Understanding routing table
How does the packet know where to go from the host computer, whether it’s a desktop workstation or home router to the destination? The answer is the routing table (also called the forwarding table), which contains rules, on where to send the packet, based on the destination IP address. Every hop in the route to the final destination, contains a routing table, to decide where to forward the packet next.
What does the routing table contains?
Viewing the routing table is pretty straightforward. Under Linux, using: netstat -r -n or route -n will do the trick. In other OS there must be similar tools.
Here is the output from the netstat running on the local machine:
netstat -r -n
| Destination | Gateway | Genmask | Flags | MSS | Window | irtt | Iface |
|---|---|---|---|---|---|---|---|
| 0.0.0.0 | 192.168.0.1 | 0.0.0.0 | UG | 0 | 0 | 0 | wlp2s0 |
| 169.254.0.0 | 0.0.0.0 | 255.255.0.0 | U | 0 | 0 | 0 | wlp2s0 |
| 172.17.0.0 | 0.0.0.0 | 255.255.0.0 | U | 0 | 0 | 0 | docker0 |
| 192.168.0.0 | 0.0.0.0 | 255.255.255.0 | U | 0 | 0 | 0 | wlp2s0 |
The most important fields here are Destination, Gateway, Genmask, and Iface, all others are added to show some table-related information and can be examined in manual.
Let’s go over the main fields:
Destination
This field can be anything, the network, particular host, or multi-cast address. This field is matched with the IP address from the source packet to choose what route to take. What does 0.0.0.0 address means? This address has different meanings in a different context, when used in the destination field, it indicates that if nothing matched in the routing table, then you use this one.
Gateway
This field is used to tell whether the destination is on the local network, in this case, it can be directly forwarded to the destination host, otherwise, if it’s on a remote network, then it must be sent to the gateway address, which uses it’s own routing table and will forward data-gram further. What does 0.0.0.0 address means in the gateway? It says that the destination host is directly connected to the network and no need to use a gateway router.
Genmask
A bit mask that is used in combination with a data-gram IP address to find the appropriate entry in a routing table destination field and use the gateway field to decide where to send data.
Iface
The network interface that is used the send the data. In the output above, the wlp2s0 indicates the Wireless card and docker0 is what the name says, the network interface used for Docker.
Do hosts have routing tables?
A better question would be - why do they contain the routing table? Isn’t only the router need to use this table? The reason why hosts need a routing table is to move traffic on the local network, if the destination address is not on the LAN, then we need to send a packet to the gateway, otherwise, just use the destination MAC address and send the packet directly to the destination host.
How routing table is updated?
The routing table can be updated manually (static) or using protocols that are used to find networks and update routing tables on routers (dynamic). A network with a limited number of gateways is a good candidate for static routing. Routes can be added/deleted using route command. Static routing is static, it’s not adjusted to network changes, if it’s needed to react to network changes then dynamic routing is a way to go. Dynamic routing is achieved using routing protocols that can reflect network changes (destination not reachable, new best route available, etc) in the routing table and must be used in large networks if more than one route is can be used to reach the destination.