Skip to main content

Documentation Index

Fetch the complete documentation index at: https://resources.devweekends.com/llms.txt

Use this file to discover all available pages before exploring further.

Module 11: Routing Deep Dive

Routing is how packets find their way from source to destination across interconnected networks. This module takes you from basic routing concepts to understanding how the entire internet’s routing works.
Routing Table and Longest Prefix Match
BGP vs OSPF Routing Protocols
Estimated Time: 4-5 hours
Difficulty: Intermediate to Advanced
Prerequisites: Module 9 (IP Addressing), Module 10 (NAT)

11.1 What is Routing?

Routing is the process of selecting a path for traffic across one or more networks. It is the GPS navigation system of the internet — given a destination, figure out the best next turn to take.

The Fundamental Question

When a packet arrives at a router, the router asks:
“Where should I send this packet next to get it closer to its destination?”
A router does not know the full path to the destination. It only knows the next hop — the next router to forward the packet to. Each router along the way makes the same decision independently, like passing a baton in a relay race. The packet makes its way across the internet hop by hop, with each router consulting its own routing table. Think of it like asking for directions in a foreign city. You ask someone “How do I get to the train station?” They do not give you the entire route — they say “go two blocks north and ask again.” The next person says “turn left and ask the person at the corner.” Each person only knows the next step, but following their advice gets you there. That is routing.

Routers vs Switches

DeviceLayerUsesConnects
SwitchLayer 2MAC addressesDevices in same network
RouterLayer 3IP addressesDifferent networks
Network A                    Network B
192.168.1.0/24              192.168.2.0/24
    │                            │
    │      ┌──────────┐         │
    └──────│  Router  │─────────┘
           └──────────┘
           Connects the two networks
           Decides how to forward packets

11.2 The Routing Table

Every router (and every computer!) has a routing table - a set of rules determining where to send packets.

Viewing Your Routing Table

route print
# or
netstat -r

Sample Routing Table

Destination     Gateway         Genmask         Iface
0.0.0.0         192.168.1.1     0.0.0.0         eth0    ← Default route
192.168.1.0     0.0.0.0         255.255.255.0   eth0    ← Local network
10.0.0.0        192.168.1.254   255.0.0.0       eth0    ← Specific route

How Routing Decisions Work

When a packet needs to be sent:
1

Check All Routes

Router examines destination IP against all routes in the table.
2

Find Matching Routes

Multiple routes may match (e.g., 10.0.0.0/8 and 10.1.0.0/16 both match 10.1.1.1).
3

Longest Prefix Match

The most specific (longest prefix) route wins.
Destination: 10.1.1.1
Route 1: 10.0.0.0/8      → matches (8 bits)
Route 2: 10.1.0.0/16     → matches (16 bits) ← WINS
Route 3: 10.1.1.0/24     → matches (24 bits) ← WINS if exists
4

Forward Packet

Send packet to the gateway/interface specified by the winning route.

11.3 Default Gateway

The default gateway is the “route of last resort” - where packets go when no specific route matches. 
Route: 0.0.0.0/0 via 192.168.1.1

       Matches everything (0 bits of specificity)
       Used when nothing else matches

Your Home Network

Your PC (192.168.1.10)
Routing Table:
┌─────────────────────────────────────────────────────┐
│ Destination    │ Gateway       │ Interface         │
├─────────────────────────────────────────────────────┤
│ 192.168.1.0/24 │ direct        │ eth0              │ ← Local
│ 0.0.0.0/0      │ 192.168.1.1   │ eth0              │ ← Everything else
└─────────────────────────────────────────────────────┘

Packet to 192.168.1.50 → Direct delivery (same network)
Packet to 8.8.8.8      → Send to 192.168.1.1 (router)

11.4 Static vs Dynamic Routing

Static Routing

Routes are manually configured by an administrator. 
# Linux: Add static route
ip route add 10.0.0.0/8 via 192.168.1.254

# Windows
route add 10.0.0.0 mask 255.0.0.0 192.168.1.254
Pros:
  • Simple, predictable
  • No routing protocol overhead
  • Full control
Cons:
  • Doesn’t scale (imagine configuring 1000 routes manually)
  • No automatic failover
  • High maintenance
Use Cases:
  • Small networks
  • Stub networks (single exit point)
  • Specific traffic engineering

Dynamic Routing

Routers automatically discover routes and share information using routing protocols. 
Router A ←──routing updates──→ Router B ←──routing updates──→ Router C
   │                              │                              │
   └──────────────────────────────┴──────────────────────────────┘
                    All learn each other's routes
Pros:
  • Automatic failover
  • Scales to massive networks
  • Self-healing
Cons:
  • More complex
  • Convergence time
  • Protocol overhead

11.5 Interior vs Exterior Gateway Protocols

The internet is divided into Autonomous Systems (AS) - networks under single administrative control. 
┌─────────────────────┐         ┌─────────────────────┐
│   AS 65001          │   BGP   │      AS 65002       │
│   (Your Company)    │◄───────►│     (Google)        │
│                     │         │                     │
│  OSPF/EIGRP inside  │         │   OSPF inside       │
└─────────────────────┘         └─────────────────────┘
        ↑                                ↑
        │                                │
     IGP: Routes WITHIN an AS      EGP: Routes BETWEEN ASes
TypeProtocolsUse Case
IGP (Interior Gateway Protocol)OSPF, EIGRP, RIP, IS-ISWithin an organization
EGP (Exterior Gateway Protocol)BGPBetween organizations, internet backbone

11.6 OSPF (Open Shortest Path First)

OSPF is the most common IGP in enterprise networks. Think of it as routers building a shared map of the entire network and then each independently calculating the shortest path to every destination using that map.

How OSPF Works

  1. Neighbor Discovery: Routers find each other using Hello packets (sent every 10 seconds on broadcast networks). If a router stops hearing Hellos from a neighbor for 40 seconds, it declares the neighbor dead and recalculates routes. This is like coworkers checking in with each other — “Are you still here? Good.” If someone stops responding for too long, the team reorganizes without them.
  2. Database Synchronization: Routers share their view of the network using Link-State Advertisements (LSAs). Each router describes its directly connected links and costs. All routers build an identical Link-State Database (LSDB) — a complete map of the network.
  3. SPF Calculation: Each router runs Dijkstra’s shortest-path-first algorithm on the LSDB to compute the shortest path to every destination. This is computationally expensive, which is why large networks are divided into areas.
  4. Routing Table: The results of the SPF calculation populate the routing table with optimal next-hop entries.

OSPF Areas

Large networks are divided into areas to reduce complexity: 
                    ┌─────────────────┐
                    │    Area 0       │
                    │  (Backbone)     │
                    │   ┌───────┐     │
                    │   │Router │     │
                    │   └───┬───┘     │
                    └───────┼─────────┘
                ┌───────────┼───────────┐
                │           │           │
         ┌──────┴────┐ ┌────┴─────┐ ┌───┴──────┐
         │  Area 1   │ │  Area 2  │ │  Area 3  │
         │ (Branch)  │ │ (Branch) │ │ (Branch) │
         └───────────┘ └──────────┘ └──────────┘

OSPF Metrics

OSPF uses cost as its metric, based on bandwidth: 
Cost = Reference Bandwidth / Interface Bandwidth

Default Reference: 100 Mbps

Examples:
- 10 Mbps link:  100/10 = 10
- 100 Mbps link: 100/100 = 1
- 1 Gbps link:   100/1000 = 0.1 → rounded to 1

11.7 BGP (Border Gateway Protocol)

BGP is the routing protocol of the internet. Every ISP, cloud provider, and major network uses BGP. If OSPF is how traffic moves within a single company’s network, BGP is how companies tell each other which IP ranges they own and how to reach them. The global internet routing table has over 900,000 entries, and BGP manages all of them.

BGP Basics

  • Path Vector Protocol: Unlike OSPF (which shares individual link states), BGP routes include the full AS path — the complete list of organizations the traffic must traverse. This allows each network to make policy decisions like “avoid routing through AS64500 because they are a competitor.”
  • AS Numbers: Every organization running BGP has a unique ASN (Autonomous System Number). Google is AS15169, Cloudflare is AS13335, Amazon is AS16509. You can look up any ASN at bgp.he.net.
  • Peering: Organizations agree to exchange routes. This can be settlement-free peering (we both benefit, no money changes hands) or transit (you pay me to carry your traffic to the rest of the internet).

BGP in Action

You → Your ISP (AS100) → Transit (AS200) → Google (AS15169)

BGP Advertisement from Google:
"I have 142.250.0.0/16, reach me via AS-PATH: 15169"

After propagation:
"142.250.0.0/16, AS-PATH: 200 15169"  (at AS100)
"142.250.0.0/16, AS-PATH: 100 200 15169"  (at your ISP's peer)

Why BGP Matters

Multi-homing

Connect to multiple ISPs for redundancy. BGP handles failover.

Traffic Engineering

Control which path traffic takes (incoming and outgoing).

IP Announcements

Tell the internet “this IP range belongs to me.”

Internet Stability

BGP misconfiguration can (and has) broken the internet.

BGP Hijacking

BGP has no built-in authentication. Anyone can announce any prefix. This has led to:
  • YouTube being offline (Pakistan Telecom incident, 2008)
  • Traffic being routed through malicious networks
  • Cryptocurrency theft
Solutions: RPKI (Resource Public Key Infrastructure)

What a BGP hijack looks like at the packet level

Normal state:
  Your ISP's routing table: 208.65.153.0/24 -> AS36561 (YouTube)
  Packets to YouTube follow: Your ISP -> Transit -> YouTube

During Pakistan Telecom hijack (2008):
  Pakistan Telecom announced: 208.65.153.0/24 via AS17557
  This was a MORE SPECIFIC route than YouTube's /22 announcement
  Longest prefix match rule kicked in: /24 beats /22

  Your ISP's routing table: 208.65.153.0/24 -> AS17557 (Pakistan!)
  Packets to YouTube now follow: Your ISP -> ... -> Pakistan -> black hole

  YouTube was unreachable worldwide for ~2 hours.
The fix — RPKI — works like a notarized deed for IP addresses. Each organization cryptographically signs a statement: “AS36561 is authorized to announce 208.65.153.0/22.” Routers that validate RPKI signatures would reject Pakistan Telecom’s unauthorized announcement.
Troubleshooting routing issues: If traffic to a specific destination suddenly stops working or takes a wildly different path, use traceroute to see where packets go. If the path looks wrong (going through unexpected countries or ASes), the cause might be a BGP misconfiguration or hijack. Check bgp.he.net or bgpstream.com for recent BGP announcements affecting that prefix. In cloud environments, always check both the VPC route table and the security group — the most common “routing” problems in AWS are actually missing routes or blocked security group rules.

11.8 Route Summarization (Aggregation)

Instead of advertising many specific routes, advertise one summary: 
Before Summarization:
10.1.0.0/24
10.1.1.0/24
10.1.2.0/24
10.1.3.0/24
(4 routes)

After Summarization:
10.1.0.0/22
(1 route covering all four)
Benefits:
  • Smaller routing tables
  • Faster convergence
  • Less memory/CPU usage

11.9 Routing in the Cloud (AWS VPC Example)

Cloud networks use routing tables extensively:

VPC Route Table Structure

┌─────────────────────────────────────────────────────────────┐
│                         VPC: 10.0.0.0/16                    │
│                                                             │
│  ┌──────────────────────┐    ┌──────────────────────┐      │
│  │   Public Subnet      │    │   Private Subnet     │      │
│  │   10.0.1.0/24        │    │   10.0.2.0/24        │      │
│  │                      │    │                      │      │
│  │  Route Table:        │    │  Route Table:        │      │
│  │  10.0.0.0/16 → local │    │  10.0.0.0/16 → local │      │
│  │  0.0.0.0/0 → IGW     │    │  0.0.0.0/0 → NAT-GW  │      │
│  └──────────┬───────────┘    └──────────────────────┘      │
│             │                                               │
└─────────────┼───────────────────────────────────────────────┘

         Internet Gateway

          Internet

Route Table Entries Explained

DestinationTargetMeaning
10.0.0.0/16localTraffic within VPC, route locally
0.0.0.0/0igw-xxxDefault route to Internet Gateway
0.0.0.0/0nat-xxxDefault route to NAT Gateway
172.16.0.0/12pcx-xxxRoute to VPC Peering Connection
192.168.0.0/16vgw-xxxRoute to VPN Gateway (on-prem)

11.10 Traceroute: See Routing in Action

Traceroute shows the path packets take: 
traceroute google.com

 1  192.168.1.1 (192.168.1.1)  1.234 ms    ← Your router
 2  10.0.0.1 (10.0.0.1)  5.678 ms          ← ISP's first router
 3  72.14.215.85  10.123 ms                ← ISP backbone
 4  108.170.252.129  15.456 ms             ← Google's network
 5  142.250.190.46  18.789 ms Destination

How Traceroute Works

Uses TTL (Time To Live) manipulation:
  1. Send packet with TTL=1 → First router decrements to 0, sends back “Time Exceeded”
  2. Send packet with TTL=2 → Second router decrements to 0, sends back error
  3. Continue until destination reached

11.11 Common Routing Problems

1. Routing Loops

Router A: "To reach 10.0.0.0, send to Router B"
Router B: "To reach 10.0.0.0, send to Router A"

Packet bounces forever (until TTL expires)
Solutions:
  • TTL (limits hops)
  • Split Horizon (don’t advertise routes back where you learned them)
  • Route Poisoning

2. Black Holes

Route exists but destination is unreachable: 
Route: 10.0.0.0/8 via 192.168.1.254
But 192.168.1.254 is down!

Packets sent there are silently dropped.

3. Asymmetric Routing

Request:  A → B → C → D
Response: D → E → A

Traffic takes different paths.
Can cause issues with stateful firewalls.
This is actually common on the internet — your request to Google might go through one set of ISPs, while Google’s response comes back through a completely different path. This is normally fine. But it becomes a problem when a stateful firewall only sees one direction of traffic. If the firewall saw the outbound request on path A-B-C-D but the response comes back via D-E-A (bypassing that firewall), the firewall may drop the response because it does not match any known connection in its state table.
Troubleshooting asymmetric routing: If a connection works from one direction but not the other, or if you see SYN packets going out but no SYN-ACK coming back, suspect asymmetric routing through a stateful firewall. Use traceroute from both ends to see if the paths differ. In cloud environments, check that both the public and private route tables are consistent.

11.12 Key Takeaways

Longest Prefix Wins

More specific routes (longer prefix) always take precedence.

Default Gateway

0.0.0.0/0 is the catch-all route for unknown destinations.

BGP Runs the Internet

Every major network exchange uses BGP to share routes.

Cloud = Software Routing

VPC route tables are just software-defined routing.

Next Module

Module 12: DNS Deep Dive

Master the Domain Name System - the phonebook of the internet.

Interview Deep-Dive

Strong Answer:
  • BGP connects autonomous systems — the independently operated networks that make up the internet. Every route between ISPs, cloud providers, and enterprises is exchanged via BGP. The global routing table has over 900,000 entries, all managed by BGP.
  • BGP is a path vector protocol. Routes carry the full AS path, enabling policy-based routing: prefer a free peering partner over paid transit, avoid a competitor’s network, prefer geographically closer paths.
  • BGP is critical because misconfiguration has global impact. The 2008 Pakistan/YouTube incident, the 2021 Facebook outage (BGP withdrawals made DNS unreachable), and regular smaller incidents demonstrate BGP can break large internet segments in minutes.
  • In cloud architecture, BGP is used for AWS Direct Connect, VPN connections, and Transit Gateway routing.
Follow-up: What is BGP hijacking and how is it prevented?BGP hijacking occurs when a network advertises IP prefixes it does not own. Since BGP has no built-in authentication, any AS can announce any prefix. If an attacker announces a more-specific prefix, longest prefix match routes global traffic to them. Prevention relies on RPKI (Resource Public Key Infrastructure), which uses cryptographic certificates to verify AS authorization for specific prefixes. Routers validate BGP announcements against RPKI and reject unauthorized ones. Roughly 40% of routes are covered by RPKI as of 2025. Additionally, IRR (Internet Routing Registry) filtering provides complementary protection.
Strong Answer:
  • Asymmetric routing means the forward path (A to B) differs from the return path (B to A). On the internet this is common and usually harmless.
  • The problem arises with stateful firewalls that track connection state. The firewall creates an entry when it sees the outbound SYN on path A-B-C. When SYN-ACK returns via D-E-A (bypassing the firewall), there is no matching record and the packet is dropped.
  • In cloud environments this manifests as: multi-AZ traffic entering through one AZ’s LB but exiting through another AZ’s NAT Gateway, Transit Gateway routing divergence, and VPN configurations with different tunnels per direction.
  • To diagnose: traceroute from both ends and compare paths. Solutions include ensuring symmetric paths through the same firewall, disabling state tracking for specific flows, or using firewall clustering with shared state.
Follow-up: How do routing loops happen and what prevents packets from circulating forever?Routing loops occur when routers have incorrect routes pointing at each other. Router A forwards 10.0.0.0 traffic to Router B, which forwards it back to A. The primary defense is TTL (Time To Live), which decrements at each hop. At zero, the packet is discarded with an ICMP Time Exceeded. Routing protocols have loop-prevention mechanisms: BGP rejects routes containing its own ASN in the AS-path, OSPF’s link-state algorithm computes inherently loop-free paths, and distance-vector protocols use split horizon and route poisoning.
Strong Answer:
  • OSPF is an IGP for internal routing. It is link-state: every router builds a complete topology map and runs Dijkstra’s algorithm for shortest paths. Converges in seconds. Selects routes by cost (bandwidth-based).
  • BGP is an EGP for inter-organization routing. It is path-vector: routes carry full AS paths. Selects routes by policy (business relationships, path length). Converges slowly by design to avoid global instability.
  • They commonly work together. OSPF handles fast internal routing; BGP handles border routing with external networks. BGP-learned external routes can be redistributed into OSPF so internal routers know how to reach them. Internal OSPF routes are summarized and advertised via BGP to peers.
  • In AWS, BGP handles Direct Connect and VPN route exchange. Internal VPC routing is AWS’s SDN, not OSPF or BGP.
Follow-up: What happens during OSPF convergence when a link fails?The adjacent router detects the failure (immediately via interface-down or after missing 4 Hello packets, typically 40 seconds). It floods a new LSA with updated topology to all routers in the area. Each router updates its LSDB and re-runs SPF to recompute routes. Total convergence on a tuned network is 1-5 seconds: sub-second detection with BFD, near-instant flooding, millisecond SPF calculation. Large networks divide into areas to limit recalculation scope. Area 0 (backbone) connects all areas, and route summarization at borders reduces processing load.