Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Wednesday, September 26, 2012

IP routing

One of the best practical explanations about IP routing! Thanks to the writer!
Part 1 – How Does a Router Work?
So, how does a router work? Well, before we get into that you should know the basics of what the IP address is, subnet mask and default gateway before continuing. If you don’t have a read of networking basics first.
How Routers Work
Routing is the process of forwarding IP packets from one network to another. A router is a device that joins networks together and routes traffic between them. A router will have at least two network cards (NICs), one physically connected to one network and the other physically connected to another network. A router can connect any number of networks together providing it has a dedicated NIC for each network.
How routers work
Basic Routing - Connecting two subnets
Having two networks with one router is extremely simple and easy to configure. Once we move onto bigger networks with multiple routers however, things get a little more complicated. For example, if we have just 3 networks we can connect them in two different ways; one way is to daisy chain them together using only 2 routers. The other way would be to connect them directly to each other using 3 routers.
Different Router Configurations
Different Router Configurations
In configuration 1 if router A or B went down no machines from subnet A would be able to communicate with subnet C as there is only one path to it. But, if we add an additional router between subnets A and C we now have two routes to Subnet C which makes our network more efficient.
Routers don’t just route traffic to other networks, they learn which are the fastest routes and use them first. Using configuration 2 from above subnet A has two routes to subnet C; one directly through Router C (1 hop) and one through Router A then B (2 hops). When sending traffic from subnet A to C we obviously want it to try going directly through Router C first. This is the quickest and most efficient route but how does the router know this? It knows by using something called a metric value. Each route the router knows of has a metric value assigned to it. A metric value is basically a preference number. If there are two routes to the same destination then the one with the lowest metric is assumed to be the most efficient. Routers will always use this route first until it fails, in which case it will then try the route with the next lowest metric and so on. Routers store all this information in a routing table which is covered in
The routing table part2
 Here we are going to look at the routing table.
All network devices that use the TCP/IP protocol have a routing table, even your Windows PC has one. ALL devices use their routing table to determine where to send packets. Without a routing table your PC wouldn’t even be able to communicate with computers on the same subnet. Here is a screenshot of the routing table of my PC. To see your own routing table open a command prompt by typing CMD in the run or search box. Then at the command prompt type “”route print” and press enter.
Routing Table
Routing Table
Here are the TCP/IP settings of my PC:
IP Address: 192.168.111.55
Subnet mask: 255.255.255.0
Default gateway: 192.168.111.254
Before continuing you should know how the subnet mask works to define the start and end range of a subnet. If you do not you need to read computer networking basics now.
Each line is a route to a specific network or device. The routes you can see in the picture are the default routes Windows creates for a PC. Let’s examine my routing table and take a look at each line:
  • 0.0.0.0 – The 0.0.0.0 network combined with the netmask (subnet mask) of 0.0.0.0 means ALL IP addresses. Note how this is the only line where the gateway is 192.168.111.254. This line tells the computer that for ALL traffic no matter what the destination IP address is send it to 192.168.111.254. This as you may have noticed is my default gateway. This is a default route created by Windows when you configure your TCP/IP settings . It is the last route it evaluates if it can’t find a more specific match in the routing table.
  • 127.0.0.0 – The next 3 lines are entries for the loopback address and can be ignored. These are default entries but notice the gateway says “On-link”. This means that these addresses are directly accessible on the local LAN and do not need to be routed through another network. Although 127.0.0.1 is assigned to the local NIC, if these entries where not in the routing table your PC would try to send these to the default gateway as the next entry it would closely match would be the 0.0.0.0 one.
  • 192.168.111.0 – These next 3 lines are for your local network. The first one is the entire 192.168.111.x range as defined by the netmask of 255.255.255.0. Again as this network is local it says “on-link” in the gateway. These are created automatically like the others when you configure your TCP/IP settings.
  • 224.0.0.0 – These are also default entries for multicasting and can be ignored for the purpose of this article.
  • 255.255.255.255 – This is also a default entry and can be ignored.
How the Routing Table is Processed
Before sending a packet your PC looks up the destination IP address in the routing table to determine the best route possible. A more specific match will take priority over others. For example if our PC from above wants to send data to 192.168.111.9 it first looks this up in it’s routing table and finds the entry 192.168.111.0. It also finds the 0.0.0.0 entry but as 192.168.111.0 is a closer match it takes priority. If I were to add a static entry (which we’ll come onto later) of 192.168.111.9 with a netmask of 255.255.255.255 this is an EXACT match so this would take priority over the 0.0.0.0 AND 192.168.111.0 entries. Once it finds a match it then checks the gateway column where in the case of our 192.168.111.0 entry it finds the “on-link” status. The on-link status tells the machine that this network is directly attached so it sends the packets directly to 192.168.111.9 using the NIC with interface 192.168.111.55.
If a PC can’t find a matching entry in the routing table it will fail. It will also fail if the routing table is wrongly configured. For example what do you think would happen if we remove all the entries starting with 192.168.111? If I try to connect to any IP address starting with 192.168.111 there won’t be a specific entry for this anymore so the next best route is 0.0.0.0. This route tells my PC to forward the packets to the gateway 192.168.111.254 which would consequently fail of course. The same would happen if I left those entries in but changed the gateway from “on-link” to 192.168.111.87 (a random IP). What I am telling my PC to do now is forward all traffic for the 192.168.111.0 network to 192.168.111.87 instead of going directly to the PC’s. As you can see this would also fail.
You may be wondering what the interface column is for? Well if you remember, routers have two NIC’s. When a router forwards packets it doesn’t know which NIC to use without this value. In the case where there is only one NIC in a device (like a PC) this value would be pointless, but when there are two or more NICs you must tell the router which one to use for a given route.
A Step by Step Routing Example
Let’s expand on the above network 192.168.111.0 and take a look at the router 192.168.111.254. The routing table will be similar to the one above but will obviously have references to it’s own IP address rather than 192.168.111.55. We will join the router to another subnet with it’s second NIC. We assign it an IP address of 192.168.1.254 with a subnet mask of 255.255.255.0. Doing so automatically adds more entries into the routing table. We would now have an additional entry as follows:
destination address 192.168.1.0, netmask 255.255.255.0, gateway on-link, interface 192.168.1.254.
From everything learned so far we can now trace the exact steps taken when one computer communicates with another on a different subnet. Now our router is aware of two subnets and it knows that it is directly attached to both of them via it’s respective interfaces. This is what happens when our PC  with IP 192.168.111.55 communicates with a PC on the other subnet (192.168.1.9):
  • Using the same methods above the PC looks at the destination IP address of 192.168.1.9 and looks at it’s routing table to find a match.
  • As the PC doesn’t know of the 192.168.1.x network the closest match it finds is the 0.0.0.0 match (that means ANYWHERE). This entry already explained above is the default gateway and it’s scope covers every IP range. In this entry it finds the gateway of 192.168.111.254. The PC now knows that to get to the 192.168.1.x network it must forward the packets onto 192.168.111.254 and does so.
  • The router receives these packets on interface 192.168.111.254 and examines it’s own routing table. It finds a match for this network (192.168.1.0) which states it is directly attached to (on-link) through the interface assigned with IP 192.168.1.254. The router sends the packet out through this interface and on it’s way. As the packet is now on the destination network it goes directly to the machine and the job of the router is done.
  • The exact same thing happens when 192.168.1.9 sends a packet back to 192.168.111.55. The PC looks at it’s local routing table and the closest match it finds is the 0.0.0.0 network with interface 192.168.1.254 (due to it’s own default gateway being set to this).
  • The PC sends the packets to the router with IP 192.168.1.254. The router checks it’s routing table and finds a match for the 192.168.111.0 network out the 192.168.111.254 inteface and sends it on its way directly to 192.168.111.55.
In summary all devices have a routing table, without it they wouldn’t know where to send packets to. When a PC sends packets to another PC it looks at it’s routing table to determine the best route possible. If it finds the destination address is “on-link” it knows it is part of the same subnet as the destination and sends the packets directly to the PC. If not it forwards the packet onto whatever is in the gateway field of the matching route entry. This same process is repeated at every router/hop along the way until it eventually arrives at a router that is part of the destination network. The router then sends the packets directly to the destination PC. Check out the next article in this series Part 3 – IP Routing.
An Important Fact About IP Routing Most People Forget part 3
How you can manipulate routes to “direct” traffic
When packets take a certain route to their destination they DO NOT have to take the same route back. I can’t stress this enough, packets DO NOT record the route they take. This is a big misconception among some IT professionals. Let’s say you are playing an online game, you have a connection established with the game server and data is constantly being sent and received. The packets you send may go across 5 routers, but the packets that come back CAN and most likely take a completely different route using 7 other routers. Always remember this when troubleshooting IP routing issues. Here is a classic of example of how you can get it wrong.
Let’s say you are troubleshooting a network problem and suspect the cause is related to IP routing. You decide to use the PING command to test that routing is configured correctly. The device you ping is 4 hops (routers/networks) away. The ping fails. For the sake of simplicity we will assume that everything else is working perfectly and it should reply. You now use the trace route command to investigate further and find it is in fact routing correctly; you can see packets going across all 4 hops and arriving at the destination. At this point you assume routing is working correctly so move on to look elsewhere. The problem however, was not that the packets couldn’t get to the destination, it was that they couldn’t come back. It could be as simple as a misconfigured default gateway on the destination PC; packets would arrive there but when replying the PC would send them to a wrongly configured gateway and consequently fail. What you should have done is run a trace route at both locations to test IP routing in both directions. If this was done you would have spotted the misconfigured PC straight away when it was sending it’s replies to the wrong gateway.
Make sure you remember this for the future as you are unlikely to find this documented elsewhere.
IP Routing Through Multiple Networks
Let’s expand on the network from part 2. We already have two subnets 192.168.111.x and 192.168.1.x connected by one router. Let’s add 2 more subnets 192.168.2.x and 192.168.3.x, they are connected as follows:
IP Routing
IP Routing Diagram
In the diagram above PC1′s default gateway is Router A, this is the same for PC2. All packets from either of these PC’s will be forwarded to Router A for destinations other than their own subnet. What happens if PC1 wants to communicate with PC’s on the 192.168.2.x subnet? With everything explained so far this isn’t possible. Let’s go through the process; PC1 wants to connect to IP 192.168.2.5 but knows it is on a different subnet so forwards the packets to it’s default gateway Router A. At this point Router A can’t find a match for the destination subnet, it only has routes to the two subnets it is attached to so, it should fail. But, routers also have default gateways. If we configure Router A’s own default gateway to be IP 192.168.1.1 (Router B) it adds the 0.0.0.0 entry into it’s routing table with a gateway IP of 192.168.1.1. As explained in part 2 this will forward everything to this IP it can’t find a specific match for in it’s own routing table. As Router B is attached to the 192.168.2.x subnet it finds a matching route and sends the packets directly to the PC. If we apply this same principle to all the routers we can create a loop where packets are forwarded to other routers in a clockwise direction as follows; Router A > Router B > Router C > Router D > Router A. This is not the ideal IP routing solution but for learning purposes if will suffice for now. Here is what happens when PC1 transfers data with a PC on network 192.168.3.x.
  • PC1 examines it’s own IP routing table and finds the only match is 0.0.0.0 (default gateway rule) and forwards the packet to IP 192.168.111.254.
  • Router A does EXACTLY the same same as PC1. It checks it’s routing table and sees it is not part of that network so sends it onto it’s own default gateway IP 192.168.1.1 (Router B).
  • Router B does the same and sends it to Router C.
  • Router C is part of the 192.168.3.x subnet; it finds a match in it’s routing table and sends it directly to the PC.
  • The PC on the 192.168.3.x subnet sends data back to IP 192.168.111.55 but sees it is on another subnet. It checks it’s routing table and finds the 0.0.0.0 entry.
  • This entry has the default gateway set to IP 192.168.3.1 (Router D) so forwards packets there.
  • Router D delivers the packets to IP 192.168.111.55
As you can see PC1 had to go through 3 routers to get to the destination because it (and Router A) didn’t know that the 192.168.3.x network was accessible through Router D (1 hop away). This is because there was no match in any of the routers routing tables for the subnet until it reached Router C. When the packets came back from a PC on 192.168.3.x it’s default gateway was Router D and since Router D is also attached to 192.168.111.x it only required one hop. It works, but it’s not very efficient. The most efficient IP routing method is to make ALL routers aware of the quickest route to each subnet. We do this using a technique called Static Routing.
Static Routing
Static routing is the process of adding IP routing information manually into the routing table. Let’s start by adding a static route to Router A so that it knows the 192.168.3.x network is accessible through Router D. If we were using Microsoft RRAS as our routers we would type this command at a command prompt:
route add 192.168.3.0 mask 255.255.255.0 192.168.111.1 metric 1
All routers are configured differently, this is just how a Windows RRAS is done but the principle is the same regardless. This command adds an entry into the routing table that states the 192.168.3.x network can be accessed through IP 192.168.111.1. When PC1 sends data to 192.168.3.x it is forwarded to Router A but this time Router A finds a match to the subnet which tells it to forward the packets to 192.168.111.1 (Router D). Router D of course then delivers it directly to the machine. You may be asking yourself why we can’t just add this route directly on PC1 instead allowing us to bypass Router A? This is an option, and we would eliminate a hop in doing so. However, it is bad practice; remember this subnet could have hundreds of computers attached to it, it would mean adding the route to all of them. This is more work, and in addition it further complicates the network. For example what if due to network topology changes you are required to change Router D’s IP address in the near future? The route now needs updating but rather than update it once on a router you need to do it on every machine again! It is best leaving routing to the routers. Adding the route at the router means you only have to do it once.
Router A now has routes to 3 subnets; the 2 that are directly attached and the one we added above. We add another route for the last network of 192.168.2.x. We could add an entry telling Router A that the 192.168.2.x network can be accessed through Router B but since the 0.0.0.0 rule (Router A’s own default gateway) also sends packets to Router B it would be pointless. Instead we will add this new static route to go in the opposite direction for redundancy like so:
route add 192.168.2.0 mask 255.255.255.0 192.168.111.1 metric 2
As this is a more specific match than 0.0.0.0 ip routing will favour this first. When sending traffic to 192.168.2.x it will ALWAYS send it to Router D. If for any reason this fails it will then fall back to the 0.0.0.0 rule and send packets to 192.168.111.254.
Adding the two static routes above allows our router to “see” all 4 subnets. You would then configure the other 3 routers in the same manner.
Internet IP Routing
The Internet routes traffic exactly the same way but on a much larger scale with thousands of networks and routers. EVERY time a router receives a new packet it is evaluated against the routing table for a match. If it can’t find one it forwards the packet to it’s own default gateway. This process continues until eventually a router finds a match. If a router finds two matches to the same network (for redundancy) it will always favour the entry with the lowest metric value first.
The main difference between IP routing on the Internet and routing on private networks is how the routing table is built. Private networks tend to use static routing whereas the Internet uses Dynamic Routing.
Dynamic Routing
Maintaining IP routing tables on small networks do not require much administrative effort; once the network is setup and static routes have been added there isn’t much else to do. On large networks however, the network topology is constantly changing; new subnets are added, faster routes learnt, subnets are joined or further subnetted. Updating the routers to reflect this every time a change occurs can be a chore in itself. This is where dynamic routing comes in. In static routing the administrator manually creates the routes, but in dynamic routing the routes are “learnt” and built automatically by the routers themselves. Dynamic routing allows routers to “talk” to each other to find where other networks are located. When the network topology changes so do the dynamic routes. When routers go down or faster routes become available dynamic routing also detects this and reconfigures the IP routing table accordingly. As you can imagine dynamic routing requires little to no administration and is ideal for the Internet where new networks are added every day.
Dynamic routing is implemented using IP routing protocols. Some of the more common ones are RIP, OSPF and BGP. For the purpose of this article this all you need to know but if you wish to, you can learn more about Dynamic Routing here.

Responses to How IP Routing Works

  1. Bimal Kharel says:
    Hi, it seems you have a good handle on networking. I was wondering if you could simplify the following concepts so I can grasp them:
    1. When and where is the subnet mask used (we enter the details into the nic config but it seems to me that either the router should have this info or it should be embedded in every packet – but it’s not. So how does it work? Do all hosts still see all packets but just compare the destination listed against what subnet and host they are?)
    2. I can understand that DNS can get me to a website or other public/global URL. But how does the returning packet(s) know how to get back to me especially when it comes to big corporate networks? Since the IP field in a packet is 32 bits I can understand that it can get to the Internet facing gateway or router but then how does it make its way back to my machine within the corporate network?
    Thanks.
    • D.A.R.Y.L. says:
      Yes no problem:
      1. The subnet mask is not used for routing, it is used to determine which part of it’s OWN IP
      address represents the network ID and host ID. Then it can determine what IP range is within it’s own local subnet (LAN). IE with the IP 192.168.2.5 and mask of 255.255.0.0 it knows the local LAN IP range is 192.168.0.0 to 192.168.255.255 therefore any IP address outside this range needs to be routed. If the destination IP is on the LAN and does not need to be routed. If it isn’t it forwards it onto the default gateway (router) to be routed.
      2. The packets find their way back because the packets you sent listed your IP address as the sender IP. Since the website now has an IP to send packets back to it uses the same routing methods listed above to deliver them. On big corporate network NAT is used to get packets out onto the public Internet. On the Internet routing is used as explained in this article. When the packets come back into the corp network NAT is used again to traverse the corp network in combination with routing.
  2. Sudeep says:
    Hi
    Could you please Solve my Confusion , Would really help
    I have connected my Server with 2 Network ( on 2 NIC )
    Ip as follows
    !st interface :- 10.24.3.138 , 255.255.255.0,10.24.3.254
    2nd Interface :- 10.101.1.104 , 255.255.255.0,10.101.1.1
    now i want add a route for both of this network , as because if i i want to connect any network i need to unplug other network
    Thanks
    Sudeep
    • D.A.R.Y.L. says:
      You need to be more specific. I don’t understand what you are trying to achieve. Are you saying that this PC/server is on two networks but when you have both interfaces connected you don’t have internet access?
      • Sudeep says:
        Hi ,
        My Server is connected with 2 Network and it have Internet access , Ips as follows
        1st interface :- 10.24.3.138 , 255.255.255.0,10.24.3.254
        2nd Interface :- 10.101.1.104 , 255.255.255.0,10.101.1.1
        Now for say if i want to ping 10.101 series network from my server its not connecting ( ex :- if i ping 10.101.1.120 its not pinging ) for this i need to unplug 1st interface ,
        If i tracert 10.101.1.120 , its automatically going on 10.24.3.254 gateway , so how can i connect both the networks from my server without unplugging other interface
        I hope u understood
        Sudeep
  3. D.A.R.Y.L. says:
    It can only be one of these 3 things:
    1. You have configured the subnet masks wrong. Make sure both have 255.255.255.0, you may have them set as 255.0.0.0 by accident which Windows will default to when you use a 10.x.x.x IP range.
    2. In your example you said you ping a 10.101 range; this is incorrect you should have said you ping a 10.101.1 range because if you ping 10.101.2.3 for example this IP address is not part of your 10.101.1.x range or the 10.24.3.x range and will therefore go out your default gateway of 10.24.3.254 like you are experiencing.
    3. You have created manual routing entries at some point, have you done this?
    • Sudeep says:
      Thanks for your try
      I Think you not got my point at all
      any how i got the solution , but it can also be done from route add command , but there also another way
      http://www.windowsnetworking.com/articles_tutorials/w2kprout.html
      Sudeep
      • D.A.R.Y.L. says:
        No, it’s not that I didn’t get your point, it’s that you didn’t explain yourself properly. You never said you had a machine on one network trying to communicate with a machine on another network through your server, if you’d have said this I would have told you an easier method than the link you just provided. From that link it looks like you had two machines on either networks. In your original comment you never mentioned this, you said the problem was with the server and my answers would have been correct if that were the case.
  4. Robert Edison says:
    Hi, Please bear with me, I have a simple question about two devices on the same LAN. I have typical home network with a SMC Cable Modem/Router and about 12 devices on the LAN, all wired. One port on the SMC Cable Modem/Router connects to a Cisco 300 series Managed Switch.
    I decided to experiment with Link Aggregation to see if it would speed things up (1Gbps +1Gbps = 2Gbps). to do this I purchased a Cisco 300 series Managed Switch and set up 2 sets of link aggregation, using 4 ports of the switch. OK, now I connected and configured a MacPro for link aggregation with 2 ethernet cables. Then I connected and configured a Synology NAS for link aggregation with 2 ethernet cables as well.
    So my question is: does the data from the MacPro travel directly through the Cisco switch to the Synology NAS and vice versa (Example A) or does it have to go through the router as well (Example B)? If it does then since the router is connected by only 1 ethernet cable/port to the Cisco switch that will negate the 2Gbps link aggregation. i.e.:
    Example A:
    MacProCisco 300 Managed SwitchSynology NAS
    or
    Example B:
    MacProCisco 300 SwitchSMCRouterCisco 300 SwitchSynology NAS
    Believe it or not I am not really a technical person, this is a bit like a hobby to me.
    I hope I have described the clearly, and thank you for your response.
    -Robert
    • D.A.R.Y.L. says:
      No it doesn’t go through the router, you should get full 2GBPS speed. There is a very simple way you can test it; once the NAS and MacPro have IP addresses assigned to them from the router just unplug it. If data can still be sent between the two devices you will know if the traffic was being routed through the modem or not. Based on what you said though, unless you have done something weird it should not be going through the router/modem.
  5. Robert Edison says:
    Thanks for your reply!
    I did what you suggested and unplugged the router, and you were right, data can still be sent between the Synology NAS and the MacPro!
    -Robert
  6. Sudeep says:
    Hi
    That link certainly Solved my problem , but my scenario of problem is not same as in the link
    In My case I have some difficulties managing routes for my network cards. I have 2 network cards, both I use for internet, Apparently, the current behaviour is that Windows chooses the first card he founds for multicast, and that will be the 1st INC
    So, my cards are configured like this :
    .1st NIC:
    IP : 10.24.3.40
    mask : 255.255.255.0
    gateway : 10.24.3.254 (this is my router)
    dns : 10.24.3.126
    .2nd NIC :
    IP : 10.101.1.104
    mask : 255.255.255.0
    gateway : 10.101.1.1 ((this is my router))
    dns : 10.101.1.1
    Now For say If i ping 10.101.1.120 , system wont connect to that entire network , for this i need to unplug the 1St NIC , i want to connect both the network on same time , for this i need to tell the system network route .
    i asking help for adding route for both the network , whats the rule and principle for it , that link solved my problem but my confusion towards adding route not solved
    i hope this time u understand my concern

1 comment:

Sandy Shaw said...

Nice Article! Thanks for sharing with us.
IP Routing