Default gateway
A default gateway in computer networking is the node that is assumed to know how to forward packets on to other networks. Typically in a TCP/IP network, nodes such as servers, workstations and network devices each have a defined default route setting, (pointing to the default gateway), defining where to send packets for IP addresses for which they can determine no specific route. The gateway is by definition a router.
Overview
In a home or small office environment, the device, such as a DSL router or cable router that connects the local network to the Internet will act as the default gateway for all network devices.
In enterprise systems, there may be many internal network segments. A device wishing to communicate with an Internet address for example, will forward the packet to the default gateway for their segment. This in turn may pass the packet to a series of further default gateways before it leaves the enterprise. In such a situation, each gateway node may also act as a proxy server and a firewall.
Examples
An office network consists of six hosts and a router. The hosts' addresses are:
- 192.168.4.3
- 192.168.4.4
- 192.168.4.5
- 192.168.4.6
- 192.168.4.7
- 192.168.4.8
Router inside address:
- 192.168.4.1
The network has a subnet mask of:
- 255.255.255.0 (/24 in CIDR notation)
The address range assignable to hosts is from 192.168.4.1 to 192.168.4.254. TCP/IP defines the addresses 192.168.4.0 and 192.168.4.255 for special functions.
The office's hosts send packets to addresses within this range directly, by resolving the destination IP address into a MAC address with the Address Resolution Protocol (ARP) sequence and then encapsulates the IP packet into a MAC frame addressed to the destination host.
A packet addressed outside of this range, for this example, addressed to 192.168.12.3, cannot travel directly to the destination. Instead it must be sent to the default gateway for further routing to their ultimate destination. In this example, the default gateway uses the IP address 192.168.4.1, which is resolved into a MAC address with ARP in the usual way. The destination IP address remains 192.168.12.3, but the next-hop physical address is that of the gateway, rather than of the ultimate destination.
In another example, a network with three routers and three hosts is connected to the Internet through router1. The hosts addresses are:
- PC1 10.1.1.100, default gateway 10.1.1.1
- PC2 172.16.1.100, default gateway 172.16.1.1
- PC3 192.168.1.100, default gateway 192.168.1.96
Router1:
- Interface 1 5.5.5.2 (public IP)
- Interface 2 10.1.1.1
Router2:
- Interface 1 10.1.1.2
- Interface 2 172.16.1.1
Router3:
- Interface 1 10.1.1.3
- Interface 2 192.168.1.96
Network mask in all networks: 255.255.255.0 (/24 in CIDR notation). If the routers do not use a routing protocol to discover which network each router is connected to, then the routing table of each router must be set up.
Router1
Network ID | Network mask | Gateway | Interface (examples; may vary) | Cost (decreases the TTL) |
---|---|---|---|---|
0.0.0.0 (default route) | 0.0.0.0 | Assigned by ISP (e.g., 5.5.5.1) | eth0 (Ethernet 1st adapter) | 10 |
10.1.1.0 | 255.255.255.0 | 10.1.1.1 | eth1 (Ethernet 2nd adapter) | 10 |
172.16.1.0 | 255.255.255.0 | 10.1.1.2 | eth1 (Ethernet 2nd adapter) | 10 |
192.168.1.0 | 255.255.255.0 | 10.1.1.3 | eth1 (Ethernet 2nd adapter) | 10 |
Router2
Network ID | Network mask | Gateway | Interface (examples; may vary) | Cost (decreases the TTL) |
---|---|---|---|---|
0.0.0.0 (default route) | 0.0.0.0 | 10.1.1.1 | eth0 (Ethernet 1st adapter) | 10 |
172.16.1.0 | 255.255.255.0 | 172.16.1.1 | eth1 (Ethernet 2nd adapter) | 10 |
Router3
Network ID | Network mask | Gateway | Interface (examples; may vary) | Cost (decreases the TTL) |
---|---|---|---|---|
0.0.0.0 (default route) | 0.0.0.0 | 10.1.1.1 | eth0 (Ethernet 1st adapter) | 10 |
192.168.1.0 | 255.255.255.0 | 192.168.1.96 | eth1 (Ethernet 2nd adapter) | 10 |
Router2 manages its attached networks and default gateway; router 3 does the same; router 1 manages all routes within the internal networks.
Accessing internal resources If PC2 (172.16.1.100) needs to access PC3 (192.168.1.100), since PC2 has no route to 192.168.1.100 it will send packets for PC3 to its default gateway (router2). Router2 also has no route to PC3, and it will forward the packets to its default gateway (router1). Router1 has a route for this network (192.168.1.0/24) so router1 will forward the packets to router3, which will deliver the packets to PC3; reply packets will follow the same route to PC2.
Accessing external resources If any of the computers try to access a webpage on the Internet, like http://en.wikipedia.org/, the destination will first be resolved to an IP address by using DNS-resolving. The IP-address could be 91.198.174.2. In this example, none of the internal routers know the route to that host, so they will forward the packet through router1's gateway or default route. Every router on the packet's way to the destination will check whether the packet's destination IP-address matches any known network routes. If a router finds a match, it will forward the packet through that route; if not, it will send the packet to its own default gateway. Each router encountered on the way will store the packet ID and where it came from so that it can pass the response packet back to the sender. The packet contains source and destination, not all router hops. At last the packet will arrive back to router1, which will check for matching packet ID and route it accordingly through router2 or router3 or directly to PC1 (which was connected in the same network segment as router1).
The packet doesn't return If router1 routing table does not have any route to 192.168.1.0/24, and PC3 tries to access a resource outside its own network, then the outgoing routing will work until the reply is fed back to router1. Since the route is unknown to router1, it will go to router1's default gateway, and never reach router3. In the logs of the resource they will trace the request, but the requestor will never get any information. The packet will die because the TTL-value decrease to less than 1 when it is travelling through the routers or the router will see that it has a private IP and discard it. This could be discovered by using the Microsoft Windows utility Pathping or MTR on Unix-like operating systems, since the ping will stop at the router which has no route or a wrong route. (Note that some routers will not reply to pinging.)
See also
- Default route
- route (command): generic command for displaying/configuring TCP/IP routing tables (including gateways) on both Windows and Unix-clone systems.