Reading the Routing Table
Although the concept of IP routing is simple, the details are sometimes difficult to grasp. But take heart! You needn't be a computer guru to gain a working knowledge of the subject.
There is no way any computer can know the location of every other computer in the world. However, the Internet works on the principle that a given computer can reach any computer it needs to. This sounds like an unsolvable dilemma, but the real computer gurus worked out a simple way to make it work. Because they did, you can quickly reach a far-away computer even when you don't know where it is. Their solution: Any network connection has a very limited number of choices to make when it sees a packet. It can ignore it, accept it, or pass it along. That's it!
The "pass it along" part is where the Gateway Address comes in. When the machine decides it should pass the packet along, it sends it to the Gateway Address. Very few networks exist entirely on their own, with no access to or ingress from outside computers. Thus, most networks contain a computer with more than one network connection; it's connected to another network as well as to the local network. This computer is, of course, the logical place for the Gateway.
In a sense, that's all the Internet is: a series of individual networks, each with one or more Gateway Addresses. When you connect to a web server, your packets might pass through many other networks. All those networks need to know is where to send the packets that aren't accepted or ignored.
When setting up WinProxy on your local network, the WinProxy machine's IP address becomes the Gateway Address on each of the network's client machines. Thereafter, when an application on a client machine sends out a packet, it sends it using the tcp/ip stack on that machine. Unless other rules govern where the packets should be sent (see immediately below), the stack sends the packet to the WinProxy machine.
Every machine with tcp/ip has a route table, a series of rules that tell the tcp/ip stack what to do with each packet it sees. These packets might come across the network, or they might come from local applications to be sent over the network. The route table is human-readable, so you can take a look to see what rules your machines are using to handle packets. To see a machine's route table, open up a DOS prompt and type: route print.
Below you'll see a route table from a Windows 95 machine. It has a network card with IP address 90.0.0.1 and subnet mask 255.255.255.0. WinProxy is installed (you can't tell this from the route table) and the machine is not currently connected to the Internet (you can tell this from the route table):
| Network Address | NetMask | Gateway Address | Interface | Metric |
|---|---|---|---|---|
| 90.0.0.0 | 255.255.255.0 | 90.0.0.1 | 90.0.0.1 | 1 |
| 90.0.0.1 | 255.255.255.255 | 127.0.0.1 | 127.0.0.1 | 1 |
| 90.255.255.255 | 255.255.255.255 | 90.0.0.1 | 90.0.0.1 | 1 |
| 127.0.0.0 | 255.0.0.0 | 0255.0.0.01 | 0255.0.0.01 | 1 |
| 224.0.0.0 | 224.0.0.0 | 90.0.0.1 | 90.0.0.1 | 1 |
| 255.255.255.255 | 255.255.255.255 | 90.0.0.1 | 0.0.0.10 | 1 |
Each line constitutes a routing rule. When the tcp/ip stack decides where to send packets, it looks through the routing table and uses the following priorities:
- Testing TCP/IP connectivity
- If there is an exact match for the IP addresses, use that rule. If not, then:
- If there is a match for the network address, use that rule. If not, then:
- If there is no match, use the default Gateway.
A word about what each column means:
- Network Address
- is checked for a match to the destination address in the packet IP header. Entries in this column can be individual addresses, network addresses, or gateways. Let's say a packet arrives addressed to 90.0.0.3. The first check is to see if 90.0.0.3 is in the network address portion of the table. If so, it's an exact match for a unique network connection, and the tcp/ip stack uses the rest of the line to specify what is done with that packet. If not, it looks to see if there is a match for the network address (don't be confused by this unfortunate double use of the term "network address"). There is a 90.0.0.0 entry, so it follows the rule for packets which are addressed to the 90.0.0.x network and which do not have an exact match in the table.
- NetMask
- is used in much the same way as the Subnet Mask, though it isn't precisely the same thing. It tells you which part of the network address is important for the match.
- Gateway Address
- is where packets are sent that match the rule.
- Interface
- is which network connection to use when sending to that address.
- Metric
- is the number of hops (a journey from one computer host to the next) to fulfill the rule. If it happens that two rules match, then the one with fewer hops is chosen. The metric becomes quite important on large Internet routers, but is less so on small local networks.
Now lets look at some individual entries. There are three individual addresses listed in the route table (take a look at the NetMask column-a netmask of 255.255.255.255 means that "every single bit of the network address must be considered for a match"-i.e., an individual address). 90.0.0.1 is the address of the network card on this machine. 90.255.255.255 is a special purpose address used for broadcasts to the 90.x.x.x network. 255.255.255.255 is a special-purpose limited broadcast. Neither of the last two are much used.
There are three network addresses in the list: 90.0.0.0,127.0.0.0, and 224.0.0.0. The first is the network to which 90.0.0.1 belongs; the second is a special-use address for local loopback (in particular, the address 127.0.0.1 is defined as the local loopback address, and means "this machine right here." When used on any machine anywhere, it always means "this machine right here that I'm running on right now." The last, 224.0.0.0, is a reserved number for multi-casting. It's not much used presently, but will become more important with future technologies.
How does the machine use these? There are three entries of interest to us. The first is the individual address, 90.0.0.1. The Gateway Address of 127.0.0.1 tells you that any packet with that destination is intended for this machine, right here, right now. Any packet arriving with that address is available to the application level on that machine.
The local network address is 90.0.0.0. A packet from an application on the local machine addressed to any address in the 90.0.0.x group (except for 90.0.0.1) is passed on to the network card. A packet from the network with one of those addresses (since it came through the 90.0.0.1 address) is ignored.
The way the 127.0.0.0 address is written, with the netmask 255.0.0.0, implies that this machine will respond to any address in the 127.x.x.x range, not just the loopback address. If you give it a try, you'll see that it does just that.
And one last bit of info about what isn't in the route table. There is no gateway address, which can be confusing since there is a Gateway Address column; however, no entry in the table tells the computer what to do when the other rules fail. Since this machine only has one network address, and there is no other access to another network, there is no need for a gateway rule. The next table shows you what a gateway rule looks like.
The following example shows a route table after the WinProxy machine is connected to the Internet:
| Network Address | Netmask | Gateway Address | Interface | Metric |
|---|---|---|---|---|
| 0.0.0.0 | 0.0.0.0 | 207.21.140.5 | 207.21.140.5 | 1 |
| 90.0.0.0 | 255.255.255.0 | 90.0.0.1 | 90.0.0.1 | 2 |
| 90.0.0.1 | 255.255.255.255 | 127.0.0.1 | 127.0.0.1 | 1 |
| 90.255.255.255 | 255.255.255.255 | 90.0.0.1 | 90.0.0.1 | 1 |
| 127.0.0.0 | 255.0.0.0 | 127.0.0.1 | 127.0.0.1 | 1 |
| 207.21.140.0 | 255.255.255.0 | 207.21.140.5 | 207.21.140.5 | 1 |
| 207.21.140.5 | 255.255.255.255 | 127.0.0.1 | 127.0.0.1 | 1 |
| 207.21.140.255 | 255.255.255.255 | 207.21.140.5 | 207.21.140.5 | 1 |
| 224.0.0.0 | 224.0.0.0 | 207.21.140.5 | 207.21.140.5 | 1 |
| 224.0.0.0 | 224.0.0.0 | 90.0.0.1 | 90.0.0.1 | 1 |
| 255.255.255.255 | 255.255.255.255 | 207.21.140.5 | 207.21.140.5 | 1 |
Windows rewrites this route table after every dial-up connection. We've added a few touches to help you decipher what's going on. The entries that are carried over essentially unchanged from the unconnected version are in italics. Those in regular type are the new special-purpose entries that we'll just ignore for now since they don't affect normal operation. The entries we're really interested in, the new ones, are in boldface.
As you can see, this machine now has two network addresses, 90.0.0.1 and 207.21.140.5. See the 127.0.0.1 entries in the Gateway Address column? That's how you know. That number indicates a local loopback, meaning "this computer right here." The entry in the "gateway address" column is where the computer is to send a packet that matches the rule. A packet addressed to 90.0.0.1 is an exact match; look in the gateway column to see what to do with it; find 127.0.0.1, and "Aha! its for me!"
Or do it in reverse order. Glance down the gateway column, looking for the "You are Here" signs-the loopback address. Every time you see the magic loopback address, look over to the network address column, and you'll see 90.0.0.1 and 207.21.140.5.
Since that second address wasn't there before, you know a dynamic address was assigned when you connected to the ISP. There are a couple of simple new rules, and one important one. The simple rules are: anything addressed to the 90.0.0.0 network goes to the 90.0.0.1 network connection, and anything addressed to the 207.21.140.0 network goes to the 207.21.140.0 network connection. That seems simple enough. The very first line, though, changes the behavior quite a bit. The Network Address of 0.0.0.0 translates roughly as "any address." This is the gateway rule. If a packet destination doesn't match an individual address in the table, and if it doesn't match a network address, it must still match this rule. Any address not otherwise specified will be sent to the 207.21.140.5 network connection.
So, when WinProxy sends a packet to a machine at, say, 188.3.2.1, the stack sends the packet to the 207.21.140.5 network connection. That address is part of your ISP's network, and somewhere on that network is another machine with a gateway address, so that packet will just keep on going, from gateway to gateway, until it arrives at its intended destination.
This information is useful because, at the least, it illustrates the importance of DNS. As you can see, there are no names in the route table; there isn't even a place for names. When one of your applications uses a name (such as http://www.excite.com) it must first be converted to an IP address before packets can be sent.
Another thing you'll notice is that when a computer is part of two different networks-as your WinProxy computer is-there must be a clear distinction between the two networks. If not, the tcp/ip stack will be sending packets to heaven-knows-where. You cannot have the two address on your WinProxy machine be part of the same network.
What else do you look for? It's possible that your local network is a subset of your ISP's network, differentiated only by a different subnet mask. If that is the case, you'll need to change one or the other... .guess which one.
Most of the time, people with a simple, single local network won't need to look at the route list to help trouble-shoot a connection problem. It's most often used by those who oversee multiple networks. If that's your situation, study the route table to be sure that packets have a route to the Internet and that return packets can proceed along an unambiguous path back to the originating computer.
The most common problem with multiple networks occurs when using dial-up connections. After carefully setting up your networks and making sure that every machine can ping every other machine, you may find that, when the WinProxy machine dials in, other networks are suddenly unable to connect. The subnet farthest away from the proxy machine will seem to be unable to ping anybody; what is actually happening is that the ping is going to the correct place, but the answer to the ping is being sent out the new gateway instead of back to the originating machine. This holds true for all types of tcp/ip communication, of course. The fault lies with Windows' rewriting your table and "helpfully" supplying a new gateway for you.
We call this "the vanishing subnet" problem, and provide a feature in WinProxy to correct it (RouteList, found under the Dial-Up Setup Tab). On NT machines only it can be fixed via a new persistent route addition to the route table, providing a return path from the WinProxy machine to the vanishing subnet.
