How Routing Works

For most hosts, routing comes down to knowing just enough to make it someone else's problem. Hosts do not have complete routing tables describing the entire Internet. They generally know just enough to distinguish between "directly connected", meaning "on the same LAN", and "somewhere else", which makes it some router's problem.

Every host must apply the IP routing logic for every packet it transmits. Somewhat simplified, that logic is:

1. Is the destination directly connected?
   • If so, use ARP to find the MAC address and deliver the frame directly across the attached network.
   • If not, continue...
2. Do I have a host-specific route?
   • If so, do what that route says.
   • If not, continue...
3. Do I have a network-specific route?
   • If so, do what that route says.
   • If not, continue...
4. Do I have a default route?
   • If so, do what that route says.
   • If not, continue...
5. The packet is unrouteable! Report an error!

OK, how does that happen?

1. Is the destination directly connected?
   Is this true, for one of my network interfaces?
   ( my_ip AND netmask ) = ( destination_IP AND netmask )
   • If so, use ARP to find the MAC address and deliver the frame directly across the attached network.
     Send an ARP request, a broadcast frame on the local network that will not be forwarded by routers. It takes the form, "I am looking for the device using IP address such-and-such. Who has it?"
     Expect to receive an ARP reply, a response from the requested host, of the form "I have that IP address, and here is my MAC address". Then send the packet, encapsulated as:
     MAC: destination MAC address
     IP: destination IP address
   • If not, continue...
2. Do I have a host-specific route?
   Is there a route to exactly that one IP address? This will be a route with a netmask of /32, or 255.255.255.255, meaning "All of the address bits must be as specified."
   • If so, do what that route says.
     That route will specify forwarding the packet through some directly-connected router. So, first you have to find that router's MAC address so you can send the frame across the LAN.
   • If not, continue...
3. Do I have a network-specific route?
   Do I have a routing table entry where the following is true, where both route and netmask are the values from that entry?
   ( route AND netmask ) = ( destination_IP AND netmask )
   • If so, do what that route says.
     That route will specify forwarding the packet through some directly-connected router. So, first you have to find that router's MAC address so you can send the frame across the LAN.
   • If not, continue...
4. Do I have a default route?
   • If so, do what that route says.
     That route will specify forwarding the packet through some directly-connected router. So, first you have to find that router's MAC address so you can send the frame across the LAN.
   • If not, continue...
5. The packet is unrouteable! Report an error!
   This should not happen!

Here is a simple network, the 10.1.1.0/24 network, meaning that all all hosts have IP addresses starting 10.1.1. There are three hosts connected — host1, host2, and router, with their IP addresses shown. The router has a second interface, which will have an entirely different IP address belonging to a different network. We will deal with that later.

              (-------------)
              (             )
+-------+     (             )
| Host1 +-----+             )
+-------+     (             )     +--------+
  10.1.1.1    (             )     |        |
              ( 10.1.1.0/24 +-----+ router +=======> To the Internet
              (             )     |        |
+-------+     (             )     +--------+
| Host2 +-----+             )   10.1.1.254
+-------+     (             )
  10.1.1.2    (             )
              (-------------)

Here is the routing table for host1, as displayed on a Linux system:

Linux% netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.1.1.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         10.1.1.254      0.0.0.0         UG        0 0          0 eth0

• Linux reports a gateway of 0.0.0.0 if it should send the packet directly. It says that anything on the 10.1.1.0/24 network is sent through Ethernet interface eth0, and anything on the 127.0.0.0/8 network refers to the local host and is sent through software loopback, emulated as interface lo.
• It reports the default route as a destination of 0/0, meaning "I don't care about any of the bits, anything else would match this."
• As for the flags:
  • U = the interface is up
  • G = via a gateway

Here is the routing table on a BSD system:

OpenBSD% netstat -nr -f inet
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use    Mtu  Interface
default            10.1.1.254         UGS         5    23902      -   sis0
10.1.1/24          link#1             UC          1        0      -   sis0
10.1.1.254         00:0d:61:b1:86:53  UHLc        3     4006      -   sis0
10.1.1.1           127.0.0.1          UGHS        0        0  33208   lo0
127/8              127.0.0.1          UGRS        0        0  33208   lo0
127.0.0.1          127.0.0.1          UH          2       82  33208   lo0

• The same logic, slightly different format of presentation.
• The BSD routing table is also showing the ARP cache for the default router.
• Host-specific routes are also reported, including one that means "If anything tries to send a packet to 10.1.1.1, that's really me, so use software loopback (127.0.0.1)."
• As for the flags, the same as Linux, with the addition of:
  • S = a static route
  • H = a host-specific route
  • Lc = a LAN address which has been discovered and cached,
  • C = clone new host-specific routes when this one is used, as seen on the one Lc route
  • R = reject packets sent to that route. So, 127.0.0.1 is the only valid address on the 127.0.0.0/8 network.

So, let's say that host01 wants to send a packet to host02. It resolves the hostname host02 to the IP address 10.1.1.2, and then applies the logic.

In decimal:
                            ?
10.1.1.1 AND 255.255.255.0  =  10.1.1.2 AND 255.255.255.0

In binary, the left side is:
     00001010 00000001 00000001 00000001
     11111111 11111111 11111111 00000000
AND ------------------------------------
     00001010 00000001 00000001 00000000

And the right side is:
     00001010 00000001 00000001 00000010
     11111111 11111111 11111111 00000000
AND ------------------------------------
     00001010 00000001 00000001 00000000 

So, yes, it's directly connected! host01 sends an ARP request for 10.1.1.2. Both host02 and router receive it; router ignores it, but host02 should respond.

Given the MAC address, host01 can send the frame directly across the LAN. And, host01 will keep the MAC address for host02 in its ARP cache so it doesn't have to ask the question again until some time has elapsed.

The same logic would apply if host01 were sending a packet to router. But what if host01 wants to send a packet to, say, 213.24.76.9?

Is it directly connected? No!

In decimal:
                            ?
10.1.1.1 AND 255.255.255.0  =  213.24.76.9 AND 255.255.255.0

In binary, the left side is:
     00001010 00000001 00000001 00000001
     11111111 11111111 11111111 00000000
AND ------------------------------------
     00001010 00000001 00000001 00000000

And the right side is:
     11010101 00011000 01001100 00001001
     11111111 11111111 11111111 00000000
AND ------------------------------------
     11010101 00011000 01001100 00000000 

Is there a host-specific route, a routing table entry for 213.24.76.9/32?

No!

Is there a network-specific route, a routing table entry for, say, 213.24.76.0/24, or 213.24.0.0/16, or similar?

No!

Is there a default route?

Yes! Good new, no routing error. Do what that route specifies, which means making it the problem of the router. Routers tend to know more about network topology, and they tend to have default routes. When you get to the core of the Internet, the backbone routers, they have enormous routing tables because they have to know (at least generally) where everything is.

Putting It All Together

Here is a more realistic situation, where host01 wants to send a packet to remote host02. Time increases as you go down the page. I'm not showing the ARP packets, let's assume that all the hosts and routers have already discovered each other's MAC addresses:

            (----)               (----)               (----)               (----)
+--------+  (    )  +---------+  (    )  +---------+  (    )  +---------+  (    )  +--------+
| host01 +-+(    )+-+ router1 +-+(    )+-+ router2 +-+(    )+-+ router3 +-+(    )+-+ host02 |
+--------+  (    )  +---------+  (    )  +---------+  (    )  +---------+  (    )  +--------+
            (----)               (----)               (----)               (----)
host01 asks itself:
Directly connected?  No...
Have route?  Just a default...
Send frame:
+------------------------+
[ IP:  host01 -> host02  ]
[ MAC: host01 -> router1 ]
+------------------------+

                  router1 asks itself:
		  Directly connected?  No...
                  Have route?  Just a default...
                  Send frame:
                  +-------------------------+
                  [ IP:  host01  -> host02  ]
                  [ MAC: router1 -> router2 ]
                  +-------------------------+

                                    router2 asks itself:
				    Directly connected?  No...
				    Have route?  Yes, for the net, via router3
                                    Send frame:
                                    +-------------------------+
                                    [ IP:  host01  -> host02  ]
                                    [ MAC: router2 -> router3 ]
                                    +-------------------------+

                                                      router3 asks itself:
				                      Directly connected?  Yes
                                                      Send frame:
                                                      +------------------------+
                                                      [ IP:  host01  -> host02 ]
                                                      [ MAC: router3 -> host02 ]
                                                      +------------------------+ 

The important thing:

• The IP addresses are always global, the end points.
  From the original sender,
  to the final destination.
• The MAC addresses are always local. The sender and destination for that hop only.

If one of the routers is doing Network Address Translation (NAT), also called IP Masquerading, then at some point a lie is told about the original sender's IP address. Click here to see how NAT works.

© Bob Cromwell Jul 2008. Created with /bin/vi, hosted on OpenBSD with Apache.    Root password available here