Share via


How Unicast IPv4 Routing Works

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

In this section

  • Unicast IPv4 Routing Internetwork Structure

  • How Host Routing and Router Routing Work

  • How IPv4 Addressing and IPv4 Routing Interact

  • How the IPv4 Routing Table Works

  • How Static and Dynamic Routing Work

  • Related Information

Internet Protocol version 4 (IPv4) is a routable network protocol that enables the routing of network traffic across any type of IPv4 internetwork, including Windows or UNIX internetworks or mixed network environments. A part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite, IPv4 is used by Windows Server 2003 to route unicast, multicast, and broadcast traffic between computers or other network devices on private intranets and across the public Internet. IPv4 is frequently referred to as IP, and that convention is used in this document.

Note

Windows Server 2003 also supports Internet Protocol version 6 (IPv6). For information about IPv6, including static routing in an IPv6 environment, see “How IPv6 Works” in the IPv6 Technical Reference.

Unicast IP routing is the process of transferring data in the form of unicast IP packets across an IP internetwork from a single source node (a computer or other network device) to a single destination node. An IP router is a node that forwards IP packets between interfaces (which can be physical network adapters or logical interfaces such as tunnels) based on information that it stores in a database called a routing table. On IP internetworks, routers configured with dynamic routing protocols can exchange information with each other automatically in order to keep routing table information up-to-date. Dynamic routing contrasts with static routing, in which an administrator must manually configure routing information.

Familiarity with the protocol-independent unicast IPv4 routing principles described here provides a foundation for the in-depth discussion of dynamic routing protocols and other routing-related services provided by the Windows Server 2003 Routing and Remote Access service. For more information about Routing and Remote Access components used for unicast IPv4 routing, see How Unicast IPv4 Routing Protocols and Services Work.

Unicast IPv4 Routing Internetwork Structure

In unicast routing, data is transferred across an internetwork from a source node to a destination node. Routers, which connect different networks on the internetwork, accept a packet sent from one network to another and forward the packet toward its destination. This traffic requires the following types of protocols:

  • Routable protocol. A routable protocol, such as IP or Internetwork Packet Exchange (IPX), is a network protocol that a router uses to forward packets toward their destination across the internetwork. IP, which uses network layer addresses to forward packets, is the routable protocol for an IP internetwork.

  • Dynamic routing protocol. A dynamic routing protocol is used by routers to exchange routing information with each other dynamically. The exchange process allows routers to determine the most efficient route over which to forward a packet. The most common dynamic routing protocols used by IP are Routing Information Protocol for IP (RIP for IP) and Open Shortest Path First (OSPF).

In addition to routable and routing protocols, unicast IP routing requires the routing components and structures described in this section:

  • Unicast IPv4 routing internetwork components

  • IPv4 routing infrastructure

Unicast IPv4 Routing Internetwork Components

The following figure depicts a simple IP internetwork in which unicast IP routing takes place.

057d4abc-c9fb-472c-854d-5d36d1af3cb5

The following table describes each of the routing components, as defined by the International Organization for Standardization (ISO), depicted in the figure.

Components of a Simple IP Internetwork

Internetwork Component Description

End system

A network device that cannot forward IP packets. End systems are also known as hosts. A computer that is not acting as a router is an example of an end system. (Collectively, hosts and routers are known as nodes.)

Intermediate system

A network device that can forward IP packets that are not addressed to it. Bridges, switches, and routers are examples of intermediate systems.

Router

An intermediate system used to connect network segments (subnets) based on a common network layer protocol, such as IP. In the preceding figure, the intermediate system depicted is a router. Routers include:

  • Hardware routers. A device that performs routing as a dedicated function and that is specifically designed and optimized for routing. For example, hardware routers made by Cisco Systems, Inc., are widely deployed in IP internetworks.

  • Software routers. A computer that performs routing as one of multiple processes running on the computer. For example, a computer running Windows Server 2003 with the Routing and Remote Access service enabled is a software router.

A router can be configured to perform only static routing, only dynamic routing, or, more typically, primarily dynamic routing supplemented by some manually configured static routes.

Network

A portion of the networking infrastructure (encompassing repeaters, hubs, bridges, or Layer 2 switches) that is bounded by an intermediate system and whose computers and other network devices share a common network address called a network ID. Also referred to as a network segment or a subnet.

Internetwork

Two or more networks (subnets) connected by routers. In the preceding figure, all of the depicted components combined constitute an internetwork.

When a node on an IP network sends a unicast IP packet to a node on another network, it typically first forwards the packet to a router. The router examines the packet and uses the destination internetwork address (defined in the following table) in the packet header to determine which of the router’s interfaces to use to forward the packet towards its destination. The following table lists the generic internetworking term and the corresponding IP term used for each part of an internetwork address.

Parts of IPv4 Unicast Internetwork Addresses

Generic Internetwork Address Term IP Internetwork Address Term Description

Internetwork address

(Network address + host address)

IP address

(Network ID + host ID)

In IPv4, a 32-bit logical address for a node on an IPv4 network. By combining the network address portion and the host address portion, a unicast IPv4 address uniquely identifies a node on an internetwork.

Hosts and routers use IPv4 addresses to route packets over an IPv4 network. Unicast IPv4 addresses enable a packet to be sent from a single source node to a single destination node.

Network address

Network ID

In IPv4, the portion of an IP address that identifies a single network segment (also known as a subnet) bounded by routers on an IP internetwork. All systems on the same subnet share the same network ID.

Host address

Host ID or node ID

In IPv4, the portion of an IP address that uniquely identifies an individual node on an IP subnet.

The network layer header of any IPv4 packet sent from a source node to a destination node on an IPv4 internetwork includes the following:

  • A source IPv4 address, which contains a source network ID and a source host ID.

  • A destination IPv4 address, which contains a destination network ID and a destination host ID.

  • A Time-To-Live (TTL) value, which is used to prevent the packet from endlessly circulating on the internetwork. The TTL starts at a maximum value and decreases by one for each link crossed; if zero is reached, the packet is discarded and a message is returned to the sending node from which the packet originated.

    Note

    The TTL link count (the number of Network Interface Layer links crossed to reach a given destination) is not the same as the hop count (the number of routers crossed to reach a specific destination). The link count, which equals the number of network segments, is the hop count plus one. For example, if two nodes are separated by five routers, the hop count is 5 but the TTL link count is 6.

The following resources provide additional information about the structure of unicast IP routing components on an IPv4 internetwork:

  • For an architectural diagram showing where IP fits within the TCP/IP protocol suite, see “TCP/IP Protocol Architecture” in “How TCP/IP Works” in TCP/IP Technical Reference.

  • For information about the architecture of unicast IPv4 routing specific to the Windows Server 2003 Routing and Remote Access service, see “Unicast IP Routing Architecture in Windows Server 2003” in How Unicast IPv4 Routing Protocols and Services Work.

  • For information about the architecture of the NAT unicast routing protocol component of the Windows Server 2003 Routing and Remote Access service, see “How NAT Works” in NAT Technical Reference.

IPv4 Routing Infrastructure

The routing infrastructure refers to the entire structure of a routed internetwork over which routing takes place. A routed internetwork is designed to route packets between its individual networks either over one path or over one of multiple paths; its structure is either flat or built into a network, subnet, and sub-subnet hierarchy; and it either groups networks under one administrative authority (autonomous system) that shares a common routing protocol, or it is divided into multiple areas within one autonomous system.

This section briefly summarizes the following background information for understanding unicast IPv4 routing on the IPv4 internetwork:

  • Single-path vs. multipath routing infrastructures

  • Flat vs. hierarchical routing infrastructures

  • Autonomous systems

A detailed discussion of these structural issues is not included in this technical reference. However, familiarity with these topics is important in understanding how unicast IP routing is implemented in a Windows internetwork and in considering which dynamic routing protocols and other routing-related services to deploy on your IP internetwork.

Single-Path vs. Multipath Routing Infrastructures

A single-path routing infrastructure is one in which a unicast IP packet can take only a single route between any source node and any destination node. Although single-path routing simplifies routing tables and packet flow paths, single-path internetworks are not fault tolerant. On an internetwork in which all routing information is manually configured, a router cannot detect a failure, and if a failure occurs, networks beyond the failure are unreachable until the failure is resolved. By contrast, a router running a dynamic routing protocol can detect a failure, but, because only a single path exists, networks beyond the failure are also unreachable for a dynamic router for the duration of the failure. A downed link or router must be brought back up before packets can again be delivered successfully to all locations on the internetwork. Single-path routing is thus not feasible for a large internetwork that depends on consistent network availability.

By contrast, a multipath routing infrastructure is one in which a unicast IP packet can take one of several paths between any source node and any destination node. A multipath IP internetwork that uses dynamic routers is fault tolerant because more than one path exists, which means that routers can not only detect a failure but can also route packets to networks beyond the downed link or router by using an alternative path.

Typically, multipath internetworks provide more reliable network availability than single-path internetworks but are more complex to configure. In addition, although multipath networks that use distance vector–based routing protocols provide better availability than single-path networks, they can experience routing loops if configuration errors occur or during convergence (the process by which routers update routing tables after a change in network topology and reestablish a stable state). A multipath network that uses a link state routing protocol, such as OSPF, provides more efficient convergence and thus better stability than a distance vector routing protocol, such as RIP, but requires more effort to plan and deploy.

For more information about static and dynamic routing, see How Static and Dynamic Routing Work later in this document.

Flat vs. Hierarchical Routing Infrastructures

An internetwork that uses a flat routing infrastructure consists of multiple network segments connected to each other without a parent-child structure. All routers are peers, and each network segment is stored as a separate route in the routing table. The network IDs have no network or subnet structure and routes cannot be summarized, which means it is not possible to group a set of network segments as a single entry in the routing table. Therefore, although flat routing can work well for small- or medium-sized IP internetworks, it is not well-suited to large internetworks because it requires that its routers store an ever-increasing number of routes in their routing tables.

By contrast, an IP internetwork that uses a hierarchical routing infrastructure consists of multiple network segments sharing the same network ID prefix grouped into a hierarchy that consists of a network, subnet, and sub-subnet structure. Each group of network segments in the hierarchy can be represented as a single network ID through route summarization and can therefore be represented in the IP routing table as a single route. The routing table entry for the highest level (the network) is also the route used for regions of the network and for individual subnets.

In a hierarchical routing infrastructure, a collection of contiguous networks connected by routers that share routing information is referred to as a routing region (also known as a routing domain or routing area). One part of the internetwork that is divided into routing regions can be connected by a common routing region, called a backbone, to another part of the internetwork that is also divided into routing regions. Routers within each routing region perform intradomain routing. Routers connected to the backbone perform interdomain routing. Only a relatively few routes are required on the backbone of a well-planned hierarchical internetwork.

Some IP internetworks use both flat and hierarchical routing. For example, the Internet, originally designed as a flat routing infrastructure until the Internet community helped pioneer the introduction of classless addressing and summarized routing, now incorporates both flat and hierarchical routing. One of the factors that results in the storing of large numbers of routes in the routing tables of Internet backbone routers is the continued inclusion of flat routing within the Internet. These large Internet backbone routing tables impede the speed at which Internet traffic can be forwarded and is one of several factors driving the development of IPv6. The hierarchical routing infrastructure and new address types provided by IPv6 are designed to require relatively few routing entries in the routing tables of Internet backbone routers.

For more information about route summarization on a hierarchical IPv4 internetwork, see “CIDR Blocks and Hierarchical Routing Enabled by Route Summarization” in How IP Addressing and IP Routing Interact later in this document.

Autonomous Systems

Very large IP internetworks are divided into separate entities called autonomous systems. An autonomous system (AS) is a portion of the internetwork — either a single network or a collection of networks — under a common administrative authority, such as an enterprise, a business division, or other organization, that shares a common routing protocol. The autonomous system is described in RFC 1930, “Guidelines for creation, selection, and registration of an Autonomous System (AS)” in the IETF RFC Database.

An autonomous system is sometimes said to be defined by the use of the shared routing protocol that it uses. For example, a contiguous portion of an IP internetwork that uses OSPF to exchange routing information among a group of routers is under OSPF administrative authority and is, therefore, an OSPF autonomous system.

In a large organization, one autonomous system might be subdivided into multiple routing regions (routing domains or areas) that define a hierarchy within that autonomous system. Regions within an autonomous system can use summarized routes for traffic between the regions to decrease the number of routes exchanged and stored in routing tables.

Types of autonomous system

The three types of autonomous system are:

  • Stub AS. An autonomous system that is connected to only one other autonomous system. Any data sent to, or received from, a destination outside the autonomous system must travel over that connection. A network that is connected to only one other autonomous system has the same identifying number (autonomous system number, described in the next subsection) as the autonomous system to which it is connected. A small campus network is an example of a stub autonomous system.

  • Transit AS. An autonomous system that is connected to two or more other autonomous systems and that allows traffic between other autonomous systems (that is not destined for a node within that autonomous system) to cross through it. The network of an ISP is an example of a transit autonomous system.

  • Multihomed AS. An autonomous system that is connected to two or more other autonomous systems but does not allow transit traffic between other autonomous systems to cross through it. A multihomed autonomous system differs from a stub autonomous system in that the entrance and exit points for data traveling to or from the autonomous system can vary depending on which connection offers the shortest route to the destination. An example of a multihomed autonomous system is a corporate network that uses two or more Internet connections to different ISPs.

The terms stub AS and transit AS are not to be confused with the OSPF stub area or OSPF transit area (described in “How OSPF Works” in How Unicast IPv4 Routing Protocols and Services Work) because the former refer to types of autonomous system whereas the latter refer to types areas within an OSPF autonomous system.

Many enterprise IP networks and most ISPs consist of one autonomous system. Only very large internetworks, such as the Internet, are divided into multiple autonomous systems.

Autonomous system numbers

In most cases, an autonomous system is assigned a globally unique 16-bit number called an autonomous system number (ASN). Autonomous systems use ASNs to identify themselves to each other so that they can exchange routing information. ASNs, which are required for autonomous systems connected to the Internet, are obtained from Internet numbers registries, such as:

  • American Registry for Internet Numbers (ARIN), for the Americas, Caribbean, and sub-Saharan Africa regions.

  • Asian-Pacific Network Information Center (APNIC), for the Asia Pacific region.

  • Réseaux IP Européens (RIPE), for the Europe, Middle East, and northern Africa regions.

In nearly all cases, unless an organization is multihomed to more than one ISP or its routing policy is different from that of its ISP, it does not need its own ASN because it can use the ISP’s ASN.

For information about routing protocols used by autonomous systems, see “Routing Protocols Used Between and Within Autonomous Systems” in the section How Static and Dynamic Routing Work later in this document.

How Host Routing and Router Routing Work

A route is the path that a packet travels across an internetwork from a sending node to a destination node. Routing, which takes place on a packet-by-packet basis, is the process of determining the best route to use to forward a packet as it crosses the internetwork. On an IP internetwork, the routing of a packet across the IP internetwork is based on the packet’s destination IP address.

Routing can be either host routing or router routing:

  • Host routing. The sending host forwards a packet. Based on the destination network ID, the sending host determines whether to forward the packet to a destination host on its subnet or forward the packet to a router for further action.

  • Router routing. A router receives a packet (from a sending host or another router) that is not addressed to the router and that must be forwarded from one network to another, which it then sends it on its way. The packet is forwarded between routers (when the destination network is not directly attached to the router) or between the router and the destination host (when the destination network is directly attached to the router).

In the following figure, the source host forwards to Router 1 a packet destined for the destination host on a different subnet. In this example, the initial step in the routing process — from the source host to Router 1 — is host routing. Router 1 then forwards the packet to Router 2, which in turn forwards the packet to the destination host. In this example, this second step in the routing process — from Router 1 to Router 2 to the destination host — is router routing.

Example of the routing process

The following subsections describe how host routing and router routing work on an IP internetwork.

Host Routing

When an IP host sends data to another host on an IP internetwork, the sending host might first obtain the IP address of the destination host by referencing the logical name of the destination host. Hosts on an IP internetwork typically use Domain Name System (DNS) name resolution to resolve a DNS domain name to an IP address.

In host routing, as depicted in the following figure, two types of delivery are possible: direct and indirect delivery.

Host routing process

  • Direct delivery in host routing. After obtaining the destination IP address, the source host determines whether the destination is on the locally attached network segment. When the source and destination hosts are on the same network segment, the source host sends a packet directly to the destination host and does not use a router (labeled “Direct Delivery” in the above figure). In this case, the destination host is called a local host or neighboring host. The source host uses Address Resolution Protocol (ARP) to obtain the destination link-layer address (typically, the Ethernet media access control, or MAC, address) to which it sends the packet. In a direct delivery, the destination IP address and the destination link-layer address refer to the same node.

  • Indirect delivery in host routing. When the destination host is not on the locally attached network segment, the source host cannot deliver a packet directly to the destination. In this case, the destination host is called a remote host. Therefore, the source delivers the packet to an intermediate router by using ARP to obtain the MAC address of the near-side interface of the router, and then sends the packet to that interface, as shown in the preceding figure. In an indirect delivery, the destination IP address and the destination MAC address refer to different nodes.

During an indirect delivery, the source host forwards the packet to a router on its network segment by determining the router corresponding to the first hop. If multiple routers exist in the path between the source host and the destination host on the internetwork, as the packet is forwarded from router to router, the packet’s network layer destination address (IP address) remains the same, but its MAC address keeps changing to that of the next router along the path.

Host Determination of the First Hop

An IP source host determines the next-hop IP address of a neighboring router by using one of the following methods:

IP address currently in the host routing table

A routing table on the host provides the IP address of a router that can forward the packet towards its destination. For more information about routing tables, see How the IPv4 Routing Table Works later in this document.

ICMP dynamic updates of the host routing table

If a sending host forwards a packet to a neighboring router but another neighboring router is closer to the destination, the router that initially receives the packet can send an ICMP Redirect message to the sending host, informing it of the better router to use as the next-hop for the destination. When the sending host receives the Redirect message, it adds a host route for the destination to the local routing table. TCP/IP for Windows Server 2003 supports the dynamic update of the IP routing table based on the receipt of ICMP Redirect messages.

Default route

A default route, which summarizes destinations that are not located on the local subnet, is the route on which IP packets are sent when no other route to the destination network is found in the routing table. To simplify the configuration of IP nodes and to reduce the overhead that exists if each host stored routes for all network IDs on the internetwork, a source host is configured with a single default route. In IPv4, the default route is {Network ID: 0.0.0.0, Subnet Mask: 0.0.0.0}, also expressed as 0.0.0.0/0. For more information about the default route, see How the IPv4 Routing Table Works later in this document.

Eavesdropping

IP hosts can listen to routing protocol traffic if the capability known as eavesdropping or wiretapping is enabled. Eavesdropping hosts maintain the same routing information as do routers. An example of eavesdropping is silent RIP, which is the ability of an IP host to listen to RIP routing traffic exchanged by RIP routers and to update the routing table on the host. A computer that uses silent RIP processes RIP announcements but does not announce its own routes. You can use silent RIP on a non-router host (such as a workstation or a server running Routing and Remote Access that has only one interface and is therefore not a router) to produce a routing table that contains as much detail as the routing table on a RIP router. By including detailed routes in its routing table, a silent RIP host can perform routing more efficiently.

For example, you can configure computers running Windows XP as silent RIP hosts in an environment that includes RIP routers by installing the RIP Listener networking component. Instead of a user or administrator manually adding routes to the routing table, the computer learns other routes on the network by listening to RIP messages and then adds advertised routes in those messages to its routing table. You do not need to configure a silent RIP host with a default gateway (IP address of a directly reachable IP router).

The eavesdropping provided by silent RIP can be useful in some remote access environments, such as when a remote access computer connects to a corporate network over a dial-up connection. The additional routes added by RIP Listener can improve network access and performance over the dial-up connection by reducing the number of packets that are sent to the incorrect router. Windows Server 2003, Microsoft® Windows® XP, Windows® 2000, Microsoft Windows NT® Workstation version 4.0 Service Pack 4 (SP4) and later, and Windows NT Server version 3.51 Service Pack 2 (SP2) and later support Silent RIP.

Host Determination of the Entire Path: Source Routing

Some routable protocols, including IP, can enable the source host to do more than simply determine the first hop. In this scenario, IP enables the source host to determine the path between the source host and the destination, and then includes the list of routers in the network layer header of the packet. The network layer header is used by each router to forward the packet along the indicated path. This process is known generically as source routing.

Source routing is not typically implemented on IP internetworks because in source routing the path must be known. Typically, instead of using source routing, IP routing decisions are made by source hosts and IP routers based on their respective local routing tables. However, in network testing and debugging situations, you might sometimes want to specify an exact route that overrides the route as determined by routing tables as the packet travels towards its destination. Specifying an exact route through the IP internetwork is known as IP source routing.

In IP source routing, the source host specifies the entire route through successive IP routers between the source and destination. Each IP router addresses the IP packet to the next router by using the Destination IP Address field in the IP header.

IP supports two types of source routing:

  • Loose source routing. The IP address of the next router can be one or more routers away (multiple hops).

  • Strict source routing. The next router must be a neighboring router (single hop).

Note

Token Ring source routing is a MAC–sublayer routing scheme; it is not related to the internetwork-based source routing discussed here.

Router Routing

When a router receives a packet, the router must either deliver the packet to the destination host or to another router. As in host routing, router routing has two types of delivery, direct and indirect, as depicted in the following figure.

Router routing process

  • Direct delivery in router routing. If a router is directly attached to the destination network, it forwards the packet to the local destination host by addressing the packet to the link-layer address of the destination host. The router thus performs a direct delivery to the destination.

  • Indirect delivery in router routing. If a router is not directly attached to the network destination, it forwards the packet to an intermediate router. The first router chooses the intermediate router based on the next-hop address of the closest matching route in the routing table. The router forwards the packet by addressing the packet to the link-layer address of the intermediate router. The router thus performs an indirect delivery to the next router in the path to the destination.

How IPv4 Addressing and IPv4 Routing Interact

Although an IPv4 routing infrastructure can use either class-based or classless routing, the development of classless routing protocols has made classful routing obsolete for medium-sized or enterprise networks. When routing protocols are referred to as classful or classless, these designations refer to routing protocols that can handle classful or classless unicast addressing as follows:

  • Classful addressing. Classful routing protocols recognize only classful addresses — that is, the standard IPv4 unicast address classes. Classful routing protocols determine the network ID based on the IP address class alone, do not advertise a subnet mask when advertising routes, and therefore cannot recognize a summarized route (a single route that represents a range of network IDs) in routing advertisements. Routing for multiple subnets created from one network ID is possible when classful routing protocols are used, but all subnets of a class-based network ID are of equal size and must be contiguous or else routing errors can occur. RIP version 1 (RIP v1) is an example of a classful routing protocol.

  • Classless addressing. Classless routing protocols recognize classless addresses — that is, IPv4 unicast addresses used for variable-length subnetting or route summarization as well as IP addresses defined as standard classful IPv4 unicast addresses. Classless routing protocols include the subnet mask along with the IP address when advertising routing information and can therefore recognize and announce subnets of varying sizes as well as summary routes (each of which groups several subnets as a single entry in a routing table). Classless routing protocols let you create noncontiguous subnets from the same network ID; routers can correctly recognize these noncontiguous subnets. RIP version 2 (RIP v2), OSPF, and Border Gateway Protocol version 4 (BGP v4) are examples of classless routing protocols.

Understanding IPv4 unicast addressing is essential to understanding unicast IP routing because IP routing uses unicast IP addresses to direct packets to their destination. Medium-sized and large organizations today typically implement classless routing solutions, thus taking advantage of the flexibility that classless addressing enables. The largest IP internetwork in the world, the Internet, supports classless routing, although it was designed originally as a class-based routing infrastructure.

Note

The summary of IPv4 unicast addressing described in the following sections is provided as a basis for understanding the role that addressing plays in routing. For a more complete discussion of IPv4 addressing, including unicast, multicast, and broadcast addressing, as well as an in-depth discussion of addressing, subnetting, and route summarization, see "Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference" by Joseph Davies and Thomas Lee, 2003, Microsoft Press.

This section describes:

  • How classful addressing limits classful routing

  • How classless addressing enables classless routing

How Classful Addressing Limits Classful Routing

Although the development of classless IP addressing has made classful IP addressing obsolete for enterprise networks, configuring classless IP addresses requires knowledge of the classful IP addressing structure out of which classless addressing later developed.

The only flexibility that classful addressing offers is the configuration of fixed-size subnets. Because classful routing protocols, such as RIP v1, recognize only the original standard IP address classes and do not include the subnet mask in routing advertisements, neither variable-length subnetting nor route summarization are possible.

This section includes:

  • Classful addressing summary

  • Classful subnetting enables only fixed-size subnets

Classful Addressing Summary

Of the five standard address classes, Class A, B, and C addresses, collectively known as IPv4 unicast addresses, are assigned to specific devices on an IPv4 network. Class D addresses, known as multicast addresses, are used for IP multicasting, simultaneously sending a message from one source to more than one network destination (for more information about multicasting, see IPv4 Multicasting Technical Reference). Class E addresses are reserved for experimental purposes.

To be able to configure fixed-size subnetting on your network (as well as variable length subnetting or route summarization, described later), you must first understand the default formats of the unicast IPv4 addresses. All 32-bit IPv4 addresses contain four 8-bit bytes called octets separated for readability by spaces (in binary notation) or represented as four decimal numbers separated by dots (in dotted decimal notation). If all or some of the actual numbers are not known, all or part of the IP address in dotted decimal notation is typically represented by w.x.y.z. The following table shows a single IP address in both decimal and binary notation.

IP Address in Decimal and Binary Notation

IP Address in Decimal Notation IP Address in Binary Notation

131.107.65.37

10000011 01101011 01000001 00100101

Network ID bits and host ID bits

Like an IP address, a network ID in an IP internetwork is typically expressed in dotted decimal or binary notation. It is important to recall, however, that a network ID is not an IP address. A network ID is the leftmost portion of an IP address and identifies the set of nodes that are located on the same subnet — the network ID is the network address shared by all network interfaces on one subnet. An IP address, made up of the network ID portion and the host ID portion combined, is the unique address assigned to one network interface on a node.

Classful unicast IPv4 addresses have the following formats:

  • Class A. The first byte, or octet, represents the network ID, and the three remaining bytes are used for the host ID.

  • Class B. The first 2 bytes represent the network ID, and the last 2 bytes are used for the host ID.

  • Class C. The first 3 bytes are used for the network ID, and the final byte is used for the host ID.

Unicast IPv4 address ranges

The following table shows the address ranges and the number of possible networks and hosts for each type of IPv4 unicast address class. Keep in mind that a network ID is not an IP address, even though both are expressed by using dotted decimal notation.

Classful Unicast IPv4 Address Classes

Class Leading Bit Pattern First Network ID in Range Last Network ID in Range Available Networks Hosts per Network

A

0

1.0.0.0

126.0.0.0

126

16,777,214

B

10

128.0.0.0

191.255.0.0

16,384

65,534

C

110

192.0.0.0

223.255.255.0

2,097,152

254

Note

The network ID 127.0.0.0 is reserved for loopback addresses, which are used for testing TCP/IP operation.

The range in the first octet is used to identify the address class. For example, an address in the format 10.x.y.z is immediately recognizable as a class A address because 10 falls within the range 1–126. Similarly, an address in the format 131.107.y.z is identifiable as a class B address, and an address in the format 206.73.118.z is a class C address.

Classful subnet masks

A subnet mask, paired with an IP address, is a 32-bit value that enables a host or router to distinguish the network ID and host ID portions of its associated IPv4 address and thus determine the network ID (shared by all nodes on that subnet) for a specific IP address. When binary notation is used, the network ID bits in the subnet mask are identifiable because they are set to 1 and the host ID bits are identifiable because they are set to 0. When decimal notation is used, the network ID bits for a classful subnet mask are set to 255 (which is eight ones when translated into binary), and the host ID bits are set to 0. The following table illustrates the structure of the subnet masks used for classful unicast IPv4 addresses.

Subnet Masks Used to Distinguish Network and Subnet Bits

Class Decimal Subnet Mask: Network ID Bits 255 and Host ID Bits 0 Binary Subnet Mask: Network ID Bits 1 and Host ID Bits 0

A

255.0.0.0

11111111 00000000 00000000 00000000

B

255.255.0.0

11111111 11111111 00000000 00000000

C

255.255.255.0

11111111 11111111 11111111 00000000

Although the table lists the default subnets masks now used for each classful address type, subnet masks were actually not defined until RFC 950, which defines subnetting procedures for fixed-size subnets, was published in August 1985.

For a technique for using an {IP Address, Subnet Mask} pair to determine the network ID for any type of IP address, including classless addresses, see “Addressing Mechanisms Required by Classless Routing” later in this section.

Classful Subnetting Enables Only Fixed-Size Subnets

Without some means of subdividing networks, all available IPv4 addresses would have been depleted long ago. Classful subnetting, dividing a network into subnets of equal size rather than simply using the default classful formats, is the initial strategy that was defined in RFC 950 to handle this problem and is still often used in smaller organizations.

The RIP v1 routing protocol, which does not advertise a subnet mask with the route, can reliably route only fixed-size subnets. RIP v1 advertises only the class-based network ID and therefore cannot perform routing in an environment that includes variable-size subnets.

Using host ID bits to configure multiple subnets

Subnet addressing lets you use one or more bits from the host ID part of the IPv4 address to configure the division of the network into multiple subnets. When subnetting is used, the subnet mask consists of the octets assigned to the network ID (set to 1) plus one or more bits for the subnet (now also set to 1). Therefore, when subnetting is implemented, the number of bits in the network ID and the host ID, respectively, vary and cannot be inferred by looking at the IP address alone. However, when each IP address on a network divided into subnets is paired with a subnet mask, the subnet mask is used to distinguish the network and subnetting bits (set to 1) from the host ID bits (set to 0).

The following table shows three alternative ways to use 131.107.65.37.

Three Alternative Fixed-Size Subnet Masks for One IP Address

Bits Used for Subnets Decimal Subnet Mask Binary Subnet Mask Fixed-Size Subnets Hosts per Subnet

0

255.255.0.0

11111111 11111111 00000000 00000000

1

65,534

8

255.255.255.0

11111111 11111111 11111111 00000000

256

254

4

255.255.240.0

11111111 11111111 11110000 00000000

16

4,094

Using the class B address 131.107.65.37 with its default subnet mask of 255.255.0.0 (first row in the example table) provides one subnet that can have up to 65,534 hosts. Because, typically, you do not need that many hosts on a single subnet, you might decide to create multiple subnets. Of the many possible choices you can make, the second and third rows in the example illustrate two:

  • If you use a subnet mask that allocates an additional 8 host ID bits for subnets (shown in the second row), you obtain 256 (that is, 28) subnetted network IDs (256 subnets of equal size), each of which can support up to 254 hosts.

    Note

    The number of hosts per subnet is listed as 254 rather than 256 because although 8 bits (28) are reserved for the host ID, you must subtract 2 (that is 28–2) because many vendors, including Microsoft, support only subnetting that excludes host IDs that consist of all ones or all zeros.

  • If you use a subnet mask that allocates 4 host ID bits for subnets (shown in the third row), you obtain 16 (that is 24) subnets of equal size, each of which can support up to 4,094 hosts (212–2).

Using succinct network prefix notation to indicate subnetting

Network prefix length notation, an alternative type of notation, lets you represent an {IP Address, Subnet Mask} pair in a different, more succinct form. The format is IP address/p, where p defines the number of network ID bits in the subnet mask. The remaining bits (calculated by subtracting the number of bits, p, from 32) represent the number of host ID bits in the subnet mask. The network ID bits (the bits set to 1) are considered the prefix because, when viewed in binary format, they always precede the host ID bits (the bits set to 0).

Network prefix length notation is sometimes referred to as Classless Interdomain Routing (CIDR) notation. CIDR, as its name implies, also encompasses the entire area of classless routing, including the use of subnet masks to enable variable-length subnets and route summarization, both described later.

The following table again shows the same address, 131.107.65.37, configured in three alternative ways, this time contrasting each address in network prefix length notation (left column) with the more cumbersome {IP Address, Subnet Mask} pair in both decimal and binary notation. Note that the number of bits set to 1 in the binary subnet mask is the same as the number after the forward slash in the network prefix length notation version of the same address, and the number of bits set to 0 is equal to 32 minus p.

Network Prefix Length Notation Compared to {IP Address, Subnet Mask} Notation

Network Prefix Length Notation Address / Subnet Mask (Decimal Notation) Address / Subnet Mask (Binary Notation)

131.107.65.37/16

131.107.65.37/255.255.0.0

10000011 01101011 01000001 00100101/

11111111 11111111 00000000 00000000

131.107.65.37/24

131.107.65.37/255.255.255.0

10000011 01101011 01000001 00100101/

11111111 11111111 11111111 00000000

131.107.65.37/20

131.107.65.37/255.255.240.0

10000011 01101011 01000001 00100101/

11111111 11111111 11110000 00000000

How Classless Addressing Enables Classless Routing

An IP internetwork that uses classless dynamic routing protocols can take advantage of classless addressing to produce the following types of network configuration:

  • Subnets, each of the same size

  • Subnets of different sizes

  • A set of network IDs grouped into a block represented by a summary route; or an extension of this technique creating a network structure that maps to a region, department, or building; and subnet structure with a summary route representing each level of the hierarchy.

To understand the development and purpose of classless routing, a quick summary of the historical background is helpful. In the early 1990s, the Internet community recognized two interrelated problems:

  • Inadequate address space. The existing public IPv4 address space was inadequate for handling the exponential growth of the Internet.

  • Overloaded routing tables. Existing routers and existing routing protocols were inadequate for handling the related explosive growth of routing tables.

The long-term solution to both of these problems is the development and deployment of IPv6 (for information about Windows Server 2003 support for IPv6, see IPv6 Technical Reference). The short-term solution, described here, is to make IPv4 address allocation more efficient and to enable the aggregation of routing information. The classless interdomain routing (CIDR) techniques described in the early 1990s in RFCs 1518 and 1519 promoted conservation of the IPv4 address space and reduced the size of routing tables.

Initially, the new address allocation scheme focused on combining a set of class C addresses into one logical network (as an alternative to using class B addresses, whose availability is limited). A related goal was to create a hierarchical rather than a flat network topology, enabling a medium-size or large organization to tailor the structure of its network to match its current needs while allowing for future growth. One CIDR technique is route summarization, in which a single summary route is used to represent each level of the hierarchy, thus reducing the size of routing tables. Another CIDR technique provides a method for subdividing networks into variable-size subnets.

A major benefit of the new address allocation scheme used in conjunction with routing protocols capable of handling classless routing (such as RIP v2 or OSPF) was to free the IPv4 address space from the limitations of the original class-based IPv4 addressing system.

This section describes:

  • Addressing mechanisms required by classless routing

  • Subnets of varying sizes enabled by VLSM

  • CIDR blocks and hierarchical routing enabled by route summarization

Addressing Mechanisms Required by Classless Routing

Classless routing requires the following addressing mechanisms:

Subnet mask explicitly advertised by routing protocol

A classless routing protocol, by definition, is one that advertises the subnet mask with the route. Routers that support a classless routing protocol can successfully route IP packets among subnets of variable size and can advertise summary routes.

{IP Address, Subnet Mask} pair used to derive network ID

In a routing environment that uses classless routing, the bitwise logical AND operation performed on an IP address and its subnet mask yields the network ID.

For example, {131.107.0.0, 255.255.0.0} denotes the network ID. In the subnet mask, the 16 leftmost contiguous bits are set to 1 (recall that 255 in decimal notation is 11111111 in binary). If you perform the bitwise logical AND operation on the IP address 131.107.20.30 with the subnet mask 255.255.0.0, the result is the network ID 131.107.0.0, sometimes written simply as 131.107. The following table illustrates the logical AND operation performed on each bit in the IP address with each corresponding bit in the subnet mask — the result is 1 only if both bits are 1; otherwise, the result is 0.

Logical AND Operation to Find the Network ID

Description Decimal Notation Binary Notation

IP address

131.107.20.30

10000011 01101011 00010100 00011110

Subnet Mask

255.255.0.0

11111111 11111111 00000000 00000000

Result of AND operation = network ID

131.107.0.0

10000011 01101011 00000000 00000000

If you perform the AND operation on any other class B IP address with the class B default subnet mask, 255.255.0.0, the result is also the network ID 131.107.0.0.

For class A, B, and C addresses using the default subnet mask, the AND operation is not needed because you already know, by definition, the subnet mask and network ID for any classful IP address. However, you can use the AND operation to determine the network ID for subnetted classful IP addresses and for classless IP addresses for which no default subnet mask or definition of the network ID exists.

{Network ID, Subnet Mask} pair used to express a summary route

Classless routing can use a {Network ID, Subnet Mask} pair to represent a summary route. As explained earlier, a summary route is a single entry in a routing table that represents a set of entries, that is, the summary route represents a range of network IDs. RFC 1519 introduced the use of a summary route to express a range of class C network IDs to be consolidated into a single block, but the RFC also suggested that an arbitrary network number and mask can be configured for all routing destinations.

Longest match routing

With classless routing, routing to all destinations is done on a longest-match basis. This means that, for a specific destination that matches multiple {Network ID, Subnet Mask} pairs in the routing table, the router forwarding the IP packet uses the match with the longest mask (the mask with the most number of bits set to 1) to forward the packet.

For more information about these mechanisms, see How the IPv4 Routing Table Works later in this document.

Subnets of Varying Sizes Enabled by VLSM

As described earlier, standard subnetting creates subnets of equal size in a networking environment that supports only classful routing protocols. Subnets of equal size can be inefficient if each subnet does not need to support the same number of hosts. Therefore, a more useful method of subnetting, known as variable length subnetting, can be configured by using variable length subnet masks (VLSMs). Classless routing protocols support variable length subnetting, which is defined in RFC 1878.

Using VLSMs, you can perform subnetting on the same address space (network ID) multiple times to produce subnets of different sizes on the same network. All subnetted network IDs are unique and can be distinguished from each other by their corresponding subnet mask.

For example, by starting with a classful class B network ID of 131.107.0.0/16, you can configure one subnet that supports 1,022 hosts, a second that supports 510 hosts, and a third that supports only two hosts (for a point-to-point WAN link between two routers). The following table shows how.

Example Using Three VLSMs to Create Three Various-Sized Subnets from 131.107.0.0

Network Prefix Length Notation Decimal Mask Binary Mask Host

Subnet 1:

131.107.0.0/22

255.255.252.0

11111111 11111111 11111100 00000000

1,022

(210–2)

Subnet 2:

131.107.208.0/23

255.255.254.0

11111111 11111111 11111110 00000000

510

(29–2)

Subnet 3:

131.107.208.84/30

255.255.255.252

11111111 11111111 11111111 11111100

2

(22–2)

In this example, creating three subnets, each supporting a variable number of hosts, is the hypothetical goal. However, this simple example does not exhaust the possibilities. Instead of simply creating three subnets with 1,022, 510, and 2 hosts, respectively, you could create a more complex result by taking advantage of the number of possible subnets as well as the number of possible hosts. Because 131.107.0.0/16 is a class B network ID, the number of possible subnets is determined by the number of bits set to 1 in the third and fourth octets:

  • 22-bit prefix length (Subnet 1): 64 (26) possible subnets, each supporting up to 1,022 hosts.

  • 23-bit prefix length (Subnet 2): 128 (27) possible subnets, each supporting up to 510 hosts.

  • 30-bit prefix length (Subnet 3): 16,384 (214) possible subnets, each supporting up to 2 hosts.

When using VLSM, make sure that you do not overlap blocks of addresses. A good technique is to start with equal-size subnets and then subdivide them.

If variable-length subnets are also contiguous, the routes for all of the subnets can be summarized: a router can be configured to advertise the set of subnets to another router by advertising only the original network ID. Route summarization is described in the next section.

CIDR Blocks and Hierarchical Routing Enabled by Route Summarization

This section describes how classless routing uses a summary route to represent a range of network IDs (also known as a CIDR block) and how a multi-level hierarchy uses summary routes at each level of the hierarchy to make routing more efficient.

How a summary route represents a range of network IDs

As explained earlier, route summarization was introduced by RFC 1519 as a way to consolidate several class C network IDs into one logical network ID, sometimes referred to as a supernet. Because not enough class B addresses were available to meet the escalating demand, this technique enables two or more class C network IDs to be allocated to an organization in order to provide an adequate number of IP addresses.

Whereas subnetting enables the division of networks into smaller subnets of equal or variable size, route summarization enables the grouping of contiguous subnets. The use of a subnet mask is required for route summarization just as it is for subnetting. However, these subnets masks differ as follows:

  • Subnet mask used in subnetting. Uses one or more host ID bits to create a longer subnet mask (prefix length) and uses these bits to create subnets. Subnet masks for subnetted network IDs are always more specific (that is, have more bits set to 1) than the network ID that is being subnetted.

  • Subnet mask used in route summarization. Uses one or more network ID bits to create a shorter subnet mask (prefix length) in order to represent a set of network IDs as a single route in the routing table. This group of network IDs is the CIDR block. Subnet masks for summarized network IDs are always less specific (that is, have fewer bits set to 1) than the network IDs that are being summarized.

The following table lists a series of eight class C network IDs that, in this example, are combined into one block. The first network ID is 208.147.168.0. The first 21 bits are the same for each of the eight network IDs grouped into the single CIDR block. The last 3 bits of the third octet, which are taken from the class C–based network ID, range from 000 through 111. In decimal notation, the range is 0 through 7, or a total of 8 contiguous subnets, combined to form one block.

Eight Class C Network IDs to be Combined into One Block

Range Network ID (Decimal) Network ID (Binary)

0 (first network ID)

208.147.168.0

11010000 10010011 10101000 00000000

1 (second network ID)

208.147.169.0

11010000 10010011 10101001 00000000

2 (third network ID)

208.147.170.0

11010000 10010011 10101010 00000000

3 (fourth network ID)

208.147.171.0

11010000 10010011 10101011 00000000

4 (fifth network ID)

208.147.172.0

11010000 10010011 10101100 00000000

5 (sixth network ID)

208.147.173.0

11010000 10010011 10101101 00000000

6 (seventh network ID)

208.147.174.0

11010000 10010011 10101110 00000000

7 (eighth network ID)

208.147.175.0

11010000 10010011 10101111 00000000

This CIDR block is expressed as {208.147.168.0, 255.255.248.0} or, in network prefix length notation, as 208.147.168.0/21. A single route in the IP routing table represents this block. Without a list such as that shown in the preceding table, you can determine the number of network IDs in the block by raising the number of summarized bits to the power of 2. In this class C example, the subnet mask indicates that the number of bits used for summarization is three: 24–21=3, that is, 24 bits set to 1 in a standard class C subnet mask minus 21 actual bits set to 1 leaves 3 bits for summarization. Therefore, there are 23=8 network IDs in this block.

Looking at this CIDR block (which, in this simple example, does not use variable length subnetting), you can double-check that it summarizes 8 class C networks by confirming that both of the following calculations produce the same number:

  • Possible host IDs supported by a classful class C network ID (256) × network IDs in the block (8) = the number of possible host IDs (2048).

  • Two (2) raised to the number of bits set to 0 in the subnet mask (211) = the number of possible host IDs (2048).

The assignable bits can be used either simply for host IDs or to create subnets of variable size, as the needs of the organization dictate. Typically, using VLSM to divide the 2048 possible host IDs into variable size subnets is the more practical option.

In this example, as the two calculations demonstrate, the CIDR block can be viewed from two perspectives:

  • As a block of 8 contiguous class C network IDs grouped into one logical network ID.

  • As a classless address space that has 21 fixed bits and 11 assignable bits.

How a multi-level hierarchy using summary routes streamlines routing

Hierarchical routing requires a method of address allocation that can reflect a hierarchical network topology and that can reduce the size of routing tables. Hierarchical routing accomplishes both requirements by using a single route to advertise a set of routes at each level of the hierarchy.

ISPs, organizations that subscribe to ISPs, and subnets within organizations are some of the typical levels in the routing hierarchy of the public Internet. An element lower in the hierarchy reports summary routing information to the level above it. For example, the allocation of large blocks of the public IPv4 address space to network service providers (such as ISPs), which then allocate subsets of these blocks to smaller organizations (such as organizations that subscribe to an ISP) is a practice recommended in RFCs 1518 and 1519.

Thus, a router within an organization does not need to advertise routing information about every subnet in that organization. Instead, the router can be configured to maintain routing information on a per region basis, in which each routing region is summarized with a single route except for the regions to which the router is connected. Likewise, an ISP router does not need to advertise routing information about individual subnets within each of the organizations that make up the set of its subscribers. Instead, the router can maintain routing information on a per subscriber basis.

Classless routing protocols, which recognize a summarized route represented by a {Network ID, Subnet Mask} pair that represents a set of reachable IP addresses, are designed to handle routing in a hierarchical infrastructure. By expressing a range of network IDs as a single route in the routing table at each level of the hierarchy, route summarization decreases the number of routes on routers. With fewer routes to check, routers can forward packets faster. One major use of route summarization is to reduce the burden for routers on the Internet backbone.

The example shown in the following figure depicts a simple hierarchical routing structure divided into routing regions based on the private network ID 10.0.0.0/8. Route summarization is used at the border of each region. Each arrow is labeled with the summarized route that is advertised outside its region by the router or routers at the border of that region. (This example figure is used by permission from the authors of "Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference" by Joseph Davies and Thomas Lee, Redmond, WA, Microsoft Press, 2003.)

Hierarchical routing regions

The structure shown in this example illustrates both the advantage of hierarchical routing and its cost:

  • Advantage. The efficiency provided by hierarchical routing reduces the size of routing tables, reduces the amount of communication required between routers in order for them to update their routing tables, and therefore reduces network traffic. With smaller routing tables, routers forward packets faster.

  • Cost. The initial planning required to establish such a structure takes time. In a large organization, this initial investment in time is well worth the effort because of the long-term efficiency gained.

How the IPv4 Routing Table Works

On an IPv4 internetwork, IP makes routing decisions by consulting a database of routes known as the IP routing table. Each IP node uses its own routing table to store information about routes usable for forwarding unicast IP packets to any reachable location. A node running Windows Server 2003 (or Windows XP) builds its routing table automatically, based on its current TCP/IP configuration, static routing table entries, information provided by dynamic routing protocols, and ICMP Redirect messages.

This section describes:

  • IPv4 routing table

  • Structure of the IPv4 routing table

  • How IP consults the routing table

  • How to manage the IPv4 routing table

IPv4 Routing Table

Each entry in the routing table corresponds to one route. When an IP node needs to forward an IP packet, IP searches the routing table on the node for a route that most closely matches the destination IP address in the packet. Typically, the process is as follows:

  • For an IP host. A host can either send a packet directly to its destination, or it can send the packet en route to the destination through a default route {Network ID: 0.0.0.0, Subnet Mask: 0.0.0.0} that points to its default gateway. A default gateway is a router that connects separate IP network segments.

  • For an IP router. A router forwards a packet either by using an explicit static route for a specific network segment, a summarized route, a host route, or a default route.

Routing Table Example

An administrator or user can view the current state of the IP routing table on an IP node at any time. For example, consider a node configured as follows:

  • IP address: 157.54.27.90

  • Subnet mask: 255.255.240.0

  • Default gateway: 157.54.16.1

In network prefix length notation, the IP address and subnet mask pair {157.54.27.90, 255.255.240.0} for this node is expressed as 157.54.27.90/20. Typing route print at a command prompt on this node produces the output shown in the following table.

Example Routing Table

Network Destination      Netmask        Gateway      Interface   Metric
        0.0.0.0           0.0.0.0    157.54.16.1   157.54.27.90      20
      127.0.0.0         255.0.0.0      127.0.0.1      127.0.0.1       1
    157.54.16.0     255.255.240.0   157.54.27.90   157.54.27.90      20
   157.54.27.90   255.255.255.255      127.0.0.1      127.0.0.1      20
 157.54.255.255   255.255.255.255   157.54.27.90   157.54.27.90      20
      224.0.0.0         240.0.0.0   157.54.27.90   157.54.27.90      20
255.255.255.255   255.255.255.255   157.54.27.90   157.54.27.90       1

This routing table, displayed on a computer running Windows Server 2003, differs from the routing table on a computer running Windows 2000 Server in the following ways:

  • New netmask for the multicast address route. In the routing table on a server running Windows 2000 Server, the Network Destination field and the Netmask field for the route used for IPv4 multicast addresses (defined as those in the range from 224.0.0.0 through 239.255.255.255) are both 224.0.0.0. However, the subnet mask used for IPv4 multicast addresses is 240.0.0.0. Therefore, the new Netmask of 240.0.0.0 that is used in the Windows Server 2003 routing table is more appropriate than the 224.0.0.0 Netmask used in Windows 2000, based on the class D definition of IPv4 multicast addresses.

  • Automatic metric feature. On a server running Windows 2000 Server, the default routing metric for each route (each row) in the routing table is set to 1. On a computer running Window Server 2003 or Windows XP, the routing metric for each route is set to a value determined by the link speed of the interface. (This automatic metric feature does not apply to the default route metric when the default gateway is manually configured with a metric.)

In the output shown in “Example Routing Table,” the routing metric that is set to 20 for several rows is the metric that Windows Server 2003 or Windows XP TCP/IP uses for a 100-Mbps Ethernet interface, for an 802.11g adapter, or for an 802.11a adapter. The following table lists the criteria that Windows Server 2003 or Windows XP uses to assign metrics for routes that are bound to network interfaces of varying speeds.

Metrics Assigned by the Automatic Metric Feature

Link Speed Metric

Greater than 200 Mbps

10

Greater than 20 Mbps, and less than or equal to 200 Mbps

20

Greater than 4 Mbps, and less than or equal to 20 Mbps

30

Greater than 500 Kbps, and less than or equal to 4 Mbps

40

Less than or equal to 500 Kbps

50

The automatic metric feature is enabled by default through the Automatic metric check box on the IP Settings tab on Advanced TCP/IP Settings of the TCP/IP protocol. For DHCP-assigned default gateways, you can override the default behavior of automatically calculating a metric for the default route based on adapter speed by using the Microsoft-specific DHCP option called Default Router Metric Base.

Routing Table vs. Forwarding Table

Many router implementations, including the Windows Server 2003 Routing and Remote Access service, use both a routing table and a forwarding table:

  • Routing table. Stores all routes from all possible sources. The command netsh ro ip sh rtmr (that is, netsh routing ip show rtmroutes) shows the routing table.

  • Forwarding table. Used by IP to forward packets. The commands route print or netsh ro ip sh rtmd (that is, netsh routing ip show rtmdestinations) show the IP forwarding table.

The Routing and Remote Access service on a Windows Server 2003 router maintains the IP routing table by using a component called Route Table Manager (abbreviated as rtm in rtmroutes and rtmdestinations in the commands shown earlier). Route Table Manager updates the IP forwarding table (which is contained within the TCP/IP protocol) based on incoming route information from multiple sources.

The contents of the routing table do not necessarily match the contents of the forwarding table. However, in this introductory discussion, the routing table and the forwarding table are treated as if they are identical.

Routing Table Stored in RAM on Local Node

On an IPv4 internetwork, all routing decisions made by a host or a router are based on information stored in the IP routing table on that node. Because the routing table is a local database that physically resides in the remote access memory (RAM) of the node making the routing decision, the IP routing table is rebuilt whenever the node restarts. Thus, there is no single, unified view of the internetwork that is gathered by a server and downloaded to each host and router — all nodes do not have the same view of the internetwork, and all traffic does not flow along predictable pathways.

Each router in a path between a source and a destination makes a local routing decision based on its local routing table. Therefore, the path that packets take from the source to the destination might not be the same as the path taken by response packets from the destination back to the source.

If the information in the local routing table of a node is incorrect due to configuration errors or changing network conditions, routing problems can result. Troubleshooting routing problems might involve the analysis of the routing tables of the hosts (source and destination) and analysis of all of the routers that forward packets between them.

Structure of the IPv4 Routing Table

Understanding the IPv4 routing table requires familiarity with:

  • The types of routes stored in the routing table.

  • Available methods for configuring a default gateway, any of which creates a default route in the IP routing table.

  • The meaning of the columns and rows that make up the routing table database.

Types of Routes

The following table describes the types of routes stored in an IP routing table. For a description of each route in an actual routing table, see the table “Routes in an IP Routing Table” later in this section.

Types of Routes Stored in an IP Routing Table

Route Type Description

Local network route

(Directly attached network route)

A route to a specific local network ID. This route identifies a network segment that is directly attached to the node.

For a local network route, the Gateway column (sometimes called Next Hop) might be blank or might contain the IP address of the interface on that network segment.

Remote network route

A route to a specific remote network ID. This route identifies a network segment that is not directly attached to the node but is available across one or more routers.

For a remote network route, the Gateway (Next Hop) column is the IP address of a local router located between the node and the remote network.

Host route

A route to a specific IP address (network ID + host ID) on the internetwork. Instead of making a routing decision based on just the network ID, as is the case for either a local or a remote network route, the routing decision for a host route is based on the combination of network ID and host ID. For a host route, the Network Destination column is the IP address of the specified host, and the Netmask column is 255.255.255.255.

Typically, a host route is used to create a custom route to a specific host in order to control or optimize specific types of internetwork traffic.

Default route

A route that is used when there are no other closer matching routes for the destination in the routing table. Including a default route in the routing table means that the routing table does not need to store routes for every network ID on the internetwork. Using a default route, therefore, simplifies the configuration of hosts or routers.

Default Gateways and Default Routes

Configuring a default gateway creates a default route in the IP routing table. For IP nodes, the default gateway (also called a default router) is a neighboring IP router that forwards unicast traffic for the node by providing a next-hop IP address (the Gateway column in the routing table) and interface (the Interface column in the routing table) for all destinations that are not located on the local subnet. The default gateway address is the IP address of a directly reachable IP router.

The default gateway on a computer running Windows Server 2003 or Windows XP is configured by using one of the following methods:

  • TCP/IP properties General tab. If you want the node to obtain its IP address configuration by using manual configuration, the default gateway is the IP address located in the Default gateway field on the General tab on the TCP/IP properties page. Multiple default gateways are configurable by adding them on the IP Settings tab on the Advanced TCP/IP Settings page of TCP/IP properties.

  • TCP/IP properties Alternate Configuration tab. If you want the node to obtain its IP address configuration by using the user-configured alternate configuration option, the default gateway is the IP address located in the Default gateway field on the Alternate Configuration tab on the TCP/IP properties page. You can specify only a single default gateway. The TCP/IP alternate configuration feature lets a computer function in two or more networks — one configured with static IP addresses and another configured with DHCP — without reconfiguration of network adapter parameters. When no DHCP server is available, the connection uses the configuration specified on the Alternate Configuration tab.

  • DHCP. If you want the node to obtain its IP address configuration by using DHCP, the default gateway is the value of the first IP address in the Router DHCP option. The Router DHCP option specifies an ordered list of one or more default gateways. If you are using a Windows Server 2003–based DHCP server, the Router option is located in the Details pane in the DHCP snap-in console tree under ServerName\ScopeName**\Scope Options**.

  • ICMP Router Discovery. If you want the node to automatically discover the best default gateway router available on a subnet, you can configure nodes on that subnet to use ICMP router discovery. ICMP Router Solicitation messages and Router Advertisement messages exchanged between routers and hosts enable hosts to dynamically discover which local routers are available, which routers are down, and which router is currently the best default gateway to use on a subnet. By using ICMP router discovery, a host can automatically switch to another default gateway if its current default gateway becomes unavailable. For information about support for ICMP router discovery in the Windows Server 2003 Routing and Remote Access service, see “How ICMP Router Discovery Works” in How Unicast IPv4 Routing Protocols and Services Work.

Note

If the host obtains its IP address configuration by using Automatic Private IP Addressing (APIPA), no default gateway is configured and no default route is created in the routing table. APIPA is useful only for a single subnet.

Fields and Records in the IP Routing Table Database

As with any database, understanding the IP routing table requires understanding the relationship between the records (rows) and the fields (columns) that make up the IP routing table. This relationship is best understood by using an example. The following table shows the same information displayed in “Example Routing Table” earlier in this section. It labels each row with the route type for that entry.

Example Information Stored in an IP Routing Table

Type Network Destination Netmask Gateway Interface Metric

Default route

0.0.0.0

0.0.0.0

157.54.16.1

157.54.27.90

20

Loopback network route

127.0.0.0

255.0.0.0

127.0.0.1

127.0.0.1

1

Local network route

(Directly attached network route)

157.54.16.0

255.255.240.0

157.54.27.90

157.54.27.90

20

Local host route

(Local IP address route)

157.54.27.90

255.255.255.255

127.0.0.1

127.0.0.1

20

Network broadcast route

(All-subnets-directed broadcast route)

157.54.255.255

255.255.255.255

157.54.27.90

157.54.27.90

20

Multicast address route

224.0.0.0

240.0.0.0

157.54.27.90

157.54.27.90

20

Limited broadcast route

255.255.255.255

255.255.255.255

157.54.27.90

157.54.27.90

1

Routing table columns

The following table describes each field, or column, in the IP routing table.

Columns for Each Routing Table Entry

Column Description

Network Destination

Contains one of the following:

  • IP address. An IP address for a host route

  • Network ID. A class-based, subnetted, or summarized network ID

Netmask

(Subnet Mask)

Contains the subnet mask that IP applies to the destination IP address. If the destination AND the subnet mask equals the network destination, the route is a match for the destination. The process is as follows:

  1. IP performs a bit-wise logical AND operation between the packet’s destination IP address and the value in the Netmask column.

  2. The result is compared to the value in the Network Destination column.

  3. When IP compares each bit in the destination IP address to the corresponding bit in the subnet mask, the bit-wise AND operation works as follows:

    • If both bits are 1, the resulting bit is 1.

    • If both bits are not 1, the resulting bit is 0.

Examples:

  • Default route. The netmask for the default route is 0.0.0.0, which translates to the binary value 00000000 00000000 00000000 00000000. When IP performs the AND operation between any destination IP address and this subnet mask, the result is all zeros. Therefore, no bits need to match, and any destination matches the default route.

  • Host route. The netmask for a host route (a route that matches a specific IP address) is 255.255.255.255, which translates to the binary value 11111111 11111111 11111111 11111111. When IP performs the AND operation between a host route and this subnet mask, only a destination IP address that is equal to the IP address of the host route matches this route.

  • Packet with IP address 157.54.16.48. When IP performs the AND operation between 157.54.16.48 and the netmask for the directly attached network route (in this example, 255.255.240.0), the result is 157.54.16.0. The subnet mask 255.255.240.0 requires that all eight bits in the first two octets and the first four bits in the third octet must match (240=11110000). Therefore, the closest match for this packet is the directly attached network (157.54.16.0/20).

Gateway

(Next Hop or Forwarding Address)

Contains either the IP address of a local network adapter for direct deliveries or the IP address of an IP router (such as a default gateway router) on the local network segment for indirect deliveries. This is the IP address that the local node uses to forward the IP packet.

Interface

Indicates the network interface (either a physical network adapter or a logical interface) that will be used to forward an IP packet.

Metric

Indicates the relative cost of routes so that the best route among possible multiple closest matching routes to the same destination can be selected. If there are multiple routes to the same destination with different metrics, the route with the lowest metric is selected.

Metrics can express the route preference in different ways:

  • Hop Count. Indicates the number of routers to cross to reach a destination network. A computer on the local subnet is one hop, and each router crossed after that is an additional hop.

  • Delay. Indicates the amount of time that the packet takes to reach the destination network. Delay refers to the speed (LAN links have a lower delay; WAN links have a higher delay) or congestion level of the path.

  • Throughput. Indicates the amount of data that can be sent along the path per second. Throughput does not necessarily indicate the bit rate of the link because a very busy Ethernet link might have a lower throughput than an unused 64 kilobits per second (Kbps) WAN link.

  • Reliability. Indicates a measure of the path constancy. Some types of links are more likely to fail than others. For example, leased-line WAN links are more reliable than dial-up lines.

RIP uses a hop count metric. OSPF can use hop count, delay, throughput, or reliability factors for its cost metric.

Routing table rows

The following table describes each record, or row, in the IP routing table. Each row represents a route. In the Description column, all references are to the output “Example Routing Table” shown earlier.

Routes in an IP Routing Table

Route Destination / Netmask (Network Prefix Length Notation) Description

Default route

0.0.0.0/0.0.0.0

(0.0.0.0/0, sometimes written as 0/0)

The route used if there are no other closer matching routes for the destination address in the IP packet. In the example, the IP packet is forwarded to 157.54.16.1 (the default gateway) by using interface 157.54.27.90 (the IP address of the node).

Loopback network route

127.0.0.0/255.0.0.0

(127.0.0.0/8)

The route used for any IP address of the form 127.x.y.z (127.0.0.0 through 127.255.255.255). In the example, as for any IP address in this range, the IP packet is forwarded to the special loopback address 127.0.0.1 by using the loopback interface.

Directly attached network route (Local network route)

varies/varies

The route used for an IP address on the locally attached subnet. The IP packet is forwarded directly to the destination IP address (not to an intermediate router). In the example, the IP packet is forwarded to its destination by using the interface assigned to 157.54.27.90 — that is, the Gateway and Interface columns contain an IP address of the node, indicating that the packet will be sent directly to its destination out a network adapter that is assigned an IP address on this node.

Local host route

(Local IP address route)

varies/255.255.255.255

(varies/32)

The route used if the IP address in the packet is the same as the IP address of the local host. The subnet mask 255.255.255.255 indicates that this is a host route. In the example, as for any IP address that matches the local host, the IP packet is forwarded to the loopback address 127.0.0.1 by using the loopback interface.

Network broadcast route

(All-subnets-directed broadcast route)

varies/255.255.255.255

(varies/32)

The route used for an IP address that matches the all-subnets-directed broadcast address. The subnet mask 255.255.255.255 indicates that this is a host route. The IP packet is forwarded as a MAC-level broadcast to hosts on all subnets of a subnetted IP network ID by using an interface that is assigned an IP address on the local node.

A network broadcast route exists only if the local network ID is subnetted from a class-based network ID.

Multicast address route

224.0.0.0/240.0.0.0

(224.0.0.0/4)

The route used for any of the class D IP addresses reserved for multicast traffic. The IP multicast packet is forwarded as a MAC-level multicast to the multicast group by using an interface that is assigned an IP address on the local node.

Limited broadcast route

255.255.255.255/255.255.255.255

(255.255.255.255/32)

The route used for an IP address that matches the limited broadcast address. The subnet mask 255.255.255.255 indicates that this is a host route. The IP packet is forwarded as a MAC-level broadcast to all hosts on the same network segment by using an interface that is assigned an IP address on the local node.

The limited broadcast route is used during the DHCP configuration process, such as when a DHCP client uses the limited broadcast address to send all traffic while it waits for the DHCP server to acknowledge its lease of an IP address.

How IP Consults the Routing Table

When an IP host or router needs to forward a packet to its destination, IP consults the routing table on that node to determine where to route the packet. This section provides a summary of how IP consults each row and column, and then provides a detailed description of the route determination process.

Synopsis of How IP Consults the Routing table

The following table summarizes how IP makes use of the IP routing table.

Overview of How IP Uses Routing Table Rows and Columns

Action Summary Steps

IP searches each row

IP checks each route in the table to find the closest matching route. Routes that match the destination vary from the most specific type of route to the least specific type of route. The closest matching routes have the following order:

  1. Host route

  2. Route representing the network ID for a local or remote subnet

  3. Route representing a summarized network ID

  4. Default route

Simultaneously, IP uses each column to assess each row

IP uses each column in every row as follows:

  1. Network Destination and Netmask. Used together to determine if the destination address in the IP packet matches the route.

  2. Metric. Used to determine which matching entry to select if two or more closest matching routes are found.

  3. Gateway and Interface. Used together to determine the next-hop address to which to send the packet and the next-hop interface over which to forward the packet.

Result

Three alternative routing decisions are possible:

  • Pass the packet up to the loopback interface (if the destination of the packet is this computer or of the form 124.x.y.z).

  • Forward the packet by using one of the locally attached network interface cards (if a closest matching route was found).

  • Discard the packet (if no matching route was found), and then (on a host) send an error message internally or (on a router) send an error message to the source host.

The next section describes in detail the process by which IP determines which routing decision to make.

Details of How IP Makes the Routing Decision

IP determines the best route to a destination by comparing the destination IP address in the packet to each route currently present in the routing table. The detailed process is as follows:

  1. Determine whether the packet’s destination IP address matches one or more routes. For each entry in the routing table, IP on the node performs a bitwise logical AND operation between the destination IP address of the packet and the subnet mask listed in the Netmask column. IP compares the resulting value to the value in the Network Destination column:

    • Match. If one or more matching routes are found, IP compiles a list of the matching routes. IP determines if a route produces a match as follows:

      Host route. All 32 bits match the destination IP address. The route is to a single destination address.

      Route representing the network ID for a local or remote subnet. All of the bits in the network ID match the destination IP address. This route is either a route to a destination on the local subnet, or it is a route to a destination on a non-local network through a router.

      Route representing a summarized network ID. All of the bits in the summarized network ID match the destination IP address. The route is to a destination on the set of subnets summarized by this summary route.

      Default route. All destination IP addresses match the default route. This is the route used when there is no more specific match.

    • No match. If no route is found (including no default route), IP indicates an error condition. A “no match” condition cannot occur if a default route exists. If the node is a host, an IP routing error is sent internally to an upper layer protocol (such as TCP, UDP, or ICMP). If the node is a router, an ICMP Destination Unreachable-Host Unreachable message is sent to the source host.

    For examples illustrating the AND operation between a destination IP address and the value in the Netmask column, see the Netmask row in the table “Columns for Each Routing Table Entry” in “Structure of the IPv4 Routing Table” earlier in this section.

  2. Determine the single route to use to send or forward the packet. The result of the route determination process is the choice of a single route in the routing table:

    • If one and only one route has the longest match — the longest match is the route with the highest number of bits set to 1 in the Netmask column (the longest prefix length) — that route is selected.

    • If multiple longest match routes are found (for example, multiple routes to the same network ID), IP selects the route with the lowest metric.

    • If multiple longest match routes with the same lowest metric exist, IP selects the route associated with the interface that is first in the binding order.

    Note

    If a computer has more than one interface (network adapter), the binding order is the order in which the interfaces are accessed by network services. This order reflects the order in which TCP/IP is bound to each of the interfaces. To change the relative binding order of interfaces on a computer running Windows Server 2003 or Windows XP, open Network Connections, select the Advanced menu, select Advanced Settings, click the interface whose binding order you want to change, and then click the up arrow or the down arrow, as appropriate.

  3. Determine the next-hop address and interface. After a route is selected, IP determines from the routing table entry what the next-hop IP address is and which interface (physical network adapter or logical port) to use to forward the packet:

    • Direct delivery (to the destination node). If the destination is on a subnet directly connected to the host or router, IP delivers the packet to the destination node. In this case, the address in the Gateway column is the same as the address in the Interface column (or the Gateway column is blank), and the next-hop IP address is set to the destination IP address in the IP packet. The interface used is the one specified in the Interface column of the selected route.

      Again using the example shown in “Example Routing Table” described earlier, if traffic is sent to 157.54.16.48, the most specific route is the route for the directly attached network (157.54.16.0/20). The next-hop IP address is set to the destination IP address (157.54.16.48) and the interface used is the adapter card that has been assigned the IP address 157.54.27.90 (the interface on the local node).

    • Indirect delivery (to the next router). If the destination is not on a subnet directly connected to the node, IP delivers the packet to a neighboring router on a directly connected subnet for further routing. In this case, the address in the Gateway column is not the same as the address in the Interface column, and the next-hop IP address is set to the address in the Gateway column. The interface used is the one specified in the Interface column of the selected route.

      For example, if traffic is sent to 157.60.0.79, the most specific route is the default route (0.0.0.0/0). The next-hop IP address is set to the gateway address (157.54.16.1) and the interface used is, in this case again, the adapter card that has been assigned the IP address 157.54.27.90 (the interface on the local node).

  4. Hand off the packet to ARP. IP hands the packet, the next-hop IP address, and the next-hop interface to ARP. ARP resolves the next-hop IP address to its MAC address and forwards the packet, as appropriate, to the next hop, which is either the destination or the router that will forward it towards its destination.

For more information about the IP routing process, including details of the host forwarding process, the router forwarding process, and the destination host receiving process, see “IP Routing from Sending Host to Destination” in "Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference" by Joseph Davies and Thomas Lee, Redmond, WA, Microsoft Press, 2003.

How to Manage the IPv4 Routing Table

On a computer running the Windows Server 2003 Routing and Remote Access service, several methods for managing the IP routing table are available:

  • The route command-line tool, which is designed specifically to display and manage the IP routing table.

  • The Netsh routing IP context, which includes several commands for managing IP routes. In Windows Server 2003, Netsh contains more commands than it did in Windows 2000 Server.

  • The Routing and Remote Access snap-in, which displays the routing table with an additional column that lists the source from which the route was obtained. View the routing table by right-clicking the IP Routing\Static Routes node in the console tree and then selecting Show IP Routing Table.

In addition to using the route print command to view the routing table, you can also use route to add, change, or delete routes. Because the IP routing table is stored in RAM and is rebuilt whenever a computer is restarted, one common practice is to use route add with the -p option to add a static route that is persistent, that is, a route that persists even after the computer is restarted. Persistent routes are stored in the registry.

The IP routing table that appears in the Routing and Remote Access snap-in includes one additional column that the route print command does not display. This is the Protocol column, which identifies how the router learned each route. For example, Local identifies a route on the local node; Static identifies a static route that the administrator configured manually; RIP or OSPF identifies dynamic routes learned from routers configured to use those routing protocols. The following screenshot displays the IP routing table on a Windows Server 2003 Routing and Remote Access router.

Routing and remote access snap-in IP routing table

If the Protocol column lists RIP or OSPF entries, or any other entries in addition to Local entries, the existence of these entries confirms that the router is receiving routes.

For more information about tools used for unicast IP routing, see Unicast IPv4 Routing Tools and Settings.

How Static and Dynamic Routing Work

For information exchange between routers to work efficiently on an IP internetwork, routers must have knowledge of other network IDs or be configured with a default route. On medium-sized or large internetworks, the routing tables must be maintained in an up-to-date state so that network traffic travels along optimal paths. How the routing tables are maintained defines the distinction between static and dynamic routing:

  • Static routing. An administrator manually enters routing information. Routing information does not change unless the administrator manually updates or deletes it. The term static router refers to a router in an internetwork that uses only static routing. Using static routing exclusively is appropriate only for a small internetwork.

  • Dynamic routing. An administrator configures a router to automatically generate routing information, share it with other routers, and update it when routing changes occur. The term dynamic router refers to a router in an internetwork that uses only dynamic routing or, more typically, that uses primarily dynamic routing in conjunction with some manually configured static routes. For example, each interface on a dynamic router is typically manually configured.

Static Routing

Static routing is based on routing table entries that are manually configured on a static router and that do not change when internetwork topology changes. On a static router, a network administrator with knowledge of the internetwork topology builds and updates the routing table. The routing table on a static router either contains a route for every subnet on the internetwork, or the router is configured to use route summarization and thus the routing table contains only summary routes. Static routers do not exchange routing information with each other.

On an internetwork based on static routing, an IP node is manually configured so that its default gateway address matches the IP address of the local router interface. When a node sends a packet to another network, it forwards the packet to the local router, which checks its own routing table and determines which route to use to forward the packet.

Static routing can work well for small internetworks. Static routing can also be appropriate for connecting a branch office to a main office across a WAN link. However, static routing does not scale well to large or frequently changing internetworks because of the manual administration it requires.

Static routers are not fault tolerant — a static router cannot sense that a neighboring router is no longer available over an operational link or that a remote network segment is no longer reachable if a link goes down. Because a static router is unaware of these changes, it cannot make adjustments to its routing table and requires an administrator to update the router.

A computer running Windows Server 2003 that has two or more network adapters (each configured with an IP address and subnet mask defining routes for local subnets) can function as a static IP router. Typically, to avoid conflicts in case the router is connected to two or more disjoint subnets, only one of the network adapters is configured with a default gateway. For information about disjoint networks, including how to configure an Internet Security and Acceleration (ISA) or virtual private network (VPN) server to prevent disjoint network unreachability, see Default Gateway Behavior for Windows TCP/IP.

On a server running Windows Server 2003 Routing and Remote Access, you can add static routes in three ways:

  • In the console tree of the Routing and Remote Access snap-in, by adding a route on the IP Routing\Static Routes node

  • By using the route add command-line utility (with the -p switch to add a persistent static route)

  • By accessing the netsh routing ip context in a command prompt window and then using the add persistentroute command

Static routing entries

An administrator configuring a static routing entry manually specifies the following information:

  • Destination. A destination IP address for this route, which can be a host address, a subnet address, a summarized network address, or the destination for the default route (0.0.0.0).

  • Network mask. The subnet mask for the static route. This number is used in conjunction with the destination IP address. For example, a mask of 255.255.255.255 means that only an exact match of the network mask with the destination can use this route. A mask of 0.0.0.0 means that any destination can use this route. For more information, see “Details of How IP Makes the Routing Decision” earlier in this document.

  • Gateway. The next-hop IP address for this route. For a LAN interface, the gateway address is the IP address of a neighboring router. For a demand-dial interface, no gateway address is configured.

  • Metric. The cost (such as the number of hops to the destination, or a unitless metric, such as the speed or reliability of the link) associated with this route. When multiple routes to the same destination exist, IP selects the route with the lowest metric.

For more information about how IP handles entries in the routing table, see How the IPv4 Routing Table Works earlier in this section.

Using static routing with dynamic routing

Using static routing exclusively is appropriate only for a small internetwork that is rarely reconfigured. However, a medium-size or large internetwork that primarily uses dynamic routing typically also uses some manually configured static routes. For example, you might use a static route with a higher metric as the redundant backup for a dynamically configured route. In addition, you might use dynamic routing for most paths but configure a few static paths where you want to ensure that network traffic follows a particular route, such as configuring routers to force traffic over a specific path to a high-bandwidth link.

Using dynamic routing protocols across temporary dial-up WAN links is not feasible because dynamic routing protocols typically advertise the contents of the routing table at periodic intervals. Such automatic periodic advertisements are appropriate only for permanently connected LAN or WAN links. If a dial-up WAN link is configured to use dynamic routing, it might incur long-distance charges each time one router calls another router to establish a connection and update the routing table. A more cost-effective way to update the routing table over a dial-up WAN link is to configure autostatic updates. RIP supports autostatic updates; OSPF does not.

An autostatic route is a static route that is dynamically obtained through an exchange of RIP messages. An administrator can enable autostatic updates on an interface that is used for a demand-dial connection so that — whenever the demand-dial link is in a connected state — a request for updated routes can be sent over that interface. Autostatic updates are automatic only in the sense that, when the administrator gives the command to update routes, the router sends an update request across the link to the router on the other side of the connection, and then the router automatically adds the requested routes as static routes to its routing table. Although the term autostatic update might seem to imply an automatic operation, autostatic updates are not automatically performed when the demand-dial connection is made but only if the command to perform the update is given.

As an alternative to issuing a command to initiate a manual autostatic update, if you use Routing and Remote Access RIP routers, you can use the Routing and Remote Access snap-in, Netsh commands, and Task Scheduler to schedule autostatic updates:

  1. In the Routing and Remote Access snap-in, enable autostatic update mode by navigating to the IP Routing\RIP node in the console tree, and then selecting the Auto-static update mode option on the General tab of the InterfaceName Properties page.

  2. Create a batch file or Netsh script file that contains the following commands:

    netsh interface set interface name=DemandDialInterfaceName connect=CONNECTED

    netsh routing ip rip update DemandDialInterfaceName

    netsh interface set interface name=DemandDialInterfaceName connect=DISCONNECTED

  3. Open Scheduled Tasks in Control Panel, double-click Add Scheduled Task, and then follow the wizard instructions to establish the schedule for the batch file or Netsh script to run.

Static routing in IPv6

A computer running the Windows Server 2003 family can act as a static IPv6 router that forwards IPv6 packets between interfaces based on the contents of the IPv6 routing table. You can configure static routes by using the netsh interface ipv6 add route command.

For information about Windows Server 2003 support for static routing in an IPv6 environment, see “How IPv6 Works” in IPv6 Technical Reference.

Dynamic Routing

Dynamic routing is based on routing table entries that are automatically configured and automatically updated by routers whenever the topology of the internetwork changes. Dynamic routing protocols enable this ongoing maintenance of routing tables by using a series of periodic or on-demand messages containing routing information about the internetwork environment that is exchanged among routers. Any dynamic routing protocol enables routers to perform the following basic functions:

  • Detect other routers (called neighbors) with which it will exchange routing information.

  • Store the routing data that it collects from other routers as entries in its routing table.

A router with dynamically configured and updated routing tables is known as a dynamic router. Except for initial configuration, dynamic routers require little ongoing maintenance and can therefore scale to large internetworks. For dynamic routing to work, the same routing protocol must be installed on each router on the internetwork.

Dynamic routing in a multipath IP internetwork is fault tolerant (for a brief description of multipath routing, see “Single-Path vs. Multipath Routing Infrastructures” earlier in this document). Dynamic routes learned from other routers have a finite lifetime: If a router or link fails, dynamic routers detect the change in the internetwork topology when the lifetime of the learned route expires in the routing table. This change then propagates to other routers so that all routers on the internetwork become aware of the new topology.

The ability to scale and the ability to recover from internetwork faults make dynamic routing the better choice for medium, large, and very large internetworks. Routing protocols do, however, increase network traffic on the internetwork. This additional traffic can be an important factor in planning WAN link usage.

Two or more dynamic routing protocols cannot interoperate on the same internetwork because each protocol collects different types of data and uses different techniques to converge after topological changes occur. However, you can configure two or more routing protocols on a single router to connect internetworks that use different routing protocols. For example, you can configure RIP on an interface that connects to a RIP-based internetwork and configure OSPF on another interface that connects to an OSPF-based internetwork. A router with these interfaces can be configured to exchange routing information between the two networks. The exchange of routing information between networks that use different dynamic routing protocols is sometimes referred to as route redistribution.

A computer running the Windows Server 2003 Routing and Remote Access service can act as a dynamic router that also supports static routing. An administrator can use the Routing and Remote Access snap-in to add RIP, OSPF, or both, and then enable the protocol on the appropriate interface by adding the interface to the RIP or OSPF protocol displayed in the console tree. On a Routing and Remote Access router, you can use the snap-in to add a static route to an internetwork configured to use dynamic routing by using the IP Routing\Static Routes node in the console tree.

Convergence

An important element of a routing protocol implementation is its ability to sense and recover from internetwork faults. How quickly the routing protocol can enable recovery from failures on the internetwork is determined by the type of failure, how it is sensed, and how the routing information is propagated throughout the internetwork.

When all routers on an internetwork have the correct routing information in their routing tables, the internetwork is said to have converged. Convergence is the process by which routers update routing tables after a change in network topology occurs — the change is replicated to all routers that need to know about it. When convergence is achieved, the internetwork is in a stable state and all routing occurs along optimal paths.

When a link or router fails, the internetwork must reconfigure itself to reflect the new topology. Information in routing tables must be updated. Until the internetwork reconverges, it is in an unstable state in which routing loops and black holes (both described later) can occur. The time it takes for the internetwork to reconverge is known as the convergence time. The convergence time varies based on the routing protocol and the type of failure — downed link or downed router.

For more information about convergence, see “Impact of Routing Loops and Black Holes During Convergence” later in this section, and see “How RIP Works” and “How OSPF Works” in How Unicast IPv4 Routing Protocols and Services Work.

Routing Protocols Used Between and Within Autonomous Systems

Autonomous systems (described earlier in “IPv4 Routing Infrastructure”) use two types of routing protocols to update routing information:

  • The protocols used to distribute routing information between two or more autonomous systems are known as Exterior Gateway Protocols (EGPs).

  • The protocols used to distribute routing information within a single autonomous system are known as Interior Gateway Protocols (IGPs).

The following figure depicts two autonomous systems using interior and exterior protocols to communicate.

Autonomous systems usage of IGPs and EGPs

EGPs are inter–autonomous system routing protocols. EGPs define the way that all routes within the autonomous system are advertised outside of the autonomous system. Routers that connect autonomous systems to the Internet backbone use an EGP to advertise routing information to each other. Advertising can include a list of routes in a flat routing infrastructure or a list of summarized routes in a hierarchical routing infrastructure.

EGPs are independent of the IGPs used within an autonomous system and can enable the exchange of routes between autonomous systems that use different IGPs.

The EGPs for IP internetworks include:

  • Exterior Gateway Protocol (EGP). An obsolete EGP that was developed to communicate information between autonomous systems on the Internet. Although EGP is the eponym for the generic protocol type for inter-autonomous system routing protocols, it is no longer used on the Internet because it cannot support multipath environments or classless routing. EGP was defined in the now obsolete RFC 904, “Exterior Gateway Protocol.”

  • Border Gateway Protocol (BGP). The EGP that is currently used to communicate information between autonomous systems on the Internet. The Internet is a large IP internetwork divided into several autonomous systems that are connected by the Internet’s core routers, which use BGP for communication among themselves. BGP uses autonomous system numbers (ASNs) to avoid routing loops and to implement policy-based routing on the Internet backbone. Unlike its obsolete predecessor EGP, BGP supports complex multipath networks and classless routing. BGP is defined in RFC 1771, “A Border Gateway Protocol 4 (BGP-4)” and RFC 1772, “Application of the Border Gateway Protocol in the Internet” in the IETF RFC Database.

The Windows Server 2003 Routing and Remote Access service does not include EGP or BGP.

IGPs are intra–autonomous system routing protocols. Routers use an IGP to forward routing information to the other routers within the autonomous system. IGPs can distribute routes within the autonomous system in either a flat or hierarchical manner.

The IGPs for IP internetworks include:

  • RIP for IP. An RFC-based distance vector IGP.

  • OSPF. An RFC-based link state IGP.

  • IGRP. A distance vector IGP developed by Cisco Systems, Inc.

The Windows Server 2003 Routing and Remote Access service includes RIP and OSPF, but it does not include a version of IGRP. For detailed information about RIP and OSPF, see the next section, “Common IGP Dynamic Routing Protocols,” and see the companion document How Unicast IPv4 Routing Protocols and Services Work.

A third-party software vendor can develop a version of IGRP that works with the Routing and Remote Access service. For information about Microsoft platform software development kits (SDKs) that provide application programming interfaces (APIs) useful for third-party developers who create software that interacts with Windows Server 2003, including the Routing and Remote Access service, see “IPv4 and Routing and Remote Access APIs” in How Unicast IPv4 Routing Protocols and Services Work.

Common IGP Dynamic Routing Protocols

The most common types of dynamic routing protocols used within a single autonomous system are:

  • Distance vector routing protocols

  • Link state routing protocols

A distance vector routing protocol, such as RIP v2, is more appropriate for a relatively small, simple network that is not expected to grow rapidly. For a large, complex internetwork, a link state routing protocol, such as OSPF, is more appropriate. You must use RIP v2 or OSPF to support VLSM and route summarization. Although the outdated RIP v1 is still widely used in private networks, it does not support either VLSM or route summarization and thus is not well suited for enterprise networks.

Note

The Windows Server 2003 Routing and Remote Access service does not support the dynamic routing protocols RIPng (the version of RIP for IPv6) or OSPF for IPv6. However, a computer running Windows Server 2003 can act as a static IPv6 router, and it is possible to route IPv6 traffic over an IPv4 internetwork using an IPv6 transition technology. For information about Windows Server 2003 support for static IP routing in an IPv6 environment, see “How IPv6 Works” in IPv6 Technical Reference.

Understanding how distance vector and link state routing protocols work is essential to choosing the type of dynamic routing that best suits your network needs. The primary differences between distance vector and link state routing protocols include:

  • What routing information is exchanged

  • How the information is exchanged

  • How quickly the internetwork can recover from a downed link or a downed router

Distance Vector Dynamic Routing Protocols

A router that uses distance vector routing protocols, the earliest type of dynamic routing protocol, advertises the routes in its routing table to other routers at regular intervals. The routing information that is periodically exchanged between routers by using distance vector routing protocols is typically unsynchronized and unacknowledged.

A distance vector routing protocol advertises the number of hops to a network destination (the distance) and the direction in which a packet can reach a network destination (the vector). The distance vector algorithm, also known as the Bellman-Ford algorithm, enables a router to pass route updates to its neighbors at set intervals. Each neighbor then adds its own distance value and forwards the routing information on to its immediate neighbors. The result of this process is a table containing the cumulative distance to each network destination.

The following table lists several common distance vector routing protocols based on three major routable network protocols.

Common Distance Vector Dynamic Routing Protocols

Routable Network Protocol Distance Vector Dynamic Routing Protocol

IP

Routing Information Protocol (RIP) for IP versions 1 and 2 (RIP v1 and RIP v2)

Interior Gateway Routing Protocol (IGRP)

IPX

Routing Information Protocol (RIP) for IPX

AppleTalk

Routing Table Maintenance Protocol (RTMP)

The Windows Server 2003 Routing and Remote Access service includes RIP v1 and RIP v2 for IP and RTMP for AppleTalk. Windows Server 2003 Routing and Remote Access does not include IGRP or RIP for IPX.

The advantages of distance vector dynamic routing protocols include:

  • Simpler. Distance vector routing protocols use simple router advertisement processes that are easy to understand.

  • Easy to configure. In its most basic form, configuring a distance vector routing protocol is as easy as enabling the protocol on the router interfaces.

The disadvantages of distance vector dynamic routing protocols include:

  • Large routing tables. Multiple routes to a specific network ID appear as multiple entries in the routing table. In a large internetwork with multiple paths, the IP routing table can have hundreds or thousands of entries.

    This disadvantage is eliminated in some RIP router implementations, including Windows Server 2003, which store only one route — the route with the lowest metric — for any subnet in the routing table.

  • High network traffic overhead. Route advertising is done at periodic intervals, even (unnecessarily) after the internetwork has converged.

  • Does not scale. Because of the size of the routing table and the high network traffic overhead, distance vector routing protocols do not scale well to large or very large internetworks.

  • High convergence time. Because of the unsynchronized and unacknowledged way that distance vector information is exchanged, convergence of the internetwork can take several minutes. During convergence, routing loops and black holes can occur and result in lost or undeliverable data.

For more information about the RIP distance vector routing protocol, see the section “How RIP Works” in How Unicast IPv4 Routing Protocols and Services Work.

A router that uses a link state dynamic routing protocol, such as OSPF, stores information about the state of each link between itself and other routers. Link state routing protocols address some of the limitations of distance vector routing protocols. The most important of these improvements is that link state dynamic routing protocols enable faster convergence than distance vector routing protocols.

Unlike distance vector routing protocols, which broadcast updates to all routers at regularly scheduled intervals, link state routing protocols provide updates only when a network link changes state. When such an event occurs, a notification called a link state advertisement (LSA) is sent throughout the network to update routing tables. LSAs, which include the router network IDs, are sent at startup and again any time that changes in the internetwork topology are detected. Link state updates are sent by using unicast or multicast traffic rather than by broadcasting. Link state routers build a database of LSAs and use the database to calculate the routing table. Routing information exchanged between link state dynamic routers is synchronized and acknowledged.

Link state routing protocols are more reliable and require less bandwidth than do distance vector routing protocols. However, link state routing protocols are also more complex, more memory-intensive, and place a greater load on the CPU of a router.

The following table lists two major link state routing protocols used on internetworks based on two major routable network protocols.

Routable Network Protocol Link State Dynamic Routing Protocol

IP

Open Shortest Path First (OSPF)

IPX

NetWare Link Services Protocol (NLSP)

The Windows Server 2003 Routing and Remote Access service includes OSPF; it does not include NLSP.

The advantages of link state dynamic routing protocols include:

  • Smaller routing tables. Only a single optimal route for each network ID is stored in the routing table.

  • Low network traffic overhead. Routers that use a link state dynamic routing protocol exchange less routing information after the internetwork has converged than do distance vector dynamic routing protocols. For example, after convergence OSPF sends only Hello packets at regular intervals. Unlike distance vector routing protocols, which broadcast updates to all routers at regularly scheduled intervals, link state routing protocols provide updates (in the form of an LSA) only when a network link changes state.

  • Ability to scale. Because of smaller routing tables and low network traffic overhead, link state routing protocols scale well to large and very large internetworks.

  • Lower convergence time. Link state routing protocols have a much lower convergence time than distance vector routing protocols. An internetwork that uses link state routing protocols converges without producing routing loops.

The disadvantages of link state dynamic routing protocols include:

  • Complexity. Link state routing protocols are more complex and difficult to understand than distance vector routing protocols.

  • More time needed to configure. A link state routing protocol implementation requires additional planning and configuration.

  • Resource intensive. For very large internetworks, the database of LSAs and the calculation of routing table entries can be memory and processor intensive.

For more information about the OSPF link state dynamic routing protocol, see the section “How OSPF Works” in How Unicast IPv4 Routing Protocols and Services Work.

Impact of Routing Loops and Black Holes During Convergence

Routing problems can occur when either a host routing table or a router routing table contains information that does not reflect the correct topology of the internetwork. On an internetwork that uses dynamic routing, the routing internetwork must reconfigure itself to reflect the new topology whenever a link or router fails. The internetwork is in an unstable state during the period of time it takes for convergence to take place — during this period of time, routing loops and black holes can occur.

Routing loops

During the routing process, packets are forwarded by the sending host and then by one or more routers in the optimal direction as determined by information in each node’s local routing table. If the routing table entries on all routers are correct, a unicast packet takes the best path from the source node to the destination node. However, if any routing table entry is incorrect, either through configuration errors or through learned routes that do not accurately reflect the topology of the internetwork, routing loops can occur.

A routing loop is a path through the internetwork that runs in a circle instead of reaching the intended destination. A routing loop occurs when routers forward traffic to each other in a loop that does not include the network segment of the destination.

The following figure illustrates an example of a routing loop that occurs when inaccurate information is stored in local routing tables.

Routing loop

In this example:

  • According to the routing table on Router 1, the optimal route to Network 10 is through Router 2.

  • According to the routing table on Router 2, the optimal route to Network 10 is through Router 3.

  • According to the routing table on Router 3, the optimal route to Network 10 is through Router 1.

The result would be an infinite loop — except that routable protocols use a counter in the network layer header of the packet to prevent the packet from perpetually looping. Each time a router passes the packet from one network segment to another, the router either increases or decreases the counter. If the count reaches its maximum value (when increasing) or reaches 0 (when decreasing), the packet is discarded by the router. For example, when an IP node sends an IP packet, IP sets a maximum link count in the Time to Live (TTL) field in the IP header. Each IP router crossed by the packet decreases the TTL value in the packet by one. When the TTL value is 0, the IP router discards the packet and sends an ICMP Time Exceeded-TTL Exceeded in Transit message back to the sending node from which the packet originated.

One common type of routing loop can be avoided by ensuring that neighboring routers are not configured with default routes that point to each other: that is, on each router, the default route (0.0.0.0, 0.0.0.0) must not have the Default gateway field configured with the IP address of the other router. Because a default route passes all traffic that is not on a directly connected network to the configured router, routers that have default routes pointing to each other can produce routing loops for traffic with an unreachable destination.

By typing ping -i 255 IP_address at a command prompt, you can initiate the detection of a possible routing loop. The -i parameter sets the TTL value in the ICMP Echo message. If the command results in the message TTL Expired In Transit, this indicates a possible routing loop. By typing tracert IP_address at a command prompt, you can then confirm that a routing loop exists if the output displays a set of repeating router IP addresses.

Black holes

The IP protocol is a connectionless, datagram-based protocol, which, by definition, does not guarantee a successful delivery. IP attempts a best effort, unacknowledged delivery to the next hop or to the final destination, which can lead to conditions on the internetwork in which data is lost.

If a downstream router fails and the failure is not detected by an upstream router, the upstream router continues to forward packets to the failed router. Because the failed downstream router does not receive the packets, the packets forwarded by the upstream router are dropped from the internetwork. The upstream router is said to be sending packets to a black hole, which is defined as a case in which packets on an internetwork are lost without any indication of an error.

In the following figure, Router 1 is not informed that Router 2 has failed and, therefore, continues to forward packets to Router 2. Router 2 is now a black hole because the packets are dropped and no error message is returned to Router 1.

Routing black hole

A black hole can form when a link or router fails, and the failure is not yet detected. In a dynamic routing environment, routers detect failed links or failed routers when the lifetime of learned routes expires in their routing tables. In a static routing environment, a black hole persists until the functionality of the link or router is restored or until the static routers are reconfigured by the network administrator.

Black holes can also occur when an active router discards packets without indicating why the packets are discarded. For example, a Path Maximum Transmission Unit (PMTU) black hole router discards IP packets that need to be fragmented without returning a message to the sender indicating the error. A PMTU black hole router silently discards IP packets that require fragmentation if the Don't Fragment (DF) flag in the IP header of the received packet is set to 1. PMTU black hole routers can be difficult to detect because packets of smaller sizes are forwarded.

One of the disadvantages of distance vector dynamic routing protocols, such as RIP, is that, on a large internetwork, several minutes might be required for convergence to occur. This delay can allow routing loops or black holes to occur during convergence.

Link state dynamic routing protocols provide more robust protection against black holes and routing loops. For example, OSPF prevents routing loops due to unsynchronized databases by not advertising links until the routers at each end of a link have synchronized their databases. OSPF also reduces the occurrence of black holes caused by one-way links by not including links in its database until the links are known to be bidirectional.

Ranking Route Sources

On a network that uses multiple sources of routing information, route sources are ranked in order of preference. If two or more route sources provide a route to the same destination, the route learned by the route source with a lower rank number is the preferred route. One reason that route sources must be ranked — either by accepting the default ranks or by reordering them — is because metric definitions differ for different route sources, including the RIP and OSPF routing protocols. Rather than trying to reconcile these dissimilar metrics, the router uses the route learned from the most preferred route source.

For example, if you configure a Routing and Remote Access router to use both RIP and OSPF, the Routing and Remote Access service adds both RIP-learned routes and OSPF-learned routes to the Route Table Manager (RTM) IP routing table. If you specify that the metric of an OSPF-learned route is 5 and that the metric of the corresponding RIP-learned route is 3, and if OSPF is the preferred routing protocol, RTM adds only the OSPF route to the IP forwarding table.

Warning

If you enable both RIP and OSPF on the same router, make sure that you configure each routing protocol on a separate interface, each connecting to a different network.

If you use Windows Server 2003 Routing and Remote Access routers, you can modify the default preference levels for the following route sources in the Routing and Remote Access snap-in by navigating to the IP Routing\General node in the console tree and selecting the Preference Levels tab on the General Properties page:

  • Local.

  • Static, which refers to a static route assigned to a demand-dial interface that is added by using the Routing and Remote Access snap-in.

  • Static (non demand-dial), which refers to a static route assigned to a LAN interface that is added by using the Routing and Remote Access snap-in.

  • Auto-static.

  • Network Management, such as SNMP, which refers to a static route assigned to a LAN interface that is added by using the route add command-line tool. You cannot use route add to add a route for a demand-dial interface.

  • OSPF.

  • RIP v2.

Alternatively, you can specify the relative preference level of any of these route sources by using the netsh routing ip set preferenceforprotocol command.

The following resources contain additional information that is relevant to this section.