Networking / Beginners

Setting Up a Routed Network

If configured with two or more network adapters using the TCP/IP protocol, Windows XP has the ability to serve as a router, and will pass traffic between the two networks. You may want to do this if you have a test network that you want to keep isolated from your office LAN.

Here's how routing works: If Windows receives a data packet whose IP address matches no network interface in the computer, it will try to forward the packet according to its routing table. In general:

  • If the destination address belongs to the subnet of one of the installed network adapters, Windows will send the packet out that adapter (in the context of routing, it's more often called an interface).
  • If the destination address belongs to a subnet that is listed in Windows's routing table, which lists known networks and the interface used to reach them, the packet will be sent to the gateway address associated with the designated interface.
  • If the destination address belongs to no known subnet, Windows sends the packet to the default gateway address.

The trick to making a Windows computer act as a router is to get the computers on the two networks to send it packets destined for the other network.

This can be done in one of two ways. If one of the connected networks has no other outlet-that is, it has no Internet connection and no other routers-you can configure that network with the routing Windows computer's IP address specified as the default gateway. Traffic on that network that is bound for any other subnet will be sent to the Windows router, which will forward it either directly to a connected network, or to its own default gateway. You'll most likely need to configure the computers on this subnet manually, as a computer Internet Connection Sharing or a sharing router would set themselves to be the gateway computer.

It's more difficult to configure a network that has additional connections. In this case you must make an entry in the routing table for each of the computers, to indicate that the routing computer is the gateway for the "other" network. The routing table is modified by running the "route" command-line program while logging on as a computer administrator.

You can print the current routing table by typing the command route print. It will print something like this:

Active Routes:
Network                Netmask        Gateway       Interface  Metric
Destination    20    1    20    20    20    20    1
Default Gateway:

When Windows needs to send a data packet that is destined for some other computer, it first checks to see if the target address is a member of a directly connected subnet. If so, Windows sends the packet directly to the destination computer.

Otherwise, it consults the routing table and compares the intended destination address to entries in the "network destination" column, looking for matches the bits indicated by the network mask.

As an example, if this computer needed to deliver a packet to IP address, it would find one match. This is the entry with netmask Converting these numbers to binary bits, we see that all of the bits corresponding to the 1's in the netmask match:

Target address:	11000000 10101000 00000000 1100100

Route entry: 	11000000 10101000 00000000 0000000

Netmask:	11111111 11111111 11111111 0000000

The most specific match is chosen; that is, the match with the most number of bits in the network mask. If several routes match, the one with the lowest metric (the greatest speed) is chosen. The entry is the default route used if no other entry matches.

When a route entry has been chosen, Windows sends the packet to the associated gateway address, and it's that device's job to get the packet where it's going. (On a network that's connected to the Internet, the default gateway is usually the address of an Internet connection or a sharing router; this sends packets for all but local IP addresses to the router and eventually to your ISP.)

Now, what this means is that computers on a network that has an Internet router as their default gateway will need a specific route table entry added in order to send data destined for an additional local network to the Windows routing computer. The command will take this form

route add destination_net mask network_mask gateway_address

where destination_net is the subnet address of the secondary private network, network_mask is the subnet's network mask, and gateway address is the IP address of the Windows routing computer as seen by the computer whose routing table you are updating. In the example we presented earlier, the command would be

route -p add mask

With the -p option, the Route command is persistent and the entry will remain even after the computers are rebooted. This command would need to be issued on all of the computers on LAN 2 except the routing computer, which already knows that it can send data to LAN 1 directly.

[Previous] [Contents] [Next]