index_16
Router Security Configuration Guide
UNCLASSIFIED
16
UNCLASSIFIED
Version 1.0g
network data messages from a LAN and convert them into packets suitable for
transmission beyond the LAN on a wide area network (WAN). The goal is almost
always to get these packets to another LAN and ultimately to the correct host on that
LAN. Part of the conversion process is to add a packet header. Other routers will
generally only look at a packets header information, not at the contents or data in the
packet.
Routers also make decisions about where to send these packets, based on: the
addresses contained within the packet headers and a table of routes maintained within
the router. Updating these routing tables and forwarding data packets between
portions of a network are one of the primary purposes of a router. Building packets
and unwrapping packets are additional router functions performed by the first and
last routers, respectively, that a message passes through. In addition to directing
packets, a router may be responsible for filtering traffic, allowing some packets to
pass through and rejecting others. Filtering can be a very important function of
routers; it allows them to help protect computers and other network components. For
more information about filtering, see Section 3 and Section 4. It is also possible that
at the destination end a router may have to break large packets up to accommodate
the size limits of the destination LAN.
There is no reason that routers cannot be used to send messages between hosts (as
shown in Figure 1-1) but more typically routers are used to connect LANs to each
other or to connect a LAN to a WAN.
Most large computer networks use the TCP/IP protocol suite. In some sense this is
the lingua franca of the Internet. See Section 2.2 for a quick review of TCP/IP and
IP addressing.
2.1.2. Routing Tables
As mentioned, one of tasks of a router is to maintain routing tables which are used to
decide where a packet is to go and thus which interface it should be sent out. In the
past these tables were built and updated by hand and this is referred to as static
routing. In dynamic routing, the router learns about where various addresses are
relative to itself and builds up routing tables based on this information. There are a
number of schemes or routing protocols for routers to acquire and share routing table
information. While a thorough treatment of the details is beyond the scope of this
document, there is a brief discussion of routing protocols is in Section 4.4.