Loading learning content...
Switches and bridges excel at connecting devices within a local network, but they operate with a fundamental limitation: they understand only MAC addresses, which have no inherent geographical or organizational structure. A MAC address provides no information about where a device is located in the global network topology.
To communicate between different networks—between your home and Google's servers, between branch offices in different cities, or even between VLANs on the same physical switch—we need a device that understands logical addresses with hierarchical structure. This is the role of the router.
Routers operate at the Network Layer (Layer 3) of the OSI model, making forwarding decisions based on IP addresses. While switches ask 'Which port leads to this MAC address?', routers ask 'Which interface leads toward this destination network?' This seemingly simple distinction enables the global Internet and all inter-network communication.
This page provides comprehensive coverage of routers—their Layer 3 operation, routing table structure, forwarding decisions, routing protocols, broadcast domain segmentation, and comparison with switches. We'll also explore brouters and multilayer switches that combine Layer 2 and Layer 3 functionality.
A router is a network device that operates at the Network Layer (Layer 3) of the OSI model. Its primary function is inter-network communication—forwarding packets between different IP networks based on destination IP addresses.
Core Router Characteristics:
Router vs. Switch: Fundamental Comparison:
| Aspect | Switch (Layer 2) | Router (Layer 3) |
|---|---|---|
| Address Type | MAC address (48-bit, flat) | IP address (32/128-bit, hierarchical) |
| Forwarding Basis | Destination MAC | Destination IP network |
| Lookup Table | MAC address table (CAM) | Routing table (RIB/FIB) |
| Broadcast Behavior | Forwards to all ports | Blocks at interface (except directed) |
| Collision Domain | Segments (per port) | N/A (irrelevant at L3) |
| Broadcast Domain | Extends (all ports) | Segments (per interface) |
| Frame Modification | None (except VLAN tagging) | Header rewrite, TTL decrement |
| Table Population | MAC learning (passive) | Static config or routing protocols |
| Typical Port Count | 24-48+ per unit | 2-8 per unit (more in chassis) |
| Latency | Microseconds | Higher (processing overhead) |
| Cost per Port | Lower | Higher |
When Routing is Required:
Router design has evolved significantly, from early software-based forwarding to modern distributed hardware architectures capable of terabit-per-second throughput.
Basic Router Architecture:
┌─────────────────────────────────────────────────────────────────────┐
│ Router Architecture │
├─────────────────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────────────────────────────────────────────────────┐ │
│ │ Control Plane (CPU) │ │
│ │ ┌───────────────┐ ┌───────────────┐ ┌───────────────────┐ │ │
│ │ │ Routing │ │ Management │ │ Protocol Stack │ │ │
│ │ │ Protocols │ │ Interfaces │ │ (TCP/IP, ARP...) │ │ │
│ │ │ OSPF,BGP,RIP │ │ CLI,SNMP,SSH │ │ │ │ │
│ │ └───────────────┘ └───────────────┘ └───────────────────┘ │ │
│ │ │ │
│ │ ┌───────────────────────────────────────────────────────┐ │ │
│ │ │ Routing Information Base (RIB) │ │ │
│ │ │ (All routes from all protocols) │ │ │
│ │ └───────────────────────────────────────────────────────┘ │ │
│ └──────────────────────────────────────────────────────────────┘ │
│ │ │
│ │ Populate FIB │
│ ▼ │
│ ┌──────────────────────────────────────────────────────────────┐ │
│ │ Data Plane (Forwarding) │ │
│ │ │ │
│ │ ┌───────────────────────────────────────────────────────┐ │ │
│ │ │ Forwarding Information Base (FIB) │ │ │
│ │ │ (Optimized for fast lookup - TCAM) │ │ │
│ │ └───────────────────────────────────────────────────────┘ │ │
│ │ │ │
│ │ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ │ │
│ │ │Interface│ │Interface│ │Interface│ │Interface│ ... │ │
│ │ │ GE0/0 │ │ GE0/1 │ │ GE0/2 │ │ GE0/3 │ │ │
│ │ │ [Port] │ │ [Port] │ │ [Port] │ │ [Port] │ │ │
│ │ └─────────┘ └─────────┘ └─────────┘ └─────────┘ │ │
│ └──────────────────────────────────────────────────────────────┘ │
│ │
│ [Power Supply] [Memory/Storage] [Console Port] │
└─────────────────────────────────────────────────────────────────────┘
Control Plane vs. Data Plane:
Modern router design separates functions into two planes:
Control Plane:
Data Plane (Forwarding Plane):
| Generation | Forwarding | Throughput | Use Case |
|---|---|---|---|
| Early (1980s-90s) | CPU-based software | Thousands pps | WAN, small enterprise |
| Enterprise (1990s-2000s) | Distributed line cards | Millions pps | Enterprise core |
| Modern (2000s-present) | ASIC/NPU hardware | Billions pps | Service provider, data center |
| SDN Era (2010s-present) | Programmable NPU | Terabits/sec | Cloud, programmable networks |
The RIB (Routing Information Base) contains all routes learned from all sources. The FIB (Forwarding Information Base) is the optimized, hardware-ready version used for actual forwarding. Multiple equal-cost paths in RIB become single entries with load-balancing in FIB. The separation enables protocol complexity in software while keeping forwarding simple in hardware.
The routing table is the router's map of the network—specifying how to reach destination IP networks. Understanding routing table structure and lookup mechanisms is fundamental to understanding router operation.
Routing Table Entry Components:
Typical Routing Table Entry:
──────────────────────────────
Destination: 192.168.10.0/24 # Network prefix to match
Next-Hop: 10.0.0.2 # IP of next router toward destination
Interface: GigabitEthernet0/1 # Outgoing interface
Metric: 110 # Cost/distance (lower = preferred)
Admin Dist: 110 # Protocol preference (lower = preferred)
Origin: OSPF # How this route was learned
Age: 01:23:45 # Time since route learned
Example Routing Table:
Router# show ip route
Codes: C - connected, S - static, R - RIP, O - OSPF, B - BGP
Gateway of last resort: 10.0.0.1 to network 0.0.0.0
10.0.0.0/24 is subnetted, 2 subnets
C 10.0.0.0/24 is directly connected, GigabitEthernet0/0
C 10.0.1.0/24 is directly connected, GigabitEthernet0/1
192.168.0.0/24 is subnetted, 3 subnets
O 192.168.10.0/24 [110/20] via 10.0.0.2, GigabitEthernet0/0
O 192.168.20.0/24 [110/30] via 10.0.0.2, GigabitEthernet0/0
S 192.168.30.0/24 [1/0] via 10.0.1.5
S* 0.0.0.0/0 [1/0] via 10.0.0.1 # Default route
The Forwarding Decision Process:
When a packet arrives, the router performs these steps:
Step 1: Receive and Parse
Packet arrives on interface GE0/0
Extract destination IP: 192.168.10.47
Step 2: Longest Prefix Match (LPM)
Search routing table for matching entries:
192.168.10.0/24 - Matches! (24 bits match)
192.168.0.0/16 - Matches! (16 bits match)
0.0.0.0/0 - Matches! (0 bits match - default)
Select longest match: 192.168.10.0/24 (24 bits)
Step 3: Determine Next-Hop and Interface
Route: 192.168.10.0/24 via 10.0.0.2, GE0/0
Next-hop IP: 10.0.0.2
Outgoing interface: GE0/0
Step 4: Layer 2 Resolution
Need MAC address of next-hop (10.0.0.2) for GE0/0
Check ARP cache or send ARP request
Next-hop MAC: AA:BB:CC:DD:EE:FF
Step 5: Header Modification and Forwarding
- Decrement TTL: 64 → 63 (drop if TTL reaches 0)
- Recalculate IP header checksum
- Rewrite L2 header:
Source MAC: Router's GE0/0 MAC
Destination MAC: AA:BB:CC:DD:EE:FF
- Forward out interface GE0/0
Longest Prefix Match (LPM) is the fundamental principle of IP routing. When multiple routes match a destination, the most specific (longest prefix length) always wins. This enables hierarchical aggregation: a /24 for a specific branch network overrides the /16 for the region, which overrides the /0 default.
Routing tables are populated through three primary methods, each appropriate for different scenarios.
1. Connected Networks:
Routes to networks directly attached to router interfaces are automatically added when the interface is configured and activated:
interface GigabitEthernet0/0
ip address 10.0.0.1 255.255.255.0
no shutdown
→ Automatic routing table entry:
C 10.0.0.0/24 is directly connected, GigabitEthernet0/0
2. Static Routes:
Administrator-configured routes for destinations that don't change or for backup paths:
ip route 192.168.30.0 255.255.255.0 10.0.1.5
ip route 0.0.0.0 0.0.0.0 10.0.0.1 # Default route
→ Routing table entries:
S 192.168.30.0/24 [1/0] via 10.0.1.5
S* 0.0.0.0/0 [1/0] via 10.0.0.1
3. Dynamic Routing Protocols:
Protocols that automatically discover network topology and exchange routing information between routers:
| Protocol | Type | Algorithm | Metric | Use Case |
|---|---|---|---|---|
| RIP (v2) | Distance Vector | Bellman-Ford | Hop count (max 15) | Legacy, small networks |
| OSPF | Link State | Dijkstra SPF | Cost (bandwidth-based) | Enterprise, campus |
| IS-IS | Link State | Dijkstra SPF | Cost | Service provider, large enterprise |
| EIGRP | Advanced DV | DUAL | Composite (BW, delay) | Cisco enterprise |
| BGP | Path Vector | Best path selection | Attributes (AS path, etc.) | Internet, WAN, multi-homing |
Administrative Distance:
When multiple sources (static, OSPF, BGP, etc.) provide routes to the same destination, Administrative Distance determines preference:
| Route Source | Admin Distance | Notes |
|---|---|---|
| Connected | 0 | Always most trusted |
| Static | 1 | Administrator-configured |
| EIGRP Summary | 5 | Cisco-specific |
| BGP (External) | 20 | Internet prefix from eBGP |
| EIGRP (Internal) | 90 | Cisco enterprise routing |
| OSPF | 110 | Standard link-state |
| IS-IS | 115 | Service provider grade |
| RIP | 120 | Legacy distance vector |
| BGP (Internal) | 200 | iBGP less preferred than eBGP |
Lower AD = more trusted. A static route (AD 1) overrides OSPF (AD 110) for the same prefix.
Example:
Both sources provide route to 10.20.0.0/24:
Static: 10.20.0.0/24 via 192.168.1.1 [AD: 1]
OSPF: 10.20.0.0/24 via 172.16.1.1 [AD: 110]
Router uses static route (AD 1 < AD 110)
A 'floating static route' uses artificially high AD (e.g., 250) so it only takes effect if the dynamic route fails. This provides backup connectivity without affecting normal routing: ip route 10.0.0.0 255.0.0.0 10.1.1.1 250
One of the router's most critical functions is broadcast domain segmentation—isolating broadcast traffic within individual subnets. This behavior has profound implications for network design and scalability.
Why Broadcasts Don't Cross Routers:
IP broadcasts (destination 255.255.255.255 or directed broadcast like 192.168.1.255) are Layer 3 constructs. When a router receives such traffic:
┌─────────────┐
│ Router │
│ │
Subnet A │ GE0/0 │ Subnet B
192.168.1.0/24 ──┤ ├── 192.168.2.0/24
│ GE0/1 │
└─────────────┘
Host A (192.168.1.10) sends broadcast to 255.255.255.255:
→ Packet received on GE0/0
→ Router recognizes broadcast destination
→ NOT forwarded to GE0/1
→ Broadcast contained in Subnet A only
Result: Hosts in Subnet B do NOT receive broadcast
Broadcast Domain Size Implications:
| Network Size | Switch-Only Design | Routed Design |
|---|---|---|
| 10 devices | All broadcasts reach 10 devices | Broadcasts contained per subnet |
| 100 devices | All broadcasts reach 100 devices | 10-25 per subnet typical |
| 1000 devices | All broadcasts reach 1000 devices | Still 10-100 per subnet |
| 10000 devices | Network unusable | Scales to any size |
Types of Broadcast Traffic:
Broadcasts are essential for certain protocols but become problematic at scale:
| Protocol | Broadcast Purpose | Volume |
|---|---|---|
| ARP | Resolve IP to MAC | Per new connection |
| DHCP | Obtain IP configuration | Per device join/renew |
| NetBIOS | Windows name resolution | Periodic |
| mDNS | Service discovery | Varies |
| IPv6 NDP | Neighbor discovery (multicast) | Per connection |
Calculating Broadcast Overhead:
Scenario: 500 devices, ARP every 5 minutes, DHCP every 30 minutes
ARP broadcasts: 500 devices × (1 / 300 sec) = 1.67 broadcasts/sec
DHCP broadcasts: 500 devices × (1 / 1800 sec) = 0.28 broadcasts/sec
Total: ~2 broadcasts/sec × 500 receiving hosts = 1000 packets/sec
processed across the network for broadcast handling alone
With 50 devices per broadcast domain (10 subnets):
50 × 2/sec × 50 receiving = 5000 packets/sec per subnet
But only 50 devices process each broadcast instead of 500
Overall network: 10× reduction in broadcast processing
A broadcast storm (caused by loops, malfunctions, or attacks) propagates through all connected switches but STOPS at router boundaries. This is why proper network segmentation with routers (or Layer 3 switches) is essential for network stability. A purely switched network has no containment mechanism for broadcast storms.
Most routers connecting private networks to the Internet perform Network Address Translation (NAT)—modifying IP addresses in packet headers to enable communication between private and public address spaces.
Why NAT is Necessary:
The IPv4 address space (approximately 4.3 billion addresses) is insufficient for all connected devices. RFC 1918 defined private address ranges that can be reused:
Private Address Ranges (RFC 1918):
─────────────────────────────────
10.0.0.0/8 (10.0.0.0 - 10.255.255.255) ~16 million addresses
172.16.0.0/12 (172.16.0.0 - 172.31.255.255) ~1 million addresses
192.168.0.0/16 (192.168.0.0 - 192.168.255.255) ~65,000 addresses
These addresses are not routable on the public Internet.
NAT translates between private internal addresses and public external addresses.
NAT Operation:
┌─────────────────────┐
│ Router │
Private Network │ with NAT │ Internet
───────────────── │ │ ──────────────
│ Inside Outside │
192.168.1.10 ─────►│ 192.168.1.1 │
192.168.1.20 │ 203.0.113.5│─────► Web Server
192.168.1.30 │ │ 93.184.216.34
└─────────────────────┘
Outbound packet from 192.168.1.10 to 93.184.216.34:
Original: Src: 192.168.1.10 Dst: 93.184.216.34
After NAT: Src: 203.0.113.5 Dst: 93.184.216.34
▲
└── Router's public IP replaces private IP
Return packet:
Arriving: Src: 93.184.216.34 Dst: 203.0.113.5
After NAT: Src: 93.184.216.34 Dst: 192.168.1.10
▲
└── NAT table lookup restores
original destination
| NAT Type | Description | Use Case |
|---|---|---|
| Static NAT | 1-to-1 mapping, permanent | Publicly accessible servers |
| Dynamic NAT | Pool of public IPs, temporary assignment | Multiple concurrent external sessions |
| PAT/NAPT/Overload | Many-to-one using port numbers | Home routers, enterprise egress |
Port Address Translation (PAT):
PAT is the most common form, allowing thousands of internal devices to share a single public IP:
NAT Table (PAT Example):
─────────────────────────────────────────────────────────────────────
Inside Local Inside Global Outside Global Outside Local
192.168.1.10:49152 203.0.113.5:1024 93.184.216.34:80 93.184.216.34:80
192.168.1.20:52301 203.0.113.5:1025 93.184.216.34:80 93.184.216.34:80
192.168.1.10:49153 203.0.113.5:1026 8.8.8.8:53 8.8.8.8:53
─────────────────────────────────────────────────────────────────────
Multiple internal IPs share 203.0.113.5 by using different port numbers.
Router maintains translation table to route return traffic correctly.
IPv6's vast address space (2^128 addresses) eliminates the address scarcity that necessitated NAT. However, NAT provides a de facto firewall effect by hiding internal addresses. IPv6 networks typically use proper firewalls instead, and NAT66 exists but is discouraged.
The strict separation between bridges/switches (Layer 2) and routers (Layer 3) became problematic as networks grew. The need for devices that could do both led to the development of brouters and, more successfully, multilayer switches.
Brouter (Bridge-Router):
A brouter is a device that can operate as either a bridge or a router depending on the protocol:
Brouter Operation:
─────────────────
Receive frame with:
- Ethernet header (Layer 2)
- IP payload (Layer 3, routable)
→ Examine destination IP, route packet between interfaces
Receive frame with:
- Ethernet header (Layer 2)
- NetBIOS payload (Layer 3, non-routable)
→ Bridge based on MAC address (no IP routing possible)
The brouter bridges protocols it cannot route
and routes protocols it understands.
Brouters were significant in the 1980s-90s when multiple network protocols coexisted (IP, IPX, AppleTalk, NetBIOS). As IP became dominant, the brouter concept faded.
Multilayer Switch (Layer 3 Switch):
The multilayer switch represents the modern fusion of switching and routing:
┌─────────────────────────────────────────────────────────────────────┐
│ Multi-Layer Switch │
├─────────────────────────────────────────────────────────────────────┤
│ │
│ ┌───────────────────────────────────────────────────────────┐ │
│ │ Layer 3 Routing Engine │ │
│ │ Routing protocols (OSPF, BGP), Routing table (RIB) │ │
│ │ Access Control Lists, Policy-Based Routing │ │
│ └─────────────────────────────┬─────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌───────────────────────────────────────────────────────────┐ │
│ │ Unified Hardware Forwarding Engine (ASIC) │ │
│ │ │ │
│ │ ┌─────────────────┐ ┌─────────────────┐ │ │
│ │ │ MAC Table │ │ FIB │ │ │
│ │ │ (L2 Forwarding)│ │ (L3 Forwarding)│ │ │
│ │ └─────────────────┘ └─────────────────┘ │ │
│ │ │ │
│ │ Decision at wire speed: │ │
│ │ - L2: Same VLAN → switch based on MAC │ │
│ │ - L3: Different VLAN → route based on IP │ │
│ └───────────────────────────────────────────────────────────┘ │
│ │
│ ┌──────┐ ┌──────┐ ┌──────┐ ┌──────┐ ┌──────┐ ┌──────┐ │
│ │Port 1│ │Port 2│ │Port 3│ │Port 4│ │Port 5│ │Port N│ │
│ │VLAN10│ │VLAN10│ │VLAN20│ │VLAN20│ │VLAN30│ │Trunk │ │
│ └──────┘ └──────┘ └──────┘ └──────┘ └──────┘ └──────┘ │
└─────────────────────────────────────────────────────────────────────┘
Router vs. Multilayer Switch:
| Aspect | Traditional Router | Multilayer Switch |
|---|---|---|
| Primary Focus | WAN, complex routing | LAN, inter-VLAN routing |
| Port Density | Low (2-8 typically) | High (24-48+) |
| Port Cost | High | Lower |
| WAN Interfaces | Full range (T1, MPLS, etc.) | Limited (often Ethernet only) |
| Routing Protocols | Full BGP, advanced features | Often limited BGP |
| QoS/Traffic Engineering | Advanced | Moderate |
| NAT/Firewall | Often included | Usually separate |
| Best For | Edge/WAN, Internet | Campus core, data center |
When to Use Each:
Modern network devices increasingly blur the L2/L3 boundary. High-end multilayer switches support full BGP and advanced routing features. Data center 'spine' switches run at Layer 3 only. The distinction is becoming one of port density and interface types rather than fundamental capability.
Having explored all the major network devices across Layers 1-3, let's consolidate our understanding with a comprehensive comparison.
Device Hierarchy by OSI Layer:
OSI Layer Operation
Device │ Layer 1 │ Layer 2 │ Layer 3
────────────────┼──────────┼──────────┼──────────
Repeater │ ● │ │
Hub │ ● │ │
Bridge │ ● │ ● │
Switch (L2) │ ● │ ● │
Switch (L3) │ ● │ ● │ ●
Router │ ● │ ● │ ●
● = Operates at this layer
| Property | Repeater | Hub | Bridge | Switch | Router |
|---|---|---|---|---|---|
| OSI Layer | 1 | 1 | 2 | 2 (or 3) | 3 |
| Address Understood | None | None | MAC | MAC (+ IP) | IP |
| Forwarding Unit | Bits | Bits | Frames | Frames | Packets |
| Collision Domain | Extends | Extends | Segments | Segments | N/A |
| Broadcast Domain | Extends | Extends | Extends | Extends* | Segments |
| Traffic Filtering | No | No | Yes | Yes | Yes |
| Learning | No | No | MAC → Port | MAC → Port | Route table |
| Speed Conversion | No | No | Yes | Yes | Yes |
| Typical Ports | 2 | 4-24 | 2-4 | 8-48+ | 2-8 |
| Processing | Minimal | Minimal | Moderate | ASIC | CPU/ASIC |
| Modern Status | Obsolete | Obsolete | Obsolete | Standard | Standard |
*Switches extend broadcast domains unless VLANs are configured; L3 switches segment broadcast domains through inter-VLAN routing.
Decision Framework for Device Selection:
┌─────────────────────────────────────────────────────────────────┐
│ Device Selection Decision Tree │
└─────────────────────────────────────────────────────────────────┘
Need to extend physical distance?
├── Yes → Consider fiber, media converter, or wireless
│ (Standalone repeaters rarely used)
│
└── No → Continue
Need to connect multiple devices locally?
├── Yes → Use a Switch (L2)
│ Calculate ports needed, PoE requirements
│
└── No → Continue
Need to connect different IP subnets/VLANs?
├── Yes → Use L3 Switch or Router
│ ├── Campus/Data Center: L3 Switch
│ ├── WAN/Internet Edge: Router
│ └── Complex routing (BGP, MPLS): Router
│
└── No → Continue
Need Internet/WAN connectivity?
├── Yes → Router (with NAT, firewall features)
│
└── No → Reassess requirements
In practice, modern networks use primarily two device types: switches (L2 or L3) for LAN connectivity, and routers for WAN/Internet connectivity. Repeaters, hubs, and traditional bridges are historical artifacts. The choice between L2 and L3 switches, and between switches and routers, depends on routing requirements, port density needs, and feature requirements.
We have completed our comprehensive exploration of network devices from Layer 1 through Layer 3. Let's consolidate the key concepts for routers and the overall device hierarchy:
Module Complete:
You have now mastered the fundamental network devices that form the building blocks of all computer networks. From the simple signal regeneration of repeaters through MAC-based switching to IP-based routing, you understand how devices at each OSI layer contribute to network connectivity.
This foundation prepares you for the subsequent modules in this chapter, where we'll explore:
Congratulations! You have completed Module 1: Network Devices. You now possess comprehensive understanding of repeaters, hubs, bridges, switches, routers, and brouters—their operational principles, capabilities, limitations, and appropriate use cases. This knowledge is fundamental to understanding network architecture, troubleshooting, and design.