Understanding Cisco routing tables with route print to find my IP

Have you ever looked at the output of the show ip route command on a Cisco router and tried to figure out how the router ‘makes up its mind’? If you troll the Cisco website articles for information on the topic, an oft repeated phrase you will see is: Routes are selected based on the longest prefix length match. There are other forces at work behind the scenes as well, such as Administrative Distance, differing metrics based on alternate routing protocols running concurrently, and so forth, but we are focusing our attention on the prefix-length piece of the puzzle. Let’s try something fun!

If you are sitting on a Windows box, open up an administrative command prompt and type route print (if IPv6 is active and you only want to focus on IPv4, then type route print -4) and hit Enter: (Warning: parts of this demo may fail on Windows 7, so try this on XP for full compatibility. Screen shots ARE from Win 7. Results are from XP.)

windows command prompt route ping Cisco routing tables with route print

You may also want to type ipconfig/all to view your own IP address: (output omitted)

ipconfig/all windows command prompt Cisco routing tables with route print

So in this case, my own IP address is 10.1.0.177 /16.

Here is where the fun starts. I will use nslookup to find the IP address of some website. For our example, I will use Bing.com:

nslookup IP address windows command prompt Cisco routing tables with route print

The output shows that the IP address associated with Bing.com is 65.52.107.149. Windows examines the routing table from the bottom to the top. The relevant entries in our example are the top two:

Bing IP address windows command prompt Cisco routing tables with route print

This tells us that our host (my box) is aware of its own subnet and knows it can get traffic destined for its own subnet to the destination without involving the default gateway (10.1.0.1). However, ANYTHING else outside that subnet will be sent to the default gateway. We are probably aware of this fact already but it helps our further understanding to review how this works. So here’s what we’ll do (and this is a great trick to play on your unsuspecting friends), we will modify our host’s route table to control where traffic is sent. First, let’s add a fairly non-specific route that is designed NOT to interfere with our ability to get to Bing.

non specific rout windows command prompt Cisco routing tables with route print

I have added a route for the 65.ANYTHING network to my route table, but I told it to send packets destined for this address to the default gateway – something it was going to do anyway. Let’s view the route table now:

route table windows command prompt Cisco routing tables with route print

You see my added route boxed in red. Since Windows works from the bottom to the top of this list, it will match this entry before it gets to the quad-zero route. I verified that my machine can still get to Bing.

Now let me add a more specific route designed to break my ability to get to Bing:

break ability windows command prompt Cisco routing tables with route print

Let’s take another look at our route table with both entries being made:

route table both entries windows command prompt Cisco routing tables with route print

Notice the placement of the routes in the table. The more specific (matching to a greater prefix length) is lower in the list. It points to a non-existent IP address that, if it did exist, would be on my own subnet and thus will not be sent to the default gateway address. I have verified that my box can no longer browse to Bing.

By ‘black-hole-ing’ any packet with a destination of 65.52.107.X, I have broken my ability to access Bing. I now remove one of the additions I have made to my route table (by typing route delete 65.0.0.0 and hitting Enter). You don’t have to type the entire command, just the first part. I do the same thing for the more specific command by typing route delete 65.52.107.0 and hitting Enter. Once this is done, the route table is returned to its initial configuration. That complete, once again I can successfully browse to Bing.

The point of all this is to demonstrate how Cisco routers make routing decisions. Here is a sample output from show ip route:
show ip route Cisco routing tables with route print

 

 

We can see that this router has learned three routes to a particular destination via three different routing protocols. So if a packet is destined to an address, for example, 192.168.1.1, which route would the router choose? Disregarding other factors and looking solely at the prefix length, we see the best choice is the EIGRP route, since it matches out to 26 bits. That’s pretty much the whole story of matching based on longest prefix length.
Hopefully this simplifies this aspect of route selection for you. Of course, in a real network, you can’t just ‘disregard other factors.’ If you are interested in a more in-depth discussion of this topic, an excellent read can be found in this Cisco.com article.

Enjoy deciphering the show ip route tables on Cisco routers – it really does help to know what that router is doing behind the curtain of secrecy.

Until next time…

Mark Jacob
Cisco Instructor – Interface Technical Training
Phoenix, AZ

Posted in Cisco | Posted in , , , , , | Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">