Routing Basics
Part of Networking
How packets find their way from source to destination across multiple networks.
Why This Matters
A single Ethernet switch can connect devices on the same network segment, but it cannot forward traffic between different networks. Routing — the process of forwarding packets from one network to another — is what enables communication across the internet and between different subnets within an organization.
Understanding routing is essential for network design and troubleshooting. When a packet cannot reach its destination, the problem is usually in the routing: missing routes, incorrect routes, or routing loops. Diagnosing these problems requires understanding how routers make forwarding decisions and how routing information is distributed.
Routing is also the key to network security and traffic management. Firewalls, VPNs, load balancers, and traffic shaping all work by manipulating routing decisions. You cannot understand these systems without understanding the routing they sit on top of.
What a Router Does
A router is a device with two or more network interfaces, each on a different network. When a packet arrives on one interface, the router reads the destination IP address and looks it up in a routing table. The routing table maps destination prefixes to outbound interfaces and next-hop addresses. The router forwards the packet out the appropriate interface toward the destination.
The key distinction between a router and a switch: a switch makes forwarding decisions based on MAC addresses and operates within a single network segment. A router makes forwarding decisions based on IP addresses and operates between network segments. In the TCP/IP model, switches operate at Layer 2 (Data Link), routers at Layer 3 (Network).
Every general-purpose computer can function as a router with the appropriate software configuration. Linux has full routing capabilities built in; enabling IP forwarding with sysctl net.ipv4.ip_forward=1 allows the Linux kernel to forward packets between interfaces. This makes it practical to build a router from any commodity hardware.
Routing Tables
The routing table is the data structure a router uses to make forwarding decisions. Each entry in the table has three key fields: a destination prefix (a network address and mask indicating which destinations this entry matches), a next-hop address (the address of the next router to forward to) or an interface (the interface to send out if the destination is directly connected), and a metric (the cost of this route, used when multiple routes to the same destination exist).
To forward a packet, the router looks up the destination IP address in the routing table by finding the entry with the longest matching prefix (the most specific entry that matches the destination). If the destination is 192.168.1.50 and the routing table has entries for 192.168.0.0/16 and 192.168.1.0/24, the router uses the /24 entry because it is more specific (longer prefix).
If no entry matches the destination, the router looks for a default route (0.0.0.0/0 in IPv4, ::/0 in IPv6). The default route matches everything and is used when no more specific route exists. Most routers have a default route pointing toward an upstream provider that can reach all internet destinations.
In Linux, view the routing table with ip route show or route -n. A typical home or small office routing table has a few entries: one for each directly connected network, and a default route pointing to the upstream router (the gateway).
Static and Dynamic Routing
Static routing means routes are manually configured by an administrator. The router follows the configured routes until an administrator changes them. Static routing is simple to understand, predictable, and appropriate for small networks with stable topology.
Static routing has a significant weakness: it does not adapt to topology changes. If a link fails, the router continues using the route through the failed link (because nothing told it the link failed) and packets are lost until an administrator manually updates the routing table. For networks that require resilience or that are too large for manual management, dynamic routing is needed.
Dynamic routing protocols allow routers to exchange information about the networks they know about and automatically compute forwarding paths. When a link fails, the routers detect the failure, exchange updated topology information, and recompute routes to avoid the failed link — all automatically.
OSPF (Open Shortest Path First) is the standard interior routing protocol for organizations. Each router learns the complete topology of the network (by exchanging Link State Advertisements with all other routers) and independently computes the shortest path to every destination using Dijkstra’s algorithm. OSPF converges quickly after topology changes (typically seconds) and scales to networks with hundreds of routers.
BGP (Border Gateway Protocol) is the exterior routing protocol used on the internet between organizations. Unlike OSPF’s shortest path metric, BGP makes routing decisions based on policy — organizations configure BGP to prefer routes from certain providers, avoid routing through certain countries, or prefer cheaper links over faster ones.
Default Gateway
The default gateway is the router that a host sends packets to when the destination is not on the host’s local network. Every end device needs a default gateway configured to reach any destination outside its own subnet.
When a host has a packet to send, it first checks if the destination is on the same subnet (by comparing the destination address with its own address and subnet mask). If so, it sends directly to the destination. If not, it sends to its default gateway, which handles routing to remote destinations.
The default gateway must be a router on the same subnet as the host — the host cannot send the packet to a router it cannot directly reach. A common configuration error is setting the default gateway to an address on a different subnet, which causes all off-subnet traffic to fail.
DHCP typically provides the default gateway along with the IP address and subnet mask, eliminating the need for manual configuration on each client machine.
IP Subnetting
A subnet (subnetwork) is a logical subdivision of an IP network. Subnetting allows a large network address space to be divided into smaller pieces, each assigned to a specific location or function.
A subnet is described by a network address and a subnet mask (or equivalently, a CIDR prefix length). The subnet mask identifies which bits of the IP address are the network portion (same for all addresses in the subnet) and which bits are the host portion (unique for each address). A /24 subnet has 24 network bits and 8 host bits, providing 256 addresses (254 usable — the first is the network address, the last is the broadcast address).
Subnetting serves several purposes: it limits broadcast traffic (broadcasts reach all devices in a subnet but do not cross routers), enables access control at subnet boundaries (firewalls and routing policies can be applied at subnet boundaries), and organizes the address space to match the physical or organizational structure of the network.
For practical subnetting, start by deciding how many hosts each subnet needs and how many subnets you need. A /24 subnet provides 254 hosts — appropriate for a floor in a building or a department. A /28 subnet provides 14 hosts — appropriate for a server room. A /30 subnet provides 2 hosts — the minimum for a point-to-point link between two routers.
Routing Troubleshooting
Traceroute (tracert on Windows, traceroute on Linux) is the primary tool for diagnosing routing problems. It sends a series of packets with increasing TTL values, causing each router along the path to send an ICMP Time Exceeded response. By collecting these responses, traceroute reveals each hop on the path from source to destination, including the round-trip time to each hop.
A traceroute that stops at a specific hop indicates that hop is either the problem (the router is not forwarding further) or that the next hop is not responding to ICMP. Comparing traceroutes from different sources helps distinguish a routing problem from a firewall blocking ICMP.
If traffic to a destination fails completely, check: does the routing table have an entry for the destination (including through the default route)? Is the next-hop router reachable (can you ping it)? Is the destination network reachable from the next-hop router? A systematic hop-by-hop check identifies exactly where forwarding breaks down.