Academy
IP Networks and Routing experimental
IP Networks and Routing How packets find their way: addressing and subnetting, the routing table, OSPF and BGP and failure modes, on an interactive topology. Addressing and subnetting. Addressing and subnetting. Design an address plan.. Explain classless inter-domain routing and calculate subnet boundaries, block sizes, and usable host counts from a given prefix length.. IPv4/IPv6, Subnetting, CIDR, Address planning IPv4/IPv6 An IPv4 address is a 32-bit number, usually written as four dotted decimal octets (e.g. 192.168.10.77). An IPv6 address is 128 bits, written as eight groups of hex digits (e.g. 2001:db8:acad::1), with :: compressing one run of zero groups. IPv6 was built for a much larger address space and simpler header processing, but the underlying idea of splitting an address into a network part and a host part is identical in both families. Subnetting Every address is split by a prefix length into a network portion and a host portion. In IPv4, a /26 sets aside 6 host bits, giving 2^6 = 64 addresses in the block; one is the network address, one is the broadcast address, so 62 are usable for hosts. A /28 gives 16 addresses (14 usable), and a /22 gives 1024 addresses (1022 usable). To find the network a host belongs to, take the address, keep the prefix bits, and zero the rest: 192.168.10.77/27 has a block size of 32 in the last octet, and 77 falls in the 64-95 range, so the network is 192.168.10.64/27. The same block-size trick works in any octet: 10.20.30.40/20 has a block size of 16 in the third octet, and 30 falls in the 16-31 range, so the network is 10.20.16.0/20. CIDR Classless Inter-Domain Routing (CIDR) replaced the old class A/B/C boundaries with an explicit prefix length carried alongside every address (the /n notation). CIDR lets you size a block to the need rather than to a fixed class, and lets you aggregate many small blocks into one shorter-prefix advertisement (supernetting) to keep routing tables small. Subnetting and supernetting are the same arithmetic run in opposite directions: borrowing bits from the host portion shrinks a block and multiplies the number of subnets; giving bits back grows a block and reduces the number of routes needed to describe it. Address planning A good address plan starts from requirements, not habit: count the hosts you need per segment (plus growth), then pick the smallest prefix that covers it with headroom: for 500 hosts you need 9 host bits (2^9 - 2 = 510), so a /23. Plan on nibble (4-bit) boundaries in IPv6 where practical, since it keeps subnets human-readable and easy to summarize; a /48 site allocation split into /64 links yields 65,536 subnets, one per link, which is the recommended IPv6 subnetting model. Reserve room for summarization: contiguous blocks assigned to the same region or role can be advertised as a single aggregate route, which is the single biggest lever for keeping a routing table small and convergence fast. Dual-stack and transition Most production networks run IPv4 and IPv6 simultaneously rather than cutting over in one step, an approach called dual-stack, where a host or router holds both an IPv4 and an IPv6 address on the same interface and prefers one protocol family per destination based on what that destination itself supports. Dual-stack avoids the reachability gap a hard cutover would create, since not every destination on the internet is reachable over IPv6 yet, but it roughly doubles the address planning and firewall policy surface a network operator must maintain, since every rule written for IPv4 needs an IPv6 equivalent considered separately rather than assumed to carry over automatically. Private address space and translation Not every address needs to be globally routable. RFC 1918 reserves three IPv4 ranges, 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16, for private use inside an organisation, and Network Address Translation rewrites a private source address to a shared public one as traffic leaves the network, letting many internal hosts share a small number of public addresses. This economises on scarce public IPv4 space but breaks the simple assumption that an address uniquely identifies a host end to end, which is one of the practical motivations behind IPv6's much larger address space: with enough addresses to give every device a unique global one, translation becomes unnecessary rather than a permanent architectural feature. Related CCI capabilities Computer Architecture (Course): (https://www.cambridgecyberinternational.com/en/insights/academy/computer-architecture/). Optics Primer Series (Course): (https://www.cambridgecyberinternational.com/en/insights/academy/optics/). Maths Refresher Series, Finance (Course): (https://www.cambridgecyberinternational.com/en/insights/academy/maths-finance/). System Dynamics (Course): (https://www.cambridgecyberinternational.com/en/insights/academy/system-dynamics/). CCI Lab: Run it, build with it, read the thinking, reuse the data. (https://www.cambridgecyberinternational.com/en/insights/lab/) The routing table. The routing table. Read and predict routing decisions.. Explain longest-prefix match and administrative distance, and compute which single route a router selects from a table containing overlapping and equal-length candidates.. Longest-prefix match, Next hop, Default routes, Tables Longest-prefix match When a router must decide where to send a packet, it compares the destination address against every route in its table and keeps only the routes whose prefix matches. If more than one route matches, the router picks the one with the longest prefix, since the most specific match wins, regardless of any other attribute such as metric or administrative distance. For example, if a table holds 10.0.0.0/8, 10.1.0.0/16, and 10.1.2.0/24, a packet to 10.1.2.5 matches all three, but the /24 is used because it is the most specific. This single rule is the core of every Internet Protocol (IP) forwarding decision, in both IPv4 and IPv6. Next hop Each matched route resolves to a next hop: either the IP address of an adjacent router to forward toward, or an indication that the destination is directly connected (the exit interface itself). The router does not need to know the full path to the destination, only the correct next hop for this one step; the next router repeats the same longest-prefix-match process independently. This hop-by-hop, stateless model is what lets IP routing scale: no router carries end-to-end path state. Default routes A default route, written 0.0.0.0/0 in IPv4 or ::/0 in IPv6, matches every destination but is always the least specific route possible. It only wins when no more specific route matches, which makes it the catch-all for traffic leaving a stub network or heading toward the wider internet. Removing or misconfiguring a default route is a classic cause of a network being reachable internally but unable to reach anything external. Tables A routing table is built from multiple sources: directly connected interfaces, statically configured routes, and routes learned from dynamic protocols such as Open Shortest Path First (OSPF) or Border Gateway Protocol (BGP). When several sources offer a route to the same prefix, administrative distance (a per-protocol trust ranking, e.g. connected 0, static 1, OSPF 110, BGP 20/200) breaks the tie before longest-prefix match is even needed; administrative distance only matters, though, when prefixes are equal length; a longer prefix from a less-trusted source still wins over a shorter prefix from a more-trusted one. Reading a routing table fluently means reading it in this order: find every matching prefix, keep the longest, and only then use metric or administrative distance to break a tie among routes of equal prefix length. Route summarization A routing table that carries one entry per individual downstream subnet does not scale as a network grows; route summarization collapses many contiguous, smaller prefixes into one shorter, less specific advertisement whenever the addressing plan was laid out with summarization in mind, which is exactly why this module's companion address-planning material insists on assigning contiguous blocks by region or role rather than handing out prefixes arbitrarily. A well-summarized table converges faster after a change too, since a single link flapping behind a summarized boundary does not need to be re-advertised hop by hop across the entire network, only within the region where the summary boundary sits. Equal-cost multipath When a routing protocol finds two or more paths to the same destination with an identical cost, a router does not have to pick just one; equal-cost multipath (ECMP) installs all of the tied routes simultaneously and spreads traffic across them, typically by hashing some combination of source and destination address and port so that a given flow consistently takes the same path rather than reordering packets mid-stream. ECMP raises effective bandwidth and provides an immediate, sub-second failover if one of the paths drops, since the remaining equal-cost paths simply absorb the traffic without waiting for a full routing-protocol reconvergence. Related CCI capabilities Computer Architecture (Course): (https://www.cambridgecyberinternational.com/en/insights/academy/computer-architecture/). Optics Primer Series (Course): (https://www.cambridgecyberinternational.com/en/insights/academy/optics/). Maths Refresher Series, Finance (Course): (https://www.cambridgecyberinternational.com/en/insights/academy/maths-finance/). System Dynamics (Course): (https://www.cambridgecyberinternational.com/en/insights/academy/system-dynamics/). CCI Lab: Run it, build with it, read the thinking, reuse the data. (https://www.cambridgecyberinternational.com/en/insights/lab/) OSPF and BGP. OSPF and BGP. Explain interior and exterior routing.. Distinguish link-state from path-vector routing and evaluate the outcome of BGP best-path selection given a set of candidate routes with stated attributes.. Link-state and OSPF, Path-vector and BGP, Policy, Convergence Link-state and OSPF Open Shortest Path First (OSPF) is a link-state interior gateway protocol: every router floods information about its own links (state, cost) to all other routers in the area, so that every router ends up with an identical map of the topology. Each router then independently runs Dijkstra's shortest-path-first algorithm over that map to compute its own best routes. Because every router has the full picture, OSPF converges quickly and predictably after a change, and the path chosen is whichever has the lowest cumulative cost (typically derived from interface bandwidth), not necessarily the fewest hops. Path-vector and BGP Border Gateway Protocol (BGP) is the path-vector protocol that glues autonomous systems (ASes) together across the internet. Rather than flooding full topology information, a BGP speaker advertises to its neighbors the full AS path a route has traversed, plus a set of attributes. A receiving router never sees the whole graph, only the paths its neighbors chose to tell it about, which makes BGP scale to hundreds of thousands of routes but makes convergence comparatively slow and dependent on advertisement and withdrawal messages propagating hop by hop. Loop prevention in BGP relies on the AS path itself: a router rejects any route whose AS path already contains its own AS number. Policy OSPF route selection is essentially cost-driven and largely policy-free within an area. BGP, by contrast, is fundamentally a policy protocol: operators routinely prefer a route not because it is shortest but because it is cheaper, more trusted, or contractually required. The standard BGP best-path selection order (simplified) checks, in sequence: highest local preference, shortest AS path, lowest origin type, lowest Multi-Exit Discriminator (MED) (only between routes from the same neighboring AS), eBGP-learned over iBGP-learned, and finally lowest Interior Gateway Protocol (IGP) metric to the next hop, with router ID as a final tiebreaker. Local preference and AS-path prepending are the two levers operators reach for most often to steer traffic in or out of a network. Convergence Convergence is the time a network takes to reach a consistent, loop-free forwarding state after a change. OSPF converges fast (often sub-second to a few seconds) because a single link-state flood plus one shortest-path-first (SPF) recalculation is enough for every router to agree. BGP convergence is slower and less bounded because a withdrawal or a better path must propagate AS-hop by AS-hop, and each intermediate router may need to reevaluate its own best path before passing the update on; this is why a BGP failure can take tens of seconds to minutes to fully settle, and why route flapping is damped rather than propagated instantly. Route reflectors and iBGP scaling Internal BGP sessions between routers inside the same autonomous system do not re-advertise a route learned from one iBGP peer to another iBGP peer by default, a loop-prevention rule that would otherwise require every router to peer directly with every other router, an arrangement that grows unmanageably as the router count increases. A route reflector breaks this restriction for a designated hub router, which is explicitly permitted to reflect routes between its client routers, collapsing what would need to be a full mesh of sessions into a hub-and-spoke topology while preserving the same loop-prevention guarantee through a separate mechanism, the originator ID and cluster list attributes. Route filtering Accepting every route a neighbor advertises without question is exactly the trust gap that real-world route hijacks and leaks exploit; prefix lists and AS-path filters let an operator explicitly state which prefixes and which AS paths are legitimate to accept from, or advertise to, a given neighbor, rejecting anything outside that set. Resource Public Key Infrastructure (RPKI) extends this further with cryptographically signed route origin authorizations, letting a router validate that the AS originating a route announcement is actually authorized to originate that specific prefix, rather than relying solely on operator-configured filter lists that can go stale as a network's legitimate address holdings change. Related CCI capabilities Computer Architecture (Course): (https://www.cambridgecyberinternational.com/en/insights/academy/computer-architecture/). Optics Primer Series (Course): (https://www.cambridgecyberinternational.com/en/insights/academy/optics/). Maths Refresher Series, Finance (Course): (https://www.cambridgecyberinternational.com/en/insights/academy/maths-finance/). System Dynamics (Course): (https://www.cambridgecyberinternational.com/en/insights/academy/system-dynamics/). CCI Lab: Run it, build with it, read the thinking, reuse the data. (https://www.cambridgecyberinternational.com/en/insights/lab/) Failure and repair. Failure and repair. Diagnose and repair failures.. Identify a routing blackhole or loop from symptom evidence such as traceroute output, and design an ordered repair sequence that restores a loop-free path.. Link failures, Blackholes, Loops, Repair Link failures When a physical or logical link goes down, every router with a route depending on that link must detect the failure and recompute. Detection itself takes time: a directly attached router usually notices within milliseconds (carrier loss), but a router several hops away only learns about it once a routing protocol update reaches it. Until that update arrives and is processed, routers downstream of the failure keep forwarding traffic toward a next hop that can no longer deliver it; the gap between the failure occurring and every affected router learning about it is where most user-visible disruption happens. Blackholes A blackhole is a route that appears valid in the table (it matches a destination and points to a next hop) but silently drops traffic because that next hop can no longer actually forward it (the link is down, the neighbor withdrew the more specific route but a stale summary or static route still matches, or a policy misconfiguration null-routes legitimate traffic). Blackholes are especially dangerous because, unlike an outright "destination unreachable," nothing tells the sender the packet was dropped; traceroute typically shows the packet vanishing at or just before the blackholing router with no further hops responding. Loops A routing loop occurs when two or more routers each believe the other is the correct next hop toward a destination that neither can actually reach, so a packet circulates until its Time to Live (TTL) counter, or IPv6 hop limit, expires. Loops most often appear transiently during convergence, when routers have inconsistent views of the topology; for example, one router has already learned of a failure and rerouted through a neighbor, while that neighbor has not yet updated and still points back the same way. Link-state protocols such as Open Shortest Path First (OSPF) minimize this window because every router recomputes from the same synchronized map; distance-vector-style protocols and inconsistent Border Gateway Protocol (BGP) policy are more prone to prolonged loops because routers only know what their immediate neighbors last advertised. Repair Repairing a failure means restoring a correct, loop-free, blackhole-free path, and the order of operations matters: first localize the failure (which link or router, using the point where reachability and traceroute responses stop), then verify whether an alternate path exists in the topology at all before touching configuration, then either restore the failed component or trigger the routing protocol to converge onto the alternate path (a link re-enable, a cleared static route, a corrected policy). After a change, don't declare success on the first successful ping: confirm the routing table shows the expected route at every affected router and that traffic on the previously affected paths is symmetric and stable, since a transient reroute can look successful for a few seconds before flapping back to the broken state. BGP hijacks and route leaks A BGP hijack occurs when an autonomous system originates or re-advertises a route for a prefix it does not legitimately hold, causing traffic destined for that prefix to be pulled toward the hijacking network instead, sometimes deliberately for interception or fraud and sometimes as an accidental misconfiguration with the same practical effect. A route leak is the related but distinct case where a network re-advertises a route it legitimately received but was never authorized to pass on, for example a multihomed customer accidentally advertising a provider's full routing table to a second provider, which can overwhelm the receiving network's routers and misdirect large volumes of unrelated traffic even without any malicious intent involved. Detection tooling Because BGP itself does not verify that an announcement is legitimate at protocol level, detecting a hijack or leak in progress depends on external monitoring: services that continuously compare observed global route announcements against expected, previously-established origin and path data flag an unexpected new origin AS for a prefix, an unusually specific new sub-prefix announcement, or a sudden, implausible path change within seconds to minutes of it occurring. Combined with Resource Public Key Infrastructure (RPKI) route origin validation at the router level, which can reject an unauthorized origin automatically rather than merely alerting a human after the fact, this pairing of real-time monitoring and cryptographic validation is the current best practice for limiting how long a hijack or leak stays live before it is caught. Related CCI capabilities Computer Architecture (Course): (https://www.cambridgecyberinternational.com/en/insights/academy/computer-architecture/). Optics Primer Series (Course): (https://www.cambridgecyberinternational.com/en/insights/academy/optics/). Maths Refresher Series, Finance (Course): (https://www.cambridgecyberinternational.com/en/insights/academy/maths-finance/). System Dynamics (Course): (https://www.cambridgecyberinternational.com/en/insights/academy/system-dynamics/). CCI Lab: Run it, build with it, read the thinking, reuse the data. (https://www.cambridgecyberinternational.com/en/insights/lab/)