Chapter 14
Interpret the Components of a Routing Table
This chapter ensures that you are ready for questions related to these topics from the IP Connectivity section of the CCNA 200-301 exam blueprint from Cisco Systems. This chapter is very important because routing is a critical function in networks.
This chapter covers the following essential terms and components:
▸ Packet handling
▸ Route lookups
▸ Frame rewriting
▸ Routing tables
▸ Prefixes
▸ Network masks
▸ Next hops
▸ Routing protocol code
▸ Administrative distances
▸ Metrics
▸ Gateways of last resort
Topic: Describe routing concepts
CramSaver
If you can correctly answer these CramSaver questions, save time by skimming the ExamAlerts in this section and then completing the CramQuiz at the end of this section and the Review Questions at the end of the chapter. If you are in doubt at all, read everything in this chapter!
1. What criterion is used to determine the best match in a routing table lookup?
_________
2. What does a router rewrite in a packet when forwarding data on Ethernet networks?
_________
Let’s begin with a discussion of how routing really works. You know a packet enters a router, and a routing lookup is done, but what does this really mean? What are the details of the packet-handling process?
When an IPv4 packet arrives on a router interface, the router de-encapsulates the Layer 2 frame and examines the Layer 3 IPv4 header. The router identifies the destination IPv4 address and proceeds through the route lookup process. The router scans the routing table to find a best match for the destination IPv4 address. The best match is the longest match in the table. For example, if the destination IPv4 address is 172.16.0.10, and the entries in the routing table are for 172.16.0.0/12, 172.16.0.0/18, and 172.16.0.0/26, the longest match and the entry used for the packet is 172.16.0.0/26. Remember that for any of these routes to be considered a possible match, there must be at least the number of matching bits indicated by the subnet mask of the routing table prefix. For example, the routing entries 192.168.5.0/24 and 192.168.0.0/16 are both matches for destination address 192.168.5.55, while routing entry 10.65.0.0/16 is not.
Another critical aspect to understand is the frame rewrite procedure used by the router. For the router to do its job, it needs to encapsulate the IP packet without substantially modifying the IP header (except the TTL value) into a new Layer 2 frame. The source MAC address in the outgoing frame is the MAC address of the forwarding interface of the local router. The destination MAC address is the MAC address of the receiving interface of the next hop device. An FCS is also added as the trailer. This process continues from hop to hop on Ethernet networks until the packet reaches the destination host. Even though this process essentially involves discarding the inbound L2 header and creating a brand-new L2 header, it is called an L2 header rewrite.
ExamAlert
A technique that Cisco routers use to dramatically improve routing performance is to use Cisco Express Forwarding (CEF). CEF stores all the information required to route traffic in specialized hardware. CEF uses a Forwarding Information Base (FIB) for the routing information and an adjacency table with required MAC address information.
CramQuiz
1. Given the following routing table entries, what is the next router (or hop) to be used for a packet destined for 172.16.1.23?
172.16.0.0/16 via 10.10.10.1
0.0.0.0/0 via 192.168.1.1
172.16.1.0/24 via 10.20.20.2
172.16.2.0/24 via 10.30.30.3
A. 10.30.30.3
B. 192.168.1.1
C. 10.10.10.1
D. 10.20.20.2
2. When performing a Layer 2 rewrite, what does the router use for the source MAC address?
A. The next hop interface’s MAC address
B. The sending interface’s MAC address
C. The previous hop sending interface’s MAC address
D. The receiving interface’s MAC address of the local router
CramQuiz Answers
1. D is correct. Here the longest match entry is 172.16.1.0/24 via 10.20.20.2 for the destination IP address 172.16.1.23. Routing table entries 172.16.0.0/16 and 0.0.0.0/0 both match the destination address, but both have a shorter prefix length than 172.16.1.0/24. Entry 172.16.2.0/24 does not match address 172.16.1.23.
2. B is correct. During this rewrite process, the router changes the source MAC address to its own sending interface MAC address.
Topic: Interpret the components of a routing table
CramSaver
1. In a routing table, what does the IP address immediately following the word via indicate?
_________
2. What does the routing protocol code EX stand for?
_________
3. In a routing table entry, what do the two numbers [120/1] mean?
_________
4. What metric value does RIP use?
_________
5. What is the gateway of last resort?
_________
Answers
1. via indicates the next hop IP address. This is the IP address of the next router for forwarding packets to the destination indicated by the prefix before via.
2. EIGRP External
3. 120 is the administrative distance, and 1 is the entry’s metric.
4. RIP uses hop count as the metric.
5. The gateway of last resort is the default gateway for any unknown prefixes. The prefix entry of the gateway of last resort is 0.0.0.0/0, and it matches all destination addresses for which there is no more specific routing entry. In addition, there can be no less specific entry than the 0.0.0.0/0 entry.
It is time to examine in great detail the vast amount of information communicated in a key network data structure: the IP routing table of a Cisco router. Example 14.1 shows a sample table.
Example 14.1 IP Routing Table on a Cisco Router
R1# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B – BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.10.10.0/24 is directly connected, FastEthernet0/0
L 10.10.10.1/32 is directly connected, FastEthernet0/0
172.16.0.0/24 is subnetted, 3 subnets
R 172.16.1.0 [120/1] via 10.10.10.3, 00:00:19, FastEthernet0/0
R 172.16.2.0 [120/1] via 10.10.10.3, 00:00:19, FastEthernet0/0
R 172.16.3.0 [120/1] via 10.10.10.3, 00:00:19, FastEthernet0/0
192.168.1.0/32 is subnetted, 1 subnets
O 192.168.1.2 [110/2] via 10.10.10.2, 00:00:37, FastEthernet0/0
192.168.2.0/32 is subnetted, 1 subnets
O 192.168.2.2 [110/2] via 10.10.10.2, 00:00:37, FastEthernet0/0
R1#
Specifically, in this output, it is important to master the meanings and locations of the following components:
▸ Prefix: Notice that the routing table lists the parent and child prefixes that are reachable in the table. For example, in the table shown in Example 14.1, the entry 172.16.0.0/24 is subnetted, 3 subnets lists the classful network prefix, the subnet length for all subnets, and the specific subnet prefixes 172.16.1.0, 172.16.2.0, and 172.16.3.0. In the case where a classful network is variably subnetted, the classful network prefix length is shown, using CIDR notation (which is the case with the first network shown: 10.0.0.0/8).
▸ Network mask: Notice that the parent prefix lists the network mask in prefix notation. So for the 172.16.0.0 example above, the network mask is /24. Remember that in subnet mask notation, this is 255.255.255.0.
▸ Next hop: The next hop IP address follows the via word for a subnet prefix entry. Note that it is 10.10.10.3 for the 172.16.0.0/24 entries. The next hop refers to the IP address of the next router in the path when forwarding packets to a remote destination.
▸ Routing protocol code: Located at the very beginning of a routing table entry is the routing protocol code. Cisco IOS is kind enough to provide a legend at the beginning of the show output to explain what each value indicates:
▸ L: Local
▸ C: Connected
▸ S: Static
▸ R: RIP
▸ M: Mobile
▸ B: BGP
▸ D: EIGRP
▸ EX: EIGRP External
▸ O: OSPF
▸ IA: OSPF inter-area
▸ N1: OSPF NSSA External Type 1
▸ N2: OSPF NSSA External Type 2
▸ E1: OSPF External Type 1
▸ E2: OSPF External Type 2
▸ i: IS-IS
▸ su: IS-IS summary
▸ L1: IS-IS Level 1
▸ L2: IS-IS Level 2
▸ ia: IS-IS inter-area
▸ *: Candidate default
▸ U: Per-user static route
▸ o: ODR
▸ P: Periodic downloaded static route
▸ +: Replicated route
▸ Administrative distance: The routing table shows the administrative distance (AD) for the prefix. (AD is covered in more detail later in this chapter.) In Example 14.1, the AD associated with the 172.16.0.0/24 prefixes is 120. This is because these routes were learned through RIP, and 120 is the default administrative distance for RIP.
▸ Metric: The metric varies depending on the dynamic routing protocol involved. It is a measure of the “distance” to reach the prefix. In the 172 prefixes, the metric is a hop count. RIP uses this simple metric, which indicates how many routers you must cross to reach the destination prefix in question.
▸ Gateway of last resort: Notice that Example 14.1 indicates that there is no gateway of last resort set. This means there is no default route 0.0.0.0/0 that allows the router to send traffic somewhere if it does not have a specific prefix entry for the destination IP address. The gateway of last resort can be dynamically learned, or it can be set using any of three different commands: ip default-gateway, ip default-network, and ip route 0.0.0.0 0.0.0.0.
ExamAlert
Yes, you must memorize small details like the routing protocol codes. Making and using flash cards can really help you learn such details, especially for non-obvious codes (such as D for EIGRP).
CramQuiz
1. What is the network mask in dotted-decimal notation for a prefix length of /22?
A. 255.255.252.0
B. 255.255.254.0
C. 255.255.248.0
D. 255.255.240.0
2. What is the routing protocol code for a connected prefix?
A. S
B. L
C. C
D. i
3. What aspect of the routing table is affected by the command ip route 0.0.0.0 0.0.0.0?
A. Network mask
B. Metric
C. Administrative distance
D. Gateway of last resort
CramQuiz Answers
1. A is correct. 255.255.252.0 equates to /22.
2. C is correct. C is used for connected prefixes.
3. D is correct. Using ip route 0.0.0.0 0.0.0.0 is one way to set the default route and gateway of last resort.
Topic: Describe how a routing table is populated by different routing information sources
CramSaver
1. What is the meaning of an administrative distance value?
_________
2. Which is preferred: a lower or higher administrative distance?
_________
3. What is the default administrative distance value for a static route?
_________
4. What is the default administrative distance value for Internal BGP?
_________
What happens when multiple different routing sources indicate that they know how to reach a network/prefix? The router needs to be able to break this “tie” between routing information sources. To do so, the router uses administrative distance (AD). This can be a bit of a misleading term since the value has nothing to do with actual distance of any kind. Some administrators like to call it administrative trustworthiness. Cisco ranks the trustworthiness of the various routing information sources. A lower score is better, just as in golf and routing protocol metrics.
Table 14.1 shows the default administrative distance values. As you can see, Cisco rated its own protocols, IGRP and EIGRP, as being very trustworthy.
Table 14.1 Default Administrative Distance Values
Routing Information Source |
Default Administrative Distance |
|---|---|
Connected interface |
0 |
Static route |
1 |
EIGRP summary route |
5 |
External BGP |
20 |
Internal EIGRP |
90 |
IGRP |
100 |
OSPF |
110 |
IS-IS |
115 |
RIP |
120 |
EGP |
140 |
External EIGRP |
170 |
Internal BGP |
200 |
Unknown |
255 |
Note
On Cisco gear, the maximum configurable administrative distance for a route is 255, although this AD makes the route unusable. If the administrative distance is 255, the router does not believe the source of that route and does not install the route in the routing table.
ExamAlert
You should have the values listed in Table 14.1 memorized before you take the CCNA 200-301 exam. If you don’t have a lot of experience at the command line, doing so can be tough. I recommend that you make flash cards to aid in memorizing information like this. Also consider the logic in these values. For example, RIP scores relatively poorly because it is very prone to problems.
Note
Remember that you can see the administrative distance shown in the prefix entries in the routing table by using the show ip route command.
CramQuiz
1. What is the default administrative distance value for RIP?
A. 100
B. 60
C. 200
D. 120
2. What is the default administrative distance value for External BGP?
A. 60
B. 20
C. 110
D. 200
3. What is the default administrative distance value for OSPF?
A. 100
B. 110
C. 120
D. 140
4. What is the administrative distance value for a connected interface?
A. 5
B. 1
C. 0
D. 20
CramQuiz Answers
1. D is correct. RIP features a default administrative distance of 120.
2. B is correct. External BGP features an excellent administrative distance of 20.
3. B is correct. OSPF features an AD of 110.
4. C is correct. A directly connected interface has the best possible AD, 0, and it cannot be changed.
Review Questions
1. If a router cannot find a better match, what might the router use to route traffic?
A. 255.255.255.255/0
B. 127.0.0.1/32
C. 0.0.0.0/32
D. 0.0.0.0/0
2. When a router forwards packets onto Ethernet, what is rewritten?
A. The source and destination IP addresses
B. Only the source IP address
C. Only the source MAC address
D. The source and destination MAC addresses
3. What does the routing protocol code B indicate in the routing table?
A. EIGRP
B. IGRP
C. RIP
D. OSPF
E. BGP
4. What is the administrative distance of Internal EIGRP routes?
A. 5
B. 20
C. 90
D. 100
5. What is the unreachable AD?
A. 0
B. 100
C. 200
D. 255
Answers to Review Questions
1. D is correct. Routers use the default route (0.0.0.0/0) to send packets that have no other better match in the routing table.
2. D is correct. The router must rewrite the source and destination MAC addresses in the Ethernet header before forwarding a frame.
3. E is correct. B indicates BGP.
4. C is correct. Internal EIGRP routes are installed in the routing table with an AD of 90.
5. D is correct. An AD of 255 indicates an unreachable prefix.
Additional Resources
Routing Tables
What Is Administrative Distance?
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/15986-admin-distance.html