Intelligent Routers

Hi_i_am_Amit · ‎02-21-2006

Hi,

Can you give me some knowledge about Intelligent routers.

Are there any routers currently in the world wide web which can do some additional tasks.

for example :listening to a particular port for special type of packets and reacting differently depending on the information in the packet.

Please guide me.

Thanks in advance.

arvindchari · ‎02-21-2006

I believe what you are talking about is Intrustion detection/prevention systems which can inspect data on a packet by packet basis and determine what to do with it based on certain rules laid down by the administrator.

Check out

http://www.cisco.com/en/US/products/sw/secursw/ps2113/index.html

for more details

HTH

Hi_i_am_Amit · ‎02-21-2006

Thanks for the reply.

I wanted to know about smart routers.

For example : check the bellow given link which includes an article on intelligent routing.

http://www.smh.com.au/articles/2004/01/12/1073877758056.html?from=storyrhs

I wanted to know whether it is possible by either software or hardware way to configure a router to suppose listen for a specific packet on a particular port and perform actions depending on the information in it.

Are there any examples currently in the internet.

Thanks in advance.

arvindchari · ‎02-21-2006

At a very basic level, you could use an access list to permit or deny traffic based on the port being used for the particular traffic flow. You can use an extended access list to accomplish this.

Example

access-list 101 permit any any eq ftp

would permit any ftp traffic from any source to any destination on the particular interface that the list is applied on in a particular direction (inwards / outwards)

Note:

Ftp would imply traffic on ports 21 and 20. You can also specify port numbers instead of terms such as ftp.

Also, there is an implicit deny at the end of every access list so you would have to permit each traffic flow in specific directions.

If you are looking to accomplish something more significant than that, please do post what exactly you are looking to accomplish.

arvindchari · ‎02-21-2006

Correction:

The statement above should read

access-list 101 permit ip any any eq ftp

:)

Hi_i_am_Amit · ‎02-21-2006

Thanks for the reply.

I wanted a solution for the problem which is as follows.

Is it possible for a router to permit the traffic on a particular port depending on the content of the packet. ie : Some computer would sent special type of packets at a predetermined port which the router should understand and accept or deny based on its content.

Thanks in advance.

attrgautam · ‎02-21-2006

Well there are stuff like CSS and CSM (COntent Switch modules) and Service Control Engine you could look at. They can inspect till Layer 7. CSM is a module on the 7600/6500 Series.

Hi_i_am_Amit · ‎02-21-2006

Thanks for the reply.

Just for more information.

I wanted to know what are the types of routers used internally in the internet. Are they CISCO routers ? Do they depend on the ISP administrators.

How difficult is it to make the changes on the routers ?

Are there any examples where some changes are done on the routers. If changes need to be done, which are more realistic : software or hardware.

Thanks in advance.

attrgautam · ‎02-22-2006

Well that is a tough one. Most of the routers on the network will be a mix of max Cisco or Juniper(mostly these two) and maybe other vendors like Nortel/Foundry as well. It will typically depend on the network requirements and comfort levels for sure.

Difficulty of config is getting easier with stuff like SDMs etc though not on higher end routers i dont think such GUI based interfaces are not available.

Changes can be done on both hardware and software. Well more often is software config changes not software changes itself. In modular routers you can change hardware without service interuption. But iam kinda confused by what you mean by realistic ?