Tuesday, November 30, 2010

Lesson 31 - What is a Router?

We take a lot of things for granted. When it comes to technologies it is not necessarily the best idea. The point is to understand. That is why I am going to start my routing section with fundamentals. Knowing them will allow you to learn more advanced topics on your own later. Make sure you are familiar with my previous posts related to binary numbers and IP addressing before you read this and upcoming ones.

Probably the most appropriate question to start with would be ...

What is a router?
A router is a specialized computer which can connect multiple networks to allow exchange of packets between them. Since a router uses IP header information (layer 3 protocol data unit), to transmit the packets between networks, this ability makes it a layer 3 device. Like switches, routers build a special database which serves as the source of information on what to do with incoming packets. This database is formally called Routing Information Base (RIB). But most often people call it a routing table. How a router constructs a routing table and maintains information in it, will be the topics of quite a few upcoming posts.

A router is in many ways similar to a regular PC. It has RAM and ROM memory chips as well as CPU and motherboard etc. But instead of using hard drive, it uses a flash memory to store files such as the operating system (IOS). Also, what makes it distinct, the operating system and hardware are optimized for fast packet transmissions. Typically the router uses at least two interfaces but more often than not, it has a greater number of them. Cisco operating system is called Internetwork Operating System (IOS). The same name is given to OS used by many Cisco Catalyst switches. Although some of them may also use CatOS.

There is a great variety of interfaces routers can use. For instance, they can connect few Ethernet networks together, but also Ethernet with Wide Area Networks (WANs) such as ATM, Frame-Relay, X.25, ISDN, Broadband etc.

Router Functions
In order for the routers to connect multiple layer 3 networks together, they must be able to do the following:
  • Learn which networks/subnets are available
  • In case there are multiple paths, choose the the best one
  • Keep (routing table) must be up-to-date
  • Translate layer 2 headers (disparate network connections)
  • Keep loop-free paths
  • Make forwarding decisions based on layer 3 headers
Routing is primarily based on hop-by-hop paradigm. This means that if there are multiple routers in the path, a router must find the outbound interface and forward the packet to a next hop router. A router could not care less as to what happens to the packet after it has been expedited.

In order to find the outgoing interface an IP destination address of a packet and a routing table are used. The process whereby destination IP address is the key information to find the outbound interface for a packet is called destination-based routing. However, it is possible to influence that decision making process and choose other criteria such as source of IP transmission, size of the packet, importance of the packet in relation to others or some other parameters rather than destination IP address. When used it is referred to as the traffic engineering. For now though, I am going to focus in on the default behavior.

Before I describe the router's principles of operation, I must make sure we are on the same page with the fundamentals related to the traffic flow.

Let's recall what happens with the packets sent between computers residing in different networks. I will use a simple topology (pic. 1) to review a few facts. Please, get familiar with the picture below first. Pay a special attention to the three headers depicted and numbers in green circles. The numbers refer to the steps below. Of course, this is only a ten thousand foot view of what happens here. Before we jump into the deep water we need to warm up a bit by looking at the process from a high perspective.

Pic. 1 - Traffic Flow and Layer 2/layer 3 Encapsulation/De-encapsulation
Icons designed by: Andrzej Szoblik - http://www.newo.pl

The numbers in green circles mark the important points of the traffic sent from PC1 (left hand side) to the PC2 (on the right side of the picture).

In the explanation presented below I assume that SW1 and SW2 have populated their CAM tables (learned all MAC addresses on the appropriate ports). Here's how it goes.

PC1 sends a packet destined to PC2. Since, PC1 has the IP address, it realizes that the first 24 bits of the destination IP address are different than its own (source:, destination: Conclusion: PC2 is NOT in the same layer 3 network, so default gateway ( must be used to forward the packet to PC2. Knowing it, the IP header is going to use:
  • Src IP =
  • Dst IP =
  • TTL = 32 (ttl is set by the application, here I use 32 as an example)
IP packet is encapsulation in Ethernet (layer 2) header in order to be put onto the wire. Ethernet header contains source MAC address of the sender, and destination MAC address of R1's F1/0 interface obtained from the computer's arp cache (if not found in the arp cache, arp request is sent):
  • Src MAC: 0000.1111.1111
  • Dst MAC: 0000.2222.2222
Step 2
SW1 receives the frame on its port F0/1. It locates the outbound port (f0/2) for destination 0000.2222.2222. It sends the frame out towards F1/0 port of R1. Neither of layer 2 or layer 3 headers presented in the pic. 1 change during this transmission (parameters depicted).

Step 3
R1 receives frame on F1/0 port. Layer 2 header is inspected by R1. Since the destination MAC address (0000.2222.2222) is the address of F1/0, R1 concludes it is the destination for the frame. Layer 2 header is removed and the content of the message (packet) is processed by the router. R1 processes IP header, reads the destination IP address ( and compares it with the entries in its routing table trying to find the longest match. More on this in the upcoming post. Once the best path has been found, the routing table points to the outbound interface (F1/1) and the next-hop router's IP address ( that should be used to expedite the packet.

Step 4
The packet is moved to F1/1 port and the TTL number is decremented by 1 (now TTL=31). Then, the packet is encapsulated in the layer 2 header.The following source and destination MAC addresses are used now:
  • Scr MAC: 0000.3333.3333
  • Dst MAC: 0000.44444.4444
The destination MAC address is obtained from R1's arp cache. If R1 does not know the MAC address for (next-hop router), arp request is sent asking for its MAC address.

Step 5
R2 receives the frame on F1/0 port. It performs the same job R1 has done. It reads the destination MAC address. Since it is the recipient (0000.4444.4444), it dumps the layer 2 frame and processes IP header. It performs layer 3 lookup in its routing table and finds the outbound interface for destination In our example it turns out that the destination network is connected directly to F1/1 interface. In such case, R2 checks arp cache for MAC address of the destination ( if one is not found, arp request is sent (who's ?, I need you MAC address!).

Step 6
The packet is moved to F1/1 interface and before it gets encapsulated, the TTL number is decremented by 1 (TTL=30). The packet is encapsulated in an Ethernet frame header using the following addresses:
  • Src MAC: 0000.5555.55555
  • Dst MAC: 0000.6666.66666
The frame is sent out F1/1 interface.

Step 7
SW2 receives the frame and finds the outbound interface for the MAC address: 0000.6666.6666 int its MAC address table. It is port is F0/2.

Step 8
The frame is sent out F0/2 towards PC2. Fields in the layer 2 and layer 3’s headers remain the same.

The above is just a quick review in case you've forgotten that.

The interesting bit for us now is the router's process of finding the outgoing interface and layer 2 addresses of the next hop device. I'm going to elaborate on this in my next post. Now, let me quickly present the routing table components that are essential in this traffic flow.

Pic. 2 - Routing Table Components.
Components of Routing Table:

  • C and S - point how a router obtained the information (C = connected, S=static route)
  • - Example of prefix (destination network/subnet)
  • [1/0] - square brackets show two numbers. First (1) is Administrative Distance, second (0) is Metric
  • via 192.168.2. - the next-hop-router address
How router populates the routing table, what these terms in red mean and how router uses these parameters to pick the longest match and as a result of that the best path, are going to be the main topics of my next post.


CCNA Basics | Cisco Advanced | Linux Last Update: 19/02/2019 - eBGP Peering CCNA Lessons: 01 - Connecting to Cisco Cons...