Network Routing Basics

APLawrence.com - Resources for Unix and Linux Systems, Bloggers and the self-employed

Network Routing Basics

We've seen how TCP/IP addresses combined with netmasks determine networks. For example, 192.168.200.83 and 192.168.201.35 are on separate networks if the netmask is 255.255.255.0 (a class C netmask).

If this concept isn't completely clear to you, go back and review.

See Networks 101 and Advanced TCP and CIDR

So, let's say that 192.168.200.83 is our server, and 192.168.201.35 is a Windows machine. Again, it's a class C netmask (255.255.255.0), so there is going to have to be a router in the network. That router is going to have to have one port on the 192.168.200 network, and one on the 192.168.201 network.

How that happens depends on the router, but usually these things get configured initially by connecting to a serial port, and typing commands to set addresses and protocols on the other network ports. For the purposes of this article, we'll assume that the router has one port addressed at 192.168.200.1 and another at 192.168.201.1 (it's very common for routers to use the "1" address).

Starting at the Win machine, it needs to have a route so that it can get off its network (192.168.201) to the server's network (192.168.200). You'd do this in Settings->Control Panel ->Networks. Under the Properties for TCP/IP, you'd find a tab for Gateway. Here you'd enter the address of the router port on your network. That's 192.168.201.1 because the Win machine is on the 192.168.201 network.

If you dropped out to DOS and typed "ping 192.168.200.83" (that's the server address) before setting that gateway, you'd get "Destination host unreachable" (from a Unix machine you would get "No route to host"). After making this setting (and rebooting the machine, you'll get "Request timed out" instead.

See Why "no route to host" when it can be pinged? also.

The problem is that the Win machine knows how to get to the server through the router, but the server doesn't know how to get back. The server needs a route to get to the 192.168.200 network.

So we need to do it there, also. If the server were a SCO Unix machine, we might type "route add default 192.168.200.1" (on older SCO you'd do "route add 192.168.201.0 192.168.200.1 0".

Note that we are saying our route goes to 192.168.201.0, not to a specific address: the .0 says we're giving a route to the whole network. If this were a class A network (255.0.0.0 netmask) we'd use route add 10.0.0.0, etc.

Linux is similar, but you need "gw" in there: "route add default gw 192.168.200.1"

NT is similar to Win, though in both cases you can also issue "route add" commands at the command prompt. With NT and (I think) , doing this adds the routing information to the registry, so it sticks through a reboot. On SCO, that's not the case. You'll need to add the commands to a start-up file (/etc/rc2.d/S99route, for example: it doesn't exist, but you can create it) or modify the /etc/gateways file (see 'man routed'for the syntax of that file). The disadvantage of /etc/gateways is that it is used by routed, so if you are not running routed, that won't work.

You could also modify /etc/tcp and add your routes after it sets up its default routes. That has the disadvantage of modifying a system file: an upgrade will overwrite that.

SCO 5.0.4 adds a /etc/rc2.d/S90iproute script that reads /usr/internet/etc/sco_ip/routes. It's the Internet Manager that can add info to that file, but there's no reason you can't do it manually. The format is simple:

# comments are ok
# simple form
net default 10.1.1.3
# it's smart enough to delete the previous default
net default 192.168.1.2 
# routes to specific hosts
host 192.168.1.8 10.1.1.7
# netmasks optional
net 192.168.1.0 10.1.1.3 255.255.255.0
# if field 1 isn't host or net, it's ignored
happiness 172.16.80.10 10.1.1.1
sanjose 172.16.80.10 10.1.1.1

Another advantage of this script is that when called with "stop" (/etc/rc2.d/S90iproute stop), it will delete the routes listed in the file.

Beginning with 5.0.6, you can add the default route in /etc/default/tcp. Just modify the GATEWAY= line, and /etc/tcp will read that. DON'T DO THIS ON PRIOR RELEASES; /etc/tcp doesn't look for that until 5.0.6

So how does the OS know where to send a packet when you have more than one card in your machine such as when you have DS internet access and an internal network? You may not have realized this, but that's routing.

The OS "knows" by the addresseses and netmask you have put on the cards.

Lets say you have two cards: your internal network card which is 192.168.2.10 with a mask of 255.255.255.0, and your external card which gets a DHCP address that's real, but let's pretend that right this minute it's 64.xyz,xyz.12 again with a 255.255.255.0 mask.

If you "ping 192.168.2.27" (some other machine on your internal network, the only place that packet will be sent to is your 192.168.2.10 card.

If you ping something on the network of the other card, that's where those packets will go.

So what if you ping something else like "132.xyz.xyz.89" ? That's where your default route comes into play. It might, for example, be 64.xyz,xyz.1. It *has* to be something on one of the networks defined by your cards. It could not be "144.xyz.xyz.1" for instance because you have no such network. So, if it were 64.xyz.xyz.1, the packets would go out your 64. interface and find their way to that router, which presumably can get them to the 132 address, either directly or by sending them along somewhere else.

You can see this stuff in action by using "traceroute"

Here's a traceroute from my machine to world.std.com

 1  65.96.8.1 (65.96.8.1)  12.640 ms  23.976 ms  12.765 ms
 2  65.96.8.1 (65.96.8.1)  12.103 ms  13.057 ms  12.767 ms
 3  24.128.9.177 (24.128.9.177)  12.732 ms  12.472 ms  12.177 ms
 4  SRP2-0-NDHMMA1-RTR01.necore.mediaone.net (24.91.0.55)  13.177 ms  22.586 ms  11.567 ms
 5  12.125.33.21 (12.125.33.21)  16.168 ms  14.617 ms  16.164 ms
 6  gbr1-p60.cb1ma.ip.att.net (12.123.40.138)  15.968 ms  21.932 ms  19.366 ms
 7  gbr3-p70.cb1ma.ip.att.net (12.122.5.53)  14.354 ms  16.152 ms  20.548 ms
 8  gbr4-p10.n54ny.ip.att.net (12.122.2.13)  40.957 ms  25.775 ms  19.749 ms
 9  ggr1-p370.n54ny.ip.att.net (12.123.1.125)  22.161 ms  20.915 ms  18.146 ms
10  att-gw.ny.uu.net (192.205.32.178)  49.996 ms  21.813 ms  20.946 ms
11  0.so-5-2-0.XL1.NYC8.ALTER.NET (152.63.19.54)  20.369 ms  21.435 ms  19.783 ms
12  0.so-3-0-0.XR1.NYC8.ALTER.NET (152.63.19.30)  20.199 ms  20.250 ms  20.146 ms
13  283.ATM7-0.XR1.BOS1.ALTER.NET (152.63.16.181)  30.349 ms  30.457 ms  29.981 ms
14  191.ATM7-0.GW3.BOS1.ALTER.NET (146.188.177.209)  35.961 ms  26.439 ms  40.353 ms
15  Boston-STD.std.com (192.74.137.80)  43.999 ms  61.854 ms  50.184 ms
16  world.std.com (192.74.137.5)  63.528 ms  81.948 ms  84.958 ms

No route to host

It's important to understand that this message doesn't necessarily come from the system that tried to get somewhere. It comes from the machine doesn't know how to get to the next stop. If your own routing table is incorrect, then it's you. If you can get to at least the next hop (as seen in a traceroute), then the "no route" message comes from them, not you. That could mean you have the wrong gateway route, but it could also mean that they do. See Telnet: route to host for a detailed explanation.

See also :

Networking 101

Advanced TCP

CIDR

Got something to add? Send me email.

(OLDER) <- More Stuff -> (NEWER) (NEWEST)

Printer Friendly Version

Home

Unix Articles

-> Network Routing Basics

8 comments

Inexpensive and informative Apple related e-books:

Take Control of Numbers

Take Control of IOS 11

Take Control of Apple Mail, Third Edition

Digital Sharing Crash Course

Take Control of High Sierra

To keep things saved after a reboot for NT/2K, you must specify:

route add -p 192.168.2.1 mask 255.255.255.0 192.168.1.1

The -p should save the route in the registry.

- Bruce Garlock

Tue Apr 5 18:03:07 2011: 9431 Martin

Thanks for this overview.
I was hoping that I could set up routing from my XP machine so that when I am connected to a VPN, I could still access my email on the internet by routing packets through the default interface connection, but this does not seem to work. Your comment about the server not knowing how to get back made me think that maybe that is the reason, but then how am I able to access my email if not connected to the VPN?

Tue Apr 5 20:19:52 2011: 9432 TonyLawrence

Most vpn's that I have used offer a choice of leaving the gateway alone or sending through the VPN. Are you sure you didn't just miss that in the set up?

Thu May 26 09:41:09 2011: 9513 anonymous

I have the same problem (wish :-)).
I am sure there is no way to enable it in client. So, is there any way to do it using routing?

Thu May 26 11:02:47 2011: 9514 TonyLawrence

You can set your route to anything you want. However, it's still up to that machine whether or not it will route your packets and return the results to you.

Sat Apr 27 13:54:45 2013: 12048 Bell

Hello everyone!!

I have Within my network some users that have need to access to another LAN in order to access that LAN INTRANET for work purposes.

Thats how my LAN design is: ROUTER��ASA��TMG��LOCAL LAN.
SO My local LAN uses a DHCP server for distribuiting IP ADD on 192.168.1.0/24.

These user normally goes to that specific INTRANET www6.minfin.gv.ao through internet.

The thing is, i want those users to still get access to the www6.minfin.gv.ao even if there�s no internet connection, so they can access minfin intranet and keep there job going.

So we got a Router, that is connected to a dedicated telefone line, that connect to the Minfin like a frame relay. in that router two interface i have the following configuration that where done by the Minfin:

So this is what is configured on the Fa to Minfin

172.30.4.34 www6.minfin.gv.ao
172.30.4.33 www7.minfin.gv.ao
192.168.251.142 www12.minfin.gv.ao

And on ther Fa is 192.168.1.25. thats the interface that connects to my LAN.

On the other side, we have to configure manually a static route in the ROUTE PRINT

Verificar e adicionar rotas est�ticas.

Route print

Caso n�o haja rotas est�ticas, adicionar manualmente
Route add -p 172.30.4.34 mask 255.255.255.255 192.168.1.25
Route add -p 172.30.4.33 mask 255.255.255.255 192.168.1.25
Route add -p 192.168.251.142 mask 255.255.255.255 192.168.1.25

So the thing is, i use DHPC to address LAN ip addressing,

How can my internal PCs still access the www6.minfin.gv.ao INTRANET even is theres no internet?

What other configuration i must do and where?

Please help

Bell

Sat Apr 27 14:05:39 2013: 12049 TonyLawrence

Don't have them use the public IP. Set www6.minfin.gv.ao in /etc/hosts with its internal LAN address.

------------------------

Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Printer Friendly Version

Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth. (Arthur Conan Doyle)

Linux posts

Troubleshooting posts

This post tagged:

Basics

Networking

Routing

Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode