Every time a router forwards a packet, it performs a deceptively simple operation: it looks up the destination IP address in its routing table. But that lookup isn't a simple 'find exact match or drop' — it's a carefully designed algorithm called the longest prefix match (LPM). Understanding LPM is critical for the CCNA 200-301 exam (exam objective 3.1) because it governs how routers make forwarding decisions in complex networks. Misunderstanding this concept leads to routing loops, black holes, and exam failures. In this chapter, you'll learn exactly how the routing table lookup works, why longest match exists, and how to troubleshoot it using IOS CLI commands.
Jump to a section
Imagine you're a mail carrier for a large apartment building. The building has 100 apartments, numbered 101 to 200. Your job is to deliver letters based on the apartment number written on each envelope. You have a set of delivery rules posted on your clipboard: (1) 'Deliver to the entire building' — any letter with an apartment number between 100 and 200 goes to the main lobby. (2) 'Deliver to the second floor' — any letter for apartments 150-199 goes to the second-floor mailroom. (3) 'Deliver directly to specific apartments' — for apartments 101, 150, and 200, you have special instructions to hand-deliver to the resident. Now, a letter arrives addressed to Apartment 150. Which rule do you follow? You could deliver it to the building (rule 1), to the second floor (rule 2), or directly to Apartment 150 (rule 3). The most specific rule — rule 3 — wins. That's longest match. The routing table works exactly the same way: a route with a longer subnet mask (more specific) is preferred over a shorter mask (less specific), regardless of administrative distance or metric. If you had a rule that said 'Deliver to Apartment 150' and another that said 'Deliver to apartments 100-199', the more specific rule always takes precedence. The mail carrier doesn't care that the broader rule was written first; specificity is king. This prevents you from leaving a package for Apartment 150 in the lobby when you have direct instructions. In networking, longest match ensures that a packet destined for 10.1.1.1 goes to the /32 host route instead of the /24 network route, even if the /24 has a better metric. The algorithm is simple: among all matching routes, pick the one with the longest prefix length (highest subnet mask value).
What is Longest Prefix Match?
Longest prefix match (LPM) is the algorithm a router uses to select the best route for a packet from its routing table. When a packet arrives, the router examines the destination IP address and compares it against all routes in the routing table. A route 'matches' if the destination IP address's network portion (as defined by the route's subnet mask) equals the route's network address. Among all matching routes, the router selects the one with the longest subnet mask (i.e., the most specific route). If no route matches, the router drops the packet and sends an ICMP Destination Unreachable message back to the source.
Why Longest Match?
Without longest match, a router would have to choose between multiple matching routes using some other criteria (like metric or administrative distance). But consider a network with both a summary route (e.g., 10.0.0.0/8) and a more specific route (e.g., 10.1.0.0/16). If the router used only metric, the /8 route might have a better metric and be chosen, causing traffic for 10.1.1.1 to be sent to the wrong next hop. Longest match ensures that more specific routes are always preferred, allowing for hierarchical routing and summarization without breaking connectivity.
Step-by-Step Lookup Process
When a router receives a packet on an interface, it performs the following steps:
Extract destination IP: The router looks at the destination IP address in the IP header.
Search routing table: The router iterates through all routes in the routing table. For each route, it performs a bitwise AND between the destination IP and the route's subnet mask. If the result equals the route's network address, the route matches.
Select longest match: Among all matching routes, the router selects the one with the longest subnet mask (highest number of 1 bits). If multiple routes have the same longest mask, the router uses the route with the best administrative distance (lowest AD). If AD is also equal, the router uses the best metric (lowest metric). If still tied, the router load-balances across the equal-cost paths.
Forward packet: The router rewrites the Layer 2 header (source and destination MAC addresses) and sends the packet out the appropriate interface to the next-hop IP address.
Default Route and Longest Match
A default route (0.0.0.0/0) matches any destination because the bitwise AND of any IP with a /0 mask yields 0.0.0.0. However, the default route has a prefix length of 0, which is the shortest possible. Therefore, any other matching route (even a /1) will be preferred over the default. The default route is only used when no other route matches.
IOS CLI Verification Commands
To view the routing table on a Cisco router, use show ip route. The output includes the route source (C for connected, L for local, O for OSPF, etc.), network address, administrative distance/metric, next-hop IP, and outgoing interface. The prefix length is indicated by the subnet mask (e.g., /24).
Router# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.1.1 to network 0.0.0.0
O 10.1.0.0/16 [110/2] via 192.168.1.2, 00:00:12, GigabitEthernet0/0
S 10.1.1.0/24 [1/0] via 192.168.1.3
C 10.1.1.0/24 is directly connected, GigabitEthernet0/1
L 10.1.1.1/32 is directly connected, GigabitEthernet0/1
S* 0.0.0.0/0 [1/0] via 192.168.1.1In this example, for a packet destined to 10.1.1.1, the router matches: - 10.1.0.0/16 (prefix length 16) - 10.1.1.0/24 (prefix length 24) - 10.1.1.1/32 (prefix length 32) - 0.0.0.0/0 (prefix length 0)
The longest match is /32, so the packet is forwarded using the local connected route (which means it's destined for the router itself). For a packet to 10.1.1.100, the longest match is /24 (both static and connected routes have /24; but the connected route has AD 0 vs static AD 1, so connected wins).
Interaction with Routing Protocols
Routing protocols exchange network prefixes with specific subnet masks. For example, OSPF advertises 10.1.0.0/16, while a static route might point to 10.1.1.0/24. The router installs both in the routing table. When forwarding, longest match selects the /24 over the /16. This allows for route summarization and redundancy.
VRF and Longest Match
In VRF (Virtual Routing and Forwarding) environments, each VRF has its own routing table. The lookup is performed within the VRF associated with the incoming interface. Longest match applies independently per VRF.
CEF and Longest Match
Cisco Express Forwarding (CEF) pre-computes the longest match and stores the forwarding information in the FIB (Forwarding Information Base). This speeds up packet forwarding by avoiding a full routing table lookup per packet. The FIB contains the best prefix for each destination based on longest match, AD, and metric.
Common Misconception: "Longest match is only for classless routing"
Longest match is used regardless of whether the router is running classful or classless routing. Even in classful routing (RIPv1), the router uses longest match for forwarding decisions. The difference is that classful routing protocols do not carry subnet masks, so the router must assume the mask based on the class or the interface. But the forwarding algorithm still picks the longest prefix length.
Troubleshooting Longest Match Issues
If a packet takes an unexpected path, verify the routing table with show ip route destination-ip to see which route is matched. Use show ip cef exact-route source destination to see the exact CEF forwarding decision. Also check for overlapping routes with different administrative distances.
Router# show ip route 10.1.1.100
Routing entry for 10.1.1.0/24
Known via "connected", distance 0, metric 0 (connected)
Last update from 0.0.0.0 on GigabitEthernet0/1, 00:00:12
Routing Descriptor Blocks:
* directly connected via GigabitEthernet0/1Understand the Lookup Algorithm
The router's forwarding decision is based on the longest prefix match. For a given destination IP, the router examines all routes in the routing table. A route matches if the destination IP AND the route's subnet mask equals the route's network address. Among matching routes, the one with the highest subnet mask (longest prefix) is chosen. If multiple routes have the same longest mask, the best administrative distance (lowest) is used. If AD ties, the best metric (lowest) is used. If still tied, the router load-balances. The default route (0.0.0.0/0) matches everything but has prefix length 0, so it is only used if no other route matches.
Identify Matching Routes
To determine which routes match a destination, perform a bitwise AND between the destination IP and each route's subnet mask. For example, destination 10.1.1.5 with mask /24 (255.255.255.0) AND 10.1.1.5 gives 10.1.1.0, which matches route 10.1.1.0/24. With mask /16 (255.255.0.0) AND 10.1.1.5 gives 10.1.0.0, matching 10.1.0.0/16. So both match. The /24 is longer than /16, so /24 wins. Practice with different IPs and masks to build intuition.
Use show ip route for Verification
The `show ip route` command displays the entire routing table. Look for the prefix length (e.g., /24) in each entry. To see which route a specific destination uses, use `show ip route destination-ip`. For example, `show ip route 10.1.1.5` will output the best matching route. If the output shows a route with a longer mask than you expect, that's the longest match. This command also shows the administrative distance and metric, which are tiebreakers.
Check CEF FIB for Fast Forwarding
Cisco routers use CEF for fast forwarding. The FIB contains pre-computed longest match entries. Use `show ip cef destination-ip` to see the exact forwarding entry. For example, `show ip cef 10.1.1.5` shows the next hop and interface. If the FIB entry differs from the routing table, there may be a CEF issue (e.g., CEF not enabled or adjacency problem). Use `show ip cef exact-route source destination` to trace a specific packet flow.
Troubleshoot Unexpected Forwarding
If packets go the wrong way, first verify the routing table for the destination. Look for overlapping routes with different prefix lengths. A common mistake is assuming a static route with a better metric will override a longer prefix; it won't. For example, a static route 10.0.0.0/8 metric 1 will never be chosen over an OSPF route 10.1.0.0/16 metric 2 for destination 10.1.1.1 because the /16 is longer. Use `show ip route` and `show ip cef` to confirm. Also check for VRF or PBR that might override the lookup.
Practice with Scenario Questions
On the CCNA exam, you'll be given a routing table and a destination IP and asked which route is used. Steps: (1) List all routes that match the destination. (2) Among those, find the route(s) with the longest prefix length. (3) If multiple, compare administrative distance (lower is better). (4) If still multiple, compare metric (lower is better). (5) If still tied, load-balancing occurs. Example: Routes: O 10.0.0.0/8 [110/2], S 10.1.0.0/16 [1/0], C 10.1.1.0/24. Destination 10.1.1.100 matches all three. Longest match is /24 (connected). So connected wins. Even though the static has lower AD, the /24 is longer.
In enterprise networks, longest prefix match is the backbone of efficient routing. Consider a large organization with multiple branch offices connected via MPLS. The core routers have a summary route for all branches (e.g., 10.0.0.0/8) pointing to the MPLS cloud, while each branch has a more specific route for its own subnet (e.g., 10.1.0.0/16) pointing to a local backup link. When a packet from the head office goes to 10.1.1.1, the core router uses longest match to select the more specific /16 route, sending traffic over the backup link if the MPLS path is down. This design allows for redundancy without breaking summarization.
Another scenario is in data center networks with host routes. For critical servers, network engineers often install a /32 host route to ensure traffic always takes a specific path, even if a broader summary route exists. For example, a load balancer might have a /32 route for its virtual IP (VIP) to force traffic through a firewall, while the rest of the subnet uses a /24 route. Longest match ensures the VIP traffic goes through the firewall without affecting other traffic.
Performance considerations: The routing table can have hundreds of thousands of routes. CEF's FIB pre-computes the longest match, so the lookup is O(1) per packet. However, when the routing table changes (due to flapping routes), the FIB must be updated, which can cause CPU spikes. In very large networks, route summarization reduces the number of FIB entries and improves convergence.
Misconfiguration example: A network admin adds a static route 10.0.0.0/8 with next-hop 192.168.1.1 to provide internet access, but also has an OSPF route 10.1.0.0/16 learned from a different neighbor. For traffic to 10.1.1.1, the /16 is preferred, which might be correct. But if the admin intended the /8 to be a backup, they might be surprised that the /16 always wins. To make the /8 a backup, they would need to remove the /16 or use a floating static route with a higher AD. Understanding longest match prevents such surprises.
In service provider networks, longest match is used for granular traffic engineering. For example, a provider might have a default route to the internet and more specific routes for customer prefixes. Longest match ensures that customer traffic uses the specific routes, while unknown destinations use the default. This is fundamental to BGP routing.
The CCNA 200-301 exam tests longest prefix match in two ways: (1) Given a routing table and a destination IP, select the correct forwarding route. (2) Identify why a packet takes a different path than expected. The exam objective 3.1 covers 'Routing table lookup — longest match' as part of IP Connectivity.
Common wrong answers: 1. 'The route with the lowest metric wins.' Candidates forget that longest match is checked first. Even if a /16 has metric 1 and a /24 has metric 100, the /24 wins. Always check prefix length first. 2. 'The route with the lowest administrative distance wins.' Same issue. AD is a tiebreaker after prefix length. A static route (AD 1) with /8 will lose to an OSPF route (AD 110) with /16 for a destination in the /16 range. 3. 'The default route is used if no exact match exists.' The default route matches everything, but only if no other route with a longer prefix matches. For a destination like 10.1.1.1, if there's a /16 route, the default is not used. 4. 'The router uses the first matching route in the routing table.' The routing table is not ordered by preference; the router always performs longest match.
Specific values: Know that the default route is 0.0.0.0/0. The local host route is /32. Connected routes have AD 0. Static routes have AD 1 (unless changed). OSPF intra-area AD is 110. EIGRP internal AD is 90. The metric for connected routes is 0.
Calculation traps: When given a destination IP and multiple routes, first convert each route's subnet mask to prefix length (e.g., 255.255.255.0 = /24). Then determine which routes match by ANDing the destination with each mask. Compare prefix lengths. If two routes have the same prefix length, compare AD. If AD is the same, compare metric. If metric is the same, load-balancing occurs.
Decision rule: For scenario questions, always: (1) List all matching routes. (2) Find the longest prefix length. (3) Among those, find the lowest AD. (4) Among those, find the lowest metric. (5) If still tied, multiple routes are used. Eliminate answers that skip step 1 or 2.
Longest prefix match selects the route with the highest subnet mask (longest prefix) among all matching routes.
A route matches if destination IP AND subnet mask equals the route's network address.
Administrative distance is a tiebreaker only after longest match; lowest AD wins.
Metric is a tiebreaker after AD; lowest metric wins.
If multiple routes tie on prefix length, AD, and metric, the router load-balances.
The default route (0.0.0.0/0) has prefix length 0 and is only used when no other route matches.
Use 'show ip route destination-ip' to see the best matching route; use 'show ip cef' for FIB details.
These come up on the exam all the time. Here's how to tell them apart.
Longest Prefix Match
Preferred route has the longest subnet mask.
Ensures most specific route is used.
Used in all modern routers.
Supports hierarchical routing and summarization.
Default route has lowest priority.
Shortest Prefix Match (not used)
Would prefer route with shortest mask.
Would use summary routes over specifics.
Not used in real networks; would break connectivity.
Would cause black holes for specific subnets.
Default route would have highest priority.
Mistake
The route with the lowest metric is always preferred.
Correct
Longest match is checked first. A route with a higher metric but longer prefix will be preferred over a route with a lower metric but shorter prefix.
Candidates often confuse the order of preference: prefix length first, then AD, then metric.
Mistake
A static route with administrative distance 1 always overrides an OSPF route.
Correct
Only if the static route has the same or longer prefix length. If the static route is /8 and OSPF is /16, the OSPF route wins for destinations in the /16 range.
Candidates overemphasize AD and forget that prefix length is the primary criterion.
Mistake
The default route is used if the destination is not in the routing table.
Correct
The default route matches all destinations, but it is only selected if no other route with a longer prefix matches. If a route with a /1 or longer exists, it will be preferred over the default.
Candidates think of the default route as a 'catch-all' that always applies, but longest match means any non-default route beats it.
Mistake
The router uses the first matching route in the routing table output.
Correct
The routing table display order is not related to preference. The router always performs a longest match search, not a sequential search.
The show ip route output lists routes in a specific order (by class, then by prefix), but that order does not reflect forwarding preference.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Longest prefix match is the algorithm routers use to choose the best route for a packet. Among all routes that match the destination IP, the router picks the one with the longest subnet mask (most specific). For example, if there's a route for 10.0.0.0/8 and another for 10.1.0.0/16, a packet to 10.1.1.1 matches both, but the /16 is longer, so it wins. This ensures that more specific routes take precedence over summary routes. On the CCNA exam, always remember: prefix length first, then AD, then metric.
Use the command `show ip route destination-ip` on a Cisco router. For example, `show ip route 10.1.1.5` will display the best matching route. The output shows the network address, prefix length, next hop, and interface. You can also use `show ip cef destination-ip` to see the CEF forwarding entry. If the routing table shows multiple matches, the longest prefix wins. This is the fastest way to verify forwarding decisions during troubleshooting.
Yes, longest prefix match applies to IPv6 exactly as it does to IPv4. The router compares the destination IPv6 address against IPv6 routes, using the prefix length (e.g., /64, /48). The route with the longest prefix length that matches is selected. The same tiebreakers (AD, metric) apply. On the CCNA exam, you may see IPv6 routing tables with similar logic.
Longest prefix match is the primary criterion; metric is only considered after prefix length and AD. For example, a route with /24 and metric 100 will be preferred over a route with /16 and metric 1 for a destination in the /24 range. Many candidates mistakenly think metric is the most important, but the order is: prefix length > AD > metric. Always evaluate prefix length first.
Yes. This is called equal-cost multipath (ECMP). If two routes have the same prefix length, same AD, and same metric, the router will load-balance traffic across both next hops. For example, two static routes to 10.1.1.0/24 with different next hops but same AD and metric (0) will both be installed. The router distributes packets across them. On the exam, if you see two identical routes, expect load-balancing.
The default route (0.0.0.0/0) has a prefix length of 0, which is the shortest possible. It matches every destination because ANDing any IP with a /0 mask yields 0.0.0.0. However, because its prefix length is 0, any other matching route (even a /1) will be preferred. The default route is only used when no other route matches. This is why a default route is often called the 'gateway of last resort'.
If no route in the routing table matches the destination IP, the router drops the packet and sends an ICMP Destination Unreachable (Type 3, Code 0) message back to the source. The router does not use a default route unless it is configured. This is a common cause of black holes. To prevent this, network engineers configure a default route (e.g., `ip route 0.0.0.0 0.0.0.0 next-hop`) to catch all unmatched traffic.
You've just covered Routing Table Lookup — Longest Match — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?