Routing table manipulation in Windows
In computer networking terms, routing is the process of forwarding TCP/IP packets between hosts that are connected to multiple IP networks. A host computer decides the best route for a packet with the help of a routing table. Routing table contains a default set of routes that are created when TCP/IP is started on a computer and based on that computers TCP/IP configuration.
The routes can be any of the following three type
- Network Route: A route to a specific destination network
- Host Route: A route to a specific host in the network
- Default route: A route that is used when no other route matches the destination address
The routing table of a host running Windows 7 contains the following fields
- Network Destination
- Netmask
- Gateway
- Interface
- Metric
Depending on the type of route, the network destination can be a network address with host bits set to 0 (Network route), a host IP address (Host Route) or 0.0.0.0 (Default route).
Netmask is the subnet mask used with Network destination to match the destination address.
Gateway is the IP address of the node used to forward the packet to other IP networks.
Interface is the address of the local network interface used to forward the IP packets.
Metric is an integer value between 1 to 9999 that indicates the cost for the route. When there are multiple routes for a destination, the route with the lowest metric is chosen.
When a computer needs to forward a packet it checks the routing table for an entry that matches the packets destination address and use the corresponding route. If a match for the destination address is not found then the default route is used which normally forwards the packet to default gateway of the local subnet.
On a Windows system you can use the route command to view and manipulate routing table. When used without parameters the route command displays the help. To dispaly all the contents of a routing table, open command prompt and type the command
Adding routes for network traffic segregation
In scenarios where you have multiple network interfaces connected to different networks, adding routes to the host’s routing table is necessary to forward the packets to the correct network. To add a static route to the routing table run the route command as below:
Where destination is the IP address of host or network, subnetmask is the mask for the route entry and interface is the interface number of the interface to be used for that route. For example to add a static route to 172.21.32.0 network with subnet mask 255.255.255.0 and gateway address 192.168.1.13, type the command
To make a static route permanent you can use the -p option when adding the route.
To delete a route, run the route delete command as below
For example, to delete the route that you added above
What is routing table in windows
Routers:
A Router is a networking device that forwards data packets between computer network. This device is usually connected to two or more different networks. When a data packet comes to a router port, the router reads address information in packet to determine out which port the packet will be sent. For example, a router provides you with the internet access by connecting your LAN with the Internet.
When a packet arrives at a Router, it examines destination IP address of a received packet and make routing decisions accordingly. Routers use Routing Tables to determine out which interface the packet will be sent. A routing table lists all networks for which routes are known. Each router’s routing table is unique and stored in the RAM of the device.
Routing Table:
A routing table is a set of rules, often viewed in table format, that is used to determine where data packets traveling over an Internet Protocol (IP) network will be directed. All IP-enabled devices, including routers and switches, use routing tables. See below a Routing Table:
The entry corresponding to the default gateway configuration is a network destination of 0.0.0.0 with a network mask (netmask) of 0.0.0.0. The Subnet Mask of default route is always 255.255.255.255 .
Entries of an IP Routing Table:
A routing table contains the information necessary to forward a packet along the best path toward its destination. Each packet contains information about its origin and destination. Routing Table provides the device with instructions for sending the packet to the next hop on its route across the network.
Each entry in the routing table consists of the following entries:
- Network ID:
The network ID or destination corresponding to the route. - Subnet Mask:
The mask that is used to match a destination IP address to the network ID. - Next Hop:
The IP address to which the packet is forwarded - Outgoing Interface:
Outgoing interface the packet should go out to reach the destination network. - Metric:
A common use of the metric is to indicate the minimum number of hops (routers crossed) to the network ID.
Routing table entries can be used to store the following types of routes:
- Directly Attached Network IDs
- Remote Network IDs
- Host Routes
- Default Route
- Destination
When a router receives a packet, it examines the destination IP address, and looks up into its Routing Table to figure out which interface packet will be sent out.
How are Routing Tables populated?
There are ways to maintain Routing Table:
- Directly connected networks are added automatically.
- Using Static Routing.
- Using Dynamic Routing.
These Routing tables can be maintained manually or dynamically. In dynamic routing, devices build and maintain their routing tables automatically by using routing protocols to exchange information about the surrounding network topology. Dynamic routing tables allow devices to “listen” to the network and respond to occurrences like device failures and network congestion. Tables for static network devices do not change unless a network administrator manually changes them.
Route Determination Process (finding Subnet ID using Routing Table):
Consider a network is subnetted into 4 subnets as shown in the above picture. The IP Address of the 4 subnets are:
Then, Routing table maintained by the internal router looks like:
| Destination | Subnet Mask | Interface |
|---|---|---|
| 200.1.2.0 | 255.255.255.192 | a |
| 200.1.2.64 | 255.255.255.192 | b |
| 200.1.2.128 | 255.255.255.192 | c |
| 200.1.2.192 | 255.255.255.192 | d |
| Default | 0.0.0.0 | e |
To find its right subnet (subnet ID), router performs the bitwise ANDing of destination IP Address mentioned on the data packet and all the subnet masks one by one.
- If there occurs only one match, router forwards the data packet on the corresponding interface.
- If there occurs more than one match, router forwards the data packet on the interface corresponding to the longest subnet mask.
- If there occurs no match, router forwards the data packet on the interface corresponding to the default entry.
Note that the routing tables are not specific for Cisco devices. Even your Windows operating system has a routing table that can be displayed using the route print command
Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.
How to display the routing table in Windows and Linux
What exactly is the routing table in Windows and Linux, why is it useful and how can we make sense of it?
I’ll answer all these questions today by showing you how to display the routing table on your computer and then showing you what it all means.
You’ll also get a little primer on how basic network communication works. Also, if the differences between IP addresses and MAC addresses ever confused you then you need to read this.
First I just want to mention that routers aren’t the only devices with routing tables. Almost every network connected device that relies on TCP/IP has a routing table because every device needs to know where to send packets.
Here’s how to view the routing table on your Windows or Linux box.
In Linux, you can conjur the routing table with this command:
If you’re on a PC, open the command prompt (press Windows Key + r and enter the word “cmd“) then type the following phrase into the black abyss:
There’s a lot of messy data on the screen but if you pause for a moment you’ll see that it’s actually very organized and coherent.
There are five column of interest here:
- Network Destination
- Netmask
- Gateway
- Interface
- Metric
I’m going to break it down but I want to do something different here. Instead of giving you pedantic definition of each column I want you to really grasp what’s going on.
Talk to me
In order for a computer to communicate with another computer (or network device) a few things have to happen.
First, the host, which is another name for your computer, tries to figure out if the destination device (a web server, printer, file server etc..>) is on the same network as the host.
If it’s on the same network it just shoots the frame directly to the destination device; however, if it’s off network it sends out a broadcast message saying
Hey, everyone, what’s the MAC address of the default gateway!?
Everyone on the local network gets the message but only the default gateway replies with its MAC address. Your host adds it as an entry inside its local record known as the ARP cache. This is so the next time it needs to get off the network it doesn’t have to bother everyone by yelling for that MAC address.
So now your packet has found a way off the island out into the inhospitable waters of the interwebs but how does it actually make its way through the internet?
The network packet is like a little boat floating on a MAC address raft.
Every device on the web has both a MAC and IP address. As the packet traverses the internet the IP address is static, it doesn’t change; however, each router replaces the source and destination MAC addresses with new ones.
In other words, the MAC address is like a little boat that transports the packet between router islands. When the packet arrives at the shoreline of one router, the router removes the boat and gives it a new one with it’s MAC address as the source and the next nearest router as the destination MAC.
During packet transmission, both the source and destination IP address never change but the packet is constantly having its old source and destination MAC addresses stripped and added as it moves it’s way from router to router. The MAC is just a temporary means of getting the packet to the next immediate point but the IP address is the big picture: it tells us how to get to the final destination.
Bombastic binary
Now we know how the packet traverses the web; however, did your computer know that the packet was destined off the local network?
It’s all about the Netmask (Subnet Mask) and Interface columns.
Look back at the ROUTE PRINT output.
The IP address under Interface is your local IP address. It’s the IP address of your network adapter.
But an IP address is never naked. It’s always clothed with a Subnet Mask because without the mask the computer has no way of knowing which network the computer actually lives in.
So the computer compares the binary representations of both the Interface and corresponding Netmask to determine the destination Network.
Notice how some values under Gateway say On-link.
That’s because those destination networks are on the same subnet as my host: In other words, they don’t need to go through a router because their on the same same link as my computer.
Let me show you how the PC knows if a destination network is on its link.
Ones and Zeros Oh yeah!
Let’s talk ones and zero’s for a second…
If we convert the local host IP address, 10.255.77.167, to binary we get:
The number 10 is 0000 1 0 1 0 in binary because both 1’s in that binary number represent 8 and 2 respectively and sum to 10.
In the same way, the number 255 is all 1’s in binary: 11111111.
Moving across the binary number 1111111 1 from right to left the first number, the one furthest to the right, represents 2 to the zeroth power which is 1.
The second number is 2 to the 1st power which is 2.
111111 1 1
The third number is 2 to the second power with is 4.
11111 1 11
The fourth number is 2 to the 3rd power which is 8.
1111 1 111
And this keeps going.
So by the time you get to the last number (remember moving from right-to-left) it’s 2 to the 7th power which is 128.
1 1111111
So in the IP address, 10.255.77.167, we get 255 by adding up all those powers of 2.
We have eight 1’s so we have eight powers of two.
11111111
So 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255.
This is how binary works.
Let’s do the number 72 real fast which is 01001000 in binary.
Starting from right side moving toward the left we can skip those three zeros. We’ll stop when we hit the first 1 .
So the first 1 in 0100 1 000 is in the 2 to the third power place which is 8.
The other 1 is in the 2 to the 6th place which is 64.
Okay, enough of the math, I just wanted to show you how computers think of IP addresses because they don’t see decimal numbers like we do. On the contrary, computers think, breath and live the monotonous life zeros and ones.
Finding the right network
Your computer determines if the destination is on the right network by comparing the binary representation of the destination address with the netmask.
We already know the IP address 10.255.77.167 is actually:
00001010 11111111 01001101 10100111
And according to the ROUTE PRINT command the Netmask is showing up as 255.255.248.0.
Here’s what that looks like in binary:
11111111 11111111 11111000 00000000
All the 1’s in the netmask reveals which bits belong to the network portion of the IP address and the zeros show the host portion. The Netmask divides the IP address into two parts: network and host.
If we stack both bits on top of each other we can figure out which network 10.255.77.167 belongs to:
Starting from the left side and moving right we can do a binary AND operation across each bit to produce the subnetwork.
Looking at the first group of 8 bits:
00001010 which is 10.
The next group of 8 bits is just all 1’s so it’s 255.
Let’s see the third group of 8 bits:
01001000 = 72
The last octet (group of 8 bits) is all zeros so it’s just 0.
The Bottom Line
So we see that our IP address 10.255.77.167 belongs in the 10.255.72.0 network which is our network.
When the host and destination IP are in the same network routing is pretty easy. You can send the data packet directly to the destination IP via the MAC address; however, if it’s on a different network then you need to send the packet to a network device that can find your network resource.
This device is called the default gateway: think of it as your gateway to the internet, it’s the doorway to getting off your local home network to the world wide web.
Using ROUTE PRINT and netstat -rn is useful because occasionally you’ll try every troubleshooting technique under the sun only to realize that your routing table has a corrupt entry or a key entry is missing. These two commands are essential when troubleshooting network communication problems.
