Part 1 – How Does a Router Work?
So, how does a router work? Well, before we get into that you should know the basics of what the IP address is, subnet mask and default gateway before continuing. If you don’t have a read of networking basics first.
How Routers Work
Routing is the process of forwarding IP packets from one network to another. A router is a device that joins networks together and routes traffic between them. A router will have at least two network cards (NICs), one physically connected to one network and the other physically connected to another network. A router can connect any number of networks together providing it has a dedicated NIC for each network.
Having two networks with one router is extremely simple and easy to configure. Once we move onto bigger networks with multiple routers however, things get a little more complicated. For example, if we have just 3 networks we can connect them in two different ways; one way is to daisy chain them together using only 2 routers. The other way would be to connect them directly to each other using 3 routers.
Routers don’t just route traffic to other networks, they learn which are the fastest routes and use them first. Using configuration 2 from above subnet A has two routes to subnet C; one directly through Router C (1 hop) and one through Router A then B (2 hops). When sending traffic from subnet A to C we obviously want it to try going directly through Router C first. This is the quickest and most efficient route but how does the router know this? It knows by using something called a metric value. Each route the router knows of has a metric value assigned to it. A metric value is basically a preference number. If there are two routes to the same destination then the one with the lowest metric is assumed to be the most efficient. Routers will always use this route first until it fails, in which case it will then try the route with the next lowest metric and so on. Routers store all this information in a routing table which is covered in
The routing table part2
Here we are going to look at the routing table.
All network devices that use the TCP/IP protocol have a routing table, even your Windows PC has one. ALL devices use their routing table to determine where to send packets. Without a routing table your PC wouldn’t even be able to communicate with computers on the same subnet. Here is a screenshot of the routing table of my PC. To see your own routing table open a command prompt by typing CMD in the run or search box. Then at the command prompt type “”route print” and press enter.
Here are the TCP/IP settings of my PC:
IP Address: 192.168.111.55
Subnet mask: 255.255.255.0
Default gateway: 192.168.111.254
Before continuing you should know how the subnet mask works to define the start and end range of a subnet. If you do not you need to read computer networking basics now.
Each line is a route to a specific network or device. The routes you can see in the picture are the default routes Windows creates for a PC. Let’s examine my routing table and take a look at each line:
- 0.0.0.0 – The 0.0.0.0 network combined with the netmask (subnet mask) of 0.0.0.0 means ALL IP addresses. Note how this is the only line where the gateway is 192.168.111.254. This line tells the computer that for ALL traffic no matter what the destination IP address is send it to 192.168.111.254. This as you may have noticed is my default gateway. This is a default route created by Windows when you configure your TCP/IP settings . It is the last route it evaluates if it can’t find a more specific match in the routing table.
- 127.0.0.0 – The next 3 lines are entries for the loopback address and can be ignored. These are default entries but notice the gateway says “On-link”. This means that these addresses are directly accessible on the local LAN and do not need to be routed through another network. Although 127.0.0.1 is assigned to the local NIC, if these entries where not in the routing table your PC would try to send these to the default gateway as the next entry it would closely match would be the 0.0.0.0 one.
- 192.168.111.0 – These next 3 lines are for your local network. The first one is the entire 192.168.111.x range as defined by the netmask of 255.255.255.0. Again as this network is local it says “on-link” in the gateway. These are created automatically like the others when you configure your TCP/IP settings.
- 188.8.131.52 – These are also default entries for multicasting and can be ignored for the purpose of this article.
- 255.255.255.255 – This is also a default entry and can be ignored.
Before sending a packet your PC looks up the destination IP address in the routing table to determine the best route possible. A more specific match will take priority over others. For example if our PC from above wants to send data to 192.168.111.9 it first looks this up in it’s routing table and finds the entry 192.168.111.0. It also finds the 0.0.0.0 entry but as 192.168.111.0 is a closer match it takes priority. If I were to add a static entry (which we’ll come onto later) of 192.168.111.9 with a netmask of 255.255.255.255 this is an EXACT match so this would take priority over the 0.0.0.0 AND 192.168.111.0 entries. Once it finds a match it then checks the gateway column where in the case of our 192.168.111.0 entry it finds the “on-link” status. The on-link status tells the machine that this network is directly attached so it sends the packets directly to 192.168.111.9 using the NIC with interface 192.168.111.55.
If a PC can’t find a matching entry in the routing table it will fail. It will also fail if the routing table is wrongly configured. For example what do you think would happen if we remove all the entries starting with 192.168.111? If I try to connect to any IP address starting with 192.168.111 there won’t be a specific entry for this anymore so the next best route is 0.0.0.0. This route tells my PC to forward the packets to the gateway 192.168.111.254 which would consequently fail of course. The same would happen if I left those entries in but changed the gateway from “on-link” to 192.168.111.87 (a random IP). What I am telling my PC to do now is forward all traffic for the 192.168.111.0 network to 192.168.111.87 instead of going directly to the PC’s. As you can see this would also fail.
You may be wondering what the interface column is for? Well if you remember, routers have two NIC’s. When a router forwards packets it doesn’t know which NIC to use without this value. In the case where there is only one NIC in a device (like a PC) this value would be pointless, but when there are two or more NICs you must tell the router which one to use for a given route.
A Step by Step Routing Example
Let’s expand on the above network 192.168.111.0 and take a look at the router 192.168.111.254. The routing table will be similar to the one above but will obviously have references to it’s own IP address rather than 192.168.111.55. We will join the router to another subnet with it’s second NIC. We assign it an IP address of 192.168.1.254 with a subnet mask of 255.255.255.0. Doing so automatically adds more entries into the routing table. We would now have an additional entry as follows:
destination address 192.168.1.0, netmask 255.255.255.0, gateway on-link, interface 192.168.1.254.From everything learned so far we can now trace the exact steps taken when one computer communicates with another on a different subnet. Now our router is aware of two subnets and it knows that it is directly attached to both of them via it’s respective interfaces. This is what happens when our PC with IP 192.168.111.55 communicates with a PC on the other subnet (192.168.1.9):
- Using the same methods above the PC looks at the destination IP address of 192.168.1.9 and looks at it’s routing table to find a match.
- As the PC doesn’t know of the 192.168.1.x network the closest match it finds is the 0.0.0.0 match (that means ANYWHERE). This entry already explained above is the default gateway and it’s scope covers every IP range. In this entry it finds the gateway of 192.168.111.254. The PC now knows that to get to the 192.168.1.x network it must forward the packets onto 192.168.111.254 and does so.
- The router receives these packets on interface 192.168.111.254 and examines it’s own routing table. It finds a match for this network (192.168.1.0) which states it is directly attached to (on-link) through the interface assigned with IP 192.168.1.254. The router sends the packet out through this interface and on it’s way. As the packet is now on the destination network it goes directly to the machine and the job of the router is done.
- The exact same thing happens when 192.168.1.9 sends a packet back to 192.168.111.55. The PC looks at it’s local routing table and the closest match it finds is the 0.0.0.0 network with interface 192.168.1.254 (due to it’s own default gateway being set to this).
- The PC sends the packets to the router with IP 192.168.1.254. The router checks it’s routing table and finds a match for the 192.168.111.0 network out the 192.168.111.254 inteface and sends it on its way directly to 192.168.111.55.
An Important Fact About IP Routing Most People Forget part 3
How you can manipulate routes to “direct” traffic
When packets take a certain route to their destination they DO NOT have to take the same route back. I can’t stress this enough, packets DO NOT record the route they take. This is a big misconception among some IT professionals. Let’s say you are playing an online game, you have a connection established with the game server and data is constantly being sent and received. The packets you send may go across 5 routers, but the packets that come back CAN and most likely take a completely different route using 7 other routers. Always remember this when troubleshooting IP routing issues. Here is a classic of example of how you can get it wrong.
Let’s say you are troubleshooting a network problem and suspect the cause is related to IP routing. You decide to use the PING command to test that routing is configured correctly. The device you ping is 4 hops (routers/networks) away. The ping fails. For the sake of simplicity we will assume that everything else is working perfectly and it should reply. You now use the trace route command to investigate further and find it is in fact routing correctly; you can see packets going across all 4 hops and arriving at the destination. At this point you assume routing is working correctly so move on to look elsewhere. The problem however, was not that the packets couldn’t get to the destination, it was that they couldn’t come back. It could be as simple as a misconfigured default gateway on the destination PC; packets would arrive there but when replying the PC would send them to a wrongly configured gateway and consequently fail. What you should have done is run a trace route at both locations to test IP routing in both directions. If this was done you would have spotted the misconfigured PC straight away when it was sending it’s replies to the wrong gateway.
Make sure you remember this for the future as you are unlikely to find this documented elsewhere.
IP Routing Through Multiple Networks
Let’s expand on the network from part 2. We already have two subnets 192.168.111.x and 192.168.1.x connected by one router. Let’s add 2 more subnets 192.168.2.x and 192.168.3.x, they are connected as follows:
In the diagram above PC1′s default gateway is Router A, this is the same for PC2. All packets from either of these PC’s will be forwarded to Router A for destinations other than their own subnet. What happens if PC1 wants to communicate with PC’s on the 192.168.2.x subnet? With everything explained so far this isn’t possible. Let’s go through the process; PC1 wants to connect to IP 192.168.2.5 but knows it is on a different subnet so forwards the packets to it’s default gateway Router A. At this point Router A can’t find a match for the destination subnet, it only has routes to the two subnets it is attached to so, it should fail. But, routers also have default gateways. If we configure Router A’s own default gateway to be IP 192.168.1.1 (Router B) it adds the 0.0.0.0 entry into it’s routing table with a gateway IP of 192.168.1.1. As explained in part 2 this will forward everything to this IP it can’t find a specific match for in it’s own routing table. As Router B is attached to the 192.168.2.x subnet it finds a matching route and sends the packets directly to the PC. If we apply this same principle to all the routers we can create a loop where packets are forwarded to other routers in a clockwise direction as follows; Router A > Router B > Router C > Router D > Router A. This is not the ideal IP routing solution but for learning purposes if will suffice for now. Here is what happens when PC1 transfers data with a PC on network 192.168.3.x.
- PC1 examines it’s own IP routing table and finds the only match is 0.0.0.0 (default gateway rule) and forwards the packet to IP 192.168.111.254.
- Router A does EXACTLY the same same as PC1. It checks it’s routing table and sees it is not part of that network so sends it onto it’s own default gateway IP 192.168.1.1 (Router B).
- Router B does the same and sends it to Router C.
- Router C is part of the 192.168.3.x subnet; it finds a match in it’s routing table and sends it directly to the PC.
- The PC on the 192.168.3.x subnet sends data back to IP 192.168.111.55 but sees it is on another subnet. It checks it’s routing table and finds the 0.0.0.0 entry.
- This entry has the default gateway set to IP 192.168.3.1 (Router D) so forwards packets there.
- Router D delivers the packets to IP 192.168.111.55
Static routing is the process of adding IP routing information manually into the routing table. Let’s start by adding a static route to Router A so that it knows the 192.168.3.x network is accessible through Router D. If we were using Microsoft RRAS as our routers we would type this command at a command prompt:
route add 192.168.3.0 mask 255.255.255.0 192.168.111.1 metric 1All routers are configured differently, this is just how a Windows RRAS is done but the principle is the same regardless. This command adds an entry into the routing table that states the 192.168.3.x network can be accessed through IP 192.168.111.1. When PC1 sends data to 192.168.3.x it is forwarded to Router A but this time Router A finds a match to the subnet which tells it to forward the packets to 192.168.111.1 (Router D). Router D of course then delivers it directly to the machine. You may be asking yourself why we can’t just add this route directly on PC1 instead allowing us to bypass Router A? This is an option, and we would eliminate a hop in doing so. However, it is bad practice; remember this subnet could have hundreds of computers attached to it, it would mean adding the route to all of them. This is more work, and in addition it further complicates the network. For example what if due to network topology changes you are required to change Router D’s IP address in the near future? The route now needs updating but rather than update it once on a router you need to do it on every machine again! It is best leaving routing to the routers. Adding the route at the router means you only have to do it once.
Router A now has routes to 3 subnets; the 2 that are directly attached and the one we added above. We add another route for the last network of 192.168.2.x. We could add an entry telling Router A that the 192.168.2.x network can be accessed through Router B but since the 0.0.0.0 rule (Router A’s own default gateway) also sends packets to Router B it would be pointless. Instead we will add this new static route to go in the opposite direction for redundancy like so:
route add 192.168.2.0 mask 255.255.255.0 192.168.111.1 metric 2As this is a more specific match than 0.0.0.0 ip routing will favour this first. When sending traffic to 192.168.2.x it will ALWAYS send it to Router D. If for any reason this fails it will then fall back to the 0.0.0.0 rule and send packets to 192.168.111.254.
Adding the two static routes above allows our router to “see” all 4 subnets. You would then configure the other 3 routers in the same manner.
Internet IP Routing
The Internet routes traffic exactly the same way but on a much larger scale with thousands of networks and routers. EVERY time a router receives a new packet it is evaluated against the routing table for a match. If it can’t find one it forwards the packet to it’s own default gateway. This process continues until eventually a router finds a match. If a router finds two matches to the same network (for redundancy) it will always favour the entry with the lowest metric value first.
The main difference between IP routing on the Internet and routing on private networks is how the routing table is built. Private networks tend to use static routing whereas the Internet uses Dynamic Routing.
Maintaining IP routing tables on small networks do not require much administrative effort; once the network is setup and static routes have been added there isn’t much else to do. On large networks however, the network topology is constantly changing; new subnets are added, faster routes learnt, subnets are joined or further subnetted. Updating the routers to reflect this every time a change occurs can be a chore in itself. This is where dynamic routing comes in. In static routing the administrator manually creates the routes, but in dynamic routing the routes are “learnt” and built automatically by the routers themselves. Dynamic routing allows routers to “talk” to each other to find where other networks are located. When the network topology changes so do the dynamic routes. When routers go down or faster routes become available dynamic routing also detects this and reconfigures the IP routing table accordingly. As you can imagine dynamic routing requires little to no administration and is ideal for the Internet where new networks are added every day.
Dynamic routing is implemented using IP routing protocols. Some of the more common ones are RIP, OSPF and BGP. For the purpose of this article this all you need to know but if you wish to, you can learn more about Dynamic Routing here.