TCP/IP For Internet Administrators
Previous Section Previous Page Query/Search Next Page Next Section

Routing Tables

Every TCP/IP device that places a packet of data on a network must make routing decisions. These decisions are made by comparing the destination address to the entries in a routing table. The routing table is normally built by the network administrator or from information gathered by the TCP/IP system.

The routing system selects an entry from the routing table and takes the netmask from that entry. The system then performs a logical AND of this value and the destination address. The resulting value is compared to the network address in the table entry. If the two values are the same then the destination can be reached through the gateway in that entry. If the two values are different then the routing system moves to the next entry in the table. If the table is exhausted and no matching entry is found, then the usual result is for the routing system to discard the packet and generate a message notifying the sending application that the destination network is unreachable.

If a routing table entry is found with a matching network value, then the packet is forwarded based on the information in the table entry. If the destination is on a network segment directly connected to the routing system, the packet will be delivered to the destination system. If not, the packet is passed to a gateway system on a directly connected network segment for delivery.

Most systems using TCP/IP have a routing table entry for a default gateway. This is the address of a gateway system which is used to send packets that have a destination address that does not match any other table entry. This is usually represented by a network address and netmask of 0.0.0.0. This way, when the netmask is combined with the destination address, a result of 0.0.0.0 will be returned, which then matches the default gateway network address of 0.0.0.0.

MS Windows Routing Tables

On most Microsoft Windows systems that are using TCP/IP, the command route print will display the current routing table. The following is an example of the output from a Win NT 4.0 system that has one connection to an ethernet network segment with an IP address of 205.217.146.200 and a netmask of 255.255.255.0: 

Active Routes:

Network Address  Netmask	  Gateway Address  Interface	  Metric
0.0.0.0          0.0.0.0          205.217.146.1    205.217.146.200  1
127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1        1
205.217.146.0    255.255.255.0    205.217.146.200  205.217.146.200  1
205.217.146.200  255.255.255.255  127.0.0.1        127.0.0.1        1
205.217.146.255  255.255.255.255  205.217.146.200  205.217.146.200  1
224.0.0.0        224.0.0.0        205.217.146.200  205.217.146.200  1
255.255.255.255  255.255.255.255  205.217.146.200  205.217.146.200  1

The Network Address and Netmask columns show the values the are used to determine if the destination matches the routing table entry. The Gateway Address and Interface columns tell where the packet should be sent, and the Metric shows how "expensive" it is to send the packet.

The first line of this routing table is the default route. The Gateway Address is the address of a router with an IP address of 205.216.146.1, and it is on the network connected to the interface with the address 205.217.146.200. On a Microsoft Windows TCP/IP system this entry is normally set up by the system administrator in the Default Gateway field when TCP/IP is configured on the system.

The second line is the loopback route. The address of 127.0.0.1 in the Gateway and Interface is a special value that refers to the local host. On a Microsoft Windows TCP/IP system this entry is normally set up automatically by the TCP/IP software.

The third line defines the range of addresses on the local network segment. This shows that any address in the 205.217.146.0 Class C network should be found on the network segment connected to the interface with the address 205.217.146.200. On a Microsoft Windows TCP/IP system this entry is added when the interface is assigned an IP address and netmask. In this case the interface was assigned the IP address 205.217.146.200 and the netmask of 255.255.255.0. The TCP/IP software used the netmask combined with the IP address to derive the network address of 205.217.146.0.

The fourth line is how a Microsoft routing table defines that 205.217.146.200 is an address for the local host. On a Microsoft Windows TCP/IP system this entry is also added when the interface is assigned an IP address. The 255.255.255.255 netmask identifies that this route applies to only to packets addressed to the single address 205.217.146.200. The 127.0.0.1 Gateway and Interface addresses pass all packets for this address to the local host.

The fifth entry lists the announce address for the local network. This is another entry that is automatically added when an interface on a Windows TCP/IP system is assigned an IP address.

The sixth line is the multi-cast address. This route is for special applications that broadcast information to more than one destination.

The seventh line is another line that is unique to Microsoft routing tables.

All of the routing table entries in the above table have a Metric of 1. The metric is a value that associates a cost with the route. The purpose is to help the routing system decide which route to use if there is more than one route to a particular destination. The metric loosely refers to the number of hops to reach the destination. For example, if a system was connected to two different networks, and a third network could be reached through either one, there could be two routing table entries for the third network. If the third network was directly connected to the first network, the metric on the first route would be 1. If it required passing through a fourth network to be reached through the second network, the metric on the second route would be 2. This would reflect the fact that the first route is less expensive than the second. Metrics are also used to weight other attributes in addition to hop counts. If one route passes through directly connected networks and another passes across slower telephone lines, the slower route might be given a higher, more expensive metric.

On a Microsoft TCP/IP system the routing table is automatically built when TCP/IP is configured on the interfaces in the system. The network administrator can assign the values on each individual computer system, or, if Dynamic Host Configuration Protocol (DHCP) is used, the information is pulled from a central host when the system is booted. Additional routes can be added to the table using the route add command, or they can be learned by the system through Internet Control Message Protocol (ICMP) messages and routing protocols such as Routing Information Protocol (RIP).

If the system shown above had more interfaces, such as a NIC connected to another network segment or a telephone connection to a remote network, there would be additional routing table entries. They would list the IP address, the network address, and the announce address for the additional interface.

Adding interfaces should not normally require an additional default route entry. Under normal circumstances there should be only one default route defined on any TCP/IP system. The only time there should be more than one default route entry in a routing table is if the system has more than one path connecting it to the Internet. In this instance, there would be multiple default routes, normally with different metrics. This might be the case if a system is on a network that is connected to the Internet, and has a backup connection in case the primary network goes off-line. When a primary route goes out of service, it is possible for that route to be automatically or manually disabled. Then the secondary route is used by the routing system.

UNIX Routing Tables

If the system described above was a UNIX system, the routing tables would be displayed differently but would function in basically the same fashion. On most UNIX systems the way to display the routing table is by entering the command netstat -nr. The r option tells the netstat program to display the routing table, and the n tells it to display the numeric IP addresses rather than the domain names for the systems and networks.

The following table is from a Linux UNIX system that has an IP address of 205.217.146.198 and a netmask of 255.255.255.0: 

Kernel routing table
Destination    Gateway        Genmask      Flags Metric	Ref Use	  Iface
205.217.146.0  0.0.0.0        255.255.255.0  U     0     0  3070  eth0
127.0.0.0      0.0.0.0        255.0.0.0      U     0     0  2130  lo
0.0.0.0	       205.217.146.1  0.0.0.0        UG    0     0  2370  eth0

The Destination column gives the Network or Host address for the routing entry. The Gateway column shows the gateway to use to reach the destination. The Genmask column is the netmask for the table entry.

The Flags column describes the status of the entry. The values in this column are as follows:

  • U - This route is useable
  • G - Destination is a gateway
  • H - Destination is a Host entry
  • R - Route will be reinstated after time-out
  • D - This one was created dynamically (by redirection)
  • M - This one was modified dynamically (by redirection)
The Metrics column gives the relative metric of this route. The Use column shows how many packets have been transmitted using this route.

The Interface column shows which physical interface is used for the route. In this table eth0 is Ethernet Port #0, and lo is the local loopback.

The first line of the table shows the range of valid IP addresses on the network directly connected to the interface eth0.

The second line defines the local loopback.

The third line is the default route. It shows that this is a Gateway with the IP address 205.217.146.1, and it is on the local network segment that is connected to the interface eth0.

The routing table displayed on the UNIX system has fewer entries than the one displayed under Microsoft Windows. This is partly because the UNIX system does not have some of the entries, such as the Multi-Cast route, which Microsoft TCP/IP adds by default. It is also partly because the UNIX netstat does not display some of the information, such as the IP address of the local interface and the network announce entry. The UNIX table does give more information per line than the table displayed under Microsoft Windows TCP/IP, showing specific status and usage information.

Like the Microsoft table, if there were additional interfaces and routes there would be additional entries in the UNIX routing table.

Previous Section Previous Page Query/Search Next Page Next Section