Windows Gateway details [Understand the importance of the gateway, increase network performance] [FreexPloit comprehensive text]

xiaoxiao2021-04-07  312

Understand the routing table and default gateway in Windows

Each Windows system has an IP routing table, which stores the network destination address range of the local computer and how to reach routing information. The routing table is the basis for TCP / IP communication. Any TCP / IP communication on the local computer is controlled by the routing table.

Understand routing table

You can run Route Print or NetStat -r to display routing tables on your local computer, as shown below:

C: / Documents and Settings / Administrator> Route Print

============================================================================================================================================================================================================= ==================================00............. ..... MS TCP loopback interface 0x10003 ... 00 50 8D 4F 5F C5 ... realtek RTL8139 / 810X Family Fast Ethernet NIC ================= ============================================================================================================================================================================================================= ======================================================================================================================================================== ========================================== Active Routes:

Network Destination Netmask Gateway Interface Metric 1 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 30 2 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 3 192.168.1.0 255.255.255.0 192.168.1.6 192.168.1.6 30 4 192.168 .1.240 255.255.255.240 192.168.1.8 192.168.1.6 20 5 192.168.1.240 255.255.255.240 192.168.1.7 192.168.1.6 15 6 192.168.1.6 255.255.255.255 127.0.0.1 127.0.0.1 30 7 192.168.1.255 255.255.255.255 192.168.1.6 192.168.1.6 30 8 224.0 192.168.1.6 192.168.1.6 30 9 255.255.255.255 192.168.1.6 19255 192.168.1.6 19255 192.168.1.6 19255 192.168.1.6 19255 192.168.1.6 19255 192.168.1.6 19255 192.168.1.6 192.168.1.6 1DEFAULT GATEWAY: 192.168.1.1 ============= ============================================================================================================================================================================================================= ============ Persistent Routes: NONE

Each routing item in the routing table has five properties, here I divide them into four parts:

1, Network Destination, Network Mask: The result of network addresses and network masks is used to define the network destination address of the local computer to reach. Normally, the network destination address range contains the following four:

Host address; network address of a particular host, network mask is 255.255.255.255, as 6, 7, 9 in the above table, subnet address, network address of a particular subnet, 4, 5 in the above table; Network address; network address of a particular network, 2, 3, 8 in the table; default route; all network addresses not specified in the routing table, 1 in the above table, will be described in detail later;

When you add a route, Windows requires the result that the network address of the input and the network mask must be equal to the network address, otherwise the route addition will fail.

2, gateway (Gateway, also known as a next hop server): When sending an IP packet, the gateway defines the next hop server sent to the specific network destination address and the packet. If it is a network directly connected to the local computer, the gateway is usually a network interface corresponding to the local computer, but the interface must be consistent with the gateway; if it is a remote network or default route, the gateway is usually a local computer connected to a network. Server or router. 3. Interface: The interface defines the network interface for transmitting the packet for a particular network destination address. The gateway must be in the same subnet as the interface, otherwise it is possible to call other routing items when using this route, which may cause the routing deadlock.

4, METRIC: The number of hops is used to point out the cost of routing, usually the number of hops required to reach the target address, and a hop represents a router. The lower the number of jumps, the lower the routing cost; the higher the number of hops, the higher the cost of the representative routing. When there are multiple networks that reach the same object, TCP / IP selects a routing item with a lower hop number.

Routing determination process

When TCP / IP needs to be communicated with an IP address, it evaluates the routing table to determine how to send a packet. The evaluation process is as follows:

TCP / IP uses the network mask using the network mask of each routing IP address and routing table required to communicate. If the result is matched to the network address of the corresponding routing item, the route item is recorded; After all the routing items in the full path, the longest matching route in the routing in the TCP / IP selection record (the routing item having the maximum "1" bit in the network mask) is communicated with this destination IP address. If there is a plurality of longest matching routes, select the routing item with the minimum hop number; if there is a maximum matching route with the minimum hop number, then:

If it is an IP address that transmits a response packet, and the source IP address of the packet is an IP address of the interface of a longest matching route, then select this maximum matching route; other cases depending on the network interface corresponding to the longest matching route The bind priority in the advanced setting of the network connection is determined, as shown in the following figure:

Gateway and interface determination process

After determining the route item used, the gateway and the interface determine in the following way:

If the gateway address in the routing item is empty or a network interface on the local computer, then when the packet is sent:

Send it through the corresponding network interface in the routing; the source IP address is the IP address of this network interface; the source MAC address is the MAC address of this network interface; the destination IP address is the IP address of the destination host that receives this packet; destination MAC address To receive the MAC address of the destination host of this packet; if the gateway address in the routing item does not belong to any network interface on the local computer, then when the packet is sent:

Send it through the corresponding network interface in the routing; the source IP address is the IP address of the corresponding network interface in the routing item; the source MAC address routing the MAC address of the network interface; the destination IP address is the IP of the host host that receives this packet Address; destination MAC address is the MAC address of the gateway;

Here I found the above routing table, for example:

And unicast IP address 192.168.1.8 Communication: When performing phase and calculation, 1, 3 match, but 3 items are longest matching routes, so 3 items are selected. The 3 items are the network interface 192.168.1.6 of the local computer, so when sending a packet, the destination IP address is 192.168.1.8, the destination MAC address is a MAC address of 192.168.1.8 (obtained by ARP). And communications in unicast IP address 192.168.1.6: When performing phase and calculation, 1, 3, 6 items match, but 6 items are longest matching routes, so 6 items are selected. 6 gateway addresses are local loopback addresses 127.0.0.1, so send packets directly to the local loopback address. Communication with unicast IP address 192.168.1.245: When performing phase and calculation, 1, 3, 4, 5 items, but 4, 5 is the longest matching route, so according to the number of hop points, 5 The item has a lower number of hops, so select 5; when sending the packet, the destination IP address is 192.168.1.254, the destination MAC address is a MAC address of 192.168.1.7 (obtained by ARP parsing). Communication with unicast IP address 10.1.1.1: When performing phase and calculation, only 1 match; when sending a packet, the destination IP address is 10.1.1.1, the destination MAC address is 192.168.1.1 MAC address (via ARP) Analysis is obtained). And subnet broadcast address 192.168.1.255 Communication: When performing phase and calculation, 1, 3, 4, 5, 7 match, but 7 items are longest matching routes, so selection 7 items. The 7 items are the network interface of the local computer, so the destination IP address is 192.168.1.255 when sending a packet, and the destination MAC address is Ethernet broadcast address FF: FF: FF: FF: FF: FF. Default route and default gateway

Since the routing items for each host or subnet are stored in the routing table, the concept of default routing is proposed, and the gateway in the default route is called the default gateway. The network address of the default route is 0.0.0.0, the network mask is 0.0.0.0, which matches any network communication, so when the route to a particular host or a specific subnet is not specified in the routing table, it can pass the default route. Forward. If you do not set the default route, you cannot reach the address of the network destination of the route item in the routing table.

After setting the default route, hand over the route responsibility of the packet to the router, the advantage is that the routing tables and configurations on the local computer are simplified. The disadvantage is that the computer cannot be clear whether the destination address can be reached, so that the traffic for non-reachable addresses may be transmitted. Although the router located on the routing path knows that the address of the ICMP destination address is unreachable when the destination address is unreachable, the additional network traffic has been occupied during this process.

In the Windows system, create default routes can be implemented in two ways:

Set the default gateway in the TCP / IP option of the network interface to create default routes; add the network address from 0.0.0.0 using the route add command, the network mask is 0.0.0.0 default routes;

It is recommended that everyone always uses the previous way.

Configure multiple default gateways

You can configure multiple default gateways simultaneously on a single network interface, multiple network interfaces, but TCP / IP simultaneously uses only one default gateway (default route), this current default gateway is called the active default gateway (activity default route ). When there is no connection between the network connected by different network interfaces (such as a network interface to the Internet, a network interface is connected to the internal network), configuring the default gateway simultaneously on multiple network interfaces may bring connectivity issues (I will describe it later), so Microsoft does not recommend that you simultaneously configure the default gateway on multiple network interfaces, and warnings when you do this configuration, but you will not prevent your operation. When configuring multiple default gateways, the active default gateway will be selected according to the following conditions:

When there is a plurality of default gateways in the routing table, TCP / IP is selected according to the number of hops, and the lowest default gateway with the number of hops has the highest priority; if there is a plurality of default gateways with minimum hop number in the routing table, then TCP / IP is determined by the binding priority in the high-level setting of the network connection according to the default gateway, as shown below:

Dead gateway detection

TCP / IP will detect whether the default gateway of the current activity is survived by the dead gateway detection algorithm. If the active default gateway fails, TCP / IP will adjust the routing table in time, select the next default gateway, select mode, and the original method, Just exclude the original activity default gateway that has occurred.

The complete description of the dead network detection algorithm is as follows:

When TCP / IP performs TCP communication with a target IP address through the active default network, if the number of attempts to achieve the TCPMaxDataRetransmissions registry value (ie 3 times) has not received a response, TCP / IP will reach the communication of the target IP address to the next default gateway in the list. When more than 25% of TCP connection turns to the next default gateway, TCP / IP modifies the active default gateway to these connections currently used by the default gateway.

If the original default gateway replies from the fault, TCP / IP will continue to use the current active default gateway without transferring to the original default gateway unless the computer is restarted. If the current activity default gateway also fails, TCP / IP will continue to try to use the next default gateway in the list, and will return to the beginning of the list after trying the full list, and starts from the first default gateway .

Dead gateway detection only monitors TCP traffic, and if other types of traffic connections fails, the default gateway will not be switched. In addition, TCP is an end-to-end protocol, so even if the current default gateway is completely normal, the TCP communication failure of the local computer may also cause the default gateway.

When there is no connection between the network connected to different network interfaces (such as a network interface to the Internet, a network interface is connected to the internal network), if the default gateway is configured simultaneously on multiple network interfaces, appears in the active gateway The fault causes a connection failure when switching the default gateway. For example, the active default gateway is an Internet connection. When it occurs a problem, the default network is switched to internal connection. At this point, the local computer will not be able to access the host located on the Internet connection. For this case, Microsoft recommends using Route Add to add a matching route of the corresponding destination network, rather than setting multiple default gateways.

MSDN's article

Default gateway behavior of Windows TCP / IP

The TCP / IP host can use the following method to arrive at the remote target:

• Store host-specific routes for each remote destination. This is obviously not practical or not, because the router table may have to include thousands or even millions (for Internet). The host routing table must be changed when adding a new address or deleting an address. • Store network routes for each remote subnet. Although this method is more feasible, it is not practical because the router table may still have hundreds or tens of thousands of routes. The host routing table will have to change when adding a new subnet or deleting a subnet. • Store a single default route that can effectively summarize all locations that are not in local subnet. This method is practicable, only single route, and does not need to be changed when adding or deleting nodes or subnets from the network. By using the default route, cognition for network topology and achievable destination will be loaded into the router, not the responsibility of the host. The advantage of this approach is that it is easy to configure, and the disadvantage is that the host may send traffic for unacceptable addresses. When this happens, a router in the path to the target address will use a ICMP Destination Unreachable-Host Unreachable (ICMP destination address unreachable-host is not reaching) information to send the host.

The default gateway setting for creating default routes in the IP routing table is an important part of the TCP / IP host configuration. The default gateway is to provide next hop IP address and interface for all destinations that are not on its subnet. If there is no default gateway, communication with the remote destination address cannot be performed unless additional route is added to the IP routing table.

Default gateway configuration

You can configure a default gateway on a computer running Windows XP or Windows Server 2003 in the following ways:

• When using DHCP to get the IP address configuration, the default gateway has become the value of the first IP address in the "Router DHCP" option; the "Router DHCP" option can be configured on the DHCP server. Specify an ordered list of one or more default gateways. • When using a user-configured alternate configuration to obtain an IP address configuration, the default gateway is the IP address specified in the default gate field on the Alternate Configuration tab of the Internet Configuration (TCP / IP "component attribute in Network Connection. . You can specify only a single default gateway. • When manually specifying an IP address configuration, the default gateway is typed in the default gate field on the General Tab of Internet Connection Protocol (TCP / IP) property. To specify multiple default gateways, you must add it from the IP Settings tab in the Internet Connection Protocol (TCP / IP) advanced property.

When you use Automatic Private IP Addressing, APIPA to get the IP address configuration, the default gateway is not configured. APIPA is only available for a single subnet.

The default gateway configuration will create a default route in the IP routing table. The destination of the default route is: 0.0.0.0, the subnet mask is: 0.0.0.0. In the network prefix representation, the default route is: 0.0.0.0/0, sometimes abbreviated as: 0/0. The next hop address, the gateway address in the route print command is set to the IP address of the default gateway. The next hop interface is the interface of the assigned address in the interface column of the ROUTE PRINT command.

Based on the routing determination program, the default route matches all destination. If there is no more matching route for the target address, use the default route to determine the next hop address and interface. The default routing traffic is the traffic sent to the remote network to the default gateway (instead of traffic to the IP address of the default gateway).

For more information on the route determination process, see Understanding the IP Routing Table (Cable Guy December 2001). Default routing

By default, the TCP / IP of Windows XP and Windows Server 2003 automatically calculates the default routing measure based on the speed of the adapter configured by the default gateway. For example, for an Ethernet adapter of a 100 Mbps, the default routing metric is set to 20, and for a 10 Mbps Ethernet adapter, the default routing metric is set to 30.

To change this behavior of the default gateway allocated by DHCP, you can use the Router Metric Base Microsoft-Specific DHCP option. To change this behavior of the manual configuration, you can clear the TCP / IP gateway on the IP Settings tab in the "IP Settings" tab of the "Internet Connection Protocol (TCP / IP" advanced property Automatic metric check box on the address dialog. The TCP / IP Gateway address dialog is shown below.

Configure multiple gateways

If you have multiple interfaces and configure a default gateway for each interface, the default measurement based on the interface speed will result in the fastest interface for the default gateway. This may be desirable in some configurations that the computer is connected to the same network. For example, if you have a 100 Mbps Ethernet adapter and a 10 Mbps Ethernet adapter, they connect to the same organization's intranet (Enterprise Inline), you will want to use 100 Mbps adapters to send the default gateway.

However, this default behavior may be problematic when the computer is connected to two or more disgical networks (i.e., network layers do not provide a symmetry reachableability). The symmetry is only protected when the packet can be transmitted and received from any destination. For example, the PING tool can be used to test symmetry.

Examples of the dispersion network are as follows:

• There is no network connection network, such as an organization's intranet and test lab network, which are not used to forward packets of routers. The computer can connect to these two networks simultaneously, but if there is no route to these two networks, and connect their computers without forwarding the packet, then these two networks are dispersed. • A dedicated intranet with a route connection to the Internet. In this case, there is a non-symmetric or unidirectional degree; the Intranet host can send a packet from the dedicated IP address, but the return traffic cannot be delivered because the route used for the dedicated address space is routed in the Internet. There is no existence.

When the organization uses the following configuration, the connection performance for the dispersion network will become important:

• Use a proxy server (such as Microsoft Internet Security and Acceleration (ISA) Server 2000) or a Network Address Converter (NAT) to connect its dedicated intranet to the Internet. In either case, regardless of whether the organization is being used is dedicated addressing or public addressing, the Intranet's address space is not directly touching the Internet host. The intranet host can access the Internet through the proxy or conversion function, but the Internet host cannot directly access any intranet location. Thus, there is no symmetricality between them. This is the common configuration of the Internet connection provided to their employees. • Use the Virtual Dedicated Network (VPN) server to allow remote users or remote sites to connect to dedicated Intranet through the Internet. Although the VPN server is connected to the Internet and a dedicated intranet, and acts as a router, the packet filter configuration on the Internet interface prevents it from accepting any VPN-based traffic. If the authenticated VPN connection is not authenticated, the Internet host cannot directly reach the Intranet location. Since the TCP / IP protocol uses only a single default route in the routing table for the default routing traffic, the default gateway configured on multiple interfaces connected to the dispersion network may result in unnecessary results.

For an example of an ISA or VPN server, the default routing traffic is either forwarded to the Internet, or forward to intranet, but does not forward to both networks at the same time. From the perspective of the ISA or VPN server, all locations on the Internet are touched, or all locations on the intranet are touched, but they cannot touch simultaneously. However, the IAS or VPN server requires all locations on the Internet and intranet to achieve simultaneous symmetry can be operated correctly.

When configuring the default gateway on multiple interfaces, select the default route for the current usage will be based on the following conditions:

• Windows XP and Windows Server 2003 select the default route with a minimum measure when there are multiple default routes with different metrics in the routing table. If the adapter has a different speed, the adapter with the highest speed has the lowest measure by default, so it will be used to forward the default routing traffic. • TCP / IP of Windows XP and Windows Server 2003 will use the default route corresponding to the adapter with the adapter with the highest level of the binding order. You can view and modify the binding order on the Adapter and Binding tab in the Advanced Settings dialog box of Network Connections, as shown below.

In order to prevent dispersion networks from being unachable, you must complete the following steps on the ISA or VPN server:

• Configure a default gateway on an interface to which you have a network with a maximum route number. In most dispersion networks, the network with the most routed quantity is an Internet. • Do not configure the default gateway on any other interface. Instead, you should use a static route or a dynamic routing protocol to summarize the address of other dispersion networks to a local IP routing table.

For example, assume that an ISA server is connected to the Internet and a dedicated Intranet. This dedicated Intranet uses a dedicated IP address space. To configure this server so that all addresses on the two distribution networks can be reached for the ISA server, you need to complete the following steps on the ISA server:

• Configure a default gateway on an adapter connected to the Internet. This will create a default route pointing to the Internet so that all Internet is accessible. • With the Route tool, the adapter connected to the intranet is used as a persistent static route to add 10.0.0.0.0.0/8, 172.16.0.0.0/12 and 192.168.0.0/16 routes. This will create routing for all dedicated Intranet addresses, making all intranet locations. This example adds a static route. You can also configure the ISA server as a "Routing Information Protocol (RIP)" or "Open Shortest Path Priority (OSPF)" dynamic router so you don't have to summarize the entire private IP address space, but based on the current INTRANET routing topology from IP Dynamically add or delete a subnet-specific route in the routing table. To use RIP or OSPF, you can configure the Routing and Remote Access service.

Failure gateway detection

The failure gateway detection is used by Windows TCP / IP to detect the fault of the default gateway, and for adjusting the IP routing table to use the next default gateway in the case where multiple default gateways are configured.

When the TCP network segment of a TCP connection forwarded by the default gateway is retransmitted three times (default), the failure gateway detection changes the routing cache item of the remote IP address, so that the list is used in the list A default gateway is the next hop address. RCE is an entry in the routing table for storing the next hop IP address of the destination.

When the quarter by the default gateway, the TCP connection of the default gateway is adjusted to the next default gateway, the failure gateway detection will notify the IP to change the computer's default gateway to the gateway that is being used. If the TCP connection continues to fail, the invalid gateway detection will try to use the next default gateway in the list, and will return the first default gateway after trying a complete list.

The failure gateway detection only monitors TCP traffic. If the connection of other types of traffic fails, the default gateway will not be switched. The failure gateway detection may cause the default gateway configuration to change when a remote router fails. A remote router that has failed between the host and the destination can also cause the TCP connection that is forwarded along the path fail and causes the host to switch its default gateway. Since the failure gateway detects the protocol (such as: TCP), the host may also switch its default gateway even if the current default gateway is completely normal.

Description of Auto Hop Counting Functions in Internet Protocol Routing

Overview