What does a router actually do, and how does it connect us to the Internet?
On the 4th of October 2021, Facebook, Instagram, and WhatsApp failed to work for billions of users worldwide for more than 6 hours. According to Facebook, their services stopped working because of faulty configurations on their routers.
According to a trusted source, due to the error in routers' configurations, Mark Zuckerberg, the CEO of Facebook, lost around $6 billion in those hours.
Although routers appear very small and straightforward to use, they are compelling devices that process thousands of packets a day. They do all the work to connect us to the Internet. If our router fails, our internet connection fails too.
But have you ever wondered how the "Internet" works, how we connect to it, and what a router does to display beautiful web pages on our phones?
Table of Contents
The Internet is the most extensive network and is a collection of cables, packets, and network devices such as routers, switches, servers, etc.
You can see just how massive the Internet infrastructure is by looking at the following submarine cable map.
Image source – submarinecablemap.com
Devices on the Internet have logical addresses called IP (Internet Protocol) addresses, used to identify them uniquely. They need them to communicate with each other.
An IP is a logical networking address used to identify a device on the Internet. In the case of IPv4, it is a 32-bit value divided into four sections of 8 bits each. Each section can take values from 0 to 255, the range of IP addresses being from 0.0.0.0 to 255.255.255.255.
Devices on the Internet each have their address. However, they are also part of a network. The first portion of an IP, called the network portion, represents the device's network. The rest of it represents each unique device on that network. However, to establish that part, IPs need a subnet mask.
A subnet mask looks exactly like an IP address, but its role is to separate the network from the host. These sections are determined by performing the logical function AND on bits.
You will see that a subnet mask is usually written with a / and the number of 1's in the value. Here's an example:
Therefore, the network is 192.168.0.0/24.
IP addresses can be:
IPv4 addresses had to be divided into public and private addresses because IPv4 only allows 4.3 billion different combinations, and depletion was inevitable.
Private addresses can be seen in home networks or LANs (Local Area Networks). They are in the following ranges:
- 10.0. 0.0 — 10.255. 255.255.
- 172.16. 0.0 — 172.31. 255.255.
- 192.168. 0.0 — 192.168. 255.255.
You can check your IP address using the following commands based on your operating system:
For wired connections:
ipconfig getifaddr en0
For Wi-Fi connections:
ipconfig getifaddr en1
A packet is a networking unit that carries data and information about the sender and the receiver of the message, the priority, used protocols, and many others. It is the way devices communicate over the Internet.
If you're not sure if the Internet works, what is the first thing you check? Google!
But a networking professional will test if they have a connection to a device or a network using "ping". It is a simple command that checks if you have access to the destination device.
How does it work?
Your computer will send a packet to the destination IP. In exchange, it should receive a response. The image below shows a successful exchange between my computer and my router, captured using Wireshark, a packet sniffer program.
Notice how the source IP 192.168.100.14 sends a ping request to the destination IP address 192.168.100.1. In about two milliseconds, the router responded to the ping request with a ping reply and confirmed that I had access to it.
In a different chapter, we will be talking about ping, how it can be used as an attack tool, and how routers can mitigate risks against it.
Simply put, a router is a networking device that separates networks and establishes the path packets should take. A router's interface establishes a network.
Below, you can see how a Cisco 2600 router's hardware looks like this:
When receiving a packet on an interface, a router:
- Processes it
- Checks the destination address against its routing table to establish where to send it
- Re-encapsulates it and sends it on that path
Routers decide a packet's path to the destination. These devices use routing tables to make informed decisions to timely deliver them.
Of course, your router may not know the entire path your packets are supposed to go on. However, your router will send them to the next router in line, and that one will have an even bigger routing table. That router will again send the packets down the line to a different router until the destination.
You can think of the process of sending information across the Internet like teamwork. One router may not know the final destination, but more routers together will, with the help of routing protocols.
Routing protocols are networking protocols that are used to build the best paths on the Internet. They take into account the speed of the link, the traffic, the distance, and other factors that ultimately help establish the most effective route a packet should take.
Some examples of routing protocols are:
We understood how routers work and the way our devices communicate using them. However, routers also can add security layers to a network.
Access lists are sets of rules that filter packets based on their source or destination IP address. They are applied to interfaces and can stop unwanted traffic from entering a network or leaving it.
There are many ways in which an access list can be made, but here is a simple example:
ip access list standard 10
deny 192.168.4.0 0.0.0.255
ip access-group 10 in
Let me walk you through the commands.
The first command declares the standard access-list with the number 10. The second one establishes the first rule, which is to deny the IP 192.168.4.0 with the wildcard mask 0.0.0.255, which is the equivalent of saying deny all IPs in the range 192.168.4.0 – 192.168.4.255.
All-access lists have, by default, the command 'deny any' at the end. Therefore, to allow all other packets with the source different from the one denied entry, we need to write the third command, 'permit any'.
Lastly, we apply the access list on the interface we want to, GigabitEthernet0/0/0, using the last two commands. The specifier 'in' says that the rules apply when a packet arrives on the interface but not when it leaves.
Below, you can see the topology presented. The cloud on the left represents the Internet, and the computer on the right symbolizes the network we want to protect. The access list we've built doesn't allow any packets with the source IP in the range 192.168.4.0/24 to reach it.
Remember we talked about the ping command and pinged the router to see if it responded to our packets? However, imagine pinging the router thousands of times in a brief timeframe. After a while, the router may not be able to respond and may fail to provide services.
That is a Denial of Service (DoS) attack, and one of the ways it can be mitigated is if an access list is applied on the router's interface. The packets are dropped before being processed, therefore preventing a service failure.
More complex access lists allow networking administrators to deny packets based on protocols. In this case, ICMP (Internet Control Message Protocol) is responsible for ping packets.
- Make sure it has a multi-core processor
- Check that it works with Wi-Fi4, 5, or 6.
- Get a router that has at least 128MB of RAM
- Make sure that it is compatible with your Internet Service Provider
- Check that it supports the internet speed you purchased
A router is a compelling networking device that separates networks and decides what paths packets should take.
If a router fails and there is no backup router (which is commonly the case for home networks), we no longer have access to the Internet because no device can forward packets in and out of our network.
Looking at the event on the 4th of October, when Facebook, Instagram, and WhatsApp failed, we can see how vital routers function perfectly.
A misconfiguration in their routing protocol, BGP, can ruin anything and bring down even the most extensive services in the world, like Facebook.