There is no doubt that one of the most important functions of the Internet protocol (IP) is that of routing. The datagrams that are routed by IP can be generated either on the local host or another remote device. If they are generated from a remote host, then in order to process the datagram it must be configured as a router because otherwise the data will simply be dropped.
The routing principles lie at the hear of understanding how the actual routing works. All the decisions made by IP are driven by the information stored in the routing tables of the various network enabled devices. Here’s the main step sthat IP performs when it’s looking through these tables:
- Look for matching host address
- Look for matching network address
- Look for a default Entry ( normally specified with a network id of 0 in the routing table)
IP will always look in this order ie it will use a matching host address before it uses the network address or the default entry. The actual routing is done by IP when it searches the through the addresses in the routing table and decide which interface that the packet should be distributed on. This is known as the routing mechanism, which is a different concept than the routing policy which is a ruleset which decides which routes can be added to the tables.
It’s easier to understand if you realise these are two distinct functions, IP performs the routing mechanism whereas the daemon on the device is responsible for the routing policy.
To see the routing table it obviously is dependent on what sort of device you are connected to. However on Unix and Windows systems you can use the commands like netstat. If you use the -r option you can list the routing table which is currently active on that device, and the -n option will allow the IP addresses to be printed in numeric format instead of as names. This can be easier to follow especially if you’re on a host where you can learn how to change IP address quickly and rotate the connection.
When you use this command on a Unix or Linux system, the netstat command will search the /etc/networks file to look for network names, these are different from hostnames. Each line will have a variety of different information regarding each route and one of the most important with regards to troubleshooting is that of the flags. These help determine whether a route is up and the destination of that route. There are flags which identify the destination and also how the route was created or modified e.g. from a redirect.
Normally these can be quite straight forward however there are some situations where these flags are essential to figure out what it actually happening. A simple routing table can actually get quite complicated especially if the host is doing any sort of redirection or proxying, For example if a host was using a VPN perhaps like the one demonstrated here when watching the BBC News online, then the routing tables will be one of the only ways you can identify the actual destination. If you just looked at the traffic the destination would simply be the VPN or proxy however that will redirect the connection through to it’s real destination.