Partager via


How IPv4 Unicast Routing Works

Applies To: Windows 7, Windows Server 2008 R2

Unicast IP routing is the process of transferring data in the form of unicast IP packets across an IP network from a single source node (a computer or other network device) to a single destination node. An IP router is a node that forwards IP packets between interfaces (which can be physical network adapters or logical interfaces such as tunnels) based on information that it stores in a database called a routing table.

The following figure shows a simple IP network in which unicast IP routing takes place.

The following table describes each of the routing components, as defined by the International Organization for Standardization (ISO), shown in the figure.

Network Component Description

End system

A network device that does not forward IP packets. End systems are also known as hosts. A computer that is not acting as a router is an end system. (Collectively, hosts and routers are known as nodes.)

Intermediate system

A network device that forwards IP packets that are not addressed to it. Bridges, switches, and routers are examples of intermediate systems.

Router

An intermediate system used to connect network segments (subnets) based on a common network layer protocol, such as IP. In the preceding figure, the intermediate system depicted is a router. Routers include:

  • Hardware routers. A device that performs routing as a dedicated function and is specifically designed and optimized for routing. For example, hardware routers made by Cisco Systems, Inc., are widely deployed in IP networks.

  • Software routers. A computer that performs routing as one of multiple processes running on the computer. For example, a computer running Windows Server with the Routing and Remote Access service enabled is a software router.

A router can be configured to perform only static routing, only dynamic routing, or, more typically, primarily dynamic routing supplemented by some manually configured static routes.

Network

A portion of the networking infrastructure (repeaters, hubs, bridges, or Layer 2 switches) that is bounded by an intermediate system and whose computers and other network devices share a common network address called a network ID. Also referred to as a network segment or a subnet.

When a node on an IP network sends a unicast IP packet to a node on another network, it typically first forwards the packet to a router. The router examines the packet and uses the destination network address in the packet header to determine which of the router’s interfaces to use to forward the packet to its destination.

The network layer header of any Internet Protocol version 4 (IPv4) packet sent from a source node to a destination node on an IPv4 network includes the following:

  • A source IPv4 address, which contains a source network ID and a source host ID.

  • A destination IPv4 address, which contains a destination network ID and a destination host ID.

  • A Time-To-Live (TTL) value, which is used to prevent the packet from endlessly circulating on the network. The TTL starts at a maximum value and decreases by one for each link crossed; if zero is reached, the packet is discarded and a message is returned to the sending node from which the packet originated.

Note

The TTL link count is not the same as the hop count (the number of routers crossed to reach a destination). The link count, which equals the number of network segments, is the hop count plus one. For example, if two nodes are separated by five routers, the hop count is 5 but the TTL link count is 6.

How the IPv4 routing table works

On an IPv4 network, IP makes routing decisions by consulting a database of routes known as the IP routing table. Each IP node uses its own routing table to store information about routes usable for forwarding unicast IP packets to any reachable location. A node running Windows builds its routing table automatically, based on its current TCP/IP configuration, static routing table entries, information provided by dynamic routing protocols, and ICMP Redirect messages.

Each entry in the routing table corresponds to one route. When an IP node needs to forward an IP packet, IP searches the routing table on the node for a route that most closely matches the destination IP address in the packet. Typically, the process is as follows:

  • For an IP host. A host can either send a packet directly to its destination, or it can send the packet en route to the destination through a default route {Network ID: 0.0.0.0, Subnet Mask: 0.0.0.0} that points to its default gateway. A default gateway is a router that connects separate IP network segments.

  • For an IP router. A router forwards a packet either by using an explicit static route for a specific network segment, a summarized route, a host route, or a default route.

Routing table example

An administrator or user can view the current state of the IP routing table on an IP node at any time. For example, consider a node configured as follows:

  • IP address: 157.54.27.90

  • Subnet mask: 255.255.240.0

  • Default gateway: 157.54.16.1

In network prefix length notation, the IP address and subnet mask pair {157.54.27.90, 255.255.240.0} for this node is expressed as 157.54.27.90/20. Typing route print at a command prompt on this node produces the following output.

Network Destination      Netmask        Gateway      Interface   Metric
        0.0.0.0           0.0.0.0    157.54.16.1   157.54.27.90      20
      127.0.0.0         255.0.0.0      127.0.0.1      127.0.0.1       1
    157.54.16.0     255.255.240.0   157.54.27.90   157.54.27.90      20
   157.54.27.90   255.255.255.255      127.0.0.1      127.0.0.1      20
 157.54.255.255   255.255.255.255   157.54.27.90   157.54.27.90      20
      224.0.0.0         240.0.0.0   157.54.27.90   157.54.27.90      20
255.255.255.255   255.255.255.255   157.54.27.90   157.54.27.90       1

In the preceding output, the routing metric that is set to 20 for several rows is the metric that TCP/IP uses for a 100-Mbps Ethernet interface, for an 802.11g adapter, or for an 802.11a adapter. The following table lists the criteria that Windows uses to assign metrics for routes that are bound to network interfaces of varying speeds.

Metrics assigned by the Automatic Metric feature

Link Speed Metric

Greater than 200 megabits per second (Mbps)

10

Greater than 20 Mbps, and less than or equal to 200 Mbps

20

Greater than 4 Mbps, and less than or equal to 20 Mbps

30

Greater than 500 kilobits per second (Kbps), and less than or equal to 4 Mbps

40

Less than or equal to 500 Kbps

50

The automatic metric feature is enabled by default through the Automatic metric check box on the IP Settings tab on Advanced TCP/IP Settings of the TCP/IP protocol. For DHCP-assigned default gateways, you can override the default behavior of automatically calculating a metric for the default route based on adapter speed by using the Microsoft-specific DHCP option called Default Router Metric Base.

Routing table vs. forwarding table

Many router implementations, including RRAS, use both a routing table and a forwarding table:

  • Routing table. Stores all routes from all possible sources. The command netsh routing ip show rtmroutes shows the routing table.

  • Forwarding table. Used by IP to forward packets. The commands route print or netsh routing ip show rtmdestinations show the IP forwarding table.

The RRAS router maintains the IP routing table by using a component called Route Table Manager (abbreviated as rtm in rtmroutes and rtmdestinations in the commands shown earlier). Route Table Manager updates the IP forwarding table (which is contained within the TCP/IP protocol) based on incoming route information from multiple sources.

The contents of the routing table do not necessarily match the contents of the forwarding table.

Structure of the IPv4 routing table

Types of routes

The following table describes the types of routes stored in an IP routing table. For a description of each route in a routing table, see Routing table rows later in this topic.

Route Type Description

Local network route (Directly attached network route)

A route to a specific local network ID. This route identifies a network segment that is directly attached to the node. For a local network route, the Gateway column (sometimes called Next Hop) might be blank or might contain the IP address of the interface on that network segment.

Remote network route

A route to a specific remote network ID. This route identifies a network segment that is not directly attached to the node but is available across one or more routers. For a remote network route, the Gateway (Next Hop) column is the IP address of a local router located between the node and the remote network.

Host route

A route to an IP address (network ID and host ID) on the network. Instead of making a routing decision based on just the network ID, as is the case for either a local or a remote network route, the routing decision for a host route is based on the combination of network ID and host ID. For a host route, the Network Destination column is the IP address of the specified host, and the Netmask column is 255.255.255.255. Typically, a host route is used to create a custom route to a host in order to control or optimize specific types of network traffic.

Default route

A route that is used when there are no other closer matching routes for the destination in the routing table. Including a default route in the routing table means that the routing table does not need to store routes for every network ID on the network. Using a default route, therefore, simplifies the configuration of hosts or routers.

Default gateways and default routes

Configuring a default gateway creates a default route in the IP routing table. For IP nodes, the default gateway (also called a default router) is a neighboring IP router that forwards unicast traffic for the node by providing a next-hop IP address (the Gateway column in the routing table) and interface (the Interface column in the routing table) for all destinations that are not located on the local subnet. The default gateway address is the IP address of a directly reachable IP router.

The default gateway on a computer running Windows is configured by using one of the following methods:

  • TCP/IP properties General tab. If you want the node to obtain its IP address configuration by using manual configuration, the default gateway is the IP address located in the Default gateway field on the General tab on the TCP/IP properties page. Multiple default gateways can be configured by adding them on the IP Settings tab on the Advanced TCP/IP Settings page of TCP/IP properties.

  • TCP/IP properties Alternate Configuration tab. If you want the node to obtain its IP address configuration by using the user-configured alternate configuration option, the default gateway is the IP address located in the Default gateway field on the Alternate Configuration tab on the TCP/IP properties page. You can specify only a single default gateway. The TCP/IP alternate configuration feature lets a computer function in two or more networks — one configured with static IP addresses and another configured with DHCP — without reconfiguration of network adapter parameters. When no DHCP server is available, the connection uses the configuration specified on the Alternate Configuration tab.

  • DHCP. If you want the node to obtain its IP address configuration by using DHCP, the default gateway is the value of the first IP address in the Router DHCP option. The Router DHCP option specifies an ordered list of one or more default gateways. If you are using a Windows Server–based DHCP server, the Router option is located in the Details pane in the DHCP snap-in console tree under ServerName\ScopeName**\Scope Options**.

  • ICMP Router Discovery. If you want the node to automatically discover the best default gateway router available on a subnet, you can configure nodes on that subnet to use ICMP router discovery. ICMP Router Solicitation messages and Router Advertisement messages exchanged between routers and hosts enable hosts to dynamically discover which local routers are available, which routers are down, and which router is currently the best default gateway to use on a subnet. By using ICMP router discovery, a host can automatically switch to another default gateway if its current default gateway becomes unavailable.

Fields and records in the IP routing table database

As with any database, understanding the IP routing table requires understanding the relationship between the records (rows) and the fields (columns) that make up the IP routing table. This relationship is best understood by using an example. The following table shows the same information displayed in the Routing table example earlier in this topic. It labels each row with the route type for that entry.

Type Network Destination Netmask Gateway Interface Metric

Default route

0.0.0.0

0.0.0.0

157.54.16.1

157.54.27.90

20

Loopback network route

127.0.0.0

255.0.0.0

127.0.0.1

127.0.0.1

1

Local network route (Directly attached network route)

157.54.16.0

255.255.240.0

157.54.27.90

157.54.27.90

20

Local host route (Local IP address route)

157.54.27.90

255.255.255.255

127.0.0.1

127.0.0.1

20

Network broadcast route (All-subnets-directed broadcast route)

157.54.255.255

255.255.255.255

157.54.27.90

157.54.27.90

20

Multicast address route

224.0.0.0

240.0.0.0

157.54.27.90

157.54.27.90

20

Limited broadcast route

255.255.255.255

255.255.255.255

157.54.27.90

157.54.27.90

1

Routing table columns

The following table describes each field, or column, in the IP routing table.

Column Description

Network Destination

Contains one of the following:

  • IP address. An IP address for a host route.

  • Network ID. A class-based, subnetted, or summarized network ID.

Netmask (Subnet Mask)

Contains the subnet mask that IP applies to the destination IP address. If the destination and the subnet mask equal the network destination, the route is a match for the destination. The process is as follows:

  1. IP performs a bit-wise logical AND operation between the packet’s destination IP address and the value in the Netmask column.

  2. The result is compared to the value in the Network Destination column.

  3. When IP compares each bit in the destination IP address to the corresponding bit in the subnet mask, the bit-wise AND operation works as follows:

    • If both bits are 1, the resulting bit is 1.

    • If both bits are not 1, the resulting bit is 0.

Examples:

  • Default route. The netmask for the default route is 0.0.0.0, which translates to the binary value 00000000 00000000 00000000 00000000. When IP performs the AND operation between any destination IP address and this subnet mask, the result is all zeros. Therefore, no bits need to match, and any destination matches the default route.

  • Host route. The netmask for a host route (a route that matches a specific IP address) is 255.255.255.255, which translates to the binary value 11111111 11111111 11111111 11111111. When IP performs the AND operation between a host route and this subnet mask, only a destination IP address that is equal to the IP address of the host route matches this route.

  • Packet with IP address 157.54.16.48. When IP performs the AND operation between 157.54.16.48 and the netmask for the directly attached network route (in this example, 255.255.240.0), the result is 157.54.16.0. The subnet mask 255.255.240.0 requires that all eight bits in the first two octets and the first four bits in the third octet must match (240=11110000). Therefore, the closest match for this packet is the directly attached network (157.54.16.0/20).

Gateway (Next Hop or Forwarding Address)

Contains either the IP address of a local network adapter for direct deliveries or the IP address of an IP router (such as a default gateway router) on the local network segment for indirect deliveries. This is the IP address that the local node uses to forward the IP packet.

Interface

Indicates the network interface (either a physical network adapter or a logical interface) that will be used to forward an IP packet.

Metric

Indicates the relative cost of routes so that the best route among possible multiple closest matching routes to the same destination can be selected. If there are multiple routes to the same destination with different metrics, the route with the lowest metric is selected. Metrics can express the route preference in different ways:

  • Hop Count. Indicates the number of routers to cross to reach a destination network. A computer on the local subnet is one hop, and each router crossed after that is an additional hop.

  • Delay. Indicates the amount of time that the packet takes to reach the destination network. Delay refers to the speed (LAN links have a lower delay; WAN links have a higher delay) or congestion level of the path.

  • Throughput. Indicates the amount of data that can be sent along the path per second. Throughput does not necessarily indicate the bit rate of the link because a very busy Ethernet link might have a lower throughput than an unused 64 Kbps WAN link.

  • Reliability. Indicates a measure of the path constancy. Some types of links are more likely to fail than others. For example, leased-line WAN links are more reliable than dial-up lines.

Routing Information Protocol (RIP) uses a hop count metric.

Routing table rows

The following table describes each record, or row, in the IP routing table. Each row represents a route. In the Description column, all references are to the output in the Routing table example shown earlier.

Route Destination / Netmask (Network Prefix Length Notation) Description

Default route

0.0.0.0/0.0.0.0 (0.0.0.0/0, sometimes written as 0/0)

The route used if there are no other closer matching routes for the destination address in the IP packet. In the example, the IP packet is forwarded to 157.54.16.1 (the default gateway) by using interface 157.54.27.90 (the IP address of the node).

Loopback network route

127.0.0.0/255.0.0.0 (127.0.0.0/8)

The route used for any IP address of the form 127.x.y.z (127.0.0.0 through 127.255.255.255). In the example, as for any IP address in this range, the IP packet is forwarded to the special loopback address 127.0.0.1 by using the loopback interface.

Directly attached network route (Local network route)

varies/varies

The route used for an IP address on the locally attached subnet. The IP packet is forwarded directly to the destination IP address (not to an intermediate router). In the example, the IP packet is forwarded to its destination by using the interface assigned to 157.54.27.90 — that is, the Gateway and Interface columns contain an IP address of the node, indicating that the packet will be sent directly to its destination from a network adapter that is assigned an IP address on this node.

Local host route (Local IP address route)

varies/255.255.255.255 (varies/32)

The route used if the IP address in the packet is the same as the IP address of the local host. The subnet mask 255.255.255.255 indicates that this is a host route. In the example, as for any IP address that matches the local host, the IP packet is forwarded to the loopback address 127.0.0.1 by using the loopback interface.

Network broadcast route (All-subnets-directed broadcast route)

varies/255.255.255.255 (varies/32)

The route used for an IP address that matches the all-subnets-directed broadcast address. The subnet mask 255.255.255.255 indicates that this is a host route. The IP packet is forwarded as a MAC-level broadcast to hosts on all subnets of a subnetted IP network ID by using an interface that is assigned an IP address on the local node. A network broadcast route exists only if the local network ID is subnetted from a class-based network ID.

Multicast address route

224.0.0.0/240.0.0.0 (224.0.0.0/4)

The route used for any of the class D IP addresses reserved for multicast traffic. The IP multicast packet is forwarded as a MAC-level multicast to the multicast group by using an interface that is assigned an IP address on the local node.

Limited broadcast route

255.255.255.255/255.255.255.255 (255.255.255.255/32)

The route used for an IP address that matches the limited broadcast address. The subnet mask 255.255.255.255 indicates that this is a host route. The IP packet is forwarded as a MAC-level broadcast to all hosts on the same network segment by using an interface that is assigned an IP address on the local node. The limited broadcast route is used during the DHCP configuration process, such as when a DHCP client uses the limited broadcast address to send all traffic while it waits for the DHCP server to acknowledge its lease of an IP address.

How IP consults the routing table

When an IP host or router needs to forward a packet to its destination, IP consults the routing table on that node to determine where to route the packet. This section provides a summary of how IP consults each row and column, and then provides a detailed description of the route determination process.

Synopsis of how IP consults the routing table

The following table summarizes how IP makes use of the IP routing table.

Action Summary Steps

IP searches each row

IP checks each route in the table to find the closest matching route. Routes that match the destination vary from the most specific type of route to the least specific type of route. The closest matching routes have the following order:

  1. Host route.

  2. Route representing the network ID for a local or remote subnet.

  3. Route representing a summarized network ID.

  4. Default route.

Simultaneously, IP uses each column to assess each row

IP uses each column in every row as follows:

  1. Network Destination and Netmask. Used together to determine if the destination address in the IP packet matches the route.

  2. Metric. Used to determine which matching entry to select if two or more closest matching routes are found.

  3. Gateway and Interface. Used together to determine the next-hop address to which to send the packet and the next-hop interface over which to forward the packet.

Result

Three alternative routing decisions are possible:

  • Pass the packet to the loopback interface (if the destination of the packet is this computer or of the form 124.x.y.z).

  • Forward the packet by using one of the locally attached network adapters (if a closest matching route was found).

  • Discard the packet (if no matching route was found), and then (on a host) send an error message internally or (on a router) send an error message to the source host.

The next section describes in detail the process by which IP determines which routing decision to make.

Details of how IP makes the routing decision

IP determines the best route to a destination by comparing the destination IP address in the packet to each route currently in the routing table. The detailed process is as follows:

  1. Determine whether the destination IP address of the packet matches one or more routes. For each entry in the routing table, IP on the node performs a bitwise logical AND operation between the destination IP address of the packet and the subnet mask listed in the Netmask column. IP compares the resulting value to the value in the Network Destination column:

    • Match. If one or more matching routes are found, IP compiles a list of the matching routes. IP determines if a route produces a match as follows:

      Host route. All 32 bits match the destination IP address. The route is to a single destination address.

      Route representing the network ID for a local or remote subnet. All of the bits in the network ID match the destination IP address. This route is either a route to a destination on the local subnet, or it is a route to a destination on a non-local network through a router.

      Route representing a summarized network ID. All of the bits in the summarized network ID match the destination IP address. The route is to a destination on the set of subnets summarized by this summary route.

      Default route. All destination IP addresses match the default route. This is the route used when there is no more specific match.

    • No match. If no route is found (including no default route), IP indicates an error condition. A “no match” condition cannot occur if a default route exists. If the node is a host, an IP routing error is sent internally to an upper layer protocol (such as TCP, UDP, or ICMP). If the node is a router, an ICMP Destination Unreachable-Host Unreachable message is sent to the source host.

    For examples illustrating the AND operation between a destination IP address and the value in the Netmask column, see the Netmask row in the table Routing table columns earlier in this topic.

  2. Determine the single route to use to send or forward the packet. The result of the route determination process is the choice of a single route in the routing table:

    • If one and only one route has the longest match — the longest match is the route with the highest number of bits set to 1 in the Netmask column (the longest prefix length) — that route is selected.

    • If multiple longest match routes are found (for example, multiple routes to the same network ID), IP selects the route with the lowest metric.

    • If multiple longest match routes with the same lowest metric exist, IP selects the route associated with the interface that is first in the binding order.

Note

If a computer has more than one interface (network adapter), the binding order is the order in which the interfaces are accessed by network services. This order reflects the order in which TCP/IP is bound to each of the interfaces. To change the relative binding order of interfaces on a computer running Windows, open Network Connections, press the ALT key, select the Advanced menu, select Advanced Settings, click the interface whose binding order you want to change, and then click the up arrow or the down arrow, as appropriate.

  1. Determine the next-hop address and interface. After a route is selected, IP determines from the routing table entry what the next-hop IP address is and which interface (physical network adapter or logical port) to use to forward the packet:

    • Direct delivery (to the destination node). If the destination is on a subnet directly connected to the host or router, IP delivers the packet to the destination node. In this case, the address in the Gateway column is the same as the address in the Interface column (or the Gateway column is blank), and the next-hop IP address is set to the destination IP address in the IP packet. The interface used is the one specified in the Interface column of the selected route.

      Again, using the example shown in the Routing table example described earlier, if traffic is sent to 157.54.16.48, the most specific route is the route for the directly attached network (157.54.16.0/20). The next-hop IP address is set to the destination IP address (157.54.16.48) and the interface used is the adapter card that has been assigned the IP address 157.54.27.90 (the interface on the local node).

    • Indirect delivery (to the next router). If the destination is not on a subnet directly connected to the node, IP delivers the packet to a neighboring router on a directly connected subnet for further routing. In this case, the address in the Gateway column is not the same as the address in the Interface column, and the next-hop IP address is set to the address in the Gateway column. The interface used is the one specified in the Interface column of the selected route.

      For example, if traffic is sent to 157.60.0.79, the most specific route is the default route (0.0.0.0/0). The next-hop IP address is set to the gateway address (157.54.16.1) and the interface used is, in this case again, the adapter card that has been assigned the IP address 157.54.27.90 (the interface on the local node).

  2. Hand off the packet to ARP. IP hands the packet, the next-hop IP address, and the next-hop interface to Address Resolution Protocol (ARP). ARP resolves the next-hop IP address to its MAC address and forwards the packet, as appropriate, to the next hop, which is either the destination or the router that will forward it to its destination.

Additional references