In the TCP/IP stack, IP is where packet sorting and delivery take place. At this layer, each incoming or outgoing packet is referred to as a datagram. Each IP datagram bears the source IP address of the sender and the destination IP address of the intended recipient. Unlike MAC addresses, the IP addresses in a datagram remain the same throughout a packet's journey across an internetwork unless altered by a network address translator (NAT). IP layer functions are described in the following sections.
Routing is a primary function of IP. Datagrams are handed to IP from the network adapters. Each datagram is labeled with a source and destination IP address. IP examines the destination address on each datagram, compares it to a locally maintained IP routing table, and decides what action to take. There are three possibilities for each datagram:
It can be passed up to a protocol layer above IP on the local host.
It can be forwarded using one of the locally attached network adapters.
It can be discarded.
An entry in a Windows 2000 IP routing table contains the following information:
Network Destination The network ID corresponding to the route. The network destination can be class-based, subnet, or supernet, or an IP address for a host route.
Netmask The mask used to match a destination IP address to the network destination.
Gateway The forwarding or next-hop IP address for the network destination.
Interface The IP address corresponding to the network interface that is used to forward the IP datagram.
Metric A number used to indicate the cost of the route so the best route among possible multiple routes to the same destination can be selected. A common use of the metric is to indicate the number of hops (routers crossed) to the network destination. If two routes have the same Network Destination and Netmask, the route with the lowest metric is the best route.
Routing table entries can be used to store the following types of routes:
Directly Attached Network ID Routes These routes are for network IDs that are directly attached. For directly attached networks, the Gateway IP address is the IP address of the interface on that network.
Remote Network ID Routes These are for network IDs that are not directly attached but are available across other routers. For remote networks, the Gateway IP address is the IP address of a local router in between the forwarding node and the remote network.
Host Routes A route to a specific IP address. Host routes allow routing to occur on a per-IP address basis. For host routes, the Network Destination is the IP address of the specified host and the subnet mask is 255.255.255.255.
Default Route The default route is designed to be used when a more specific network ID or host route is not found. The default route Network Destination is 0.0.0.0 with the subnet mask of 0.0.0.0.
The Route Determination Process
To determine a single route to use to forward an IP datagram, IP uses the following process:
For each route in the routing table, IP performs a bit-wise logical AND between the Destination IP address and the netmask. IP compares the result with the network destination for a match. If they match, IP marks the route as one that matches the Destination IP address.
From the list of matching routes, IP determines the route that has the most bits in the netmask. This is the route that matched the most bits to the Destination IP address and is therefore the most specific route for the IP datagram. This is known as finding the longest or closest matching route.
If multiple closest matching routes are found, IP uses the route with the lowest metric.
If multiple closest matching routes with the lowest metric are found, IP randomly chooses the route to use.
When determining the forwarding or next-hop IP address from the chosen route, IP uses the following procedure:
If the Gateway address is the same as the Interface address, the forwarding IP address is set to the destination IP address of the IP packet.
If the Gateway address is not the same as the Interface address, the forwarding IP address is set to the Gateway address.
The end result of the route determination process is the choice of a single route in the routing table. The route chosen yields a forwarding IP address (the Gateway IP address or the Destination IP address of the IP datagram) and an interface (identified through the Interface IP address). If the route determination process fails to find a route, IP declares a routing error. For a sending host, an IP routing error is internally indicated to the upper layer protocol such as TCP or UDP. For a router, the IP datagram is discarded and an ICMP "Destination Unreachable-Host Unreachable" message is sent to the source host.
Using the Route Tool
You can use the Route tool to view, add, or delete routes in the IP routing table.
Viewing the IP Routing Table
You can use the route print command to view the route table from the command prompt. The following IP routing table is for a Windows 2000 computer with the IP address of 10.1.1.99, a subnet mask of 255.255.255.0, and a default gateway of 10.1.1.1:
0x1 ........................... MS TCP Loopback interface
0x2 ...00 a0 24 e9 cf 45 ...... 3Com 3C90x Ethernet Adapter
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.1.1 10.1.1.99 1
10.1.1.0 255.255.255.0 10.1.1.99 10.1.1.99 1
10.1.1.99 255.255.255.255 127.0.0.1 127.0.0.1 1
10.255.255.255 255.255.255.255 10.1.1.99 10.1.1.99 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
184.108.40.206 220.127.116.11 10.1.1.99 10.1.1.99 1
255.255.255.255 255.255.255.255 10.1.1.99 10.1.1.99 1
The default IP routing table for this Windows 2000 computer contains the following routes:
Default Route The route with the network destination of 0.0.0.0 and the netmask of 0.0.0.0 is the default route. Any destination IP address ANDed with 0.0.0.0 results in 0.0.0.0. Therefore, for any IP address, the default route produces a match. If the default route is chosen because no better routes are found, the IP datagram is forwarded to the IP address in the Gateway column using the interface corresponding to the IP address in the Interface column.
Directly Attached Network The route with the network destination of 10.1.1.0 and the netmask of 255.255.255.0 is a route for the directly attached network. IP packets destined for the directly attached network are not forwarded to a router but sent directly to the destination. Note that the Gateway Address and Interface are the IP address of the node. This indicates that the packet is sent from the network adapter corresponding to the node's IP address.
Local Host The route with the network destination of 10.1.1.99 and the netmask of 255.255.255.255 is a host route corresponding to the IP address of the host. All IP datagrams to the IP address of the host are forwarded to the loopback address.
All-Subnets Directed Broadcast The route with the network destination of 10.255.255.255 and the netmask of 255.255.255.255 is a host route for the all-subnets directed broadcast address for the class A network ID 10.0.0.0. The all-subnets directed broadcast address is designed to reach all subnets of class-based network ID. Packets addressed to the all-subnets directed broadcast will be sent out of the network adapter corresponding to the node's IP address. A host route for the all-subnets directed broadcast is only present for network IDs that are subnets of a class-based network ID.
Loopback Network The route with the network destination of 127.0.0.0 and the netmask of 255.0.0.0 is a route designed to take any IP address of the form 127. x.y.z and forward it to the special loopback address of 127.0.0.1.
Multicast Address The route with the network destination of 18.104.22.168 and the netmask of 22.214.171.124 is a route for all class D multicast addresses. An IP datagram matching this route is sent from the network adapter corresponding to the node's IP address.
Limited Broadcast The route with the network destination of 255.255.255.255 and the netmask of 255.255.255.255 is a host route for the limited broadcast address. Packets addressed to the limited broadcast are sent out of the network adapter corresponding to the node's IP address.
The order of routes in the display of the route print command does not affect the performance of the route determination process.
For example, when this host sends traffic to 10.1.1.72, the route determination process matches two routes; the default route and the directly attached network route. The directly attached network route is the closest matching route because there are 24 bits in the netmask as opposed to 0 bits in the default route. Because the Gateway address and the Interface address for the directly attached network route are the same, the forwarding IP address is set to the destination address 10.1.1.72. The interface on which to forward the IP datagram is identified by the IP address in the Interface column. In this case, the interface is the 3Com 3C90x Ethernet Adapter, which is assigned the IP address 10.1.1.99.
When this host sends traffic to 172.16.48.4, the route determination process matches the default route. Even though there are no bits in the subnet mask of the default route that matched 172.16.48.4, the default route is still a match with the Destination IP address. Because the Gateway address and the Interface address for the directly attached network route are different, the forwarding IP address is set to the IP address in the Gateway column, 10.1.1.1. The interface on which to forward the IP datagram is identified by the IP address in the Interface column. In this case, the interface is the 3Com 3C90x Ethernet Adapter, which is assigned the IP address 10.1.1.99.
The route table is maintained automatically in most cases. When a host initializes, routes for the local networks, loopback, multicast, and configured default gateway are added. More routes might appear in the table as the IP layer learns of them. For instance, the default gateway for a host might advise it (using ICMP) of a better route to a specific host. Routes also can be added manually using the route command, or by a routing protocol.
The -p (persistent) switch can be used with the route command to specify persistent routes. Persistent routes are stored in the PersistentRoutes registry subkey
Windows 2000 introduces a new configuration option for the metric of default gateways. This metric allows better control of which default gateway is active at any particular time. The default value for the metric is 1. A route with a lower metric value is preferred to a route with a higher metric. In the case of default gateways, the computer uses the default gateway with the lowest metric unless it appears to be inactive, in which case dead gateway detection may trigger a switch to the next lowest metric default gateway in the list. Default gateway metrics can be set through advanced TCP/IP configuration options. DHCP servers can provide a base metric and a list of default gateways. If a DHCP server provides a base metric of 100, and a list of three default gateways, the gateways will be configured with metrics of 100, 101, and 102 respectively. A DHCP-provided base metric does not apply to statically configured default gateways.
Most Autonomous System (AS) routers use a protocol such as Routing Information Protocol (RIP) or Open Shortest Path First (OSPF) to exchange routing tables with other routers. Windows 2000 Server includes support for these protocols with the Routing and Remote Access service. Windows 2000 also includes support for silent RIP using the RIP Listener, an optional networking service.
By default, Windows 2000–based systems do not act as routers and do not forward IP datagrams between interfaces. The Routing and Remote Access service is included in Windows 2000 Server and can be enabled and configured to provide full multi-protocol routing services. For more information, see "Routing and Remote Access Service," in the Microsoft ® Windows ® 2000 Server Resource KitInternetworking Guide .
Configuring Routing for Multinetted or Proxy ARP Environments
When using multiple logical subnets on the same physical network, known as multinetting , you need to add routes so that all IP addresses for the locally attached network segment are reachable through direct delivery. For example, if a network segment is using the class C network IDs 192.168.1.0/24 and 192.168.2.0/24 and a host is configured with the IP address of 192.168.2.31, the following route command adds an additional route so that all addresses on 192.168.1.0/24 are reachable:
route add 192.168.1.0 MASK 255.255.255.0 192.168.2.31
You can use the following command to tell IP to treat all subnets as local and to use ARP directly for the destination:
route add 0.0.0.0 MASK 0.0.0.0 < my local ip address >
Thus, packets destined for "non-local" subnets are transmitted directly onto the local media instead of being sent to a router. In other words, the local network adapter can be designated as the default gateway. This can be useful where several class C network IDs are used on one physical network with no router to the outside.
In a proxy ARP environment, a separate device forwards ARP Requests to other segments on behalf of hosts. Just as in a multinetted environment, multiple sets of addresses are directly reachable. Use the route command to add the appropriate routes to the host routing tables.
Duplicate IP Address Detection
Duplicate address detection ensures that an IP address being used by an IP node is unique to the attached network segment. When the stack is first initialized, Windows 2000 sends ARP Requests for the host's own IP address, known as gratuitous ARPs . The number of gratuitous ARPs to send is determined by the value of the ArpRetryCount registry entry (HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters), which defaults to 3. If another host replies to any of these ARP Requests, the IP address is already in use. When this happens, the Windows 2000–based computer still boots. However, IP is disabled for the offending address, a system log entry is generated, and an error message is displayed.
If the host that is using the address is also a Windows 2000–based computer, a system log entry is generated and an error message is displayed on that computer, but its interface continues to operate. Recall that ARP cache entries are updated for ARP Requests received. Therefore, after transmitting the unicast ARP Reply to the offending system, the defending system broadcasts an additional gratuitous ARP Request so that other hosts on the network will maintain the correct mapping for the address in their ARP caches.
You can start a computer using a duplicate IP address while it is not attached to the network, in which case no conflict is detected. However, if you then plug it into the network, the first time it sends an ARP Request for another IP address, any Windows 2000–based computer with a conflicting address detects the conflict and remains operational. If both computers are running Windows 2000, IP remains operational for the duplicate address on both computers. The computer detecting the conflict displays an error message and logs a detailed event in the system log. A sample event log entry is shown as follows:
** The system detected an address conflict for IP address 126.96.36.199 with the system having network hardware address 00:DD:01:0F:7A:B5. Network operations on this system may be disrupted as a result. **
Windows 2000 DHCP–enabled clients perform duplicate IP address detection when the client moves into the DHCP Selecting state. If a duplicate IP address is detected, the DHCP client sends a DHCPDecline message to the DHCP server, and move into the DHCP Initialization state. Upon receipt of the DHCPDecline message, the DHCP server marks the IP address as unusable.
For more information about DHCP messages and DHCP client states, see "Dynamic Host Configuration Protocol" in this book.
When a computer is configured with more than one IP address, it is referred to as a multihomed system. Multihoming is supported in three different ways:
Multiple IP addresses per network adapter.
NetBIOS over TCP/IP (NetBT) binds to only one IP address per network adapter. When a NetBIOS name registration is sent out, only one IP address will be registered per adapter. This registration will occur over the IP address that is listed first in the properties of the TCP/IP protocol for the adapter.
Multiple network adapters per physical network.
There are no restrictions other than hardware.
Multiple networks and media types.
There are no restrictions other than hardware and media support.
When an IP datagram is sent from a multihomed host, the IP route determination process determines the appropriate forwarding IP address and interface. Therefore, the datagram might contain the source IP address of one interface in the multihomed host, yet be placed on the media by a different interface. The source MAC address on the frame is that of the interface that actually transmitted the frame on the media, and the source IP address is the IP address from the sending application, not necessarily one of the IP addresses associated with the sending interface.
When a computer is multihomed with network adapters attached to disjoint network segments, network segments that are separated from each other by IP routers, there are additional routing considerations.
While it is possible to configure a default gateway IP address for each network interface, there is only a single active default route in the IP routing table. If there are multiple default routes in the IP routing table (assuming a metric of 1), then the specific default route to use is chosen randomly when TCP/IP is initialized. This behavior can lead to confusion and loss of connectivity. When you are configuring a computer to be multihomed on two disjoint networks, that you configure a default gateway IP on the interface that is attached to the portion of the IP internetwork that contains the most network segments. Then, either add static routes or use a routing protocol to provide connectivity to remote networks reachable through the other interfaces.
For more information about name registration and resolution and choice of network adapter on outbound datagrams with multihomed computers, see "Transmission Control Protocol," "NetBIOS Over TCP/IP," and "Windows Sockets" later in this chapter.
Classless Interdomain Routing
Windows 2000 provides full support for Classless Interdomain Routing (CIDR), also known as supernetting, described in RFCs 1518 and 1519. Windows 2000 also provides support for the use of the all-zeros and all-ones subnets in accordance with RFCs 1812 and 1878. Verify that other hosts and routers on your internetwork also support CIDR and the use of the all-ones and all-zeros subnets.
Windows 2000 provides full support for IP multicasting, including the ability to send and receive IP multicast traffic, and full support for the Internet Group Management Protocol (IGMP) version 2. For more information on support for IGMP, see "Internet Group Management Protocol" later in this chapter.
IP Over ATM
Windows 2000 introduces support for the sending of IP datagrams over an ATM network. IP over ATM, described in RFC 1577, is known as classical IP over ATM. Windows 2000 TCP/IP also supports IP over ATM LAN Emulation (LANE). For more information on IP over ATM support in Windows 2000, see "Asynchronous Transfer Mode," in the Windows 2000 Internetworking Guide.