The Cable Guy - December 2001
Understanding the IP Routing Table
All computers running any version of Windows and the supplied TCP/IP protocol use an IP routing table. The IP routing table stores information about destinations and how they can be reached. There are a series of default entries based on the configuration of the node. You can add entries with TCP/IP utilities or entries can be added dynamically through interaction with routers.
When an IP packet is forwarded, the IP routing table is used to determine:
The next-hop IP address
For a direct delivery (the destination is a neighboring node), the next-hop IP address is the destination address in the packet. For an indirect delivery (the destination is not a neighboring node), the next-hop address is the address of a router.
The next-hop interface
The next-hop interface identifies either a physical interface (for example, a network adapter) or a logical interface (for example, a tunneling interface) that is used to forward the packet.
After the next-hop address and interface are determined, the packet is passed to the Address Resolution Protocol (ARP). For LAN technologies such as Ethernet and Token Ring, ARP attempts to resolve the link-layer address (also known as the media access control [MAC] address) for the next-hop address, and forward the packet by using the next-hop interface.
Contents of an IP Routing Table
The following are the fields of a typical IP routing table entry:
Destination
The destination can be either an IP address or a class-based, subnetted, or supernetted network ID. In the Windows 2000 IP routing table, this column is named Network Destination.
Network Mask
The bit mask that is used to match a destination IP address to the value in the Destination field. In the Windows 2000 IP routing table, this column is named Netmask.
Next-Hop
The IP address to which the packet is forwarded. In the Windows 2000 IP routing table, this column is named Gateway.
Interface
The network interface that is used to forward the IP packet.
Metric
A number used to indicate the cost of the route so that the best route, among potentially multiple routes to the same destination, can be selected. A common use of the metric is to indicate the number of hops (the number of links or routers to cross) en route to the destination.
Routing table entries can be used to store the following types of routes:
Directly-attached network routes
Routes for subnets to which the node is directly attached. For directly-attached network routes, the Next-Hop field can either be blank or contain the IP address of the interface on that subnet.
Remote network routes
Routes for subnets that are available across routers and are not directly attached to the node. For remote network routes, the Next-Hop field is the IP address of a local router.
Host routes
A route to a specific IP address. Host routes allow routing to occur on a per-IP address basis. For host routes, the network ID is a specific IP address and the network mask is 255.255.255.255.
Default route
The default route is used when a more specific network or host route is not found. The default route destination is 0.0.0.0 with the network mask of 0.0.0.0. The next-hop address of the default route is typically the default gateway of the node.
Route Determination Process
To determine which routing table entry is used for forwarding, IP uses the following process:
For each entry in the routing table, a bit-wise logical AND operation is performed between the destination IP address and the Network Mask field. The result is compared with the Destination field of the entry for a match.
To perform a bit-wise logical AND between the destination IP address and the network mask of the route, IP compares each bit in the destination IP address to the corresponding bit in the subnet mask. If both bits are 1's, the resulting bit is 1; otherwise, the result is 0. Because of the way in which the subnet mask is defined, the result of the bit-wise logical AND operation is:
- For each bit in the subnet mask that is set to 1, the corresponding bit in the result is copied from the destination IP address.
- For each bit in the subnet mask that is set to 0, the corresponding bit in the result is set to 0.
A good example of performing a bit-wise logical AND is in determining the IP network ID for an IP address configuration. To determine the IP network ID, a bit-wise logical AND of the assigned IP address with its subnet mask is performed. The result is the IP network ID.
For example, for the IP address 192.168.98.112 with the subnet mask 255.255.255.0, the result of the bit-wise logical AND is:
- For the first 24 bits, which correspond to the 255.255.255 portion of the subnet mask, the corresponding bit from the destination IP address is copied, resulting in 192.168.98 for the first three octets.
- For the last 8 bits, which correspond to the 0 portion of the subnet mask, the corresponding bit is set to 0, resulting in 0 for the last octet.
Therefore, 192.168.98.112 AND 255.255.255.0 is 192.168.98.0.
The list of matching routes is compiled. The route that has the longest match (that is, the route with the highest number of bits set to 1 in the subnet mask) is selected. The longest matching route is the most specific route to the destination IP address. If there are multiple longest match routes (for example, multiple routes to the same network ID), the router uses the lowest metric to select the best route. If there are multiple longest matching routes with the lowest metric, the node randomly selects which routing table entry to use.
The result of the route determination process is the selection of a single route in the routing table. If this process fails to select a route, IP indicates a routing error. For a sending host, an IP routing error is indicated internally to an upper layer protocol, such as TCP or UDP. For a router, an ICMP Destination Unreachable-Host Unreachable message is sent to the sending host and the packet is discarded.
Next-Hop Address and Interface Determination Process
After determining the single route in the routing table with which to forward the packet, the next-hop address and interface are determined by the following process:
If the address in the Next-Hop field is either blank or is an address that is assigned to an interface on the forwarding node:
The next-hop address is set to the destination IP address of the IP packet.
The next-hop interface is set to the interface that is specified in the Interface field.
If the address in the Next-Hop field is not an address that is assigned to an interface on the forwarding node:
The next-hop address is set to the address in the Next-Hop field for the route.
The next-hop interface is set to the interface that is specified in the Interface field.
Example IP Routing Table for Windows 2000
The following table lists the default routing table for a Windows 2000–based host (that is, not a router). The host has a single network adapter and is configured with the IP address 157.60.136.41, subnet mask 255.255.252.0 (/22), and a default gateway of 157.60.136.1. To view the IP routing table on a computer running Windows 2000, type route print or netstat -r at a command prompt.
=========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x1000003 ...00 b0 d0 e9 41 43 ...... 3Com EtherLink PCI =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 157.60.136.1 15.60.136.41 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 157.60.136.0 255.255.252.0 157.60.136.41 157.60.136.41 1 157.60.136.41 255.255.255.255 127.0.0.1 127.0.0.1 1 157.60.255.255 255.255.255.255 157.60.136.41 157.60.136.41 1 224.0.0.0 224.0.0.0 157.60.136.41 157.60.136.41 1 255.255.255.255 255.255.255.255 157.60.136.41 157.60.136.41 1 Default Gateway: 157.60.136.1 =========================================================================== Persistent Routes: None
Note that two interfaces are listed. One interface corresponds to an installed network adapter (3Com EtherLink PCI) and the other is an internal loopback interface (MS TCP Loopback Interface).
The Windows 2000 IP routing table uses an IP address to identify an interface in the Interface field for the route. Therefore, the following process determines the next-hop address and interface:
If the address in the Gateway field is an address that is assigned to an interface on the forwarding node:
The next-hop address is set to the destination IP address of the IP packet.
The next-hop interface is set to the interface to which the address in the Interface field is assigned.
If the address in the Gateway field is not an address that is assigned to an interface on the forwarding node:
The next-hop address is set to the address in the Gateway field.
The next-hop interface is set to the interface to which the address in the Interface field is assigned.
This Windows 2000 IP routing table contains the following entries:
- The first entry, network destination of 0.0.0.0 and network mask (netmask) of 0.0.0.0 (/0), is the default route. Any destination IP address that is bit-wise logically ANDed with 0.0.0.0, results in 0.0.0.0. Therefore, the default route is a match for any IP address. If the default route is the longest matching route, the next-hop address is 157.60.136.1 and the next-hop interface is the network adapter that is assigned the IP address 157.60.136.41.
- The second entry, network destination of 127.0.0.0 and netmask of 255.0.0.0 (/8), is the loopback network route. For all packets that are sent to an address of the form 127.x.y.z, the next-hop address is set to 127.0.0.1 (the loopback address) and the next-hop interface is the interface that is assigned the address 127.0.0.1 (the loopback interface).
- The third entry, network destination of 157.60.136.0 and netmask of 255.255.252.0 (/22), is a directly-attached network route. If this route is the longest matching route, the next-hop address is set to the destination address in the packet and the next-hop interface is set to the network adapter that is assigned the IP address 157.60.136.41.
- The fourth entry, network destination of 157.60.136.41 and netmask of 255.255.255.255 (/32), is a host route for the IP address of the host. For all IP packets sent to 157.60.136.41, the next-hop address is set to 127.0.0.1 and the next-hop interface is the loopback interface.
- The fifth entry, network destination of 157.60.255.255 and netmask of 255.255.255.255 (/32), is a host route that corresponds to the all-subnets directed broadcast address for the class B network ID 157.60.0.0/16. For all IP packets sent to 157.60.255.255, the next-hop address is set to 157.60.255.255 and the next-hop interface is the network adapter that is assigned the IP address 157.60.136.41.
- The sixth entry, network destination of 224.0.0.0 and netmask of 224.0.0.0 (/3), is a route for multicast traffic that is sent by this host. For all multicast packets, the next-hop address is set to the destination address and the next-hop interface is set to the network adapter that is assigned the IP address 157.60.136.41.
- The seventh entry, network destination of 255.255.255.255 and netmask of 255.255.255.255 (/32), is a host route that corresponds to the limited broadcast address. For all IP packets sent to 255.255.255.255, the next-hop address is set to 255.255.255.255 and the next-hop interface is the network adapter that is assigned the IP address 157.60.136.41.
The following are examples of how this routing table is used to determine the next-hop IP address and interface for several different destinations:
Unicast destination 157.60.136.48
The longest matching route is the route for the directly-attached network (157.60.136.0/22). The next-hop IP address is set to the destination IP address (157.60.136.48) and the next-hop interface is set to the network adapter that is assigned the IP address 157.60.136.41.
Unicast destination 192.168.0.79
The longest matching route is the default route (0.0.0.0/0). The next-hop IP address is set to the default gateway address (157.60.136.1) and the next-hop interface is the network adapter that is assigned the IP address 157.60.136.41.
Multicast destination 224.0.0.1
The longest matching route is the 224.0.0.0/3 route. The next-hop IP address is set to the destination IP address (224.0.0.1) and the next-hop interface is the network adapter that is assigned the IP address 157.60.136.41.
Subnet broadcast destination 157.60.139.255
The longest matching route is the route for the directly-attached network (157.60.136.0/22). The next-hop IP address is set to the destination IP address (157.60.139.255) and the next-hop interface is set to the network adapter that is assigned the IP address 157.60.136.41.
Unicast destination 157.60.136.41
The longest matching route is the host route for the locally assigned IP address (157.60.136.41/32). The next-hop IP address is set to the destination address (157.60.136.41) and the next-hop interface is set to the loopback adapter.
For More Information
For more information about IP routing in Windows 2000, consult the following resources:
- Windows 2000 Server Documentation (Networking\TCP/IP)
- Windows 2000 Server Resource Kit
- Microsoft Product Support Services Knowledge Base
For a list of all The Cable Guy articles, click here.