Understanding Cisco routing tables with route print to find my IP
Have you ever looked at the output of the show ip route command on a Cisco router and tried to figure out how the router ‘makes up its mind’? If you troll the Cisco website articles for information on the topic, an oft repeated phrase you will see is: Routes are selected based on the longest prefix length match. There are other forces at work behind the scenes as well, such as Administrative Distance, differing metrics based on alternate routing protocols running concurrently, and so forth, but we are focusing our attention on the prefix-length piece of the puzzle. Let’s try something fun!
If you are sitting on a Windows box, open up an administrative command prompt and type route print (if IPv6 is active and you only want to focus on IPv4, then type route print -4) and hit Enter: (Warning: parts of this demo may fail on Windows 7, so try this on XP for full compatibility. Screen shots ARE from Win 7. Results are from XP.)
You may also want to type ipconfig/all to view your own IP address: (output omitted)
So in this case, my own IP address is 10.1.0.177 /16.
Here is where the fun starts. I will use nslookup to find the IP address of some website. For our example, I will use Bing.com:
The output shows that the IP address associated with Bing.com is 65.52.107.149. Windows examines the routing table from the bottom to the top. The relevant entries in our example are the top two:
This tells us that our host (my box) is aware of its own subnet and knows it can get traffic destined for its own subnet to the destination without involving the default gateway (10.1.0.1). However, ANYTHING else outside that subnet will be sent to the default gateway. We are probably aware of this fact already but it helps our further understanding to review how this works. So here’s what we’ll do (and this is a great trick to play on your unsuspecting friends), we will modify our host’s route table to control where traffic is sent. First, let’s add a fairly non-specific route that is designed NOT to interfere with our ability to get to Bing.
I have added a route for the 65.ANYTHING network to my route table, but I told it to send packets destined for this address to the default gateway – something it was going to do anyway. Let’s view the route table now:
You see my added route boxed in red. Since Windows works from the bottom to the top of this list, it will match this entry before it gets to the quad-zero route. I verified that my machine can still get to Bing.
Now let me add a more specific route designed to break my ability to get to Bing:
Let’s take another look at our route table with both entries being made:
Notice the placement of the routes in the table. The more specific (matching to a greater prefix length) is lower in the list. It points to a non-existent IP address that, if it did exist, would be on my own subnet and thus will not be sent to the default gateway address. I have verified that my box can no longer browse to Bing.
By ‘black-hole-ing’ any packet with a destination of 65.52.107.X, I have broken my ability to access Bing. I now remove one of the additions I have made to my route table (by typing route delete 65.0.0.0 and hitting Enter). You don’t have to type the entire command, just the first part. I do the same thing for the more specific command by typing route delete 65.52.107.0 and hitting Enter. Once this is done, the route table is returned to its initial configuration. That complete, once again I can successfully browse to Bing.
The point of all this is to demonstrate how Cisco routers make routing decisions. Here is a sample output from show ip route:
We can see that this router has learned three routes to a particular destination via three different routing protocols. So if a packet is destined to an address, for example, 192.168.1.1, which route would the router choose? Disregarding other factors and looking solely at the prefix length, we see the best choice is the EIGRP route, since it matches out to 26 bits. That’s pretty much the whole story of matching based on longest prefix length.
Hopefully this simplifies this aspect of route selection for you. Of course, in a real network, you can’t just ‘disregard other factors.’ If you are interested in a more in-depth discussion of this topic, an excellent read can be found in this Cisco.com article.
Enjoy deciphering the show ip route tables on Cisco routers – it really does help to know what that router is doing behind the curtain of secrecy.
Until next time…
Mark Jacob
Cisco Instructor – Interface Technical Training
Phoenix, AZ
Agile Methodology in Project Management
In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management
IPv6 Port Redirection
In this video, Cisco CCNA and CompTIA Network + Instructor Mark Jacob demonstrates how to do port redirections in IPv6. If you have any questions or comments, please feel free to post them. Until next time. Mark Jacob Cisco and CompTIA Network + Instructor – Interface Technical Training Phoenix, AZ
Detailed Forensic Investigation of Malware Infections – April 21, 2015
How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015
Write a Comment
