IP Routing Explained

Hello Sameer

If you have the following static route in R1:

ip route gigabitethernet0/1

then the following will take place:

  1. The packet with a destination of will reach R1, and the routing table lookup will match this static route.
  2. Because this exit interface is Ethernet which is a multi access technology, there may be many hosts (potential next hop routers) connected to it. Because it doesn’t know the next hop IP, R1 will send out an ARP request for the destination IP of the packet. (If this was a serial link, which is a point to point technology, the packet would be sent out the interface directly).
  3. The ARP request would reach R2. If proxy ARP is enabled on R2, it will then send out ARP requests which will reach H2 and it will get a response. If proxy ARP is not enabled, the ARP request will not be responded to, and the routing will fail. Proxy ARP is enabled by default on Cisco routers.
  4. R2 will then respond to R1’s ARP request with its own MAC address, allowing the packet to be routed.

I’ve seen this setup used in some large private networks. The one I have in mind is specifically a private government network. Each entity, such as a municipality, is provided with an IP address range such as for example. The edge router for the entity advertises this address range to the private network, but it has no knowledge about how this range is further subnetted and routed within the municipality itself. Any packets destined for the internal network of the municipality will match a static route with an an exit interface (the interface facing the internal municipality network), and the edge router will send an ARP request towards the internal network to ask for a MAC address. The internal router will then use proxy ARP, and will send its own MAC address as the next hop MAC.

Such a setup allows the operators of the main network to route traffic to an internal entity, such as a municipality network in this case, without having to know the internal routing nor having to participate in any internally configured dynamic routing protocol.

I hope this has been helpful!


1 Like


I understand why ARP is important in regard to layer 2 but why is ARP important when it comes to IP routing? why should a router first know another router’s ARP before sending the packet? isn’t knowing the IP address just enough?

i appreciate your response.

Hello Walter

When one host communicates with another over a network, the IP addresses are used to establish end to end communication. This means that the source and destination IP addresses in the IP header remains the same during the whole journey of the packet (This is not the case with NAT, but that’s a different story).

The source and destination destination MAC addresss in the Ethernet frame however (Layer 2), changes for each hop of the journey. Every time a router is encountered, the packet is de-encapsulated, and the frame header is replaced with a new header, with new source and destination MAC addresses.

Imagine a packet arrives at a router somewhere in the network. The router de-encapsulates the packet to Layer 3. It will read the destination IP address, and using the routing table, will decide out of which interface to send it, as well as the next hop IP.

Next the router must re-encapsulate the packet. This means it needs to place a source and destination MAC address in the header of the frame. The source MAC address is that of the exit interface it has chosen. The destination MAC address must be that of the next hop router.

At this point the router knows the IP address of the next hop router from the routing table. But does it know the MAC address of the next hop router? This is where ARP comes in. If it doesn’t know it, it will send out an ARP request for the MAC that corresponds to the next hop IP. It will populate its ARP table to use that MAC in the future as well.

So ARP is used to determine the MAC address of the next hop router, something that is necessary in order to successfully create the Ethernet header and send the packet/frame out of the exit interface.

I hope this has been helpful!


clear and sound. thank you for taking time to respond with deep and precise explanation.

1 Like

Hi Laz ,
Thanks , I agree with the explanation you have provided . I asked this question as i was looking for “Directed Arp” feature (rfc 1433) . I am not aware of this term , may be this scenario is related to this . Can you please share if you have information about this .

Hello Sameer

Directed ARP is used in a different situation than that described in your previous post. It is used in a scenario that is not often encountered nowadays. It requires a topology similar to the following:
Notice here that there are two subnets ( and on the same network segment. Notice also that the router interface, which functions as the default gateway for these two networks, has two IP addresses, one in each subnet. Even though Host 1 and Host 2 are on the same Layer 2 segment, they have IP addresses in different subnets so in order for them to communicate, they must do so via the router.

Note that the router interface is not configured with subinterfaces, but the physical interface itself is assigned multiple IP addresses.

Now such a scenario, strange as it may seem, will work just fine, assuming you can assign two IP addresses in two different subnets to the same router interface, something that Cisco routers do not support.

Now directed ARP becomes useful in this case because it would allow Host 1 and Host 2 to communicate directly, and not via the router, even through they are on different subnets. This is possible because they are on the same physical link. Directed ARP uses normal ARP packets with the same format. The “intelligence” for directed ARP is found in the router which has the two IP addresses on the same subnet.

When the router receives an ARP packet from Host 1 for the destination IP of Host 2, the router “knows” that these two hosts, are on the same physical segment, because both subnets are found on the same physical interface of the router. So the router will respond sending the MAC address of Host 2 as the destination MAC. So when Host 1 encapsulates its packets, they’ll look like this:

IP Header

  • Source IP address
  • Destination IP address

Ethernet frame header

  • Source MAC: Host1MAC
  • Destination MAC: Host2MAC

The result is a direct communication between the two hosts.

Now where would you actually use this? According to the RFC it says:

Multiple IP networks may be administered on the same link level network (e.g., on a large public data network).

Today, it is not considered good network design to interconnect many hosts with different subnets on the same network segment “in a large public data network”. This would create one large broadcast domain resulting in performance degradation, as well as potential security risks. However, back in 1993 when the RFC was written, it was a more acceptable practice, as the volume of traffic on networks as well as the number of potential hosts was much smaller, and such an implementation would indeed be much simpler, requiring only a single router for multiple subnets sharing the same network segment.

So you won’t encounter directed ARP often in today’s networks, but it’s quite interesting to find out more about it.

I hope this has been helpful!



Hi Rene/Laz,

First of all thanks for this explanation which i have been searching for a long time.You explained it very well ,But i have few doubts :slight_smile:

  1. Some times we say host send IP packet and some time say host send Ethernet frames,
    how is this possible ? I have been too confused please clear this out?

  2. We knows router is a layer 3 device and it forward packet but here we can see router receiving Ethernet frames (a/c to Dencapsulation which can be possible ) so how router can send Ethernet frame encapsulating ip packet to the next router ?

3)As per my knowledge PC is a transport layer device which is responsible for host to host delivery then how it can send packet or frame?

Could you explain it like per layer encapsulation or de-encapsulation process for any connected device(PC to Router or Router to Router )

Hello Pradyumna

Different devices function at different layers of the OSI model. Here is the model just for reference.


Now when we say that a particular device functions at a specific layer, it means that that layer and all layers below it are involved. For example, a router is a Layer 3 device, so it has functions and operations at Layers 1 to 3. It functions in the physical, data link, and network layers. A PC, which can be considered an Application Layer device, functions at Layers 1 to 7, so all layers are involved.

For this reason, a router will take packets, which function at Layer 3, encapsulate them into frames, which function at Layer 2, and place them on the medium (wire, fiber, wireless) which involves Layer 1. Similarly, a PC, will take application data (HTTS for example), segment it into segments or datagrams at Layer 4, encapsulate those into IP packets at Layer 3, encapsulate those into Ethernet frames at Layer 2, and encode those onto the wire or wireless, representing bits as voltages, or EM waves.

To emphasize the point, take a look at the following image:

Notice that inside the FRAME we have the IP PACKET. And inside the IP PACKET we have a SEGMENT. These are entities that exist, even when we talk about other layers. The Packet is there, even if we are saying we are sending a frame for example.

In the lesson, when it is stated that “the router sent a frame”, it means we are focusing on the Layer 2 operation of the router at that point. That frame contains the packet, which contains the segment, and so on, but the emphasis is on the functionality of Layer 2 for that particular instance.

Just one more diagram to clarify. Here we have the encapsulation process described at the source, and the decapsulation process described at the destination.

But notice, that any routers along the way, which are layer 3 devices, will take the data, decapsulate it up to layer 3 (in order to read the IP addressing information for routing) and then encapsulate it with new layer 2 header information, and send it along its way. Notice that the decapsulation took place only up to Layer 3, and routers are Layer 3 devices.

I hope this has been helpful!


1 Like

Thank you so much Laz for this wonderful and unexpected way of explanation.
And second thank you for always responding to my query.

One more query is that, Is ip routing process called Packet flow ?

Hello Pradyumna

IP routing is the process that a device goes through to decide out of which interface a received packet should be sent, based on the destination IP address.

Packet flow, also called traffic flow, refers to a series of packets that are being sent from one host to another. All packets within the flow are identified by their source and destination IP addresses. All packets with the same source and destination address, that are sent within a particular time frame, are considered part of the same flow. Sometimes, the transport layer port numbers are also included to further define flows, based on the ports, and thus the applications, that are being used.

I hope this has been helpful!


Thanks Laz now understood.

But Could you explain packet flow eg like we type a google.com on web browser then how does packet flow from source to destination ?

Hello Pradyumna

A flow is a stream of packets that share the same characteristics like source/destination port, source/destination address, protocol, type, etc. So if you go to www.google.com with your web browser, all packets being exchanged between your PC and the web server have the same source and destination IP addresses, source and destination Transport Layer ports, and same application layer protocol (HTTPS for example). All of these packets are considered a flow.

I hope this has been helpful!


Hi Laz,

Thanks but you i wan to know whole process like ip routing b/c this is the question has been asked many times by interviewer for L2 or L3 position so please if you could describe the process kindly do it.

This time in your eg please add Switch and Firewall As well.

Hello Pradyumna

This is information that is found within the lessons under section 4.3 Routing within the CCNA 200-301 course. If you go through the lessons, you will gain a full understanding of what you’re looking for, in much more detail than I could write within a post. Take a look, and if you have any more specific questions, we’re here to help!

I hope this has been helpful!


Hi Rene and staff,

perhaps you remember i am studying IPv6 and this is a question about source routing in IPv4 versus IPv6; i found IP-routing lesson is the best place to ask my question

In IPv4, source routing is inserted in the options field of the IPv4 header (there are two modes but that does not matter for my question). Briefly, when a router processes a packet from source =S to destination =D (S and D in the IPv4 header), it looks if options are available in the header. When the router finds typical code (example 137 with strict source routing), it does not process with the RIB, it looks at the pointer to find the next router and it sends the packet to this router (briefly)
So, obviouly, the values of S and D in the IPv4 header remain the same as long as the packet follow its journey along the path

Now IPv6 do the same with the routing header extension. So i read RFC 2460 ( i know it is obsolete but it is not wrong until you find something in the errata) to understand the routing header specification; routing-type=0 is well described in section 4.4. Page 14, you find the routing header format, with some space to hold the routing path the packet has to follow: Address [1], Address[2], etc … Address[n]. The field “Segments left” seems to play like the pointer in IPv4

The question is:
how an intermediate router process an IPv6 packet with routing header extension ?

I though it was obvious that each intermediate router along the predetermined path has to process the routing header (if it exists) to find the next router to send the packet
But RFC 2460 says page 15:
“A Routing header is not examined or processed until it reaches the node identified in the Destination Address field of the IPv6 header”
Waouw, what is that ???
I would like to understand “the extensions that follow the routing header will not be processed by any intermediate router i there is a routing header”; that seems a good logic
But page 16, RFC 2460 gives an algorithm to explain how the routing header is processed, and page 17 gives an example
"The values of the relevant IPv6 header and Routing header fields on each segment of the delivery path would be as follows:
As the packet travels from S to I1:

    Source Address = S                  Hdr Ext Len = 6
    Destination Address = I1            Segments Left = 3
                                        Address[1] = I2
                                        Address[2] = I3
                                        Address[3] = D

As the packet travels from I1 to I2:

    Source Address = S                  Hdr Ext Len = 6
    Destination Address = I2            Segments Left = 2
                                        Address[1] = I1
                                        Address[2] = I3
                                        Address[3] = D

As the packet travels from I2 to I3:

    Source Address = S                  Hdr Ext Len = 6
    Destination Address = I3            Segments Left = 1
                                        Address[1] = I1
                                        Address[2] = I2
                                        Address[3] = D

As the packet travels from I3 to D:

    Source Address = S                  Hdr Ext Len = 6
    Destination Address = D             Segments Left = 0
                                        Address[1] = I1
                                        Address[2] = I2
                                        Address[3] = I3

Well, it seems that the destination address is modified in the IPv6 header as the packet follows its journey along the routing path ?

So i am lost, is not a basic rule that the dest address should not be modified in the L3 header ?

Could you clarify ?


Hello Dominique

Here are a few things that will help you (and helped me!!) to clarify what is going on.

First of all, as you mentioned, RFC2460 is indeed old, and it has been obsoleted by RFC 8200. You mention that it says that:

A Routing header is not examined or processed until it reaches the node identified in the Destination Address field of the IPv6 header

But this has been removed based on Erratum ID 4662.

The example you described further on in your post has also been removed. Even so, the changes you see from hop to hop seem to take place within the routing header and not within the main IPv6 header. Take a look at this pact capture to see this in action.

A couple of general comments. Reading RFCs is excellent to learn the details of how things work, but it’s always best to choose the most recent one to ensure the data is up to date.

Also, sometimes it’s easier (and more fun) to boot up some routers and test the functionality with packet captures to see the features in action.

I hope this has been helpful!


Hello, Refering to the question, I do not understand why fa1/0 and fa1/1 can not be a good choice. Isn’t it so that can be fitted in both of them? So why choosing only fa0/1? I would appreciate if someone can help me. Thank you.

Hello Kevin

First of all I had to remove the image in your post because it violates our Terms of Service. Sorry about that! But I will answer your question.

The question states, if R1 is sending traffic to, the traffic is sent through which interface? In other words, which of the entries in the routing table will be used? Of course, the specific destination IP address matches fa1/0 and fa1/1 and fa0/1. But the rule that is always used for routing is match the most specific prefix. In other words, match the routing entry that has the smallest range, or the smallest subnet size.

The most specific prefix in this case is because it has a /27 subnet.

I hope this has been helpful!


Thank you very much for your help, i had reached to a death end in that question. You can remove the whole question if you want as I know the answer now.

1 Like

In this lesson you demonstrated how packets are being forwarded.
What if there was a switch betwwen the router and the pc, was the switch transparent to the pc and the router on both layers (2&3).
I assume that if there was a switch, he would forward the frame without de-encapsulate it by looking into its mac-address table.