“To route or not to route, that is the question.”
Signed, The Router
How many decisions must a router make each day? The answer: millions! A lot goes into the decision process regarding routing, and it happens long before a packet, being sent by a customer, arrives at the router for its turn to be forwarded. Join me as we take a close look at a day in the life of the router.
A common theme in success strategies is to plan ahead and be prepared, so that when a circumstance presents itself, we already know what we should do. The same is true for an IP router. Consider the router below, with 4 interfaces.
When a packet arrives at Ethernet interface 1/0, the router has a decision to make. Options for the router seem fairly simple; discard the packet or route it out of one of its interfaces. Long before a packet shows up to be routed, the router should be trained on what to do and which interfaces to use. This training process is called the “control plane” of the router, and is how the router learns where networks are (similar to us knowing where various cities are), and the best path to reach those networks (similar to us knowing which onramps or surface streets to use to reach those cities).
The Learning Process
The control plane for the router only has four ways of learning about networks, that’s it! They are:
- Directly connected networks
- Statically learned networks
- Dynamically learned networks
- Default routes
Let’s look at each of these options, and learn what impact they have on the router’s decision process.
Directly Connected Networks
On a brand new router right out of the shipping box and plugged in, it doesn’t know about any IP networks, because it has no IP addresses configured. The first time we add an IP address with an associated mask to an interface, and bring that interface out of shutdown state, “POOF!” the router now knows about its first network, which is the directly connected network we just configured. Even if this interface is connected to a switch with no other devices on it, the router still believes it can reach this local network, due to the IP address configured on the local interface.
In the example below, the new router has no IP addresses configured, and therefore nothing in his routing table.
After configuring an IP address on an interface and bring up the interface, the single directly connected network is now in the routing table. The new network in the routing table below is 10.0.0.0/24.
Statically Configured Networks
As long as the router is directly connected to at least one IP network, we can train the router about using that connection to reach other networks as well (via other routers who are also on that same connected network). Manually telling the router about a non-local network is what the static route is all about. It is also an issue of faith for the router. For example, if we tell the router that to reach the network of 22.214.171.124/24, it should send those packets to R2 at 10.0.0.2, and our router would now believe it knows how to forward packets to the 126.96.36.199/24 network. In reality, the router would hope (if routers had feelings) that the device at 10.0.0.2 knows how to reach the remote network of 188.8.131.52/24. R1 would not really know, for sure, if R2 could reach it or not. In the example below, a static route has been added to R1 informing R1 that to reach 184.108.40.206/24 it should pass the packets to the router at the IP address of 10.0.0.2
Dynamically Learned Networks
Manually configuring individual static routes can be tedious, especially in larger organizations with many routers and many networks. A solution to avoid having to use static routes everywhere is dynamic routing. It really should be called dynamic learning, because that is what is going on. Using a set of rules called a Routing Protocol, each of the routers dynamically shares the routes is knows or has learned with other routers. This way, when a new network is added directly to R2, or when R2 learns about a new network, this information can be shared with R1 so that R1 will have dynamically learned the route. The routing protocols inside of an organization fall into a category called Interior Gateway Protocols (IGPs); examples include RIP, EIGRP, OSPF, and IS-IS. In the example below, R1 and R2 are running the OSPF routing protocol, and exchanging routing information.
R1 has learned routing information from R2, and the network 220.127.116.11/24 shows up in R1’s routing table. In the example below, we are confirming that R1 knows about R2 via the OSPF routing protocol, and verifying that R1 has learned a route, via OSPF, for the network 18.104.22.168/24
The Default Route
The last method is also a sort of last resort when it comes to routing: the default route. It is what the router should do when it needs to forward a packet and doesn’t have an entry in its routing table for any part of the destination address in the IP header of the packet. For example, we could have a route that says forward packets (when you don’t know what else to do with them) to the router at 10.0.0.2; this would be an example of a default route. Routers may learn a default route from a neighbor using a routing protocol, or a default route may be statically configured. In the example below, R1 is using a manually configured static route that instructs it to use R2’s (the IP address of R2 is 10.0.0.2) as the next hop (router) for any packets that don’t match a more specific route in R1’s routing table.
Putting Useful Knowledge to Work
As the router is being trained about reaching networks, which is the control plane we talked about earlier, it places the information about how to reach those networks (such as the next router’s IP address, and which exit interface to use) in the routing table. There are a few extra processes going on in the background, but by and large, the routing table is the winning route’s #1 podium position at the Olympics. Only the best routes (best path, in the router’s mind, regarding how to reach the remote networks) go into the routing table. If there are two equal cost (in the router’s mind) paths to the same remote network, then the router can place both of those routes in the routing table and use them both to forward packets to the remote network. It is the metric (sometimes referred to as cost) that the router considers to determine which of several routes it knows about (for the same remote network) would be the “best” route to use. Using the metric, lower is considered better.
What about conflicting information?
In a situation where the same network is being learned via two different methods, for example a static route for the 22.214.171.124/24 network and a dynamically learned route for the 126.96.36.199/24 network (learned from a neighbor), the router will consider a special value called AD (Administrative Distance) that is associated with each method of learning it does, and if there are two exact routes from different sources, the router will choose a single winner (for that route) based on the method that has the lowest AD (lower is better). AD has defaults on a Cisco Router, which can be changed. Some of the defaults are listed in Table 1.
How the Route was Learned
AD (default Administrative Distance)
Directly Connected Interface
Internal EIGRP (Dynamic IGP)
OSPF (Dynamic IGP)
ISIS (Dynamic IGP)
RIP (Dynamic IGP)
Here we can see the route for network 188.8.131.52/24 in the routing table of R1. The numbers in brackets show the [AD/METRIC]. In this example, the route was learned via OSPF, which has an AD of 110, and the OSPF metric for that route is 145.
So if the router learned about the network 184.108.40.206/24 via OSPF and had that route in the routing table, and later we added a static route for the same network, the new static route with an AD of 1, would be better (in the mind of the router) than the route from OSPF with a metric of 110, and the static route would replace the OSPF learned route on the winners podium in the routing table. We can see this with the debug running for IP routing. In the example below, we add the static route, which due to a better AD than OSPF is now placed in the routing table.
Forwarding Customer Packets
The learning of routes is called the control plane, and is the process where the router learns and decides the best routes to use. This control plane is like going to class, where the router does the learning of routes and how to forward packets. The application of this learning, where the router actually forwards real packets (using the information it previously learned about routes) is called the Data Plane, and often referred to as the transit path or packet switching.
When a router receives a frame of data from a switch, the router looks at the Layer 2 destination address (in the frame of data) and asks itself, “Do I care about this frame of data? Is it relevant to me? What is my motivation to continue working with this frame?” Regarding IP version 4, if the L2 destination MAC address is the MAC address on the router, or the L2 address is a broadcast address, or the L2 address is the address of a multicast group that this router has joined, then YES, this frame of data is interesting or possibly relevant to the router. As a result, the router will look further into the packet to see what else is inside. In an Ethernet L2 header, it specifies what the payload is (the protocol being carried), which could be dot1q, MPLS or even IP. For this example of IP routers, let’s say the L3 information was IP version 4. In the packet analysis below, it shows a L2 frame with a destination MAC address of R2, and a destination L3 address of 220.127.116.11 which is not local to R1 or R2.
When receiving this frame and because the L2 destination address was relevant to R2 (00:64:40:22:22:22 is R2’s MAC address), R2 continues to dive into the packet and then looks at the L3 destination address, and asks, “Do I care about this packet (at L3) of data? Is it relevant to me?” If the destination IP address in the L3 header matches an IP address of the router, the router would realize this packet was specifically for him, and would continue to look deeper into the packet to see what the packet was all about. An example of traffic destined to R2 could be a packet carrying part of a TCP based SSH session between the router R2 and the administrator.
What if the L3 Destination Address doesn’t belong to the Router?
If the L3 destination IP address is NOT one of the router’s IP addresses, the router realizes the packet is not for the router personally, but the router is willing to forward (or route) this IP packet (it is a router, after all). The router consults the routing table to determine if any of its routes/networks in the routing table match the destination IP address in the packet. If a packet has the destination IP address of 18.104.22.168, the router would look for the longest match (if there were multiple different length entries in the routing table), and use that route to forward the packet. In the output below, the routing table lists that it knows one subnet from the Class A network of 22.214.171.124, that it is subnetted down to a /24, and that 24 bit network is 126.96.36.199.
Because the first 24 bits of this route/network in our routing are an exact match of the first 24 bits of the packet we need to forward, this is our longest match. R2 will forward the packet on the L2 address of 188.8.131.52 (based on the routing table above) and will use Ethernet 1/0 to forward the packet. The device at 184.108.40.206 will then go through the similar process of opening up the packet, and making a routing decision about that packet. This is a story that happens millions of times per day, in networks all around the world.
If a router doesn’t have an exact match based on its routing table, it will then use its default route for forwarding, and if there isn’t a default route either learned or configured on the router (with no other more specific routes in the routing table), the router will drop the packet, and send a message to the source IP from the packet, letting that device know that the packet was dropped. (This isn’t really an apology for dropping the packet, but more for just notification that it happened).
There is an entire fascinating world happening within our networks, and I hope you have enjoyed looking into the concept of routing from the router’s perspective.