IPv4 Routing
Applies To: Windows Server 2008
IPv4 Routing
After the host name or NetBIOS name is resolved to an IP address, the IP packet must be sent by the sending host to the resolved IP address. Routing is the process of forwarding a packet based on the destination IP address. Routing involves both the TCP/IP host and an IP router. A router is a device that forwards the packets from one network to another. Routers are also commonly referred to as gateways. Both the sending host and router need to make a determination about how the packet is forwarded.
To make these determinations, the IP layer consults a routing table stored in memory. Routing table entries are created by default when TCP/IP initializes and additional entries are added either manually by a system administrator or automatically through communication with routers.
Direct and Indirect Delivery
IP packets use at least one of two types of delivery based on whether the final destination is located on a directly attached network. These two types of delivery are known as direct and indirect delivery.
Direct delivery occurs when the IP node (either the sending node or an IP router) forwards a packet to the final destination on a directly attached network. The IP node encapsulates the IP packet in a frame format for the Network Interface layer (such as Ethernet or Token Ring) addressed to the destination’s MAC address.
Indirect delivery occurs when the IP node (either the sending node or an IP router) forwards a packet to an intermediate node (an IP router) because the final destination is not on a directly attached network. The IP node encapsulates the IP packet in a frame format for the Network Interface layer (such as Ethernet or Token Ring) addressed to the IP router’s MAC address.
IP routing is a combination of direct and indirect deliveries.
In the following figure, when sending packets to node B, node A performs a direct delivery. When sending packets to node C, node A performs an indirect delivery to Router 1, and Router 1 performs an indirect delivery to Router 2, and then Router 2 performs a direct delivery to node C.
Direct and Indirect Deliveries
IP Routing Table
A routing table is present on all IP nodes. The routing table stores information about IP networks and how they can be reached (either directly or indirectly). Because all IP nodes perform some form of IP routing, routing tables are not exclusive to IP routers. Any node loading the TCP/IP protocol has a routing table. There are a series of default entries according to the configuration of the node and additional entries can be entered either manually through TCP/IP utilities or dynamically through interaction with routers.
When an IP packet is to be forwarded, the routing table is used to determine:
The next-hop IP address. For a direct delivery, the next-hop IP address is the destination IP address in the IP packet. For an indirect delivery, the next-hop IP address is the IP address of a router.
The next-hop interface. The next-hop interface identifies the physical or logical interface, such as a network adapter, that is used to forward the packet to either its destination or the next router.
IP Routing Table Entry Types
Entries in the IP routing table contain the following information:
Network ID. The network ID or destination corresponding to the route. The network ID can identify a specific subnet, be a summarized route, or an IP address for a host route. In the Windows Server® 2008 IP routing table, this is the Network Destination column.
Network mask. The mask that is used to match a destination IP address to the network ID. In the Windows Server 2008 IP routing table, this is the Netmask column.
Next hop. The IP address of the next hop. In the Windows Server 2008 IP routing table, this is the Gateway column.
Interface. An indication of which network interface is used to forward the IP packet.
Metric. A number used to indicate the cost of the route so the best route among possible multiple routes to the same destination can be selected. A common use of the metric is to indicate the number of hops (routers crossed) to the network ID.
Entries in the routing table can be used to store the following types of routes:
Directly attached network ID. A route for network IDs that are directly attached. For directly attached networks, the Next Hop field can be blank or contain the IP address of the interface on that network.
Remote network ID. A route for network IDs that are not directly attached but are available across other routers. For remote networks, the Next Hop field is the IP address of a local router.
Host route. A route to a specific IP address. Host routes allow routing to occur on a per-IP address basis. For host routes, the network ID is the IP address of the specified host and the network mask is 255.255.255.255.
Default route. The default route is designed to be used when a more specific network ID or host route is not found. The default route network ID is 0.0.0.0 with a network mask of 0.0.0.0.
Route Determination Process
To determine which routing table entry is used to find the next-hop address and interface, IP uses the following process:
For each entry in a routing table, IP performs a bit-wise logical AND operation between the destination IP address and the network mask. It compares the result with the network ID of the entry for a match.
A list of matching routes is compiled. The route that has the longest match (the route with the largest number of bits that match the destination IP address) is chosen. The longest matching route is the most direct route to the destination IP address. If multiple matching entries are found (for example, multiple routes to the same network ID), the router uses the lowest metric to select the best route. If multiple entries have the same longest match and the lowest metric, IP designates one of them as the routing table entry. In that case, on Windows Server 2008 and later releases, the route is chosen based on a predefined rule using the destination and source IP addresses as parameters.
The end result of the route-determination process is a single route in the routing table that yields a next-hop IP address and interface. If the route-determination process fails to find a route, IP indicates a routing error. For the sending host, an IP routing error message is sent to the upper layer protocol, such as TCP or UDP. For a router, an ICMP Destination Unreachable–Host Unreachable message is sent to the sending host.
Routing Table for Windows Server 2008
The following table shows the default routing table for a Windows Server 2008–based host (not a router). The host has a single network adapter and has the IP address 157.60.27.90, subnet mask 255.255.240.0, and a default gateway of 157.60.16.1.
Windows Server 2008 Routing Table
Network Destination | Netmask | Gateway | Interface | Metric | Purpose |
---|---|---|---|---|---|
0.0.0.0 |
0.0.0.0 |
157.60.16.1 |
157.60.27.90 |
1 |
Default Route |
127.0.0.0 |
255.0.0.0 |
127.0.0.1 |
127.0.0.1 |
1 |
Loopback Network |
157.60.16.0 |
255.255.240.0 |
157.60.27.90 |
157.60.27.90 |
1 |
Directly Attached Network |
157.60.27.90 |
255.255.255.255 |
127.0.0.1 |
127.0.0.1 |
1 |
Local Host |
157.60.255.255 |
255.255.255.255 |
157.60.27.90 |
157.60.27.90 |
1 |
Network Broadcast |
224.0.0.0 |
240.0.0.0 |
157.60.27.90 |
157.60.27.90 |
1 |
Multicast |
255.255.255.255 |
255.255.255.255 |
157.60.27.90 |
157.60.27.90 |
1 |
Limited Broadcast |
Default Route
The entry corresponding to the default gateway configuration is a network destination of 0.0.0.0 with a network mask (netmask) of 0.0.0.0. Any destination IP address that is logically ANDed with 0.0.0.0 results in 0.0.0.0. Therefore, for any IP address, the default route produces a match. If the default route is chosen because no better routes were found, the IP packet is forwarded to the IP address in the Gateway column (the default gateway of 157.60.16.1), by using the interface assigned the IP address in the Interface column.
Loopback Network
The loopback network entry is designed to take any IP address of the form 127.x.y.z and forward it to the special loopback address of 127.0.0.1.
Directly Attached Network
The local network entry corresponds to the directly attached network. IP packets destined for the directly attached network are not forwarded to a router but sent directly to the destination. Note that the Gateway and Interface columns match the IP address of the node. This indicates that the packet is sent from the network adapter corresponding to the node’s IP address.
Local Host
The local host entry is a host route (network mask of 255.255.255.255) corresponding to the IP address of the host. All IP packets sent to the IP address of the host are forwarded to the loopback address.
Network Broadcast
The network broadcast entry is a host route (network mask of 255.255.255.255) corresponding to the all-subnets directed broadcast address (all subnets of class B network ID 157.60.0.0). Packets addressed to the all-subnets directed broadcast are sent from the network adapter corresponding to the node’s IP address.
Multicast
The multicast addresses route is used to send any multicast IP packets from the network adapter corresponding to the node’s IP address.
Limited Broadcast
The limited broadcast address is a host route (network mask of 255.255.255.255). Packets addressed to the limited broadcast are sent from the network adapter corresponding to the node’s IP address.
Viewing the IP Routing Table
To view the IP routing table on a computer running Windows Server 2008, type route print at a command prompt.
When determining the next-hop IP address and interface from a route in the routing table:
If the gateway address is the same as the interface address, the next-hop IP address is set to the destination IP address of the IP packet.
If the gateway address is not the same as the interface address, the next-hop IP address is set to the gateway address.
For example, when traffic is sent to 157.60.16.48, the most specific matching route is the route for the directly attached network (157.60.16.0/20). The next-hop IP address is set to the destination IP address (157.60.16.48) and the interface is the network adapter that has been assigned the IP address 157.60.27.90.
When sending traffic to 192.168.0.79, the most specific matching route is the default route (0.0.0.0/0). The next-hop IP address is set to the gateway address (157.60.16.1) and the interface is the network adapter that has been assigned the IP address 157.60.27.90.
Maintenance of Routing Table Entries
For IP routing to occur efficiently between routers in the IP internetwork, routers must be configured with remote network IDs or a default route. On large IP internetworks, one of the challenges faced by network administrators is how to maintain the routing tables on their IP routers so that IP traffic flow is traveling the best path and is fault tolerant.
There are two methods of maintaining routing table entries on IP routers.
Manual
Static IP routers have routing tables that do not change unless manually changed by a network administrator.
Static routing relies on the manual administration of the routing table. Remote network IDs are not discovered by static routers and must be manually configured. Static routers are not fault-tolerant. If a static router goes down, neighboring routers do not sense the fault and inform other routers.
Automatic
Dynamic IP routers have routing tables that change automatically based on the exchange of routing information with other routers.
Dynamic routing employs the use of routing protocols, such as Routing Information Protocol (RIP) and Open Shortest Path First (OSPF), to dynamically update the routing table through the exchange of routing information between routers. Remote network IDs are discovered by dynamic routers and automatically entered into the routing table. Dynamic routers are fault-tolerant. If a dynamic router goes down, the fault is detected by neighboring routers, which send the changed routing information to the other routers in the internetwork.