An Important Fact About IP Routing Most People Forget
When packets take a certain route to their destination they DO NOT have to take the same route back. I can’t stress this enough, packets DO NOT record the route they take. This is a big misconception among some IT professionals. Let’s say you are playing an online game, you have a connection established with the game server and data is constantly being sent and received. The packets you send may go across 5 routers, but the packets that come back CAN and most likely take a completely different route using 7 other routers. Always remember this when troubleshooting IP routing issues. Here is a classic of example of how you can get it wrong.
Let’s say you are troubleshooting a network problem and suspect the cause is related to IP routing. You decide to use the PING command to test that routing is configured correctly. The device you ping is 4 hops (routers/networks) away. The ping fails. For the sake of simplicity we will assume that everything else is working perfectly and it should reply. You now use the trace route command to investigate further and find it is in fact routing correctly; you can see packets going across all 4 hops and arriving at the destination. At this point you assume routing is working correctly so move on to look elsewhere. The problem however, was not that the packets couldn’t get to the destination, it was that they couldn’t come back. It could be as simple as a misconfigured default gateway on the destination PC; packets would arrive there but when replying the PC would send them to a wrongly configured gateway and consequently fail. What you should have done is run a trace route at both locations to test IP routing in both directions. If this was done you would have spotted the misconfigured PC straight away when it was sending it’s replies to the wrong gateway.
Make sure you remember this for the future as you are unlikely to find this documented elsewhere.
IP Routing Through Multiple Networks
Let’s expand on the network from part 2. We already have two subnets 192.168.111.x and 192.168.1.x connected by one router. Let’s add 2 more subnets 192.168.2.x and 192.168.3.x, they are connected as follows:
IP Routing Diagram
In the diagram above PC1’s default gateway is Router A, this is the same for PC2. All packets from either of these PC’s will be forwarded to Router A for destinations other than their own subnet. What happens if PC1 wants to communicate with PC’s on the 192.168.2.x subnet? With everything explained so far this isn’t possible. Let’s go through the process; PC1 wants to connect to IP 192.168.2.5 but knows it is on a different subnet so forwards the packets to it’s default gateway Router A. At this point Router A can’t find a match for the destination subnet, it only has routes to the two subnets it is attached to so, it should fail. But, routers also have default gateways. If we configure Router A’s own default gateway to be IP 192.168.1.1 (Router B) it adds the 0.0.0.0 entry into it’s routing table with a gateway IP of 192.168.1.1. As explained in part 2 this will forward everything to this IP it can’t find a specific match for in it’s own routing table. As Router B is attached to the 192.168.2.x subnet it finds a matching route and sends the packets directly to the PC. If we apply this same principle to all the routers we can create a loop where packets are forwarded to other routers in a clockwise direction as follows; Router A > Router B > Router C > Router D > Router A. This is not the ideal IP routing solution but for learning purposes if will suffice for now. Here is what happens when PC1 transfers data with a PC on network 192.168.3.x.
- PC1 examines it’s own IP routing table and finds the only match is 0.0.0.0 (default gateway rule) and forwards the packet to IP 192.168.111.254.
- Router A does EXACTLY the same same as PC1. It checks it’s routing table and sees it is not part of that network so sends it onto it’s own default gateway IP 192.168.1.1 (Router B).
- Router B does the same and sends it to Router C.
- Router C is part of the 192.168.3.x subnet; it finds a match in it’s routing table and sends it directly to the PC.
- The PC on the 192.168.3.x subnet sends data back to IP 192.168.111.55 but sees it is on another subnet. It checks it’s routing table and finds the 0.0.0.0 entry.
- This entry has the default gateway set to IP 192.168.3.1 (Router D) so forwards packets there.
- Router D delivers the packets to IP 192.168.111.55
As you can see PC1 had to go through 3 routers to get to the destination because it (and Router A) didn’t know that the 192.168.3.x network was accessible through Router D (1 hop away). This is because there was no match in any of the routers routing tables for the subnet until it reached Router C. When the packets came back from a PC on 192.168.3.x it’s default gateway was Router D and since Router D is also attached to 192.168.111.x it only required one hop. It works, but it’s not very efficient. The most efficient IP routing method is to make ALL routers aware of the quickest route to each subnet. We do this using a technique called Static Routing.
Static routing is the process of adding IP routing information manually into the routing table. Let’s start by adding a static route to Router A so that it knows the 192.168.3.x network is accessible through Router D. If we were using Microsoft RRAS as our routers we would type this command at a command prompt:
route add 192.168.3.0 mask 255.255.255.0 192.168.111.1 metric 1
All routers are configured differently, this is just how a Windows RRAS is done but the principle is the same regardless. This command adds an entry into the routing table that states the 192.168.3.x network can be accessed through IP 192.168.111.1. When PC1 sends data to 192.168.3.x it is forwarded to Router A but this time Router A finds a match to the subnet which tells it to forward the packets to 192.168.111.1 (Router D). Router D of course then delivers it directly to the machine. You may be asking yourself why we can’t just add this route directly on PC1 instead allowing us to bypass Router A? This is an option, and we would eliminate a hop in doing so. However, it is bad practice; remember this subnet could have hundreds of computers attached to it, it would mean adding the route to all of them. This is more work, and in addition it further complicates the network. For example what if due to network topology changes you are required to change Router D’s IP address in the near future? The route now needs updating but rather than update it once on a router you need to do it on every machine again! It is best leaving routing to the routers. Adding the route at the router means you only have to do it once.
Router A now has routes to 3 subnets; the 2 that are directly attached and the one we added above. We add another route for the last network of 192.168.2.x. We could add an entry telling Router A that the 192.168.2.x network can be accessed through Router B but since the 0.0.0.0 rule (Router A’s own default gateway) also sends packets to Router B it would be pointless. Instead we will add this new static route to go in the opposite direction for redundancy like so:
route add 192.168.2.0 mask 255.255.255.0 192.168.111.1 metric 2
As this is a more specific match than 0.0.0.0 ip routing will favour this first. When sending traffic to 192.168.2.x it will ALWAYS send it to Router D. If for any reason this fails it will then fall back to the 0.0.0.0 rule and send packets to 192.168.111.254.
Adding the two static routes above allows our router to “see” all 4 subnets. You would then configure the other 3 routers in the same manner.
Internet IP Routing
The Internet routes traffic exactly the same way but on a much larger scale with thousands of networks and routers. EVERY time a router receives a new packet it is evaluated against the routing table for a match. If it can’t find one it forwards the packet to it’s own default gateway. This process continues until eventually a router finds a match. If a router finds two matches to the same network (for redundancy) it will always favour the entry with the lowest metric value first.
The main difference between IP routing on the Internet and routing on private networks is how the routing table is built. Private networks tend to use static routing whereas the Internet uses Dynamic Routing.
Maintaining IP routing tables on small networks do not require much administrative effort; once the network is setup and static routes have been added there isn’t much else to do. On large networks however, the network topology is constantly changing; new subnets are added, faster routes learnt, subnets are joined or further subnetted. Updating the routers to reflect this every time a change occurs can be a chore in itself. This is where dynamic routing comes in. In static routing the administrator manually creates the routes, but in dynamic routing the routes are “learnt” and built automatically by the routers themselves. Dynamic routing allows routers to “talk” to each other to find where other networks are located. When the network topology changes so do the dynamic routes. When routers go down or faster routes become available dynamic routing also detects this and reconfigures the IP routing table accordingly. As you can imagine dynamic routing requires little to no administration and is ideal for the Internet where new networks are added every day.