routing Table analysis under Windows

At the cmd command line, enter: Netstat-r or route print to view the local routing information. Each route item in the routing table has five properties, where I divide them into four parts: 1, network address (network Destination), Netmask (Netmask): The result of the network address and netmask is used to define the range of network destination addresses that the local computer can reach. Typically, the network destination address range contains the following four types: The host address, the network address of a particular host, and a netmask of 255.255.255.255, as in the table above 6, 7, 9; Subnet address, the network address of a particular subnet, 4, 5 in the table above; Network address, the network address of a particular network, such as 2, 3, 8 in the table above; default route; All network addresses not specified in the routing table, such as 1 in the table above, are described in detail later in this article; When you add a route, Windows requires the network address and netmask to be entered and the result must be equal to the network address, or the route addition will fail. 2, gateways (gateway, also known as the next hop server): When sending IP packets, the gateway defines the next-hop server that the packet is sent to for a specific network destination address. If the local computer is connected directly to a network, the gateway is usually the network interface for the local computer, but the interface must be consistent with the gateway, or, in the case of a remote network or a default route, the gateway is typically a server or router on the network to which the local computer is connected. 3. Interface (INTERFACE): The interface defines the network interface that the local computer uses to send packets for a specific network destination address. The gateway must be in the same subnet as the interface, or else it will cause the routing deadlock to be called when other route items are invoked when this route entry is used. 4, Metric (Metric): The metric is used to indicate the cost of the route, which typically represents the number of hops that are required to reach the destination address, and a hop represents the passing of a router. The lower the metric, the lower the cost of the route, and the higher the metric, the higher the routing cost. When there are multiple route items that reach the same destination network, TCP/IP chooses a route entry with a lower metric. Route determination Process When TCP/IP is required to initiate communication to an address, it evaluates the routing table to determine how the packet is sent. The assessment process is as follows: TCP/IP uses a network mask that requires the destination IP address of the communication and each route entry in the routing table to phase and compute, and if the result matches the network address of the corresponding route entry, the route entry is recorded; When all the route entries in the routing table have been computed, TCP/IP selects the longest matching route in the route entry under the record (a route entry with a maximum of "1" bits in the netmask) to communicate with this destination IP address. If there are multiple longest matching routes, select the route entry with the lowest metric, or if there are multiple longest matching routes with the lowest metric, then: If the response packet is sent, and the source IP address of the packet is the IP address of the interface with the longest matching route, select this longest matching route; In other cases, the network interface corresponding to the longest matching route is determined by the binding priority in the advanced settings of the network connection, as shown in: 　　 Gateway and Interface Determination process After determining which route items are used, the gateways and interfaces are determined in the following ways: If the gateway address in the routing item is empty or is a network interface on the local computer, when the packet is sent: Sent through the corresponding network interface in the routing item; The IP address of the source IP address for this network interface; The MAC address of the source MAC address for this network interface; The destination IP address is the IP address of the destination host receiving this packet; The destination MAC address is the MAC address of the destination host that receives this packet; If the gateway address in the routing item does not belong to any network interface on the local computer, when the packet is sent: Sent through the corresponding network interface in the routing item; The source IP address is the IP address of the corresponding network interface in the routing item; The MAC address of the corresponding network interface in the source MAC address routing item; The destination IP address is the IP address of the destination host receiving this packet; The destination MAC address is the MAC address of the gateway; Here I am based on the above routing table, for example: Communication with unicast IP address 192.168.1.8:1, 3 matches, but 3 is the longest matching route in phase and calculation, so select 3 items. The gateway address for the 3 item is the network interface of the local computer 192.168.1.6, so when the packet is sent, the destination IP address is 192.168.1.8, the destination MAC address is 192.168.1.8 MAC address (obtained through ARP parsing). Communication with unicast IP address 192.168.1.6:1, 3, 6 matches for the phase and calculation, but 6 is the longest matching route, so select 6. The gateway address for the 6 item is the local loopback address 127.0.0.1, so the packet is sent directly to the local loopback address. Communication with unicast IP address 192.168.1.245:1, 3, 4, 5 matches, but 4 and 5 are the longest matching routes at the time of phase calculation, so at this point a selection is made based on the number of hops, 5 has a lower metric, so 5 items are selected; When sending a packet, The destination IP address is 192.168.1.254 and the MAC address of the destination MAC address is 192.168.1.7 (obtained through ARP parsing). Communication with unicast IP address 10.1.1.1: There are only 1 matches in the phase and calculation, and when the packet is sent, the destination IP address is 10.1.1.1 and the MAC address of the destination MAC address is 192.168.1.1 (obtained through ARP parsing). Communication with subnet broadcast address 192.168.1.255:1, 3, 4, 5, 7 matches, but 7 is the longest matching route, so select 7 items when the phase is calculated. The gateway address for the 7 item is the network interface of the local computer, so when the packet is sent, the destination IP address is 192.168.1.255, the destination MAC address is the Ethernet broadcast address FF:FF:FF:FF:FF:FF. Default route vs. Default gateway Because the routing entries that are stored for each host or subnet in the routing table are not available, the concept of a default route is presented, and the gateway in the default route is called the default gateway. The network address of the default route is 0.0.0.0, the netmask is 0.0.0.0, which matches any network traffic, so when a route to a specific host or a specific subnet is not specified in the routing table, it can be forwarded through the default route. If you do not set a default route, you cannot reach the network destination address that is not specified in the routing table. After the default route is set, the routing responsibility of the packet is transferred to the router, with the advantage of simplifying the routing table and configuration on the local computer, and the disadvantage is that the computer cannot specify whether the destination address is reachable, which may send traffic to the unreachable address. Although routers located on the routing path know that the destination address is unreachable, the ICMP Destination address unreachable information is used to notify the original sending host, but in this process, additional network traffic has been consumed. In Windows systems, creating a default route can be done in two ways: Set the default gateway in the TCP/IP option of the network interface to create a default route; Use the route add command to add a default route with a network address of 0.0.0.0 and a netmask of 0.0.0.0; It is recommended that you always use the previous method. 　 　 Configuring multiple Default Gateways You can configure multiple default gateways at the same time on a single network interface, multiple network interfaces, but TCP/IP uses only one default gateway (the default route), which is currently used as the active default gateway (the active default route). When there is no connectivity between the networks to which the different network interfaces are connected (such as when a network interface is connected to the Internet and a network interface is connected to the internal network), configuring the default gateway on multiple network interfaces at the same time may cause connectivity problems (specific issues I will describe later), So Microsoft does not recommend that you configure the default gateway on multiple network interfaces at the same time, and warns you when you make this configuration, but it does not prevent you from doing so. When multiple default gateways are configured, the active default gateway is selected according to the following criteria: When there are multiple default gateways in the routing table, TCP/IP chooses by metric, and the default gateway with the lowest metric has the highest priority; If there is more than one default gateway with the lowest metric in the routing table, TCP/IP is determined by the binding priority of the network interface corresponding to the default gateway in the advanced settings of the network connection, as shown in: 　 　 Dead Gateway Detection TCP/IP detects that the currently active default gateway is alive through the dead Gateway detection algorithm, and if the active default gateway fails, TCP/IP adjusts the routing table in a timely manner, choosing to use the next default gateway, in the same manner as the original, except for the original active default gateway that failed. The complete description of the dead gateway Detection algorithm is as follows: When TCP/IP communicates TCP traffic to a destination IP address through the active default gateway, if the number of failed attempts reaches the TcpMaxDataRetransmissions registry value (which is 5 by default), half (that is, 3 times) has not received a response, tcp/ IP changes the traffic that arrives at that destination IP address to use the next default gateway in the list. When more than 25% of TCP connections move to the next default gateway, TCP/IP modifies the active default gateway to the default gateway currently used by these connections. If the original default gateway replies from a failure at this point, TCP/IP will continue to use the current active default gateway and will not be transferred to the original default gateway unless the computer is restarted. If the current active default gateway also fails, TCP/IP continues to attempt to use the next default gateway in the list, returning to the beginning of the list after the entire list has been tried, and starting with the first default gateway. Dead gateway detection monitors only TCP traffic and does not switch the default gateway if other types of traffic fail. In addition, TCP is an end-to-end protocol, so even if the current default gateway is fully functional, the local computer's TCP communication failure may also cause the default gateway to be switched. When there is no connectivity between the networks to which the different network interfaces are connected (such as when a network interface is connected to the Internet and a network interface is connected to the internal network), if the default gateway is configured at the same time on multiple network interfaces, a connectivity failure can occur when the active default gateway fails to cause the default gateway to be switched. For example, if the active default gateway is an Internet connection and the default network is concerned with an internal connection when it is having problems, the local computer will no longer be able to access hosts on the Internet connection. In this case, Microsoft recommends using route add to add matching routes for the corresponding destination network instead of setting up multiple default gateways.

routing Table analysis under Windows