are now offering top-notch carrier-grade, easy to setup VoIP technology. I for one uses Skype as my major tool of communication with my family in the Philippines. I am hoping that someday Skype will decide to make public their proprietary P2P Signaling Protocol that makes their Skype Video Chat light-years ahead with the current competition.
If you want to test this, go and make a video chat session using the latest version of Yahoo Messenger. Observe and compare the delay and quality of the audio and video. Now launch Skype, and you will immediately notice the difference. The WiFi latency inside our house in Manila averages between 190 to 250ms when pinging a US gateway, but this doesn't seem to have a big effect with the quality of my Skype Video Chat session. I live here in the Bay Area, using Comcast Cable Internet with basic 1024K up and 325K download. My laptops are hooked on wireless so I can blog even while I watch my roommates outside skating on our homemade half-pipe at our backyard. Skype is utilizing an excellent proprietary protocol for their signaling resulting in an excellent performance of their VoIP product.
If you are code geek, someone who can easily develop their own application using various programming languages, you will find it relatively easy to develop your own VoIP application.
So what makes up a VoIP application?
A conceptual model has been developed by various leading companies and developers in the VoIP industry. The Internet Engineering Task Force (IETF) is one of the major contributors for the success of VoIP because of the excellent Standardization and Drafts members contributed.
Remember the Open System Interconnect Model a.k.a. OSI Model? Traditional Data Network guys use this conceptual model as a guide in developing and troubleshooting applications and processes that are made for transferring data from one network to another, regardless of its geographical location. A computer network's primary function is to transfer data in form of packets or radio signals from point A to point B. Everything else is optional and for maintenance purposes.
A VoIP application in a nutshell is composed of 3 Layers:
Layer 1, the Packet Infrastructure in a nutshell would map to the Transport Layer, (Layer 4) of the OSI Model. On this layer, you define if your application will use TCP, UDP, RTP over UDP or a combination of the identified standard communication protocols for your VoIP application to establish communication channels to carry the signal and actual voice payload from source to receiver.
Layer 2, Call Control, or Signaling, is the layer where you define how your VoIP application will be able to establish a connection from source to destination. This is where you define if your VoIP application will be using the signaling standards such as Session Initiation Protocol (SIP), H.323, MeGaCo and others to name a few.
Layer 3, Application, defines the actual capabilities of your VoIP application. Features such as Call Waiting, 3-way conferencing, Hold Music, Voicemail and Click-to-Call functionalities are defined here. This is where you make your application unique and stand-out among other VoIP products.
Stay tuned and I will explain and breakdown the 3 Core Layers of VoIP in details on my next post. I will include sample applications and opensource source codes that developers out there can use as a guide in discovering the inner-works of a VoIP application. Just be sure to credit me if you were able to create a wonderful Skype-like proprietary VoIP application after reading this series of blog :-)
Probably one of the most critical parts of deploying and maintaining a network is route summarization. Many of you may find this easy, may be in an ideal network yes, however it is never perfect out there in the real world. Even I would admit that the summarization of our IPv4 addresses is not that good, at least to a point that we know we coud do better, but its already there and its virtually impossible to re-address an ISP network. That is why, planning out your address scheme is very critical into having a fine tuned and well summarized network.
Route Summarization is defined as – the technique of grouping IP networks together to minimize advertisements.
Why is summarization important anyway? Here are some of the benefits you will get in a well summarized network.
Faster routing – the smaller the routing table you have, the better. When it comes to network performance, speed is the key. We must make our routing table smaller whenever we can as this will make our routers forward traffic faster and thus resulting into a faster, more efficient network.
Hides route information details – this is to simplify your routing process. This is the key scalable routing, taking a huge set of advertisements and reduce it down to a single(if possible) or a fewer set of advertisements. You guys may refer to this as ‘supernetting’ – consolidating smaller networks into one route entry that represents a bigger network. This is good for hiding unimportant details like flapping routes. Information as detailed as this may not be significant to the neighboring routers as they may not be able to do anything about it anyway.
Reduces router resources – summarization reduces resource consumption because you save processor times for calculating routing information and reduced memory utilization due to the reduced number of routes. This would also save on network capacity there would be fewer and smaller advertisements to send around the network.
Speeds up convergence – because router with fewer routing entries has less routes to process and routers will receive updates faster. This advantage may even tuned more and may just depend on the routing protocol you are using.
Now let’s get to an example. Lets say we have 3 routers., and Router A has the networks 112.89.0.0/24 through 112.89.13.0/24 and we will be summarizing routes to advertise to routers B and C. As you can see this is a class A range chopped down into smaller class C (/24) blocks and that the first 2 octectswill be the same for each and every network either we put them down in decimal or in binary.
112.89.0.0 – 01110000.01011001.00000000.00000000
112.89.1.0– 01110000.01011001.00000001.00000000
112.89.2.0– 01110000.01011001.00000010.00000000
112.89.3.0– 01110000.01011001.00000011.00000000
112.89.4.0– 01110000.01011001.00000100.00000000
112.89.5.0– 01110000.01011001.00000101.00000000
112.89.6.0– 01110000.01011001.00000110.00000000
112.89.7.0– 01110000.01011001.00000111.00000000
112.89.8.0– 01110000.01011001.00001000.00000000
112.89.9.0– 01110000.01011001.00001001.00000000
112.89.10.0 – 01110000.01011001.00001010.00000000
112.89.11.0 – 01110000.01011001.00001011.00000000
112.89.12.0 – 01110000.01011001.00001100.00000000
112.89.13.0 – 01110000.01011001.00001101.00000000
We just wrote down each network in binary and the next thing to do is to the number of bits that match on these networks. This will result into a single summary that includes all the routes.
Looking at our example we can see that all networks are identical upto the 20th bit starting from the left. Therefore we could assume that we can summarize all these networks as 112.89.0.0/20 or 255.255.240.0. Now to check if we are correct we have to lay out the possible networks that this summary will include. The fastest way to achieve this is to simply put down in binary the first and last network within this summary route. The first network in the range will be put down as is in binary and the remaining bits will be turned on to determine the last network in the summarized range.
Using our example here is the binary to decimal conversion:
There we understand that the bits in bold are our network bits right? So we can only turn on bits upto the 24th bit or the last bit in the octet were we are in (3rd) and stop at that classful boundary. If all those remaining bits are turned on the result would be:
Based on the results, the range of 112.89.0.0/20 covers upto 112.89.15.0/20. What does this mean? Obviously this network summary summarized all our networks in Router A which is 112.89.0.0/24 through 112.89.13.0/24 however It also included 2 more networks, 112.89.14.0/24 and 112.89.15.0/24. This simply shows that we over summarized and that we actually included the networks that we are not even advertising. This is fine if we own these remaining networks and were to advertise them anyway in the future however if this isn’t the case we can’t just do that, specially in public IP routing because you can only advertise the range that was assigned to you and nothing more.
The next step would be to find the range in between wherein we can summarize properly without over summarizing. To find that out we just have to move our summarization 1 bit smaller. When I say this I mean we have to move 1 bit to the right and check upto which network we can summarize and stop there then move on to summarize the remaining networks that were left out.
Going back to our example we used a /20 mask and since we have to move 1 bit to the right we then have to use /21 as our mask. Let us check again to see the range of this mask.
Knowing this we determine that the networks that have the same matching bits is from 112.89.0.0 through 112.89.7.0 and thus can be summarized without over summarizing.
What happens now to the remaining networks? Ofcourse we start all over again and try to summarize what is left.
112.89.8.0– 01110000.01011001.00001000.00000000
112.89.9.0– 01110000.01011001.00001001.00000000
112.89.10.0 – 01110000.01011001.00001010.00000000
112.89.11.0 – 01110000.01011001.00001011.00000000
112.89.12.0 – 01110000.01011001.00001100.00000000
112.89.13.0 – 01110000.01011001.00001101.00000000
Looking at the remaining networks in binary we can see that we have the bits matched upto the 21st bit. Will we over summarize if we use this mask? Lets find out.
The proper summarization then would be 112.89.88.0/22. The remaining networks will be just easy for you:)
112.89.12.0 – 01110000.01011001.00001100.00000000
112.89.13.0 – 01110000.01011001.00001101.00000000
The matching bits for these last 2 networks is upto the 23rd bit. We actually don’t even have to check because obviously were already looking at the first and last network in the range. Therefore the last summary we have is 112.89.12.0/23.
In summarizing our networks we ended up with 3 summary routes. We weren’t able to advertise a single route but this the best we do and is way much better than advertising 14 individual class C networks.
Here’s what we our neighbors will get in their routing tables.
112.89.0.0/21
112.89.8.0/22
112.89.12.0/23
But then wait what if we say 112.89.14.0/22? Is that possible? Just for the sake of example let’s say a colleague of yours was being cocky and asked you wether this can be summarized or not on the spot. There is no way you would get a paper and convert these networks in binary. So the real question im trying to imply here is; Is there an easy way? Ofcourse there isJ But you still got to have a pretty good math to answer it quickly. For that we have to at least have an idea how much addresses are there in a summary or in a CIDR notation.
Here's the table for this. It shows the summary mask and how many addresses are there in that specific summary.
class C
/24
/23
/22
/21
/20
/19
/18
/17
/16
/24
1
/23
2
1
/22
4
2
1
/21
8
4
2
1
/20
16
8
4
2
1
/19
32
16
8
4
2
1
/18
64
32
16
8
4
2
1
/17
128
64
32
16
8
4
2
1
/16
256
128
64
32
16
8
4
2
1
class B
/16
/15
/14
/13
/12
/11
/10
/9
/8
/16
1
/15
2
1
/14
4
2
1
/13
8
4
2
1
/12
16
8
4
2
1
/11
32
16
8
4
2
1
/10
64
32
16
8
4
2
1
/9
128
64
32
16
8
4
2
1
/8
256
128
64
32
16
8
4
2
1
I had it illustrated as using class C and class B summaries as these are the most common
summarization on the internet. If ever you get the chance to see the Inernet routing table these CIDR notations are the most that you will see.
So how are we going to use this anyway? Going back to our example we have 112.89.14.0/22 and we want to determine of this is a proper summarization without converting it to binary or any long method. The trick is to know how many addresses are there within the range of the mask used. We have a /22 mask and looking at the table we can see that it is composed of 4 class C or /24 blocks and it could also consist of 2 /23 blocks. We then take the the number on the class C octet (3rd octet) and divide it with how many class blocks we have for the given mask, in our case we’ll ofcourse try 4 class Cs first as this is the most number of class Cs. So 14 divided by 4 is equal to what? We have 3 but we still have a remainder of 2. What does this mean? It means we over summarized and cannot use the /22 mask therefore we move on then to the next possible divisor which is 2 which then equals to a 23 block or 2 /24 blocks. So 14 divided by 2 is equals to 7 and we don’t have any remainder. This just means that 112.89.14.0/23 is properly summarized network and this range consists of 2 class C blocks. To make it clearer lets check it on binary.
So we were able answer the question by familiarization with how many addresses are there in a specified mask and simple division. We then were able to check and prove our answer using binary. Doing a lot more of these would actually make yourself much faster in route summarization. Not that you need to be fast but having to determine if a route is summarized correctly by a single glance will be an advantage. Having the ability to do so saves you time in preparing configurations for your routers or layer 3 switches.
Just some final tips before I end this topic. Having to know how to properly summarize routes is good but having to know how to use summarization on different routing protocols is a different story. Routing protocols behave differently when it comes to route summarization and this means that you may have to use different techniques in doing so. Not that there are other ways of summarization but on techniques to implement with your routing protocol. For example, summarization in OSPF can only be done on Area Border Routers (ABRs) and Autonomous System Boundary Routers (ASBRs). For EIGRP on the other hand, summarization can be done on the interface level and therefore gives you more flexibility on were to advertise your summary routes. You will be taking these things in consideration when planning and designing your network along with your addressing scheme.
One common practice you must always do along with summarizing your routes on a router is creating a route to Null 0 or better known as the bit bucket interface (blackhole). Because you are advertising a summary route, other routers on your network will send packets to any network within your summary route regardless wether that network is up or down. Your neighboring routers don’t know the status of that network as information such as that doesn’t even get to them. Remember that summary routes hides the detailed information for the specific networks within your summary route. This is because when you advertise a summary route you are basically saying “For all the addresses starting with ‘n’ bits, can be found behind me – do not worry about the details, just pass on the packets and leave the forwarding of your traffic to me”. If a packet gets to that router and the destination network or address happens to be down, it either gets dropped, or it will loop around until its time-to-live expires. So in order to be sure that traffic destined to unavailable networks get dropped we put in Null 0 routes to catch all those packets.
note: in EIGRP when you create a summary route it automatically creats a Null 0 route for that summary.
I hope this has been another informative topic and you guys learned something out of it.
For my first post I want to talk about and tackle the basics on how a Cisco router makes routing decisions. Before that why is this important anyway? As to many network guys out there and a whole lot more who's planning to move into the field, to get a good seat on a stable job will require solid foundations and at least basic skills. I say this as you would never know when your evaluator would ask you questions that would relate to this topic and you couldn't answer later to find out its BASIC. When I say basic it doesn't mean it's easy, because sometimes it's the most basic things actually the we miss out during unexpected trouble or network downtime etc. So whether you're creating configs or troubleshooting your network it's always good to have a good grasp of the foundation knowledge.
There are 3 steps as to how a router 'routes'. Below is how it makes routing decisions in sequence.
1. Selects the most specific route or the route with the longest prefix. When the router receives a packet it takes a look at the routing table and checks if it has a route to the destination of the packet. If there's only one route then it forwards it out right away, when there's more than one route it checks for the prefix length. For those of you who are not yet familiar what a prefix length is, to put it in simple words, it is how many bits are set on the subnet mask. So the longer the subnet mask is - which is also the same as the more specific the route is - the better. To understand better let me give you an example.
Lets say there are two routes to a destination. One is 206.15.45.0/24 and the other is 206.15.45.0/26. Now a packet comes in and is destined to 206.15.45.34, which route will the router use? We have two routes, one is a /24 which is in subnet mask notation reads 255.255.255.0, and then we got another one with a /26 mask, which converts to 255.255.255.192, which happens to be longer. This would mean that upon seeing those two routes, the router will choose the route with a longer prefix length - 206.15.45.0/26, because it is a more specific route and will most likely get the packet there with higher percentage over the more summarized route. You can think of it as a much more accurate path. I say that as that /24 route could be a summary route and has more specific networks behind it. If this is the case then we won't know whether those routes behind are up or down as to this is one of the advantages route summarization can do for us, not letting other routers know what they don't need to know. But that's completely a whole other topic so probably in another post. :)
But how about if both routes have the same prefix length? They could be both /24s or both /26s right? This is when the next step will come in.
2. Selects the route with a better AD. Now for those who are not yet familiar what an AD is, it stands for Administrative Distance. Some sources will say that it's the believability of a route, some say it's kind of a metric for routing protocols, but yeah you get the point by that. A router would choose to use a route over the other (if you have more than one route with the same prefixes) and choosing the one with the lower Administrative Distance. Each routing protocol has its own AD and even depending on what type of route it is. Below is the list of ADs for each protocol and for each route type for a protocol.
Note: I have not included those that I know are obsolete and does not exist anymore.
As you can see is a value from 0-255 where 255 is considered unreachable. The lower the AD is the better, and so this is the route which the router will choose to use. Let's say for example the same route as what we used in step #1 206.15.45.0/26 as an OSPF route, and then I hopped into the router and put in a static route for that the same route. Since a static route has an AD of 1 which happens to be lower than the AD of 90 for OSPF, the router would start using the static route.
There are ways to manipulate the AD for certain types of routes but one that I would like to point out is the static route because it can be done in two common ways. First is to specifically set the AD for it. For example, to put in a static route you put in the below command under global config. Router(config)#ip route206.15.45.0 255.255.255.192 {next-hop | exit-interface} [AD]
This is the basic configuration for a static route. After specifying the next-hop IP address or exit interface you can specify an optional AD value for your static route. Most often this is manipulated due to the need of back-up routes. This is when you have a dynamic routing protocol in place and you would want to have a back-up static route just in case that dynamic routing fails. This static route is called a 'floating static' route as to what it does. It just stays there just in case the dynamic route fails. This is done by setting a higher AD for the static route than the dynamic route. In our example if we have an OSPF route and then we put in a static route with a higher AD than OSPF, the OSPF route will still be used because of its better AD. Router(config)#router ospf 1Router(config-router)#network 206.15.45.0 0.0.0.63 area 0 Router(config-router)#exitRouter(config#ip route206.15.45.0 255.255.255.192 Serial1/0 115 The other way is setting the next-hop IP address or the exit-interface. For some network guys, it could be just a matter of preference but you've got to know that there is a difference when setting a static route and using one over the other. A static route when you opt to use a next-hop IP sets its AD to 1. Of course this is expected because yes it is its default AD. However setting it to use an exit-interface rather than a next-hop IP will set consider it a directly connected route - assigning it an AD of 0. For some it doesn't matter, but there are certain network setups out there that may be sensitive enough for these kinds of configurations. In my experience I have found out that setting the next-hop IP address is a safer choice, not that the exit-interface is not good but it posed issues to our network when I did it lol. Well that's just based from experience and not discouraging everybody from using the exit-interface option. The only instance wherein I see exit-interfaces constantly in our network is on default-routes. Either of the two is good it just depends how you're going to use it and as long as it does'nt cause any outage or routing issues in your network:)
What if more than one route has the same AD?
3. Selects the route with the best metric. Routes with the same AD will most likely come from the same routing protocol. In this case comparing each route's metric is what the router will do next. This would just depend on which routing protocol is used as different routing protocols has different ways of finding the best path. For EIGRP for example it used the fastest way to get traffic to its destination. It calculates the best path including a secondary best path if there is (EIGRP is the only routing protocol that uses back-up routes). Below is the list on what metrics each routing protocol uses to determine the best path through a network.
Now as much as would like to give a good example for this step It would lean more towards to basics of routing protocols and thus be out of scope for this topic or even might be a little info-overload for some newbies. As I do post more topics I would probably explain more on the metrics of each of these routing protocols and how they do the whole routing thing:)
Lastly what if more than one route has the same metric? You bet it! it will load-balance, otherwise there will be a need for a 4th step:) I hope you guys learned something or at least something new and more posts to come.
