Skip to main content

Module 11: Routing Deep Dive

Routing is how packets find their way from source to destination across interconnected networks. This module takes you from basic routing concepts to understanding how the entire internet’s routing works.
Routing Table and Longest Prefix Match
BGP vs OSPF Routing Protocols
Estimated Time: 4-5 hours
Difficulty: Intermediate to Advanced
Prerequisites: Module 9 (IP Addressing), Module 10 (NAT)

11.1 What is Routing?

Routing is the process of selecting a path for traffic across one or more networks.

The Fundamental Question

When a packet arrives at a router, the router asks:
“Where should I send this packet next to get it closer to its destination?”

Routers vs Switches

DeviceLayerUsesConnects
SwitchLayer 2MAC addressesDevices in same network
RouterLayer 3IP addressesDifferent networks
Network A                    Network B
192.168.1.0/24              192.168.2.0/24
    │                            │
    │      ┌──────────┐         │
    └──────│  Router  │─────────┘
           └──────────┘
           Connects the two networks
           Decides how to forward packets

11.2 The Routing Table

Every router (and every computer!) has a routing table - a set of rules determining where to send packets.

Viewing Your Routing Table

route print
# or
netstat -r

Sample Routing Table

Destination     Gateway         Genmask         Iface
0.0.0.0         192.168.1.1     0.0.0.0         eth0    ← Default route
192.168.1.0     0.0.0.0         255.255.255.0   eth0    ← Local network
10.0.0.0        192.168.1.254   255.0.0.0       eth0    ← Specific route

How Routing Decisions Work

When a packet needs to be sent:
1

Check All Routes

Router examines destination IP against all routes in the table.
2

Find Matching Routes

Multiple routes may match (e.g., 10.0.0.0/8 and 10.1.0.0/16 both match 10.1.1.1).
3

Longest Prefix Match

The most specific (longest prefix) route wins.
Destination: 10.1.1.1
Route 1: 10.0.0.0/8      → matches (8 bits)
Route 2: 10.1.0.0/16     → matches (16 bits) ← WINS
Route 3: 10.1.1.0/24     → matches (24 bits) ← WINS if exists
4

Forward Packet

Send packet to the gateway/interface specified by the winning route.

11.3 Default Gateway

The default gateway is the “route of last resort” - where packets go when no specific route matches. 
Route: 0.0.0.0/0 via 192.168.1.1

       Matches everything (0 bits of specificity)
       Used when nothing else matches

Your Home Network

Your PC (192.168.1.10)
Routing Table:
┌─────────────────────────────────────────────────────┐
│ Destination    │ Gateway       │ Interface         │
├─────────────────────────────────────────────────────┤
│ 192.168.1.0/24 │ direct        │ eth0              │ ← Local
│ 0.0.0.0/0      │ 192.168.1.1   │ eth0              │ ← Everything else
└─────────────────────────────────────────────────────┘

Packet to 192.168.1.50 → Direct delivery (same network)
Packet to 8.8.8.8      → Send to 192.168.1.1 (router)

11.4 Static vs Dynamic Routing

Static Routing

Routes are manually configured by an administrator. 
# Linux: Add static route
ip route add 10.0.0.0/8 via 192.168.1.254

# Windows
route add 10.0.0.0 mask 255.0.0.0 192.168.1.254
Pros:
  • Simple, predictable
  • No routing protocol overhead
  • Full control
Cons:
  • Doesn’t scale (imagine configuring 1000 routes manually)
  • No automatic failover
  • High maintenance
Use Cases:
  • Small networks
  • Stub networks (single exit point)
  • Specific traffic engineering

Dynamic Routing

Routers automatically discover routes and share information using routing protocols. 
Router A ←──routing updates──→ Router B ←──routing updates──→ Router C
   │                              │                              │
   └──────────────────────────────┴──────────────────────────────┘
                    All learn each other's routes
Pros:
  • Automatic failover
  • Scales to massive networks
  • Self-healing
Cons:
  • More complex
  • Convergence time
  • Protocol overhead

11.5 Interior vs Exterior Gateway Protocols

The internet is divided into Autonomous Systems (AS) - networks under single administrative control. 
┌─────────────────────┐         ┌─────────────────────┐
│   AS 65001          │   BGP   │      AS 65002       │
│   (Your Company)    │◄───────►│     (Google)        │
│                     │         │                     │
│  OSPF/EIGRP inside  │         │   OSPF inside       │
└─────────────────────┘         └─────────────────────┘
        ↑                                ↑
        │                                │
     IGP: Routes WITHIN an AS      EGP: Routes BETWEEN ASes
TypeProtocolsUse Case
IGP (Interior Gateway Protocol)OSPF, EIGRP, RIP, IS-ISWithin an organization
EGP (Exterior Gateway Protocol)BGPBetween organizations, internet backbone

11.6 OSPF (Open Shortest Path First)

OSPF is the most common IGP in enterprise networks.

How OSPF Works

  1. Neighbor Discovery: Routers find each other using Hello packets
  2. Database Synchronization: Routers share their view of the network (LSAs)
  3. SPF Calculation: Each router runs Dijkstra’s algorithm to find shortest paths
  4. Routing Table: Results populate the routing table

OSPF Areas

Large networks are divided into areas to reduce complexity: 
                    ┌─────────────────┐
                    │    Area 0       │
                    │  (Backbone)     │
                    │   ┌───────┐     │
                    │   │Router │     │
                    │   └───┬───┘     │
                    └───────┼─────────┘
                ┌───────────┼───────────┐
                │           │           │
         ┌──────┴────┐ ┌────┴─────┐ ┌───┴──────┐
         │  Area 1   │ │  Area 2  │ │  Area 3  │
         │ (Branch)  │ │ (Branch) │ │ (Branch) │
         └───────────┘ └──────────┘ └──────────┘

OSPF Metrics

OSPF uses cost as its metric, based on bandwidth: 
Cost = Reference Bandwidth / Interface Bandwidth

Default Reference: 100 Mbps

Examples:
- 10 Mbps link:  100/10 = 10
- 100 Mbps link: 100/100 = 1
- 1 Gbps link:   100/1000 = 0.1 → rounded to 1

11.7 BGP (Border Gateway Protocol)

BGP is the routing protocol of the internet. Every ISP, cloud provider, and major network uses BGP.

BGP Basics

  • Path Vector Protocol: Routes include the full AS path
  • AS Numbers: Every organization has a unique ASN (e.g., Google is AS15169)
  • Peering: Organizations agree to exchange routes

BGP in Action

You → Your ISP (AS100) → Transit (AS200) → Google (AS15169)

BGP Advertisement from Google:
"I have 142.250.0.0/16, reach me via AS-PATH: 15169"

After propagation:
"142.250.0.0/16, AS-PATH: 200 15169"  (at AS100)
"142.250.0.0/16, AS-PATH: 100 200 15169"  (at your ISP's peer)

Why BGP Matters

Multi-homing

Connect to multiple ISPs for redundancy. BGP handles failover.

Traffic Engineering

Control which path traffic takes (incoming and outgoing).

IP Announcements

Tell the internet “this IP range belongs to me.”

Internet Stability

BGP misconfiguration can (and has) broken the internet.

BGP Hijacking

BGP has no built-in authentication. Anyone can announce any prefix. This has led to:
  • YouTube being offline (Pakistan Telecom incident, 2008)
  • Traffic being routed through malicious networks
  • Cryptocurrency theft
Solutions: RPKI (Resource Public Key Infrastructure)

11.8 Route Summarization (Aggregation)

Instead of advertising many specific routes, advertise one summary: 
Before Summarization:
10.1.0.0/24
10.1.1.0/24
10.1.2.0/24
10.1.3.0/24
(4 routes)

After Summarization:
10.1.0.0/22
(1 route covering all four)
Benefits:
  • Smaller routing tables
  • Faster convergence
  • Less memory/CPU usage

11.9 Routing in the Cloud (AWS VPC Example)

Cloud networks use routing tables extensively:

VPC Route Table Structure

┌─────────────────────────────────────────────────────────────┐
│                         VPC: 10.0.0.0/16                    │
│                                                             │
│  ┌──────────────────────┐    ┌──────────────────────┐      │
│  │   Public Subnet      │    │   Private Subnet     │      │
│  │   10.0.1.0/24        │    │   10.0.2.0/24        │      │
│  │                      │    │                      │      │
│  │  Route Table:        │    │  Route Table:        │      │
│  │  10.0.0.0/16 → local │    │  10.0.0.0/16 → local │      │
│  │  0.0.0.0/0 → IGW     │    │  0.0.0.0/0 → NAT-GW  │      │
│  └──────────┬───────────┘    └──────────────────────┘      │
│             │                                               │
└─────────────┼───────────────────────────────────────────────┘

         Internet Gateway

          Internet

Route Table Entries Explained

DestinationTargetMeaning
10.0.0.0/16localTraffic within VPC, route locally
0.0.0.0/0igw-xxxDefault route to Internet Gateway
0.0.0.0/0nat-xxxDefault route to NAT Gateway
172.16.0.0/12pcx-xxxRoute to VPC Peering Connection
192.168.0.0/16vgw-xxxRoute to VPN Gateway (on-prem)

11.10 Traceroute: See Routing in Action

Traceroute shows the path packets take: 
traceroute google.com

 1  192.168.1.1 (192.168.1.1)  1.234 ms    ← Your router
 2  10.0.0.1 (10.0.0.1)  5.678 ms          ← ISP's first router
 3  72.14.215.85  10.123 ms                ← ISP backbone
 4  108.170.252.129  15.456 ms             ← Google's network
 5  142.250.190.46  18.789 ms Destination

How Traceroute Works

Uses TTL (Time To Live) manipulation:
  1. Send packet with TTL=1 → First router decrements to 0, sends back “Time Exceeded”
  2. Send packet with TTL=2 → Second router decrements to 0, sends back error
  3. Continue until destination reached

11.11 Common Routing Problems

1. Routing Loops

Router A: "To reach 10.0.0.0, send to Router B"
Router B: "To reach 10.0.0.0, send to Router A"

Packet bounces forever (until TTL expires)
Solutions:
  • TTL (limits hops)
  • Split Horizon (don’t advertise routes back where you learned them)
  • Route Poisoning

2. Black Holes

Route exists but destination is unreachable: 
Route: 10.0.0.0/8 via 192.168.1.254
But 192.168.1.254 is down!

Packets sent there are silently dropped.

3. Asymmetric Routing

Request:  A → B → C → D
Response: D → E → A

Traffic takes different paths.
Can cause issues with stateful firewalls.

11.12 Key Takeaways

Longest Prefix Wins

More specific routes (longer prefix) always take precedence.

Default Gateway

0.0.0.0/0 is the catch-all route for unknown destinations.

BGP Runs the Internet

Every major network exchange uses BGP to share routes.

Cloud = Software Routing

VPC route tables are just software-defined routing.

Next Module

Module 12: DNS Deep Dive

Master the Domain Name System - the phonebook of the internet.