Routing (Part 2: How to find a router)

sample network

Routing then, works at the next level. What happens when A wants to talk to E? It could broadcast an ARP request, but E would not see the request, so it would not reply. On this scale, that might seem to be a limitation, but should everyone really keep asking www.google.com for a physical address? It makes sense that the physical layer stays at the network level. Beyond that, IP (Internet Protocol) takes over, so the physical layer is not necessary.

Instead, A finds the IP address for E, via whatever method it is configured to use - /etc/hosts, DNS, LDAP, etc. It then compares netmasks:

A19216811
11000000101010000000000100000001
Mask2552552550
11111111111111111111111100000000
E19216823
11000000101010000000001000000011
ResultNetworkNetworkNetworkHost

All that "A" knows, is that its netmask doesn't match E's address completely, for all the bits (marked "Network", not "Host") that the netmask tell it that it needs to match, so it will have to find a router on the same network as itself in order to communicate with E. There is often only one router, configured as a default router. In this case though, we have a few routers to choose from.

The netstat utility shows the routes on a *nix server (Solaris in this example) like this (in the example diagram shown, this is for "G", because it covers more detail than an example for "A" would provide):

root@G# netstat -rn

Routing Table: IPv4
  Destination           Gateway           Flags  Ref   Use   Interface
-------------------- -------------------- ----- ----- ------ ---------
192.168.1.0          192.168.1.4          U         1    487  hme0
224.0.0.0            192.168.1.4          U         1      0  hme0
192.168.2.64         192.168.2.65         U         1    132  hme1
default              192.168.1.3          UG        1    523
127.0.0.1            127.0.0.1            UH        1     14  lo0
root@G#

This server is configured as 192.168.1.4 and 192.168.2.65, so it is on two different networks, via NICs hme0 and hme1 respectively. The first line tells it that to get to the 192.168.1.0 network, it can go direct via 192.168.1.4 (itself) on the hme0 interface. For this, it will need the MAC address of the server it wants to talk to (A, B or the firewall); if it's not in the ARP table, it will have to ask for it as discussed above.

The second line is the multicast address. You can safely ignore that for now :-)

The third line tells it that to get to the 192.168.2.64 network, it can go via (its own) 192.168.2.65 interface on hme1.

The fourth line tells it that the default router is at 192.168.1.3. If it needs to get to 192.168.2.0/26 (or any other network), it needs to go via that router. It may not get there, but the others certainly won't. The default router is the "last resort"; the other, explicit, routes, are for specific networks. The default router is usually connected to lots of networks, either directly or indirectly. The useful thing about this is that G does not need to be explicitly told about that network; if it needs to communicate with the network, it can simply send a packet to its default router. If you type ping 192.168.3.29 then it will send a packet to the default router, just in case there is a device at 192.168.3.29. "G" doesn't need to know if there is, or what its netmask is. It just sends the packet to the router, which deals with the request. In this case, a packet for 192.168.2.0/26 would get passed on, whilst a packet for 192.168.3.29 would simply get no response. The router, if it can access 192.168.3.x, can sort out the netmask issues on G's behalf.

The final line deals with "localhost", a special address (127.0.0.1) which on any machine will point back to itself. This is useful for debugging, as well as for non-networked machines which need a network stack. A cruel joke is to tell a newbie to try hacking 127.0.0.1, or telling them that 127.0.0.1 is an FTP site with a copy of their hard disk, etc. (examples). In fact, the entire 127.0.0.0/8 (that is, 127.x.x.x) is reserved for loopback. It's just very rare to need more than one loopback address, so the popular one is 127.0.0.1.

As for the other fields reported by netstat, Flag "U" means the host is Up, "UG" means "Up and a route to a Gateway (which may pass the packet on)"; "UH" means "Up and a route to a Host (which won't)".

Networking Tutorial
Share on Twitter Share on Facebook Share on LinkedIn Share on Identi.ca Share on StumbleUpon