Documentos de Académico
Documentos de Profesional
Documentos de Cultura
This article explains how routing tables work and how to troubleshoot routing
problems in Windows-based networks.
In the first article of this series, I outlined a structured approach for troubleshooting
TCP/IP networking issues on Windows-based networks. Key to this structured
approach was three things:
I displayed these items as a bullet list instead of a numbered list because network
troubleshooting generally isn't as easy as 1-2-3. In other words, it's often more of an
art (i.e. based on intuition) than a science (based on a methodology).
At the foundation of TCP/IP networking is the routing table, a data construct on each
host on a TCP/IP network. Routing tables serve the following three purposes:
• They are used to store the information about other subnets on the network and
how you can reach hosts on these networks.
• They are used to determine which host (called the next-hop IP address) each
packet should be forwarded to in order to reach the host this packet is
ultimately destined for.
• They are used to determine which network interface (called the next-hop
interface) should be used to forward this packet so it gets to its ultimate
destination.
To display this routing table, you open a command prompt window and type route
print at the command line. Let's take this table apart so we can understand how it
works.
Each routing entry (or route) in the routing table is comprised of five fields:
1. Windows first takes each route from the table in turn and performs a bitwise
AND between the destinations address in the packet (172.16.11.80) and the
bitmask (Netmask) of the selected route. Here are the results, where each route
in the table is identified by its network destination:
2. For each route, the result of this ANDing is then compared with the Network
Destination field of the route, and a match means the route can be used to
forward the packet to its destination address. If more than one match is found,
Windows uses the route with the longest match (the route whose Netmask has
the highest number of 1 bits). If this doesn't result in a unique match, Windows
uses the match that has the lowest cost (Metric). Finally, if more than one
match has the same lowest cost, Windows arbitrarily chooses one of them as
the route to use. From the table above, you can see that this ANDing process
results in two matches (routes 1 and 3) so Windows chooses the one that has
the longest match, which is row 3. The result of all this is that Windows now
knows which route to use to get this packet to its destination. Here’s what this
route looks like in the server's routing table:
Network Netmask Gateway Interface Metric
Destination
172.16.11.0 255.255.255.0 172.16.11.30 172.16.11.30 20
Clearly, condition A is the case here since the route's Gateway field (172.16.11.30) is
the address assigned to the server's single network card. Windows therefore
determines that the destination address is on the local subnet and that means Windows
can send the packet directly to that address without needing to forward it to any
routers. So in this case, Windows simply sends the packet to 172.16.11.80 using the
server's 172.16.11.30 network interface, and the receiving host gets it.
Example 2: Destination Host on Remote Subnet
Now let's go through the same process, but this time let's say the server is trying to
send the packet to a host on a different subnet, say a host with the address
172.16.10.200. In other words, the packet has a source address of 172.16.11.30 and a
destination address of 172.16.10.200. Here's how Windows uses its routing table to
decide which route to use this time:
1. Windows takes each route from the table and performs a bitwise AND
between the destination address in the packet (172.16.10.200) and the bitmask
(Netmask) of the route. The results this time are like this:
2. For each route, the result of ANDing is compared with the Network
Destination field of the route, and a match means the route can be used to
forward the packet to its destination address. From our second table above,
you can see this time that there is only one match i.e. row one where the
route's Network Destination field 0.0.0.0 matches the result of the AND
action. So the route that Windows will use to forward the packet to its
destination will be the following route:
In this situation, you probably have either a corrupt routing table or an invalid
persistent route in your routing table. Persistent routes are routes you add manually to
the table using the route -p add command and which persist across reboots since their
values are stored in the registry. If you add routes that are invalid, they can produce
strange results, though most often they simply result in traffic being dropped
mysteriously.
On the other hand, if the destination host is on a remote subnet and Windows
forwards the packet to a router (the default gateway address) and this router can't
select a route, then what usually happens in this case is that the route returns an ICMP
message of "Destination Unreachable – Host Unreachable" to the host that sent the
packet. In this case, TCP will notify upper layers and some sort of error message will
be displayed.
In either situation, a useful way to proceed is to examine the routing tables on the
sending host and any intermediate routers along the way to the destination host, and
see if these routing tables are consistent or look corrupted. A corrupted routing table
can be restored (at least on Windows machines) by resetting the TCP/IP stack using
the netsh int ip reset command, see KB299357 for details. Note that this reset
operation does not remove persistent routes you've added to your routing table.
Conclusion
Now that you know a bit about how routing tables work and how to troubleshoot
them, in the next article we'll look at more complex examples such as servers with
multiple addresses and several network cards.