Chapter 5 – IP Routing
Published: February 08, 2005 | Updated: April 18, 2006
Writer: Joe Davies
Abstract
This chapter describes how IPv4 and IPv6 forward packets from a source to a destination and the basic concepts of routing infrastructure. A network administrator must understand routing tables, route determination processes, and routing infrastructure when designing IP networks and troubleshooting connectivity problems.
For a download of the entire "TCP/IP Fundamentals for Microsoft Windows" online book, which contains a version of this chapter that has been updated for Windows Vista and Windows Server 2008, click here.
Chapter Objectives
IP Routing Overview
IPv4 Routing
IPv6 Routing
Routing Tools
Chapter Summary
Chapter Glossary
After completing this chapter, you will be able to:
Define the basic concepts of IP routing, including direct and indirect delivery, routing tables and their contents, and static and dynamic routing.
Explain how IPv4 routing works with the TCP/IP component of Windows®, including routing table contents and the route determination process.
Define IPv4 route aggregation and route summarization.
Configure Windows hosts, static routers, and dynamic routers for routing.
Define network address translation and how it is used on the Internet.
Explain how IPv6 routing works with the IPv6 component of Windows, including routing table contents and the route determination process.
Configure hosts and static routers for the IPv6 component of Windows.
Define the use of the Route, Netsh, Ping, Tracert, and Pathping tools in IPv4 and IPv6 routing.
IP routing is the process of forwarding a packet based on the destination IP address. Routing occurs at a sending TCP/IP host and at an IP router. In each case, the IP layer at the sending host or router must decide where to forward the packet. For IPv4, routers are also commonly referred to as gateways.
To make these decisions, the IP layer consults a routing table stored in memory. Routing table entries are created by default when TCP/IP initializes, and entries can be added either manually or automatically.
Forwarded IP packets use at least one of two types of delivery based on whether the IP packet is forwarded to the final destination or whether it is forwarded to an IP router. These two types of delivery are known as direct and indirect delivery.
Direct delivery occurs when the IP node (either the sending host or an IP router) forwards a packet to the final destination on a directly attached subnet. The IP node encapsulates the IP datagram in a frame for the Network Interface layer. For a LAN technology such as Ethernet or Institute of Electrical and Electronic Engineers (IEEE) 802.11, the IP node addresses the frame to the destination’s media access control (MAC) address.
Indirect delivery occurs when the IP node (either the sending host or an IP router) forwards a packet to an intermediate node (an IP router) because the final destination is not on a directly attached subnet. For a LAN technology such as Ethernet or IEEE 802.11, the IP node addresses the frame to the IP router’s MAC address.
End-to-end IP routing across an IP network combines direct and indirect deliveries.
In Figure 5-1, when sending packets to Host B, Host A performs a direct delivery. When sending packets to Host C, Host A performs an indirect delivery to Router 1, Router 1 performs an indirect delivery to Router 2, and then Router 2 performs a direct delivery to Host C.
Figure 5-1 Direct and indirect delivery
A routing table is present on every IP node. The routing table stores information about IP destinations and how packets can reach them (either directly or indirectly). Because all IP nodes perform some form of IP routing, routing tables are not exclusive to IP routers. Any node using the TCP/IP protocol has a routing table. Each table contains a series of default entries according to the configuration of the node, and additional entries can be added manually, for example by administrators that use TCP/IP tools, or automatically, when nodes listen for routing information messages sent by routers.
When IP forwards a packet, it uses the routing table to determine:
The next-hop IP address
For a direct delivery, the next-hop IP address is the destination address in the IP packet. For an indirect delivery, the next-hop IP address is the IP address of a router.
The next-hop interface
The interface identifies the physical or logical interface that forwards the packet.
A typical IP routing table entry includes the following fields:
Destination
Either an IP address or an IP address prefix.
Prefix Length
The prefix length corresponding to the address or range of addresses in the destination.
Next-Hop
The IP address to which the packet is forwarded.
Interface
The network interface that forwards the IP packet.
Metric
A number that indicates the cost of the route so that IP can select the best route, among potentially multiple routes to the same destination. The metric sometimes indicates the number of hops (the number of links to cross) in the path to the destination.
Routing table entries can store the following types of routes:
Directly-attached subnet routes
Routes for subnets to which the node is directly attached. For directly-attached subnet routes, the Next-Hop field can either be blank or contain the IP address of the interface on that subnet.
Remote subnet routes
Routes for subnets that are available across routers and are not directly attached to the node. For remote subnet routes, the Next-Hop field is the IP address of a neighboring router.
Host routes
A route to a specific IP address. Host routes allow routing to occur on a per-IP address basis.
Default route
Used when a more specific subnet or host route is not present. The next-hop address of the default route is typically the default gateway or default router of the node.
For IP packets to be efficiently routed between routers on the IP network, routers must either have explicit knowledge of remote subnet routes or be properly configured with a default route. On large IP networks, one of the challenges that you face as a network administrator is how to maintain the routing tables on your IP routers so that IP traffic travels along the best path and is fault tolerant.
Routing table entries on IP routers are maintained in two ways:
Manually
Static IP routers have routing tables that do not change unless a network administrator manually changes them. Static routing requires manual maintenance of routing tables by network administrators. Static routers do not discover remote routes and are not fault tolerant. If a static router fails, neighboring routers do not detect the fault and inform other routers.
Automatically
Dynamic IP routers have routing tables that change automatically when the routers exchange routing information. Dynamic routing uses routing protocols, such as Routing Information Protocol (RIP) and Open Shortest Path First (OSPF), to dynamically update routing tables. Dynamic routers discover remote routes and are fault tolerant. If a dynamic router fails, neighboring routers detect the fault and propagate the changed routing information to the other routers on the network.
Dynamic routing is the automatic updating of routing table entries to reflect changes in network topology. A router with dynamically configured routing tables is known as a dynamic router. Dynamic routers build and maintain their routing tables automatically by using a routing protocol, a series of periodic or on-demand messages that contain routing information. Except for their initial configuration, typical dynamic routers require little ongoing maintenance and, therefore, can scale to larger networks. The ability to scale and recover from network faults makes dynamic routing the better choice for medium, large, and very large networks.
Some widely used routing protocols for IPv4 are RIP, OSPF, and Border Gateway Protocol 4 (BGP-4). Routing protocols are used between routers and represent additional network traffic overhead on the network. You should consider this additional traffic if you must plan WAN link usage.
When choosing a routing protocol, you should pay particular attention to its ability to sense and recover from network faults. How quickly a routing protocol can recover depends on the type of fault, how it is sensed, and how routers propagate information through the network. When all the routers on the network have the correct routing information in their routing tables, the network has converged. When convergence is achieved, the network is in a stable state, and all packets are routed along optimal paths.
When a link or router fails, the network must reconfigure itself to reflect the new topology by updating routing tables, possibly across the entire network. Until the network reconverges, it is in an unstable state. The time it takes for the network to reconverge is known as the convergence time. The convergence time varies based on the routing protocol and the type of failure, such as a downed link or a downed router.
The Routing and Remote Access service in the Microsoft Windows Server™ 2003 operating systems supports the RIP and OSPF IPv4 routing protocols but no IPv6 routing protocols.
Typical IP routing protocols are based the following technologies:
Distance Vector
Distance vector routing protocols propagate routing information in the form of an address prefix and its “distance” (hop count). Routers use these protocols to periodically advertise the routes in their routing tables. Typical distance vector-based routers do not synchronize or acknowledge the routing information they exchange. Distance vector-based routing protocols are easier to understand and configure, but they also consume more network bandwidth, take longer to converge, and do not scale to large or very large networks.
Link State
Routers using link state-based routing protocols exchange link state advertisements (LSAs) throughout the network to update routing tables. LSAs consist of address prefixes for the networks to which the router is attached and the assigned costs of those networks. LSAs are advertised upon startup and when a router detects changes in the network topology. Link state-based routers build a database of LSAs and use the database to calculate the optimal routes to add to the routing table. Link state-based routers synchronize and acknowledge the routing information they exchange.
Link state-based routing protocols consume less network bandwidth, converge more quickly, and scale to large and very large networks. However, they can be more complex and difficult to configure.
Path Vector
Routers use path vector–based routing protocols to exchange sequences of autonomous system numbers that indicate the path for a route. An autonomous system is a portion of a network under the same administrative authority. Autonomous systems are assigned a unique autonomous system identifier. Path vector–based routers synchronize and acknowledge the routing information they exchange. Path vector–based routing protocols consume less network bandwidth, converge more quickly, and scale to networks the size of the Internet. However, they can also be complex and difficult to configure.
IPv4 routing is the process of forwarding an IPv4 packet based on its destination IPv4 address. IPv4 routing occurs at a sending IPv4 host and at IPv4 routers. The forwarding decision is based on the entries in the local IPv4 routing table.
Computers running current versions of Windows and the supplied TCP/IP protocol use an IPv4 routing table. The IPv4 routing table stores information about destinations and how packets can reach them. The table contains a series of default entries based on the configuration of the node. You can add entries with TCP/IP tools (such as the Route.exe tool) or use a routing protocol to dynamically add routes.
When an IPv4 packet is sent or forwarded, IPv4 uses the IPv4 routing table to determine:
The next-hop IPv4 address
For a direct delivery (in which the destination is a neighboring node), the next-hop IPv4 address is the destination IPv4 address in the packet. For an indirect delivery (in which the destination is not a neighboring node), the next-hop address is the IPv4 address of a router.
The next-hop interface
The next-hop interface is either a physical interface (for example, a network adapter) or a logical interface (for example, a tunneling interface) that IPv4 uses to forward the packet.
After the next-hop address and interface are determined, the packet is passed to the Address Resolution Protocol (ARP) component of TCP/IP. For LAN technologies such as Ethernet and IEEE 802.11, ARP attempts to resolve the link-layer address (also known as the MAC address) for the next-hop address and forward the packet by using the next-hop interface.
The following are the fields of an IPv4 routing table entry for the TCP/IP component of Windows:
Destination
Can be either an IPv4 address or an IPv4 address prefix. For the IPv4 routing table of the TCP/IP component of Windows, this column is named Network Destination in the display of the route print command.
Network Mask
The prefix length expressed in subnet mask (dotted decimal) notation. The subnet mask is used to match the destination IPv4 address of the outgoing packet to the value in the Destination field. For the IPv4 routing table of the TCP/IP component of Windows, this column is named Netmask in the display of the route print command.
Next-Hop
The IPv4 address to which the packet is forwarded. For the IPv4 routing table of the TCP/IP component of Windows, this column is named Gateway in the display of the route print command. For direct deliveries, the Gateway column lists the IPv4 address assigned to an interface on the computer.
Interface
The network interface that is used to forward the IPv4 packet. For the IPv4 routing table of the TCP/IP component of Windows, this column contains an IPv4 address assigned to the interface.
Metric
A number used to indicate the cost of the route so that the best route, among potentially multiple routes to the same destination, can be selected. The metric can indicate either the number of links in the path to the destination or the preferred route to use, regardless of number of links.
IPv4 routing table entries can store the following types of routes:
Directly attached subnet routes
For directly attached subnet routes, the Next-Hop field is the IPv4 address of the interface on that subnet.
Remote subnet routes
For remote subnet routes, the Next-Hop field is the IPv4 address of a neighboring router.
Host routes
For IPv4 host routes, the destination is a specific IPv4 address, and the network mask is 255.255.255.255.
Default route
The default route is used when a more specific subnet or host route is not found. The default route destination is 0.0.0.0 with the network mask of 0.0.0.0. The next-hop address of the default route is typically the default gateway of the node.
IPv4 uses the following process to determine which routing table entry to use for forwarding:
For each entry in the routing table, IPv4 performs a bit-wise logical AND operation between the destination IPv4 address and the Network Mask field. The result is compared with the Destination field of the entry for a match.
As described in Chapter 4, "Subnetting," the result of the bit-wise logical AND operation is:
For each bit in the subnet mask that is set to 1, copy the corresponding bit from the destination IPv4 address to the result.
For each bit in the subnet mask that is set to 0, set the corresponding bit in the result to 0.
IPv4 compiles the list of matching routes and selects the route that has the longest match (that is, the route with the highest number of bits set to 1 in the subnet mask). The longest matching route is the most specific route to the destination IPv4 address. If the router finds multiple routes with the longest matches (for example, multiple routes to the same address prefix), the router uses the lowest metric to select the best route. If the metrics are the same, IPv4 chooses the interface that is first in the binding order.
You can view and modify the binding order from Network Connections by clicking Advanced and then Advanced Settings. The binding order appears under Connections on the Adapters and Bindings tab, as Figure 5-2 shows.
Figure 5-2 The binding order on the Adapters and Bindings tab
When the route determination process is complete, IPv4 has selected a single route in the routing table. If this process fails to select a route, IPv4 indicates a routing error. A sending host internally indicates an IPv4 routing error to an upper layer protocol, such as TCP or UDP. A router sends an Internet Control Message Protocol (ICMP) Destination Unreachable-Host Unreachable message to the sending host and discards the packet.
After determining the single route in the routing table with which to forward the packet, IPv4 determines the next-hop address and interface from the following:
If the address in the Next-Hop field is an address that is assigned to an interface on the forwarding node (a direct delivery):
IPv4 sets the next-hop address to the destination IPv4 address of the IPv4 packet.
IPv4 sets the next-hop interface to the interface that is assigned the address in the Interface field.
If the address in the Next-Hop field is not an address that is assigned to an interface on the forwarding node (an indirect delivery):
IPv4 sets the next-hop address to the IPv4 address in the Next-Hop field.
IPv4 sets the next-hop interface to the interface that is assigned the address in the Interface field.
The following is the display of the route print or netstat –r command on a computer that is running Windows Server 2003 or Microsoft Windows XP and that:
Has a single network adapter.
Is configured with the IPv4 address 157.60.136.41, subnet mask 255.255.252.0 (/22), and a default gateway of 157.60.136.1.
Does not have IPv6 installed.
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 b0 d0 e9 41 43 ...... 3Com EtherLink PCI
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 157.60.136.1 157.60.136.41 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
157.60.136.0 255.255.252.0 157.60.136.41 157.60.136.41 20
157.60.136.41 255.255.255.255 127.0.0.1 127.0.0.1 20
157.60.255.255 255.255.255.255 157.60.136.41 157.60.136.41 20
224.0.0.0 240.0.0.0 157.60.136.41 157.60.136.41 1
255.255.255.255 255.255.255.255 157.60.136.41 157.60.136.41 1
Default Gateway: 157.60.136.1
===========================================================================
Persistent Routes:
None
The display lists two interfaces. One interface corresponds to an installed network adapter (3Com EtherLink PCI), and the other is an internal loopback interface (MS TCP Loopback Interface).
This routing table contains the following entries based on its configuration:
The first entry, network destination of 0.0.0.0 and network mask (netmask) of 0.0.0.0 (/0), is the default route. Any destination IPv4 address that is bit-wise logically ANDed with 0.0.0.0 results in 0.0.0.0. Therefore, the default route is a match for any destination IPv4 address. If the default route is the longest matching route, the next-hop address is 157.60.136.1, and the next-hop interface is the network adapter that is assigned the IPv4 address 157.60.136.41 (the 3Com EtherLink PCI adapter).
The second entry, network destination of 127.0.0.0 and netmask of 255.0.0.0 (/8), is the loopback network route. For all packets that are sent to an address of the form 127.x.y.z, the next-hop address is set to 127.0.0.1 (the loopback address), and the next-hop interface is the interface that is assigned the address 127.0.0.1 (the MS TCP Loopback interface).
The third entry, network destination of 157.60.136.0 and netmask of 255.255.252.0 (/22), is a directly attached subnet route. If this route is the longest matching route, the next-hop address is set to the destination address in the packet, and the next-hop interface is set to the 3Com EtherLink PCI adapter.
The fourth entry, network destination of 157.60.136.41 and netmask of 255.255.255.255 (/32), is a host route for the IPv4 address of the host. For all IPv4 packets sent to 157.60.136.41, the next-hop address is set to 127.0.0.1, and the next-hop interface is the MS TCP Loopback interface.
The fifth entry, network destination of 157.60.255.255 and netmask of 255.255.255.255 (/32), is a host route that corresponds to the all-subnets directed broadcast address for the class B address prefix 157.60.0.0/16. For all IPv4 packets sent to 157.60.255.255, the next-hop address is set to 157.60.255.255, and the next-hop interface is the 3Com EtherLink PCI adapter.
The sixth entry, network destination of 224.0.0.0 and netmask of 240.0.0.0 (/4), is a route for multicast traffic that this host sends. For all multicast packets, the next-hop address is set to the destination address, and the next-hop interface is set to the 3Com EtherLink PCI adapter.
The seventh entry, network destination of 255.255.255.255 and netmask of 255.255.255.255 (/32), is a host route that corresponds to the limited broadcast address. For all IPv4 packets sent to 255.255.255.255, the next-hop address is set to 255.255.255.255, and the next-hop interface is the 3Com EtherLink PCI adapter.
The routes associated with the IPv4 address configuration are automatically assigned a metric of 20, based on the link speed of the 3Com EtherLink PCI adapter. For more information, see "Default Route Metric" in this chapter.
The following are examples of how this routing table helps determine the next-hop IPv4 address and interface for several destinations:
Unicast destination 157.60.136.48
The longest matching route is the route for the directly attached subnet (157.60.136.0/22). The next-hop IPv4 address is the destination IPv4 address (157.60.136.48), and the next-hop interface is the network adapter that is assigned the IPv4 address 157.60.136.41 (the 3Com EtherLink PCI adapter).
Unicast destination 192.168.0.79
The longest matching route is the default route (0.0.0.0/0). The next-hop IPv4 address is the default gateway address (157.60.136.1), and the next-hop interface is the 3Com EtherLink PCI adapter.
Multicast destination 224.0.0.1
The longest matching route is the 224.0.0.0/4 route. The next-hop IPv4 address is the destination IP address (224.0.0.1), and the next-hop interface is the 3Com EtherLink PCI adapter.
Subnet broadcast destination 157.60.139.255
The longest matching route is the route for the directly attached subnet (157.60.136.0/22). The next-hop IPv4 address is the destination IPv4 address (157.60.139.255), and the next-hop interface is the 3Com EtherLink PCI adapter.
Unicast destination 157.60.136.41
The longest matching route is the host route for the locally assigned IPv4 address (157.60.136.41/32). The next-hop IPv4 address is the loopback address (127.0.0.1), and the next-hop interface is the MS TCP Loopback interface.
A static router uses manually configured routes to reach remote destinations. Figure 5-3 shows a simple static routing configuration.
Figure 5-3 Simple static IPv4 routing configuration
In Figure 5-3:
Router A has only local connections to subnets 1 and 2. As a result, hosts on subnet 1 can communicate with hosts on subnet 2 but not with hosts on subnet 3.
Router B has only local connections to subnets 2 and 3. Hosts on subnet 3 can communicate with hosts on subnet 2 but not with hosts on subnet 1.
To route IPv4 packets to other subnets, you must configure each static router with one of the following:
An entry in the routing table for each subnet prefix in the network.
A default gateway address of a neighboring router.
Figure 5-4 shows an example of configuring entries in static routers for all subnet prefixes in the network. The routes in bold numbers were manually added to the routing tables of both routers.
Figure 5-4 Example of static IPv4 routing entries
In Figure 5-4:
A static entry is created in the routing table for Router A with subnet 3’s subnet prefix (131.107.24.0/24) and the IP address (131.107.16.1) of the interface that Router A uses to forward packets from subnet 1 to subnet 3.
A static entry is created in the routing table for Router B with subnet 1’s subnet prefix (131.107.8.0/24) and the IP address (131.107.16.2) of the interface that Router B uses to forward packets from subnet 3 to subnet 1.
With dynamic routing, routers automatically exchange routes to known networks with each other. If a route changes, routing protocols automatically update a router's routing table and inform other routers on the network of the change. Network administrators typically implement dynamic routing on large IP networks because it requires minimal maintenance.
Figure 5-5 shows an example in which each router has automatically added a route for a remote subnet (in bold) by using dynamic routing.
Figure 5-5 Example of dynamic IPv4 routing entries
Dynamic routing for IPv4 requires an IPv4 routing protocol such as RIP, OSPF, or BGP-4.
RIP for IPv4 is a distance vector routing protocol that has its origins in the Xerox Network Services (XNS) version of RIP. This routing protocol became popular due to its inclusion in Berkeley UNIX (starting with BSD 4.2) as the RouteD server daemon. (A daemon is similar to a Windows service.) Two versions of RIP support IPv4. RFC 1058 defines RIP version 1 (v1), and RFC 1723 defines RIP version 2 (v2).
Open Shortest Path First (OSPF) is a link state routing protocol that runs as an Interior Gateway Protocol (IGP) to a single autonomous system. In a link state routing protocol, each router maintains a database of router advertisements (LSAs). LSAs for routers within the AS consist of information about a router, its attached subnets, and their configured costs. An OSPF cost is a unitless metric that indicates the preference of using a link. Summarized routes and routes outside of the AS also have LSAs. RFC 2328 defines OSPF.
The router distributes its LSAs to its neighboring routers, which gather them into a database called the link state database (LSDB). By synchronizing LSDBs between all neighboring routers, each router has each other router's LSA in its database. Therefore, every router has the same LSDB. From the LSDB, OSPF calculates the entries for the router's routing table by determining the least cost path, which is the path with the lowest accumulated cost, to each subnet in the network.
Border Gateway Protocol 4 (BGP-4) is a path vector routing protocol that RFC 1771 defines. Unlike RIP and OSPF, which perform within an autonomous system, BGP-4 is designed to exchange information between autonomous systems. BGP-4 routing information is used to create a logical path tree, which describes all the connections between autonomous systems. The path tree information is then used to create loop-free routes in the routing tables of BGP-4 routers. BGP-4 messages use TCP port 179. BGP-4 is the primary protocol used to maintain routing tables on the IPv4 Internet.
A static router does not exchange routing information with dynamic routers. To route from a static router through a dynamic router (such as an IPv4 router that is enabled for RIP or OSPF), you will need to add a static route to the routing tables on both the static and dynamic routers. As Figure 5-6 shows:
To route packets from subnet 1 to the rest of the intranet, the routing table for Router A must include manually configured routes for subnet 3 (131.107.24/0/8) and for the rest of the intranet (10.0.0.0/8).
To route packets from subnet 2 and 3 to the rest of the intranet, the routing table for Router B must include manually configured routes for subnet 1 (131.107.8.0/24) and for the rest of the intranet (10.0.0.0/8).
To route packets from subnet 3 and the rest of the intranet to subnets 1 and 2, the routing table for the RIP router must include manually configured routes for subnet 1 (131.107.8.0/24) and subnet 2 (131.107.16.0/8).
Figure 5-6 Integrating static and dynamic routing
The routing tables in Figure 5-6 do not show the routes for directly attached subnets or other routes learned by the RIP router.
Routing protocols can propagate the individual routes for each subnet on an IPv4 network to each router. However, when a network grows very large with hundreds or thousands of subnets, you might need to configure your routers or routing protocols to advertise aggregate or summarized routes, rather than all of the routes within a region of your network.
For example, a specific site of a large private network uses the subnets 10.73.0.0/24 to 10.73.255.0/24 (up to 256 subnets). Rather than having the routers at the edge of the site advertise up to 256 routes, you can configure them to instead advertise a single route: 10.73.0.0/16. This single route summarizes the entire address space used by the site.
Figure 5-7 shows an example of how routes can be summarized at various sites of an organization intranet.
Figure 5-7 Example of summarizing routes
The advantage of summarizing the address space of the site is that only a single route must be advertised outside the site, lowering the number of routes in the routing tables of routers outside the site. Another advantage is that the rest of the IPv4 network is protected from route flapping, which is the propagation of routing updates when networks become available or unavailable. The disadvantage to route summarization is that traffic destined to unreachable addresses within the summarized address space crosses more routers before being discarded.
For example, if the 10.73.252.0/24 address prefix was not assigned to any subnet (it was an address prefix reserved for a future subnet) and the routers on the edge of the site advertised the 10.73.0.0/16 address prefix, then traffic destined to 10.73.252.19 would be forwarded all the way to the routers at the edge of the site before being discarded. If the address space of the site was not summarized and the individual routes for the subnets of the site were propagated to all the routers of the IPv4 network, the router on the sending host's subnet would discard the traffic.
RIP, OSPF, and BGP-4 support route summarization. You can also summarize when configuring static routes.
With the recent growth of the Internet, it became clear to the Internet authorities that the class B address prefixes would soon be depleted. For most organizations, a class C address prefix does not contain enough host IDs, and a class B address prefix has enough bits to provide a flexible subnetting scheme within the organization.
To prevent the depletion of class B address prefixes, the Internet authorities devised a new method of assigning address prefixes. Rather than assigning a class B address prefix, the Internet Corporation for Assigned Names and Numbers (ICANN) assigns a range of class C address prefixes that contain enough network and host IDs for the organization’s needs. This was known as supernetting, a route summarization technique for class C address prefixes on the Internet. For example, rather than allocating a class B address prefix to an organization that has up to 2,000 hosts, ICANN allocates a range of eight class C address prefixes. Each class C address prefix accommodates 254 hosts, for a total of 2,032 host IDs.
Although this technique helps conserve class B address prefixes, it creates a different problem. Using class-based routing techniques, the routers on the Internet must have eight class C address prefix entries in their routing tables to route IP packets to the organization. To prevent Internet routers from becoming overwhelmed with routes, a technique called Classless Inter-Domain Routing (CIDR) is used to collapse multiple address prefix entries into a single entry corresponding to all of the class C address prefixes allocated to that organization.
For example, to express the situation where eight class C address prefixes are allocated starting with address prefix 220.78.168.0:
The starting address prefix is 220.78.168.0, or 11011100 01001110 10101000 00000000
The ending address prefix is 220.78.175.0, or 11011100 01001110 10101111 00000000
Note that the first 21 bits (bolded) of all the above Class C address prefixes are the same. The last three bits of the third octet vary from 000 to 111. The CIDR entry in the routing tables of the Internet routers becomes 220.78.168.0/21, or 220.78.168.0, 255.255.248.0 in subnet mask notation.
A block of addresses using CIDR is known as a CIDR block. Because prefix lengths are used to express the count, class-based address prefixes must be allocated in groups corresponding to powers of 2.
To support CIDR, routers must be able to exchange routing information in the form of [NetworkID, Prefix Length or Subnet Mask] pairs. RIP for IP version 2, OSPF, and BGP-4 support CIDR, but RIP for IP version 1 does not.
On today's Internet, the term "supernetting" is obsolete. Because the Internet no longer uses Internet address classes, distinguishing a block of Class C address prefixes as a supernetted address prefix is no longer necessary. Instead, organizations are assigned an address space without regard to the original Internet address class to which the address space originated. The address space is the summarized route for all the public addresses within the organization, whether the organization decides to subnet or not.
Windows Server 2003 supports both static and dynamic IPv4 routing. Windows XP supports only static IPv4 routing.
You can enable static routing through the following:
The IPEnableRouter registry entry
The Routing and Remote Access service
For computers running either Windows Server 2003 or Windows XP operating systems, you can enable static IPv4 routing by setting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\Tcpip\Parameters\IPEnableRouter registry entry to 1 (data type is REG_DWORD). Editing the registry is necessary only for computers running Windows XP.
For computers running Windows Server 2003, you should use the Routing and Remote Access service to enable IPv4 routing rather than setting the IPEnableRouter registry entry. To run the Routing and Remote Access Server Setup Wizard, do the following:
Click Start, click Control Panel, double-click Administrative Tools, and then double-click Routing and Remote Access.
In the console tree, right-click the server you want to enable, and then click Configure And Enable Routing and Remote Access.
Follow the instructions in the Routing and Remote Access Server Setup Wizard.
To enable simple IPv4 routing, choose Custom Configuration on the Configuration page and LAN Routing on the Custom Configuration page of the Routing and Remote Access Server Setup Wizard.
You can enable dynamic routing for computers running Windows Server 2003 through the Routing and Remote Access service. To do so, first configure and enable the Routing and Remote Access service as described in the previous section. Then configure RIP or OSPF routing by adding the RIP and OSPF routing protocol components and adding and configuring interfaces on which they are enabled.
For more information about configuring RIP and OSPF routing, see the topics titled "Setting up a RIP-for-IP routed internetwork" and "Setting up an OSPF routed internetwork" in Help and Support Center for Windows Server 2003.
IPv4 hosts can use the following methods to reach remote destinations:
Store a host-specific route to each remote destination. This method is obviously not practical or possible, because the routing table might have to contains thousands or, in the case of the Internet, millions of routes. The host routing table would have to change as addresses were added or removed.
Store a route to each remote subnet. Although more possible, this method is also not practical, because the routing table would still have to contain possibly hundreds or, in the case of the Internet, tens of thousands of routes. The host routing table would have to change as subnets were added or removed.
Store a single default route that effectively summarizes all of the locations that are not located on the local subnet. This method is possible and practical. Only a single route is needed and does not need to change for nodes or subnets that are added or removed from the network.
By using a default route, the knowledge of the topology of the network and the set of reachable destinations is offloaded to the routers, rather than being a responsibility of the sending host. The advantage to this method is ease of configuration.
The default gateway setting, which creates the default route in the IPv4 routing table, is a critical part of the configuration of a TCP/IP host. The role of the default gateway is to provide the host with that next-hop IPv4 address and interface for all destinations that are not located on its subnet. Without a default gateway, communication with remote destinations is not possible, unless additional routes are added to the IPv4 routing table.
You can configure a default gateway on a computer running a Windows XP or Windows Server 2003 operating system in the following ways:
When IPv4 obtains an address configuration using DHCP, the default gateway becomes the value of the first IPv4 address in the Router DHCP option. A network administrator configures this option on the DHCP server to specify an ordered list of one or more default gateways. For more information about DHCP, see Chapter 6, "Dynamic Host Configuration Protocol."
When the user specifies an alternate IPv4 address configuration, the default gateway is the IPv4 address typed in Default Gateway on the Alternate Configuration tab for the properties of the Internet Protocol (TCP/IP) component in Network Connections. You can specify only a single default gateway.
When the IPv4 address configuration is manually specified, the default gateway is the IPv4 address typed in Default Gateway on the General tab for the properties of the Internet Protocol (TCP/IP) component. To specify multiple default gateways, you must add them from the IP Settings tab in the advanced properties dialog box of the Internet Protocol (TCP/IP) component.
When the IPv4 address configuration is obtained using Automatic Private IP Addressing (APIPA), a default gateway is not configured. APIPA supports only a single subnet.
The configuration of a default gateway creates a default route in the IPv4 routing table. The default route has a destination of 0.0.0.0 with a subnet mask of 0.0.0.0. In prefix length notation, the default route is 0.0.0.0/0, which is sometimes abbreviated to 0/0. The next-hop address, also known as the Gateway address in the display of the route print command, is set to the IPv4 address of the default gateway. The next-hop interface is the interface assigned the IPv4 address in the Interface column in the display of the route print command.
Based on the route determination process, the default route matches all destinations. If no other route matches the destination more closely, IPv4 uses the default route to determine the next-hop address and interface. Default route traffic is traffic destined to a remote network but that is forwarded to the default gateway (rather than traffic destined for the default gateway's IPv4 address).
TCP/IP for Windows XP and Windows Server 2003 by default automatically calculates a metric for the default route that is based on the speed of the adapter to which the default gateway is configured. For example, for a 100 megabit per second (Mbps) Ethernet adapter, the default route metric is set to 20. For a 10 Mbps Ethernet adapter, the default route metric is set to 30. For more information, see An Explanation of the Automatic Metric Feature for Internet Protocol Routes.
To override this behavior for DHCP-assigned default gateways, use the Default Router Metric Base Microsoft-specific DHCP option, specifying Microsoft Windows 2000 Options as the vendor class. To override this behavior for manually configured default gateways, open the advanced properties dialog box for the Internet Protocol (TCP/IP) component, click the IP Settings tab, and then clear the Automatic metric check box on the TCP/IP Gateway Address dialog box for the configured default gateways. Figure 5-8 shows the TCP/IP Gateway Address dialog box.
Figure 5-8 The TCP/IP Gateway Address dialog box
ICMP Router Discovery provides an alternate method of configuring and detecting default gateways. Instead of obtaining a default gateway configuration manually or using DHCP, IPv4 can also dynamically discover the routers on a subnet. If the primary router fails, hosts can automatically switch to a backup router. When a host that supports router discovery initializes, it joins the all-systems IP multicast group (224.0.0.1) and then listens for the Router Advertisement messages that routers send to that group. Hosts can also send Router Solicitation messages to the all-routers IP multicast address (224.0.0.2) when an interface initializes to be configured immediately.
TCP/IP for Windows Server 2003 and Windows XP supports sending ICMP router solicitations and receiving ICMP router advertisements, known as host-side router discovery. This capability is disabled by default and can be enabled if you are using DHCP and the Perform Router Discovery DHCP option.
The Routing and Remote Access service in Windows Server 2003 supports sending ICMP router advertisements, known as router-side router discovery. To enable router-side ICMP router discovery, do the following:
Click Start, click Control Panel, double-click Administrative Tools, and then double-click Routing and Remote Access.
In the console tree, open Routing and Remote Access, IP Routing, and then General.
In the details pane, right-click the interface that you want to enable, and then click Properties.
On the General tab, select the Enable router discovery advertisements check box, and configure additional settings as needed.
For more information about ICMP router discovery, see the "Unicast IP Routing" chapter of the Microsoft Windows 2000 Server Resource Kit Internetworking Guide.
The Route tool adds entries to the IPv4 routing table. You can add entries for hosts or networks, and you can use IPv4 addresses or aliases. If you use aliases to specify hosts or gateways, the alias name is looked up in the Hosts file. If you use an alias to specify an address prefix, the alias name is looked up in the Networks file. Both of these files are in the %systemroot%\System32\Drivers\Etc folder.
The following are examples of how to use the Route tool to add entries to the host IPv4 routing table.
Example of adding an entry corresponding to a host IPv4 address:
route add 131.107.24.192 mask 255.255.255.255 131.107.1.1
or
route add 131.107.24.192 mask 255.255.255.255 router1
in which the Hosts file has the entry:
131.107.1.1 router1
Example of adding an entry corresponding to an address prefix:
route add 131.107.3.0 mask 255.255.255.0 131.107.1.2
or
route add network3 mask 255.255.255.255 131.107.1.2
in which the Networks file has the entry:
network3 131.107.3.0
Because the IPv4 routing table is maintained in memory, the table must be rebuilt every time the node is restarted. To maintain static routes that are not based on the node's configuration when Windows is restarted, the Route tool supports the -p option. The -p option makes the route persistent by storing it in the registry at the following location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\PersistentRoutes
RIP Listener is an optional networking component that you can install through the Network Connections folder or through the Add or Remove Programs item of Control Panel on computers running Windows XP Professional. When installed, the RIP Listener service listens for RIP v1 and RIP v2 traffic and uses the received RIP messages to update its IPv4 routing table. A computer using the RIP Listener service is known as a silent RIP host.
If you have multiple interfaces and you configure a default gateway for each interface, the default route metric, which is based on the speed of the interface, causes your fastest interface to be used for default route traffic. This behavior might be desirable in some configurations in which the computer has multiple adapters that are connected to the same network. For example, if you have a 100 Mbps Ethernet adapter and a 10 Mbps Ethernet adapter connected to the same organization intranet, you would want the default route traffic to be sent using the 100 Mbps adapter.
However, this default behavior might be a problem when the computer is connected to two or more disjoint networks (networks that do not provide symmetric reachability at the Network layer). Symmetric reachability exists when packets can be sent to and received from an arbitrary destination. For example, the Ping tool tests for symmetric reachability.
Examples of disjoint networks are the following:
Networks that have no Network layer connectivity, such as an organization intranet and a test lab that have no IPv4 router forwarding packets between them. A computer can be connected to both networks, but if no routes reach both networks and the computer connecting them is not forwarding packets, the two networks are disjoint.
A privately addressed intranet that has a routed connection to the Internet. This configuration offers asymmetric or one-way reachability. Intranet hosts can send packets to Internet hosts from private IPv4 addresses, but the return traffic cannot be delivered because routes for the private address space do not exist in the routing infrastructure of the Internet.
Connectivity to disjoint networks is important when organizations use the following:
Either a proxy server, such as Microsoft Internet Security and Acceleration (ISA) Server, or a network address translator (NAT) to connect their private intranets to the Internet. In either case, the address space of the intranet is not directly accessible to Internet hosts, regardless of whether the organization is using private or public addressing. Intranet hosts can access Internet locations indirectly through proxy or translation, but Internet hosts cannot access arbitrary intranet locations directly. Therefore, there is no symmetric reachability. This configuration is common for organizations that offer Internet connectivity to their employees.
A virtual private networking (VPN) server to allow remote users or remote sites to connect to a private intranet over the Internet. Although the VPN server is connected to both the Internet and a private intranet and is acting as a router, the configuration of packet filters on the Internet interface prevents it from accepting anything but VPN-based traffic. Internet hosts cannot directly reach intranet locations without an authenticated VPN connection.
Because the TCP/IP protocol uses only a single default route in the routing table at any one time for default route traffic, you can obtain undesirable results when default gateways are configured on multiple interfaces that are connected to disjoint networks.
For the examples of the ISA or VPN server, the default route traffic is forwarded either to the Internet or the intranet but not both. From the ISA or VPN server, all the locations on either the Internet or the intranet are reachable, but you cannot reach both at the same time. However, ISA or VPN servers require simultaneous symmetric reachability for all the locations on both the Internet and the intranet to operate properly.
When default gateways are configured on multiple interfaces, the default route that IPv4 chooses for current use is based on the following:
When the routing table contains multiple default routes with different metrics, the TCP/IP component of Windows XP and Windows Server 2003 chooses the default route with the lowest metric. If the adapters are of different speeds, the adapter with the higher speed has the lower metric by default and is used to forward default route traffic.
When the routing table contains multiple default routes with the lowest metric, the TCP/IP component of Windows XP and Windows Server 2003 uses the default route that corresponds to the adapter that is the highest in the binding order.
To prevent the problem of disjoint network unreachability, you must do the following on the ISA or VPN server:
Configure a default gateway on the interface that is connected to the network with the largest number of routes. In most configurations of disjoint networks, the Internet is the network with the largest number of routes.
Do not configure a default gateway on any other interface. Instead use static routes or dynamic routing protocols to add the routes that summarize the addresses of the other disjoint networks to the local IPv4 routing table.
For example, an ISA server is connected to the Internet and a private intranet. The private intranet uses the private IPv4 address space. To configure this server so that all locations on both disjoint networks are reachable from the ISA server, you would do the following on the ISA server:
Configure a default gateway on the network adapter connected to the Internet. This step creates a default route that points to the Internet, making all Internet locations reachable.
Add the 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 routes using the intranet-connected adapter as persistent static routes with the Route tool. This step creates the routes that summarize all the addresses of the private intranet, making all intranet locations reachable.
In this example, static routes are added. You can also configure the ISA server as a RIP or OSPF dynamic router so that, rather than summarizing the entire private IPv4 address space, subnet-specific routes are dynamically added and removed from the IPv4 routing table based on the current intranet routing topology. To use RIP or OSPF, enable and configure the Routing and Remote Access service.
A network address translator (NAT) is an IPv4 router defined in RFC 1631 that can translate the IPv4 addresses and TCP/UDP port numbers of packets as they are forwarded. For example, consider a small business network with multiple computers that connect to the Internet. This business would normally have to obtain a public IPv4 address for each computer on the network from an Internet service provider (ISP). With a NAT, however, the small business can use private addressing and have the NAT map its private addresses to a single or to multiple public IPv4 addresses.
NATs are a common solution for the following combination of requirements:
You want to leverage the use of a single connection, rather than connecting multiple computers, to the Internet.
You want to use private addressing.
You want access to Internet resources without having to deploy a proxy server.
When a private user on the small business intranet connects to an Internet resource, the TCP/IP protocol on the user’s computer creates an IPv4 packet with the following values set in the IPv4 and TCP or UDP headers (bold text indicates the fields that are affected by the NAT):
Destination IP Address: Internet resource IPv4 address
Source IP Address: Private IPv4 address
Destination Port: Internet resource TCP or UDP port
SourcePort: Source application TCP or UDP port
The sending host or another router forwards this IPv4 packet to the NAT, which translates the addresses of the outgoing packet as follows:
Destination IP Address: Internet resource IPv4 address
Source IP Address: ISP-allocated public IPv4 address
Destination Port: Internet resource TCP or UDP port
SourcePort: Remapped source application TCP or UDP port
The NAT sends the modified IPv4 packet over the Internet. The responding computer sends back a response to the NAT. When the NAT receives the packet, it contains the following addressing information:
Destination IP Address: ISP-allocated public IPv4 address
Source IP Address: Internet resource IPv4 address
DestinationPort: Remapped source application TCP or UDP port
Source Port: Internet resource TCP or UDP port
When the NAT translates the addresses and forwards the packet to the intranet client, the packet contains the following addressing information:
Destination IP Address: Private IPv4 address
Source IP Address: Internet resource IPv4 address
DestinationPort: Source application TCP or UDP port
Source Port: Internet resource TCP or UDP port
For outgoing packets, the source IPv4 address and TCP/UDP port numbers are mapped to a public source IPv4 address and a possibly changed TCP/UDP port number. For incoming packets, the destination IPv4 address and TCP/UDP port numbers are mapped to the private IPv4 address and original TCP/UDP port number.
For example a small business is using the 192.168.0.0/24 private address prefix for its intranet and its ISP has allocated it a single public IPv4 address of 131.107.0.1. When a user with the private address 192.168.0.99 on the small business intranet connects to a Web server at the IPv4 address 157.60.0.1, the user's TCP/IP protocol creates an IPv4 packet with the following values set in the IPv4 and TCP headers:
Destination IPv4 Address: 157.60.0.1
Source IPv4 Address: 192.168.0.99
TCP Destination Port: 80
TCP Source Port: 1025
The source host forwards this IPv4 packet to the NAT, which translates the addresses of the outgoing packet as follows:
Destination IPv4 Address: 157.60.0.1
Source IPv4 Address: 131.107.0.1
TCP Destination Port: 80
TCP Source Port: 5000
The NAT sends the modified IPv4 packet over the Internet. The Web server sends back a response to the NAT. When the NAT receives the response, the packet contains the following addressing information:
Destination IPv4 Address: 131.107.0.1
Source IPv4 Address: 157.50.0.1
TCP Destination Port: 5000
TCP Source Port: 80
When the NAT translates the addresses and forwards the packet to the intranet client, the packet contains the following addressing information:
Destination IPv4 Address: 192.168.0.99
Source IPv4 Address: 157.60.0.1
TCP Destination Port: 1025
TCP Source Port: 80
Figure 5-9 shows how the NAT translates incoming traffic for the configuration in this example.
Figure 5-9 An example of how a NAT translates incoming traffic
The mappings for private to public traffic are stored in a NAT translation table, which can contain two types of entries:
Dynamic mappings
Created when private network clients initiate communications. Dynamic mappings are removed from the table after a specified amount of time, unless traffic that corresponds to an entry refreshes it.
Static mappings
Configured manually so that communications initiated by Internet clients can be mapped to a specific private network address and port. Static mappings are needed when there are servers (for example, Web servers) or applications (for example, games) on the private network that you want to make available to computers that are connected to the Internet. Static mappings are not automatically removed from the NAT translation table.
The NAT forwards traffic from the Internet to the private network only if a mapping exists in the NAT translation table. In this way, the NAT provides some protection for computers that are connected to private network segments. However, you should not use a NAT in place of a fully featured firewall when Internet security is a concern.
Windows XP includes network address translation capabilities with the Internet Connection Sharing feature in the Network Connections folder. Windows Server 2003 also includes network address translation capabilities with the NAT/Basic Firewall component of Routing and Remote Access. For more information, see Chapter 13, "Internet Security Protocol (IPsec) and Packet Filtering."
An IPv6 network consists of multiple IPv6 subnets interconnected by IPv6 routers. To provide reachability to any arbitrary location on the IPv6 network, routes must exist on sending hosts and routers to forward the traffic to the intended destination. These routes can either be general routes, such as a default route that summarizes all locations, or specific routes, such as subnet routes that summarize all locations on a specific subnet.
Hosts typically use directly attached subnet routes to reach neighboring nodes and a default route to reach all other locations. Routers typically use specific routes to reach all locations within their sites and summary routes to reach other sites or the Internet. Although Router Advertisement messages automatically configure hosts with directly attached or remote subnet routes and a default route, configuring routers is more complex. You can configure a router with static routes or with routing protocols for dynamic routes.
Similar to IPv4 nodes, typical IPv6 nodes use a local IPv6 routing table to determine how to forward packets. IPv6 routing table entries are created by default when IPv6 initializes, and entries are added either through manual configuration or by the receipt of Router Advertisement messages containing on-link prefixes and routes.
A routing table is present on all nodes running the IPv6 protocol component of Windows. The routing table stores information about IPv6 address prefixes and how they can be reached (either directly or indirectly). Before checking the IPv6 routing table, IPv6 checks the destination cache for an entry matching the destination address in the IPv6 packet being forwarded. If the destination cache does not contain an entry for the destination address, IPv6 uses the routing table to determine:
The interface used for the forwarding (the next-hop interface)
The interface identifies the physical or logical interface that is used to forward the packet to either its destination or the next router.
The next-hop IPv6 address
For a direct delivery (in which the destination is on a local link), the next-hop address is the destination IPv6 address in the packet. For an indirect delivery (in which the destination is not on a local link), the next-hop IPv6 address is the address of a router.
After the next-hop interface and address are determined, IPv6 updates the destination cache. IPv6 forwards subsequent packets addressed to the destination by using the destination cache entry, rather than checking the routing table.
IPv6 routing table entries can store the following types of routes:
Directly attached subnet routes
These routes are subnet prefixes for subnets that are directly attached and typically have a 64-bit prefix length.
Remote subnet routes
Remote subnet routes can be subnet prefixes (typically with a 64-bit prefix length) or address prefixes that summarize an address space (typically with a prefix length less than 64).
Host routes
For IPv6 host routes, the route prefix is a specific IPv6 address with a 128-bit prefix length. In contrast, both types of subnet routes have prefixes that have a prefix length of 64 bits or less.
Default route
The IPv6 default route prefix is ::/0.
To determine which routing table entry is used for the forwarding decision, IPv6 uses the following process:
For each entry in a routing table, compare the bits in the address prefix to the same bits in the destination address for the number of bits indicated in the prefix length of the route. If all the bits in the address prefix match all the bits in the destination IPv6 address, the route is a match for the destination.
Compile the list of matching routes and choose the route that has the largest prefix length (the route that matched the most high-order bits with the destination address). The longest matching route is the most specific route to the destination. If multiple entries with the longest match are found (multiple routes to the same address prefix, for example), the router uses the lowest metric to select the best route. If multiple entries exist that are the longest match and the lowest metric, IPv6 can choose which routing table entry to use.
For any given destination, this procedure finds matching routes in the following order:
A host route that matches the entire destination address
A subnet or summarized route with the longest prefix length that matches the destination
The default route (the address prefix ::/0)
When the route determination process is complete, IPv6 has selected a single route in the routing table. The selected route yields a next-hop interface and address. If the sending host fails to find a route, IPv6 assumes that the destination is locally reachable. If a router fails to find a route, IPv6 sends an Internet Control Message Protocol for IPv6 (ICMPv6) Destination Unreachable-No Route to Destination message to the sending host and discards the packet.
To view the IPv6 routing table on a computer running Windows Server 2003 or Windows XP, type netsh interface ipv6 show routes at a command prompt. Here is the display of the netsh interface ipv6 show routes command for a computer that has three network adapters, that is acting as a default router for two subnets configured with global address prefixes, and that has a default route pointing to a default router on a third subnet:
Publish Type Met Prefix Idx Gateway/Interface Name
------- -------- ---- ------------------------ --- ------------------------
yes Autoconf 8 2001:db8:0:1::/64 4 Local Area Connection
yes Autoconf 8 2001:db8:0:2::/64 5 Local Area Connection 2
yes Autoconf 8 2001:db8:0:3::/64 6 Local Area Connection 3
yes Manual 256 ::/0 6 fe80::210:ffff:fed6:58c0
Each entry in the IPv6 routing table for a Windows Server 2003 or Windows XP operating system has the following fields:
Whether the route is published (advertised in a Routing Advertisement message).
The route type. Routes that user applications configure have the route type of Manual. Routes that the IPv6 protocol configures have the route type of Autoconf.
A metric used to select between multiple routes with the same prefix. The lowest metric is the most desirable closest matching route.
The prefix.
The interface index, which indicates the interface over which packets matching the address prefix are reachable.
You can view the interface indexes from the display of the netsh interface ipv6 show interface command.
A next-hop IPv6 address or an interface name.
For remote subnet routes, a next-hop IPv6 address is listed. For directly attached subnet routes, the name of the interface from which the address prefix is directly reachable is listed.
The IPv6 routing table is built automatically, based on the current IPv6 configuration of your computer. A route for the link-local prefix (FE80::/64) is never present in the IPv6 routing table.
The first, second, and third routes are for the 64-bit global address prefixes of locally attached subnets. An Ethernet network adapter named Local Area Connection (interface index 4) is connected to the subnet 2001:DB8:0:1::/64. A second Ethernet network adapter named Local Area Connection 2 (interface index 5) is connected to the subnet 2001:DB8:0:2::/64. A third Ethernet network adapter named Local Area Connection 3 (interface index 6) is connected to the subnet 2001:DB8:0:3::/64.
The fourth route is the default route (prefix of ::/0). The default route matches all destinations. If the default route is the longest matching route for the destination, the packet is forwarded to the IPv6 address FE80::210:FFFF:FED6:58C0 by using the Ethernet network adapter named Local Area Connection 3 (interface index 6).
When determining the next-hop IPv6 address from a route in the routing table, IPv6 does the following:
If the Gateway/Interface Name column of the routing table entry indicates an interface name, the destination is a neighbor, and IPv6 sets the next-hop address to the destination address of the IPv6 packet.
If the Gateway/Interface Name column of the routing table entry indicates an address (the address of a neighboring router), the destination is remote, and IPv6 sets the next-hop address to the address in the Gateway/Interface Name column.
For example, when traffic is sent to 2001:DB8:0:2:2AA:FF:FE90:4D3C, the longest matching route is the route for the directly attached subnet 2001:DB8:0:2::/64. The forwarding IP address is set to the destination address of 2001:DB8:0:2:2AA:FF:FE90:4D3C, and the interface is the interface that corresponds to interface index 5 (the Ethernet network adapter named Local Area Connection 2). When traffic is sent to 2001:DB8:0:9:2AA:FF:FE03:21A6, the longest matching route is the default route (::/0). The forwarding IP address is set to the router address of FE80::210:FFFF:FED6:58C0, and the interface is the interface that corresponds to interface index 6 (the Ethernet network adapter named Local Area Connection 3).
The following routing protocols are defined for IPv6:
RIPng for IPv6
OSPF for IPv6
Integrated Intermediate System-to-Intermediate System (IS-IS) for IPv6
BGP-4
Inter-Domain Routing Protocol version 2 (IDRPv2)
RIP Next Generation (RIPng) is a distance vector routing protocol for IPv6 that is defined in RFC 2080. RIPng for IPv6 is an adaptation of the RIP v2 protocol—defined in RFC 1723—to advertise IPv6 address prefixes. RIPng for IPv6 uses UDP port 521 to periodically advertise its routes, respond to requests for routes, and advertise route changes.
RIPng for IPv6 has a maximum distance of 15, in which 15 is the accumulated cost (hop count). Locations that are a distance of 16 or further are considered unreachable. RIPng for IPv6 is a simple routing protocol with a periodic route-advertising mechanism designed for use in small- to medium-sized IPv6 networks. RIPng for IPv6 does not scale well to a large or very large IPv6 network.
OSPF for IPv6 is a link state routing protocol defined in RFC 2740 and designed for routing table maintenance within a single autonomous system. OSPF for IPv6 is an adaptation of the OSPF routing protocol version 2 for IPv4 defined in RFC 2328. The OSPF cost of each router link is a unitless number that the network administrator assigns, and it can include delay, bandwidth, and monetary cost factors. The accumulated cost between network segments in an OSPF network must be less than 65,535. OSPF messages are sent as upper layer protocol data units (PDUs) using the next header value of 89.
Integrated IS-IS, also known as dual IS, is a link state routing protocol that is very similar to OSPF and that is defined in International Standards Organization (ISO) document 10589. IS-IS supports both IPv4 and Connectionless Network Protocol (CLNP) (the Network layer of the Open Systems Interconnection [OSI] protocol suite). IS-IS allows two levels of hierarchical scaling, whereas OSPF allows only one (areas).
A detailed explanation of Integrated IS-IS for IPv6 is beyond the scope of this chapter. For more information, see ISO 10589 and the Internet draft titled "Routing IPv6 with IS-IS."
Border Gateway Protocol Version 4 (BGP-4) is a path vector routing protocol defined in RFC 1771. Unlike RIPng for IPv6 and OSPF for IPv6, which are used within an autonomous system, BGP-4 is designed to exchange routing information between autonomous systems. BGP-4 routing information is used to create a logical path tree, which describes all the connections between autonomous systems. The path tree information is then used to create loop-free routes in the routing tables of BGP-4 routers. BGP-4 messages are sent using TCP port 179. BGP-4 is the primary protocol used to maintain routing tables on the IPv4 Internet.
BGP-4 has been defined to be independent of the address family for which routing information is being propagated. For IPv6, BGP-4 has been extended to support IPv6 address prefixes as described in RFCs 2545 and 2858.
A detailed explanation of BGP-4 for IPv6 is beyond the scope of this chapter. For more information, see RFCs 1771, 2545, and 2858.
Inter-Domain Routing Protocol (IDRP) is a path vector routing protocol defined in ISO document 10747. IDRP was originally created for CLNP. Like BGP-4, IDRP is used between autonomous systems, known as routing domains in IDRP.
The version of IDRP suitable for IPv6 is IDRP version 2 (IDRPv2). IDRPv2 is a better routing protocol for IPv6 than BGP-4 because, rather than using additional autonomous system identifiers (as are used on the IPv4 Internet and for BGP-4), routing domains in IDRP are identified by an IPv6 prefix. Additionally, you can use IDRPv2 to group routing domains into routing domain confederations, also identified by prefix, to create an arbitrary hierarchical structure to summarize routing.
A detailed explanation of IDRPv2 is beyond the scope of this chapter. For more information, see ISO 10747.
Just like in IPv4, you can aggregate or summarize IPv6 routing information at boundaries of address spaces. The best examples are the 48-bit address prefixes that IANA or an ISP assigns to the individual sites of an organization. The 48-bit prefix summarizes all the addresses used within the site. The 64-bit prefixes that correspond to individual subnets within the site are not advertised outside the site.
Within the site, organizations are free to use any route aggregation scheme they want within the 16-bit Subnet ID field of the IPv6 global address format. Figure 5-10 shows an example.
Figure 5-10 An example of route aggregation for an IPv6 unicast address prefix
The IPv6 protocol component of Windows supports static routing. You can configure a computer running Windows Server 2003 or Windows XP as a static IPv6 router by enabling forwarding on the computer's interfaces and then configuring it to advertise address prefixes to local hosts.
Figure 5-11 shows an example network using a simple static routing configuration. The configuration consists of three subnets, three host computers running Windows XP or Windows Server 2003 (Host A, Host B, and Host C), and two router computers running Windows XP or Windows Server 2003 (Router 1 and Router 2).
Figure 5-11 Static routing example with the IPv6 protocol component of Windows
After the IPv6 protocol is installed on all computers on this example network, you must enable forwarding and advertising over the two network adapters of Router 1 and Router 2. Use the following command:
netsh interface ipv6 set interface InterfaceName|InterfaceIndex forwarding=enabled advertise=enabled
in which InterfaceName is the name of the network connection in the Network Connections folder and InterfaceIndex is the interface index number from the display of the netsh interface ipv6 show interface command. You can use either the interface name or its index number.
For example, for Router 1, if the interface index of the network adapter connected to Subnet 1 is 4 and the interface index of the network adapter connected to Subnet 2 is 5, the commands would be:
netsh int ipv6 set int 4 forw=enabled adv=enabled
netsh int ipv6 set int 5 forw=enabled adv=enabled
You can abbreviate each Netsh parameter to its shortest unambiguous form.
After you enable forwarding and advertising, you must configure the routers with the address prefixes for their attached subnets. For the IPv6 protocol component of Windows Server 2003 and Windows XP, you do this by adding routes to the router's routing table with instructions to advertise the route. Use the following command:
netsh interface ipv6 set route Address / PrefixLength InterfaceName|InterfaceIndex publish=yes
in which Address is the address portion of the prefix and PrefixLength is the prefix length portion of the prefix. To publish a route (to include it in a router advertisement), you must specify publish=yes.
For example, for Router 1 using the example interface indexes, the commands are:
netsh int ipv6 set rou 2001:db8:0:1::/64 4 pub=yes
netsh int ipv6 set rou 2001:db8:0:2::/64 5 pub=yes
The result of this configuration is the following:
Router 1 sends Router Advertisement messages on Subnet 1. These messages contain a Prefix Information option to autoconfigure addresses for Subnet 1 (2001:DB8:0:1::/64), a Maximum Transmission Unit (MTU) option for the link MTU of Subnet 1, and a Route Information option for the subnet prefix of Subnet 2 (2001:DB8:0:2::/64).
Router 1 sends Router Advertisement messages on Subnet 2. These messages contain a Prefix Information option to autoconfigure addresses for Subnet 2 (2001:DB8:0:2::/64), an MTU option for the link MTU of Subnet 2, and a Route Information option for the subnet prefix of Subnet 1 (2001:DB8:0:1::/64).
When Host A receives the Router Advertisement message, the host automatically configures a global address on its network adapter interface with the prefix 2001:DB8:0:1::/64 and an Extended Unique Identifier (EUI)-64-derived interface identifier. The host also adds a route for the locally attached Subnet 1 (2001:DB8:0:1::/64) and a route for Subnet 2 (2001:DB8:0:2::/64) with the next-hop address of the link-local address of Router 1's interface on Subnet 1 to its routing table.
When Host B receives the Router Advertisement message, the host automatically configures a global address on its network adapter interface with the prefix 2001:DB8:0:2::/64 and an EUI-64-derived interface identifier. The host also adds a route for the locally attached Subnet 2 (2001:DB8:0:2::/64) and a route for Subnet 1 (2001:DB8:0:1::/64) with the next-hop address of the link-local address of Router 1's interface on Subnet 2 to its routing table.
In this configuration, Router 1 does not advertise itself as a default router (the Router Lifetime field in the Router Advertisement message is set to 0), and the routing tables of Host A and Host B do not contain default routes. A computer running the IPv6 protocol component for Windows Server 2003 or Windows XP will not advertise itself as a default router unless a default route is configured to be published.
To continue this example configuration, the interface index of Router 2's network adapter connected to Subnet 2 is 4, and the interface index of Router 2's network adapter connected to Subnet 3 is 5. To provide connectivity between Subnet 2 and Subnet 3, you would issue the following commands on Router 2:
netsh int ipv6 set int 4 forw=enabled adv=enabled
netsh int ipv6 set int 5 forw=enabled adv=enabled
netsh int ipv6 set rou 2001:db8:0:2::/64 4 pub=yes
netsh int ipv6 set rou 2001:db8:0:3::/64 5 pub=yes
The result of this configuration is the following:
Router 2 sends Router Advertisement messages on Subnet 2. These messages contain a Prefix Information option to autoconfigure addresses for Subnet 2 (2001:DB8:0:2::/64), an MTU option for the link MTU of Subnet 2, and a Route Information option for the subnet prefix of Subnet 3 (2001:DB8:0:3::/64).
Router 2 sends Router Advertisement messages on Subnet 3. These messages contain a Prefix Information option to autoconfigure addresses for Subnet 3 (2001:DB8:0:3::/64), an MTU option for the link MTU of Subnet 3, and a Route Information option for the subnet prefix of Subnet 2 (2001:DB8:0:2::/64).
When Host B receives the Router Advertisement message from Router 2, the host does not automatically configure a global address using the 2001:DB8:0:2::/64 prefix, because a global address with that prefix already exists. Host B also adds a route for Subnet 3 (2001:DB8:0:3::/64) with the next-hop address of the link-local address of Router 2's interface on Subnet 2 to its routing table.
When Host C receives the Router Advertisement message, the host automatically configures a global address on its network adapter interface with the prefix 2001:DB8:0:3::/64 and an EUI-64-derived interface identifier. It also adds a route for the locally attached subnet (Subnet 3) (2001:DB8:0:3::/64) and a route for Subnet 2 (2001:DB8:0:2::/64) with the next-hop address of the link-local address of Router 2's interface on Subnet 3 to its routing table.
The result of this configuration is that, although Host B can communicate with both Host A and Host C, Host A and Host C cannot communicate because Host A has no routes to Subnet 3 and Host C has no routes to Subnet 1. You can solve this problem in either of two ways:
Configure Router 1 to publish a route to Subnet 3 with the next-hop address of Router 2's link-local address on Subnet 2, and configure Router 2 to publish a route to Subnet 1 with the next-hop address of Router 1's link-local address on Subnet 2.
Configure Router 1 to publish a default route with the next-hop address of Router 2's link-local address on Subnet 2, and configure Router 2 to publish a default route with the next-hop address of Router 1's link-local address on Subnet 2.
For the first solution, Router 1 will advertise two Route Information options on Subnet 1—one for Subnet 2 and one for Subnet 3. Therefore, Host A will add two routes to its routing table—one for 2001:DB8:0:2::/64 and 2001:DB8:0:3::/64. Router 1 will continue to advertise only one Route Information option (for Subnet 1) on Subnet 2. Similarly, Router 2 will advertise two Route Information options on Subnet 3—one for Subnet 1 and one for Subnet 2. Therefore, Host C will add two routes to its routing table—one for 2001:DB8:0:1::/64 and 2001:DB8:0:2::/64. Router 2 will continue to advertise only one Route Information option (for Subnet 3) on Subnet 2. The result of this configuration is that all the hosts and all the routers have specific routes to all the subnets.
For the second solution, Router 1 will advertise itself as a default router with one Route Information option (for Subnet 2) on Subnet 1. Therefore, Host A will add two routes to its routing table—one for the default route ::/0 and one for 2001:DB8:0:2::/64. Similarly, Router 2 will advertise itself as a default router with one Route Information option (for Subnet 2) on Subnet 3. Therefore, Host C will add two routes to its routing table—one for the default route ::/0 and one for 2001:DB8:0:2::/64. The result of this configuration is that all the hosts and all the routers have a combination of specific and general routes to all the subnets, with the exception of Host B, which has only specific routes to all the subnets. The problem with solution 2 is that Router 1 and Router 2 have default routes pointing to each other. Any non-link-local traffic sent from Host A or Host C that does not match the prefix 2001:DB8:0:1::/64, 2001:DB8:0:2::/64, or 2001:DB8:0:3::/64 is sent in a routing loop between Router 1 and Router 2.
You could extend this network of three subnets and two routers to include more subnets and more routers. However, the administrative overhead to manage the configuration of the static routers does not scale. At some point, you would want to use an IPv6 routing protocol.
IPv6 hosts are configured for routing through the router discovery process, which requires no configuration. When an initializing IPv6 host receives a Router Advertisement message, IPv6 automatically configures the following:
On-link subnet prefixes that correspond to autoconfiguration address prefixes contained within the Router Advertisement message.
Off-link subnet prefixes that correspond to specific routes contained within the Router Advertisement message.
A default route, if the router sending the Router Advertisement message is advertising itself as a default router.
Because the typical IPv6 host is automatically configuring all the routes that it typically needs to forward packets to an arbitrary destination, you do not need to configure routes on IPv6 hosts.
Windows Server 2003 and Windows XP operating systems include the following command-line utilities that you can use to test reachability and routing and to maintain the routing tables:
Route
Displays the local IPv4 and IPv6 routing tables. You can use the Route tool to add temporary and persistent routes, change existing routes, and remove routes from the IPv4 routing table.
Netsh interface ipv6
Displays the IPv6 routing table (netsh interface ipv6 show routes), adds routes (netsh interface ipv6 add route), removes routes (netsh interface ipv6 delete route), and modifies existing routes (netsh interface ipv6 set route).
Ping
Verifies IP-level connectivity to another TCP/IP computer by sending either ICMP Echo or ICMPv6 Echo Request messages. The tool displays the receipt of corresponding Echo Reply messages, along with round-trip times. Ping is the primary TCP/IP tool used to troubleshoot connectivity, reachability, and name resolution.
Tracert
Determines the path taken to a destination by sending ICMP Echo or ICMPv6 Echo Request messages to the destination with incrementally increasing Time to Live (TTL) or Hop Count field values. The path displayed is the list of near-side router interfaces of the routers in the path between a source host and a destination. The near-side interface is the interface of the router that is closest to the sending host in the path.
Pathping
Provides information about network latency and network loss at intermediate hops between a source and a destination. Pathping sends multiple ICMP Echo or ICMPv6 Echo Request messages to each router between a source and destination over a period of time and then computes results based on the packets returned from each router. Because Pathping displays the degree of packet loss at any given router or link, you can determine which routers or links might be having network problems.
The chapter includes the following pieces of key information:
IP routing is the process of forwarding a packet based on the destination IP address. IP uses a routing table to determine the next-hop IP address and interface for a packet being sent or forwarded.
IP routing is a combination of direct and indirect deliveries. Direct delivery occurs when the IP node forwards a packet to the final destination on a directly attached subnet, and indirect delivery occurs when the IP node forwards a packet to an intermediate router.
Static routing relies on the manual administration of the routing table. Dynamic routing relies on routing protocols, such as RIP and OSPF, to dynamically update the routing table through the exchange of routing information between routers.
The TCP/IP component of Windows uses a local IPv4 routing table to determine the route used to forward the packet. From the chosen route, the next-hop IPv4 address and interface are determined. IPv4 hands the packet to ARP to resolve the next-hop address to a MAC address and send the packet. You can use the route print command to view the IPv4 routing table for the TCP/IP component of Windows.
Rather than use routes for the address prefixes of every subnet in your network, you can use route summarization to advertise a summarized address prefix that includes all the subnets in a specific region of your network.
An IPv4 host is configured with a default gateway. IPv4 static routers are configured with either subnet routes or summarized routes. IPv4 dynamic routers are configured with the settings that allow them to exchange routing information with neighboring routers.
A network address translator (NAT) is an IPv4 router that can translate the IP addresses and TCP/UDP port numbers of packets as they are forwarded. A NAT allows a small network to share a single public IPv4 address.
The IPv6 component of Windows uses a local IPv6 routing table to determine the route used to forward the packet. From the chosen route, IPv6 determines the next-hop IPv6 address and interface. IPv6 hands the packet to the Neighbor Discovery process to resolve the next-hop address to a MAC address and send the packet. You can use the route print or netsh interface ipv6 show routes command to view the routing table for the IPv6 component of Windows.
IPv6 hosts automatically configure themselves with routing information based on the receipt of Router Advertisement messages. You must use netsh interface ipv6 commands to manually enable and configure routers running the IPv6 component of Windows to advertise address prefixes and routes.
You use the Route and Netsh tools to manage IP routing tables. You use the Ping tool to test basic reachability. You use the Tracert tool to show the path that a packet takes from source to a destination. You use the Pathping tool to test for link and router reliability in a path from a source to a destination.
default gateway – A configuration parameter for the Internet Protocol (TCP/IP) component that is the IPv4 address of a neighboring IPv4 router. Configuring a default gateway creates a default route in the IPv4 routing table.
default route – A route that summarizes all possible destinations and is used for forwarding when the routing table does not contain any other more specific routes for the destination. For example, if a router or sending host cannot find a subnet route, a summarized route, or a host route for the destination, IP selects the default route. The default route is used to simplify the configuration of hosts and routers. For IPv4 routing tables, the default route is the route with the network destination of 0.0.0.0 and netmask of 0.0.0.0. For IPv6 routing tables, the default route has the address prefix ::/0.
direct delivery – The delivery of an IP packet by an IP node to the final destination on a directly attached subnet.
distance vector – A routing protocol technology that propagates routing information in the form of an address prefix and its “distance” (hop count).
host route – A route to a specific IP address. Host routes allow packets to be routed on a per-IP address basis. For IPv4 host routes, the route prefix is a specific IPv4 address with a 32-bit prefix length. For IPv6 host routes, the route prefix is a specific IPv6 address with a 128-bit prefix length.
indirect delivery – The delivery of an IP packet by an IP node to an intermediate router.
link state – A routing protocol technology that exchanges routing information consisting of a router’s attached subnet prefixes and their assigned costs. Link state information is advertised upon startup and when changes in the network topology are detected.
longest matching route – The algorithm used to select the routes in the routing table that most closely match the destination address of the packet being sent or forwarded.
NAT – See network address translator (NAT).
network address translator (NAT) – An IPv4 router that translates addresses and ports when forwarding packets between a privately addressed network and the Internet.
next-hop determination – The process of determining the next-hop address and interface for sending or forwarding a packet, based on the contents of the routing table.
Open Shortest Path First (OSPF) – A link state-based routing protocol for use within a single autonomous system. An autonomous system is a portion of the network under the same administrative authority.
OSPF – See Open Shortest Path First (OSPF).
path vector – A routing protocol technology that exchanges sequences of hop information that indicate the path for a route. For example, BGP-4 exchanges sequences of autonomous system numbers.
RIP – See Routing Information Protocol (RIP).
route determination process – The process of determining which single route in the routing table to use for forwarding a packet.
route summarization – The practice of using address prefixes to summarize the address spaces of regions of a network, rather than using the routes for individual subnets.
router – An IPv4 or IPv6 node that can forward received packets that are not addressed to itself (also called a gateway for IPv4).
Router Advertisement – For IPv4, a message sent by a router that supports ICMP router discovery. For IPv6, an IPv6 Neighbor Discovery message sent by a router that typically contains at least one Prefix Information option, from which hosts create stateless autoconfigured unicast IPv6 addresses and routes.
router discovery – For IPv4, the ability of hosts to automatically configure and reconfigure a default gateway. For IPv6, a Neighbor Discovery process in which a host discovers the neighboring routers on an attached link.
Routing Information Protocol (RIP) – A distance vector-based routing protocol used in small and medium sized networks.
routing protocols – A series of periodic or on-demand messages that contain routing information that is exchanged between dynamic routers.
routing table – The set of routes used to determine the next-hop address and interface for IP traffic sent by a host or forwarded by a router.
static routing – The use of manually configured routes in the routing tables of routers.
supernetting – The obsolete use of route summarization to assign blocks of Class C address prefixes on the Internet.