Building Internet Firewalls

Building Internet FirewallsSearch this book
Previous: C.10 Internet Routing ArchitectureAppendix C
TCP/IP Fundamentals
Next: C.12 Protocols, Ports, and Sockets
 

C.11 The Routing Table

Gateways route data between networks but all network devices, hosts as well as gateways, must make routing decisions. For most hosts, the routing decisions are simple:

Because routing is network oriented, IP makes routing decisions based on the network portion of the address. The IP module determines the network part of the destination's IP address by checking the high-order bits of the address to determine the address class. The address class determines the portion of the address IP uses to identify the network. If the destination network is the local network, the local subnet mask is applied to the destination address.

After determining the destination network, the IP module looks up the network in the local routing table.[6] Packets are routed toward their destination as directed by the routing table. The routing table may be built by the system administrator or by routing protocols, but the end result is the same; IP routing decisions are simple table look-ups.

[6] This table is also called the forwarding table.

On a UNIX system, you can display the routing table's contents with the netstat -nr command. The -r option tells netstat to display the routing table, and the -n option tells netstat to display the table in numeric form. It's useful to display the routing table in numeric form because the destination of most routes is a network, and networks are usually referred to by network numbers.

The netstat command displays a routing table containing the following fields:

Destination

The destination network (or host)

Gateway

The gateway to use to reach the specified destination.

Flags

The flags describe certain characteristics of this route. The possible flag values are:

U:

Indicates that the route is up and operational.

H:

Indicates this is a route to a specific host (most routes are to networks).

G:

Means the route uses a gateway. The system's network interfaces provide routes to directly connected networks. All other routes use remote gateways. Directly connected networks do not have the G flag set; all other routes do.

D:

Means that this route was added because of an ICMP redirect. When a system learns of a route via an ICMP redirect, it adds the route to its routing table, so that additional packets bound for that destination will not need to be redirected. The system uses the D flag to mark these routes.

Refcnt

Shows the number of times the route has been referenced to establish a connection.

Use

Shows the number of packets transmitted via this route.

Interface

The name of the network interface.[7]

[7] The network interface is the network access hardware and software that IP uses to communicate with the physical network.

The two fields important for our current discussion are the destination and gateway fields. The following is a sample routing table:

peanut% netstat -nr
Routing tables
Destination Gateway       Flags Refcnt       Use  Interface 
127.0.0.1  127.0.0.1       UH      1         298         lo0 
default     128.66.12.1    UG      2       50360         le0 
128.66.12.0 128.66.12.2    U      40      111379         le0 
128.66.2.0  128.66.12.3    UG      4        1179         le0 
128.66.1.0  128.66.12.3    UG     10        1113         le0
128.66.3.0  128.66.12.3    UG      2        1379         le0
128.66.4.0  128.66.12.3    UG      4        1119         le0

The first table entry is the loopback route for the local host. This is the loopback address mentioned earlier as a reserved network number. Because every system uses the loopback route to send datagrams to itself, this entry is in every host's routing table. The H flag is set because it is a route to a specific host (127.0.0.1), not a route to an entire network (127.0.0.0).

Another unique entry in the routing table is the entry with the word "default" in the destination field. This entry is for the default route, and the gateway specified in this entry is the default gateway. The default gateway is used whenever there is no specific route in the table for a destination network address. For example, this routing table has no entry for network 192.178.16.0. If IP receives any datagrams addressed to this network, it will send the datagram via the default gateway 128.66.12.1.

You can tell from the sample routing table display that this host (peanut) is directly connected to network 128.66.12.0. The routing table entry for that network does not specify an external gateway; i.e., the routing table entry for 128.66.12.0 does not have the G flag set. Therefore, peanut must be directly connected to that network.

All of the gateways that appear in a routing table are on networks directly connected to the local system. In the sample shown above this means that, regardless of the destination address, the gateway addresses all begin with 128.66.12. This is the only network to which peanut is directly attached, and therefore it is the only network to which peanut can directly deliver data. The gateways that peanut uses to reach the rest of the Internet must be on peanut's subnet.

Figure 13.20 shows how routing works on our imaginary network. The IP layer of each host and gateway is replaced by a small piece of a routing table, showing destination networks and the gateways used to reach those destinations. When the source host (128.66.12.2) sends data to the destination host (128.66.1.2), it first determines that 128.66.1.2 is the local network's class B address and applies the subnet mask. (Network 128.66.0.0 is subnetted using the mask 255.255.255.0; this could also be written as 128.66.0.0/24.) After applying the subnet mask, IP knows that the destination's network address is 128.66.1.0. The routing table in the source host shows that data bound for 128.66.1.0 should be sent to gateway 128.66.12.3. Gateway 128.66.12.3 makes direct delivery thorough its 128.66.1.5 interface. Examining the routing tables shows that all systems list only gateways on networks they are directly connected to. Note that 128.66.12.1 is the default gateway for both 128.66.12.2 and 128.66.12.3. But because 128.66.1.2 cannot reach network 128.66.12.0 directly, it has a different default route.

Figure 13.20: Table-based routing

Figure 13.20

A routing table does not contain end-to-end routes. A route only points to the next gateway, called the next hop, along the path to the destination network. The host relies on the local gateway to deliver the data, and the gateway relies on other gateways. As a datagram moves from one gateway to another, it should eventually reach one that is directly connected to its destination network. It is this last gateway that finally delivers the data to the destination host.


Previous: C.10 Internet Routing ArchitectureBuilding Internet FirewallsNext: C.12 Protocols, Ports, and Sockets
C.10 Internet Routing ArchitectureBook IndexC.12 Protocols, Ports, and Sockets