Routing (Part 2: How to find a router)
Routing then, works at the next level. What happens when A wants to talk to E? It could broadcast an ARP request, but E would not see the request, so it would not reply. On this scale, that might seem to be a limitation, but should everyone really keep asking www.google.com for a physical address? It makes sense that the physical layer stays at the network level. Beyond that, IP (Internet Protocol) takes over, so the physical layer is not necessary.
Instead, A finds the IP address for E, via whatever method it is configured to use - /etc/hosts, DNS, LDAP, etc. It then compares netmasks:
A | 192 | 168 | 1 | 1 |
11000000 | 10101000 | 00000001 | 00000001 | |
Mask | 255 | 255 | 255 | 0 |
---|---|---|---|---|
11111111 | 11111111 | 11111111 | 00000000 | |
E | 192 | 168 | 2 | 3 |
11000000 | 10101000 | 00000010 | 00000011 | |
Result | Network | Network | Network | Host |
All that "A" knows, is that its netmask doesn't match E's address completely, for all the bits (marked "Network", not "Host") that the netmask tell it that it needs to match, so it will have to find a router on the same network as itself in order to communicate with E. There is often only one router, configured as a default router. In this case though, we have a few routers to choose from.
The netstat utility shows the routes on a *nix server (Solaris in this example) like this (in the example diagram shown, this is for "G", because it covers more detail than an example for "A" would provide):
root@G# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- 192.168.1.0 192.168.1.4 U 1 487 hme0 224.0.0.0 192.168.1.4 U 1 0 hme0 192.168.2.64 192.168.2.65 U 1 132 hme1 default 192.168.1.3 UG 1 523 127.0.0.1 127.0.0.1 UH 1 14 lo0 root@G#
This server is configured as 192.168.1.4 and 192.168.2.65, so it is on two different networks, via NICs hme0 and hme1 respectively. The first line tells it that to get to the 192.168.1.0 network, it can go direct via 192.168.1.4 (itself) on the hme0 interface. For this, it will need the MAC address of the server it wants to talk to (A, B or the firewall); if it's not in the ARP table, it will have to ask for it as discussed above.
The second line is the multicast address. You can safely ignore that for now :-)
The third line tells it that to get to the 192.168.2.64 network, it can go via (its own) 192.168.2.65 interface on hme1.
The fourth line tells it that the default router is at 192.168.1.3. If it
needs to get to 192.168.2.0/26 (or any other network), it needs to go via that router. It may not get there, but the others certainly won't. The default
router is the "last resort"; the other, explicit, routes, are for specific
networks. The default router is usually connected to lots of networks,
either directly or indirectly. The useful
thing about this is that G does not need to be explicitly told about that
network; if it needs to communicate with the network, it can simply send a packet to its default router. If you type ping 192.168.3.29
then it will send a packet to the default router, just in case there is a device at 192.168.3.29. "G" doesn't need to know if there is, or what its netmask is. It just sends the packet to the router, which deals with the request. In this case, a packet for 192.168.2.0/26 would get passed on, whilst a packet for 192.168.3.29 would simply get no response. The router, if it can access 192.168.3.x, can sort out
the netmask issues on G's behalf.
The final line deals with "localhost", a special address (127.0.0.1) which on any machine will point back to itself. This is useful for debugging, as well as for non-networked machines which need a network stack. A cruel joke is to tell a newbie to try hacking 127.0.0.1, or telling them that 127.0.0.1 is an FTP site with a copy of their hard disk, etc. (examples). In fact, the entire 127.0.0.0/8 (that is, 127.x.x.x) is reserved for loopback. It's just very rare to need more than one loopback address, so the popular one is 127.0.0.1.
As for the other fields reported by netstat, Flag "U" means the host is Up, "UG" means "Up and a route to a Gateway (which may pass the packet on)"; "UH" means "Up and a route to a Host (which won't)".