This chapter covers routing table troubleshooting, a critical skill for the N10-009 exam. You will learn how to diagnose and resolve common routing issues such as missing routes, incorrect next-hops, routing loops, and subnet mask mismatches. Approximately 10-15% of Network+ troubleshooting questions involve routing table analysis, making this a high-yield topic. Mastering these concepts ensures you can isolate and fix connectivity problems in small to medium-sized enterprise networks.
Jump to a section
Imagine a large postal sorting facility with thousands of bins representing destination ZIP codes. Each bin has a sign (routing table entry) listing the ZIP code and the next sorting station to forward the mail. When a letter arrives, the sorter checks the destination ZIP against the signs, looking for the longest prefix match — for example, a sign for '90210' beats a sign for '902*' for a letter to 90210. If no sign matches, the letter goes to the default bin (default route). Now, suppose a bin is mislabeled (wrong next-hop), or a sign is missing (missing route), or a sign points to a closed station (down interface). The sorter might send the letter to the wrong place, or it might loop between two stations if each points to the other. To troubleshoot, the sorter walks through the path: checks each sign, verifies the next station is open, and uses a tracer letter (traceroute) to see where it goes. This mirrors how a router forwards packets: it performs a longest prefix match on the destination IP, consults its routing table for the next-hop, and forwards the packet out the appropriate interface. If the route is missing or incorrect, packets are dropped (no route) or misrouted. Tools like 'show ip route' and 'traceroute' help identify where the breakdown occurs.
What is a Routing Table and Why Does it Matter?
A routing table is a data structure stored in a router or Layer 3 switch that contains routes to destination networks. Each route entry typically includes: destination network address, subnet mask (prefix length), next-hop IP address, outgoing interface, administrative distance (AD), and metric (e.g., hop count for RIP, cost for OSPF). The routing table is the core of packet forwarding: when a packet arrives, the router performs a longest prefix match (LPM) to find the most specific route, then forwards the packet to the next-hop or directly out the interface. If no match exists, the router drops the packet (if no default route) or forwards it via the default route.
How Routing Table Lookup Works Internally
Packet Arrival: Router receives an IP packet with a destination IP address.
Longest Prefix Match: The router compares the destination IP against all routes in the routing table. It chooses the route with the longest matching prefix (i.e., the most specific subnet mask). For example, for destination 192.168.1.5, a route to 192.168.1.0/24 (mask 255.255.255.0) is preferred over 192.168.0.0/16 (mask 255.255.0.0) because /24 is longer.
Next-Hop Resolution: The router looks up the next-hop IP address in the ARP cache (or performs ARP if needed) to find the Layer 2 MAC address for the outgoing interface.
Packet Forwarding: The router rewrites the source/destination MAC addresses (if Ethernet) and forwards the packet out the specified interface.
TTL Decrement: The router decrements the Time-To-Live (TTL) field by 1. If TTL reaches 0, the router discards the packet and sends an ICMP Time Exceeded message back to the source.
Key Components, Values, and Defaults
Administrative Distance (AD): A trustworthiness value from 0 (most trusted) to 255 (unusable). Default ADs: Connected interface = 0, Static route = 1, EIGRP summary = 5, External BGP = 20, Internal EIGRP = 90, IGRP = 100, OSPF = 110, IS-IS = 115, RIP = 120, External EIGRP = 170, Internal BGP = 200, Unknown = 255. On the N10-009 exam, you should know common ADs: static (1), OSPF (110), RIP (120).
Metric: A value used to compare routes from the same routing protocol. Lower is better. RIP uses hop count (max 15). OSPF uses cost (based on bandwidth). EIGRP uses composite metric (bandwidth, delay, load, reliability).
Default Route: A route with destination 0.0.0.0/0 (IPv4) or ::/0 (IPv6). It matches any destination and is used when no more specific route exists.
Floating Static Route: A static route with a higher AD than the primary route, used as a backup.
Route Source: Routes can be directly connected, static, or learned via dynamic routing protocols (RIP, OSPF, EIGRP, BGP).
Configuration and Verification Commands
Cisco IOS (common in exam scenarios):
- show ip route: Displays the entire IPv4 routing table.
- show ip route [network]: Shows route for a specific network.
- show ip route static: Shows only static routes.
- show ip route ospf: Shows OSPF-learned routes.
- show ip route connected: Shows directly connected routes.
- show ip protocols: Shows routing protocol configurations.
- show ip arp: Displays ARP cache (needed for next-hop resolution).
- traceroute [destination]: Traces the path packets take.
- ping [destination]: Tests reachability.
- debug ip routing: Real-time routing updates (use with caution).
Linux/Windows (for end hosts):
- route print (Windows) or ip route (Linux): Display routing table.
- tracert (Windows) or traceroute (Linux): Trace route.
- ping: Test connectivity.
Common Routing Table Issues and Troubleshooting Steps
Missing Route: The router does not have a route to the destination. Symptoms: ping fails, traceroute stops at the router. Causes: static route not configured, dynamic routing protocol not advertising the network, passive interface blocking updates, or network statement missing. Fix: Add static route or correct routing protocol configuration.
Incorrect Next-Hop: The route exists but points to a wrong next-hop IP (e.g., a non-existent or unreachable IP). Symptoms: packets are sent to a dead end, causing ICMP unreachable or timeouts. Fix: Correct the next-hop IP in the route.
Subnet Mask Mismatch: A route is configured with an incorrect subnet mask, causing the router to match a broader or narrower range than intended. Example: 192.168.1.0/24 vs /16. This can cause traffic to be forwarded incorrectly or not at all. Fix: Ensure consistent subnetting across the network.
Routing Loop: Two or more routers point to each other for the same destination, causing packets to TTL expire. Symptoms: traceroute shows repeating IPs, high latency, packet loss. Causes: misconfigured static routes, redistributed routes with incorrect metrics, or convergence issues. Fix: Use loop prevention mechanisms (split horizon, route poisoning, hold-down timers) or correct the routing configuration.
Administrative Distance Conflict: When a router learns the same route from multiple sources (e.g., static and OSPF), it uses the one with lower AD. If the AD is misconfigured (e.g., a floating static with AD lower than the dynamic route), it may override the desired route. Fix: Adjust AD values as needed.
Default Route Misconfiguration: A missing or incorrect default route can cause all non-local traffic to be dropped. Fix: Ensure a default route exists (e.g., ip route 0.0.0.0 0.0.0.0 [next-hop]).
Recursive Routing Failure: A static route uses a next-hop that is not directly connected, requiring the router to recursively look up the next-hop in the routing table. If that recursive route is missing or incorrect, the static route becomes inactive. Fix: Ensure the next-hop is reachable via a directly connected or static route.
Interaction with Related Technologies
ARP: The router must resolve the next-hop IP to a MAC address via ARP. If ARP fails (e.g., next-hop is down or wrong VLAN), the route is unusable.
NAT: NAT can affect routing by translating source/destination IPs. A route must exist for the translated IPs, not just the original.
ACLs: Access control lists can filter traffic before routing, causing packets to be dropped even if a route exists.
VLANs: Inter-VLAN routing requires a router or Layer 3 switch with SVIs configured. Each VLAN must have a corresponding route in the routing table.
VRF: Virtual Routing and Forwarding allows multiple routing tables on one router. Troubleshooting must consider which VRF the interface belongs to.
Verify End-to-End Connectivity
Start by pinging the destination host from the source host. If ping fails, note the exact error message (e.g., 'Destination Host Unreachable', 'Request Timed Out'). Use traceroute to identify where the path stops. For example, if traceroute shows only the source router's IP and then asterisks, the issue is likely at that router. This step narrows down the troubleshooting scope to a specific hop.
Check Local Routing Table
On the source host, run 'route print' (Windows) or 'ip route' (Linux) to verify it has a route to the destination network. For a host, there should be a default gateway route (0.0.0.0/0) pointing to the router. If the host is on a different subnet, ensure the default gateway is correct. If the host has a static route, confirm the next-hop IP and subnet mask.
Inspect Router Routing Table
On the router that is the default gateway, use 'show ip route' to verify that a route to the destination network exists. Look for the route entry; note the protocol (C for connected, S for static, O for OSPF, R for RIP, D for EIGRP). If the route is missing, check if the network is directly connected or if a dynamic protocol is configured. Use 'show ip route [destination]' to see the specific route.
Verify Next-Hop Reachability
If a route exists, check that the next-hop IP is reachable. Ping the next-hop IP from the router. If ping fails, check the ARP table with 'show ip arp' to see if the next-hop MAC address is resolved. If ARP entry is incomplete, the next-hop device may be down or on a different VLAN. Also verify that the outgoing interface is up/up (use 'show interfaces' or 'show ip interface brief').
Check Administrative Distance and Metric
If multiple routes to the same destination exist, the router uses the one with lowest AD. Use 'show ip route [destination]' to see all routes and their AD/metric. If the active route is not the expected one (e.g., a floating static is active when OSPF should be primary), check AD values. For dynamic protocols, verify metrics (e.g., OSPF cost, RIP hop count).
Examine Routing Protocol Configuration
If routes are learned dynamically, verify the routing protocol is configured correctly. Use 'show ip protocols' to see active protocols, networks advertised, and neighbor relationships. For OSPF, check 'show ip ospf neighbor' to ensure adjacencies are formed. For RIP, verify that the network is included in the RIP configuration. Ensure interfaces are not passive if they should be advertising.
Test Packet Path with Extended Ping/Traceroute
Use extended ping or traceroute from the router with specific source IPs to test path symmetry. For example, 'ping 192.168.2.1 source 192.168.1.1' tests outbound path. Traceroute from the destination back to the source can reveal asymmetric routing issues. If routing is asymmetric, ensure return routes exist on all intermediate routers.
Scenario 1: Branch Office Connectivity Failure
A medium-sized enterprise has a headquarters (HQ) and three branch offices connected via MPLS. Each branch has a Cisco router running OSPF with HQ. One day, Branch B reports that they cannot reach a server at 10.10.20.50 at HQ. The network engineer pings from Branch B's router to the server and gets 'Destination Unreachable'. Running 'traceroute 10.10.20.50' shows packets leaving Branch B's router but not reaching HQ. On HQ's router, 'show ip route 10.10.20.0' shows the route as OSPF-learned with next-hop 192.168.1.2 (the MPLS provider edge). Pinging 192.168.1.2 succeeds, but 'show ip ospf neighbor' shows the neighbor is down. Further investigation reveals that the MPLS provider changed the circuit ID, causing the interface to go down; OSPF adjacency was lost. The engineer reconfigures the interface and OSPF, restoring connectivity.
Scenario 2: Static Route Misconfiguration
A small office uses a Linux server as a router with two interfaces: eth0 (192.168.1.1/24) for the LAN and eth1 (10.0.0.1/30) to the ISP. The server has a default route via eth1. A new subnet 192.168.2.0/24 is added, and a static route is configured on the server: 'ip route add 192.168.2.0/24 via 192.168.1.254'. However, 192.168.1.254 is a switch management IP, not a router. Traffic to 192.168.2.0 is sent to the switch, which does not have a route and drops the packets. The engineer uses 'traceroute' from a LAN host to 192.168.2.1, which shows the first hop as the server (192.168.1.1), then the switch (192.168.1.254), and then no further hops. Correcting the next-hop to the actual router (192.168.1.1) fixes the issue.
Scenario 3: Routing Loop Due to Redistribution
A network runs both RIP and OSPF with mutual redistribution. A router redistributes OSPF routes into RIP with a metric of 1, and another router redistributes RIP back into OSPF. This creates a feedback loop where routes are continuously re-advertised, causing routing loops and high CPU. The engineer notices 'traceroute' shows packets bouncing between two routers with TTL expiring. Using 'debug ip routing' reveals constant route updates. The solution is to implement route filtering using distribute-lists or route-maps to prevent back-redistribution, and to set appropriate administrative distances to prefer one protocol over the other.
Exactly What N10-009 Tests on This Topic
The CompTIA Network+ N10-009 exam objective 5.3 (Given a scenario, troubleshoot common network connectivity issues) includes routing table problems. Specifically, you must be able to identify and resolve: missing routes, incorrect default routes, routing loops, and subnet mask mismatches. The exam does not require deep protocol knowledge (e.g., OSPF LSA types) but expects you to understand how to use common CLI commands to verify routing tables and interpret output.
Common Wrong Answers and Why Candidates Choose Them
'The router is not receiving the packet' vs. 'The route is missing': Candidates often think the router itself is down or not receiving traffic, but the most common issue is that the router has no route to the destination. Always check the routing table first.
'The subnet mask is wrong on the host' vs. 'The routing table has an incorrect mask': While host subnet mask issues can cause problems, the exam often tests router routing table masks. Look at the route entry, not just the host configuration.
'The default gateway is correct' when it actually points to a non-existent IP: Candidates assume the default gateway is correct because it's configured, but they forget to verify reachability of the gateway itself.
'Routing loop is caused by high TTL': High TTL is a symptom, not a cause. The cause is typically misconfigured static routes or redistribution issues.
Specific Numbers and Terms That Appear Verbatim
Administrative distances: Static = 1, OSPF = 110, RIP = 120.
RIP maximum hop count = 15 (16 is unreachable).
Default route notation: 0.0.0.0/0 (IPv4) or ::/0 (IPv6).
'show ip route' command on Cisco routers.
'tracert' on Windows, 'traceroute' on Linux.
'Destination Host Unreachable' vs. 'Request Timed Out': Unreachable means the router has no route; timeout means the packet reached but no response.
Edge Cases and Exceptions
Floating static route: A static route with AD higher than the dynamic route (e.g., AD 130 for a backup to OSPF's 110). This route is only used when the dynamic route disappears.
Recursive static route: A static route that points to a next-hop that is not directly connected; the router must recursively look it up. If the intermediate route is missing, the static route is inactive.
VRF-aware routing: In MPLS or multi-tenant environments, routes are in specific VRFs. A route may exist in one VRF but not another.
How to Eliminate Wrong Answers
If a question says 'ping from host A to host B fails, but ping from host A to its default gateway works', the issue is beyond the first hop. Check the routing table on the gateway router.
If 'traceroute shows the same IP address twice', suspect a routing loop.
If 'show ip route' shows a route with 'S*' (static default), but ping still fails, verify the next-hop reachability and interface status.
A routing table contains routes to networks; the router performs a longest prefix match to forward packets.
Administrative distance determines which route is preferred when multiple sources provide the same route.
Common default AD values: static = 1, OSPF = 110, RIP = 120.
A missing route results in 'Destination Host Unreachable' at the router that lacks the route.
A routing loop causes traceroute to show repeating IP addresses and eventual TTL expiry.
Use 'show ip route' to verify routes, 'show ip arp' to check next-hop resolution, and 'traceroute' to trace the path.
A default route (0.0.0.0/0) is used as a catch-all; it must exist for internet-bound traffic.
Static routes can be recursive; ensure the next-hop is reachable via another route.
RIP has a maximum hop count of 15; 16 is considered unreachable.
OSPF uses cost as metric; default cost = 10^8 / bandwidth (in bps).
These come up on the exam all the time. Here's how to tell them apart.
Static Routing
Administrative distance defaults to 1 (very trustworthy).
No routing protocol overhead; uses no bandwidth for updates.
Must be manually updated when topology changes.
Best for small, stable networks with few routes.
Can cause routing loops if misconfigured (e.g., two static routes pointing to each other).
Dynamic Routing (OSPF/RIP)
AD varies by protocol (OSPF=110, RIP=120).
Consumes bandwidth and CPU for updates and neighbor maintenance.
Automatically adapts to topology changes via convergence.
Ideal for larger, dynamic networks with redundancy.
Has built-in loop prevention mechanisms (e.g., split horizon, hold-down timers).
RIP (Routing Information Protocol)
Distance-vector protocol; uses hop count as metric (max 15).
Sends full routing table updates every 30 seconds.
Slow convergence; prone to routing loops (uses hold-down timers).
Simple to configure; no hierarchical design needed.
AD = 120; metric is hop count (lower is better).
OSPF (Open Shortest Path First)
Link-state protocol; uses cost based on bandwidth (Cisco default: 10^8 / bandwidth).
Sends only link-state advertisements (LSAs) when topology changes; no periodic full updates.
Fast convergence; uses SPF algorithm to compute shortest path.
Requires hierarchical design with areas (backbone area 0).
AD = 110; metric is cost (lower is better).
Mistake
A router will always use the route with the lowest metric.
Correct
The router first compares administrative distance (AD). It uses the route with the lowest AD, regardless of metric. Only when ADs are equal does it compare metrics.
Mistake
If a ping fails, the problem must be a missing route.
Correct
Ping failure can also be caused by firewalls, ACLs, NAT misconfiguration, or even ARP failure. Always verify multiple layers.
Mistake
A default route (0.0.0.0/0) is always required for internet access.
Correct
While common, internet access can also be achieved via specific routes to ISP networks. However, a default route is the simplest and most typical method.
Mistake
A routing loop only occurs with dynamic routing protocols.
Correct
Static routes can also cause loops if two routers point to each other for the same destination.
Mistake
The 'show ip route' command shows all routes, including those from all VRFs.
Correct
By default, 'show ip route' shows routes in the global routing table only. To view routes in a specific VRF, use 'show ip route vrf <vrf-name>'.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
It means the router that generated the message does not have a route to the destination network. The router drops the packet and sends an ICMP Destination Unreachable message back to the source. To fix, add a static route or ensure the routing protocol is advertising the network. On Cisco routers, this is often seen when 'show ip route' does not list the destination network.
Open Command Prompt and type 'route print'. This displays the IPv4 and IPv6 routing tables. Look for the Network Destination column. For internet access, you should see a default route (0.0.0.0 with netmask 0.0.0.0) pointing to your default gateway. On Linux, use 'ip route show' or 'route -n'.
A floating static route is a static route with an administrative distance higher than that of the dynamic routing protocol. It serves as a backup: the dynamic route is preferred when available, but if it disappears, the floating static route becomes active. For example, configure 'ip route 0.0.0.0 0.0.0.0 10.0.0.2 130' as a backup to an OSPF default route (AD 110). Use it to provide redundancy without complex dynamic routing.
This indicates a routing loop. The packet is being forwarded between two or more routers that keep sending it back to each other. Each hop decrements TTL, so traceroute shows the same IP at increasing TTL values until TTL expires. To fix, examine the routing tables of the involved routers for conflicting routes (e.g., static routes pointing to each other).
'show ip route' displays all routes in the routing table, including connected, static, and dynamically learned routes. 'show ip route connected' shows only directly connected networks (those with interfaces configured and up). Use the latter to quickly verify that interfaces are correctly configured and active.
Use the global configuration command: 'ip route [destination_network] [subnet_mask] [next-hop_ip | exit_interface]'. For example, 'ip route 192.168.2.0 255.255.255.0 10.0.0.1'. To add a default route: 'ip route 0.0.0.0 0.0.0.0 [next-hop]'. To verify, use 'show ip route static'.
Recursive routing occurs when a static route specifies a next-hop IP that is not directly connected to the router. The router must perform another routing table lookup to reach that next-hop. For example, 'ip route 192.168.2.0 255.255.255.0 10.0.0.1' where 10.0.0.1 is reachable via another route (e.g., a connected interface). If the route to 10.0.0.1 is missing, the static route becomes inactive.
You've just covered Routing Table Troubleshooting — now see how well it sticks with free N10-009 practice questions. Full explanations included, no account needed.
Done with this chapter?