5

I just can't wrap my head around it.

For example:

alt text

I want the left-most router to be able to ping my computers on the left and vice-versa.

Where would I set up ip route and to what address. I feel like I'm just guessing and don't really understand the concept.

Picture is from Cisco Packettracer.

4 Answers4

25

I made a diagram that may be helpful:

alt text

With regard to static routing, consider the above diagram. We have three separate networks: 192.168.1.0, 192.168.2.0, and 192.168.3.0. At first, network hosts (routers, computers, etc.) can only communicate with other hosts that are on their own network. For instance, the computer named James has a single interface on network 192.168.1.0, so that's the only network that it can 'see'. Initially, it will only be able to communicate with Router A.

Router A has network interfaces on the 192.168.1.0 and 192.168.2.0 networks, so those are the two networks that it can 'see'. These are the only networks Router A 'knows' about, so it can only communicate with hosts on the 192.168.1.0 and 192.168.2.0 networks. So Router A doesn't even 'know' that the 192.168.3.0 network exists. Similarly, Router B can 'see' networks 192.168.2.0 and 192.168.3.0. When you enter a route into the table, you're telling a host that there's a new network it can get to, and you're giving it the address of a gateway that it can use to get to the new network. So to be able to contact Jesus (or any other host on the 192.168.3.0 network) from Router A, you'd enter the command:

ip route 192.168.3.0 255.255.255.0 192.168.2.2
             ^             ^             ^
           network        mask         gateway

This works because Router B can 'see' both Router A and Jesus. Thanks to this routing table entry when Router A wants to reach the 192.168.3.0 network, it knows it can get there via Router B at 192.168.2.2, so it sends the packet to Router B. Router B can see the 192.168.3.0 network directly, so it forwards the packet along to Jesus at 192.168.3.11.

So, now we know how to direct router A to the 192.168.3.0 network. But what if we want James to also be able to reach the 192.168.3.0 network? Well, Router A already knows how to get there, and James can already 'see' Router A, since they're both on network 192.168.1.0. So we can just tell James to use Router A as its gateway to the 192.168.3.0 network. If James were a router instead of a computer, we'd use the command:

ip route 192.168.3.0 255.255.255.0 192.168.1.1
             ^             ^             ^
           network        mask         gateway

James would then be able to contact Jesus (or any host on the 192.168.3.0) network by forwarding the packet to 192.168.1.1 (Router A), which would then forward the packet to 192.168.2.2 (Router B) which would then forward the packet to its destination (Jesus in this case) via its directly connected interface.

Now, for Jesus to be able to respond to James, Jesus would need to have Router B set up as its gateway to the 192.168.1.0 network, and Router B would have to have Router A set up as its gateway to the 192.168.1.0 network. Then, any host on the 192.168.1.0 network would have a path to the 192.168.3.0 network and vice versa.

Hope that helps.

orange_aurelius
  • 531
  • 1
  • 6
  • 6
7

ip route works like ip route <these destination IPS> (via) <this ip> (Don't actually include the word "via"). So the final IP in the command is the next hop those packets should take. This could also be an interface on the router itself instead of an IP of a neighboring router which is commonly used when you have point to point connections. Routers generally only worry about the next hop in their actually routing tables (this gets more complicated with routing protocols, but don't worry about that for now). I don't think I can help you too much without actually IPs. But assuming you mean the computers on the right and the left most router it would be something like:

ip route 192.168.1.0 255.255.255.0 10.10.10.1

If your computers were all in the 192.168.1.0/24 network and 10.10.10.1 was the ip address of the interface on the middle router connected to the left most router. The left most router would need an IP like 10.10.10.2. Then the middle router would probably have 192.168.1.1 on the interface connected to the switch.

Also a good thing to remember with these labs when you start out is not only do the packets need to be routed to the destination, but the replies must be routed back properly for a ping to work.

One more way to wrap your head around this is not to think about routers so much as interfaces and the IPs they have. Routers look at a destination IP address in the packet and forward it to the right interface. The only reason you don't need to specify ip route commands within a router for all the interfaces that exist on the router is that these are entered into the routing table automatically.

Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444
  • Thanks for this post it's really good! One more question, so when I want a router to communicate with another subnet via the middle router, I need to give it the Network address of that subnet? (the first unusable ip address of the subnet) Also, how could I route back the replies? Since ip route is only for routers how can I use that command on each PC? :\ –  Aug 17 '10 at 19:14
  • Routers aren't magic. They're just computers with a very specific purpose. Almost EVERY PC has the potential to route traffic. On Windows, OS X, and most other OSes, you can use the `route` command to set dedicated routes. It works similar to cisco's `ip route`, you tell it a potential subnet of destinations, and what IP the machine should send those packets to. – peelman Aug 17 '10 at 19:18
  • You give the network address and the network mask after it (i.e. the 255.255.255.0 in my example). Each PC will just send IPs to the default gateway if it doesn't exist in its subnet. – Kyle Brandt Aug 17 '10 at 19:25
1

One way I look at routing is that to go inside I have to go in through a door. in this case James want to go into the 192.168.3.0 area. to get in there he must pass through the 192.168.2.2 door. So I must tell the driver(router a) where to go to get to the 192.168.3.0 area by going to the 192.168.2.2 door. Just like James, Johnny needs to find his way to 192.168.1.0 area so he must go through the 192.168.2.1 door and he must tell is driver (router B) to go there. When you have more than two router then it can make more since if you use streets rather than doors. because you would have to include both doors and areas to get to the area that you want to go to. Kind of like you would have to first go to one toll booth and then the other to get to a area.

chloja
  • 11
  • 1
0

If your PINGs do not come back it can be one or more of:

  • netmask mismatch; a double-check of all the netmask settings of the host involved is not time wasted
  • default gateway; is the host that gets the packets that the sender does not how to deliver
  • return path; probably your packets reach the destination, but the destination does not have the correct information on how to deliver back the packets

If you have different routings, apply them on the default gateway, not on the hosts. For instance if you have two offices (say 192.168.1.0/24 and 192.168.2.0/24) connected to the Internet AND with a leased line between them, you can just configure the route on the default gateways of the two LANs.

Imagine that the default gateway on each LAN is x.x.x.254 and the communication equipment of the leased line (a router, but let's forget it) is x.x.x.253 on each LAN

In the Office #1 you have 192.168.1.254 as default gateway on every PC of the LAN; in the default gateway you have a routing instruction like this: ip route 192.168.2.0 255.255.255.0 192.168.1.253 that means "forward all packets with the destination address starting with 192.168.2 to IP address 192.168.1.253 because he knows how to handle the packets"

In the Office #2 you have 192.168.2.254 as default gateway on every PC of the LAN; in the default gateway you have a routing instruction like this: ip route 192.168.1.0 255.255.255.0 192.168.2.253

lrosa
  • 1,657
  • 14
  • 15