Have you ever looked at the output of the show ip route command on a Cisco router and tried to figure out how the router ‘makes up its mind’? If you troll the Cisco website articles for information on the topic, an oft repeated phrase you will see is: Routes are selected based on the longest prefix length match. There are other forces at work behind the scenes as well, such as Administrative Distance, differing metrics based on alternate routing protocols running concurrently, and so forth, but we are focusing our attention on the prefix-length piece of the puzzle. Let’s try something fun!
If you are sitting on a Windows box, open up an administrative command prompt and type route print (if IPv6 is active and you only want to focus on IPv4, then type route print -4) and hit Enter: (Warning: parts of this demo may fail on Windows 7, so try this on XP for full compatibility. Screen shots ARE from Win 7. Results are from XP.)
You may also want to type ipconfig/all to view your own IP address: (output omitted)
So in this case, my own IP address is 10.1.0.177 /16.
Here is where the fun starts. I will use nslookup to find the IP address of some website. For our example, I will use Bing.com:
The output shows that the IP address associated with Bing.com is 18.104.22.168. Windows examines the routing table from the bottom to the top. The relevant entries in our example are the top two:
This tells us that our host (my box) is aware of its own subnet and knows it can get traffic destined for its own subnet to the destination without involving the default gateway (10.1.0.1). However, ANYTHING else outside that subnet will be sent to the default gateway. We are probably aware of this fact already but it helps our further understanding to review how this works. So here’s what we’ll do (and this is a great trick to play on your unsuspecting friends), we will modify our host’s route table to control where traffic is sent. First, let’s add a fairly non-specific route that is designed NOT to interfere with our ability to get to Bing.
I have added a route for the 65.ANYTHING network to my route table, but I told it to send packets destined for this address to the default gateway – something it was going to do anyway. Let’s view the route table now:
You see my added route boxed in red. Since Windows works from the bottom to the top of this list, it will match this entry before it gets to the quad-zero route. I verified that my machine can still get to Bing.
Now let me add a more specific route designed to break my ability to get to Bing:
Let’s take another look at our route table with both entries being made:
Notice the placement of the routes in the table. The more specific (matching to a greater prefix length) is lower in the list. It points to a non-existent IP address that, if it did exist, would be on my own subnet and thus will not be sent to the default gateway address. I have verified that my box can no longer browse to Bing.
By ‘black-hole-ing’ any packet with a destination of 65.52.107.X, I have broken my ability to access Bing. I now remove one of the additions I have made to my route table (by typing route delete 22.214.171.124 and hitting Enter). You don’t have to type the entire command, just the first part. I do the same thing for the more specific command by typing route delete 126.96.36.199 and hitting Enter. Once this is done, the route table is returned to its initial configuration. That complete, once again I can successfully browse to Bing.
We can see that this router has learned three routes to a particular destination via three different routing protocols. So if a packet is destined to an address, for example, 192.168.1.1, which route would the router choose? Disregarding other factors and looking solely at the prefix length, we see the best choice is the EIGRP route, since it matches out to 26 bits. That’s pretty much the whole story of matching based on longest prefix length.
Hopefully this simplifies this aspect of route selection for you. Of course, in a real network, you can’t just ‘disregard other factors.’ If you are interested in a more in-depth discussion of this topic, an excellent read can be found in this Cisco.com article.
Enjoy deciphering the show ip route tables on Cisco routers – it really does help to know what that router is doing behind the curtain of secrecy.
Until next time…