101
0/228
Loading content...
Imagine sending a letter from New York to a small village in rural Japan. You don't personally carry it across the Pacific Ocean. Instead, you hand it to your local post office—your next hop. That post office hands it to a regional hub, which hands it to a national hub, which hands it to an international hub, which hands it to Japan's postal system, which hands it through progressively smaller facilities until it reaches its destination.
At each step, no single entity knows the complete path. Each only knows: "Given this destination, who do I hand this to next?"
This is precisely how Internet routing works. The next hop is the fundamental unit of routing—the immediate next destination for a packet on its journey. A router doesn't know (or need to know) the complete path to every destination. It only needs to know the next hop that will bring the packet closer to its goal.
By the end of this page, you will understand what a next hop is, how routers determine next hops, the difference between directly connected and recursive next hops, next hop resolution mechanisms, and common next hop troubleshooting scenarios.
What is a Next Hop?
The next hop is the IP address of the next router (or destination host) to which a packet should be forwarded on its path to the final destination.
The next hop represents the immediate next step in a packet's journey—the IP address of the neighboring device that will receive the packet and continue its forwarding.
Key Characteristics
Next Hop in Context
Consider a packet traveling from Source (10.1.1.100) to Destination (10.4.4.100):
Network Topology:
[Source] [Router A] [Router B] [Destination]
10.1.1.100 ───── 10.1.1.1 ─────── 10.2.2.2 ─────── 10.4.4.100
eth0 │ eth1 eth0 │ eth1
10.1.1.1 10.2.2.1 10.2.2.2 10.4.4.1
LAN: 10.2.2.0/24
Routing Tables:
┌─────────────────────────────────────────────────────────────────┐
│ Source Host (10.1.1.100) │
│ Destination Next Hop Interface │
│ 10.1.1.0/24 Connected eth0 │
│ 0.0.0.0/0 10.1.1.1 eth0 ← Default gateway │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ Router A (10.1.1.1 / 10.2.2.1) │
│ Destination Next Hop Interface │
│ 10.1.1.0/24 Connected eth0 │
│ 10.2.2.0/24 Connected eth1 │
│ 10.4.4.0/24 10.2.2.2 eth1 ← Routes via B │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ Router B (10.2.2.2 / 10.4.4.1) │
│ Destination Next Hop Interface │
│ 10.2.2.0/24 Connected eth0 │
│ 10.4.4.0/24 Connected eth1 │
│ 10.1.1.0/24 10.2.2.1 eth0 ← Routes via A │
└─────────────────────────────────────────────────────────────────┘
Packet Journey
| Hop | Location | Next Hop Decision | Why |
|---|---|---|---|
| 1 | Source (10.1.1.100) | Next hop: 10.1.1.1 | 10.4.4.100 not in 10.1.1.0/24, use default gateway |
| 2 | Router A | Next hop: 10.2.2.2 | 10.4.4.100 matches route via 10.2.2.2 |
| 3 | Router B | Direct delivery | 10.4.4.100 is on connected network 10.4.4.0/24 |
| 4 | Destination | Received | Packet delivered |
Notice:
Not all next hops are created equal. Understanding the different types is crucial for configuration and troubleshooting.
1. Directly Connected Next Hop
The next hop is on a network directly attached to the router. The router can ARP for the next hop's MAC address immediately.
ip route 10.5.0.0 255.255.0.0 10.1.1.2
Where: 10.1.1.2 is on directly connected network 10.1.1.0/24
Lookup process:
1. Find route to 10.5.0.0/16 → next hop 10.1.1.2
2. Is 10.1.1.2 directly connected? YES (10.1.1.0/24 on eth0)
3. ARP for 10.1.1.2 → get MAC address
4. Forward packet to that MAC via eth0
2. Recursive Next Hop
The next hop is NOT directly connected. The router must perform a recursive lookup to find how to reach the next hop itself.
Route in table:
10.0.0.0/8 via 192.168.100.1
But 192.168.100.1 is not directly connected!
Recursive lookup:
1. Find route to 10.0.0.0/8 → next hop 192.168.100.1
2. Is 192.168.100.1 directly connected? NO
3. Find route to 192.168.100.1 → next hop 10.1.1.2 via eth0
4. Is 10.1.1.2 directly connected? YES
5. ARP for 10.1.1.2 → get MAC address
6. Forward packet to that MAC via eth0
Final resolution: Packets for 10.0.0.0/8 go to 10.1.1.2 via eth0
Why Recursive Next Hops?
Recursive next hops are common in BGP environments where:
3. Interface-Only Next Hop
Some routes specify only an outgoing interface, not a next-hop IP:
ip route 10.5.0.0 255.255.0.0 Serial0/0 (point-to-point)
ip route 10.5.0.0 255.255.0.0 Ethernet0 (broadcast - problematic!)
This works on point-to-point links (there's only one possible next hop) but is problematic on broadcast/multi-access networks where the router must ARP for the destination directly.
Avoid interface-only routes on Ethernet. If you configure 'ip route 0.0.0.0/0 Ethernet0', the router will ARP for EVERY destination address! This is called 'proxy ARP' behavior and creates massive ARP traffic. Always specify a next-hop IP address on broadcast media.
Once a next hop is determined, the router must resolve it to a Layer 2 (MAC) address for actual packet transmission. This resolution process differs based on the link type.
Resolution on Broadcast Networks (Ethernet)
On Ethernet and similar networks, the Address Resolution Protocol (ARP) resolves IP to MAC:
Scenario: Forward packet to next hop 10.1.1.2 via eth0
1. Check ARP cache for 10.1.1.2
- If found: Use cached MAC address
- If not found: Perform ARP
2. ARP Process:
Router → Broadcast: "Who has 10.1.1.2? Tell 10.1.1.1"
10.1.1.2 → Router: "10.1.1.2 is at AA:BB:CC:DD:EE:FF"
3. Cache the mapping (typically 4 hours timeout)
4. Encapsulate packet:
Destination MAC: AA:BB:CC:DD:EE:FF (next hop's MAC)
Destination IP: 10.4.4.100 (final destination - unchanged!)
5. Transmit on eth0
| Link Type | Resolution Method | Cache | Example |
|---|---|---|---|
| Ethernet/WiFi | ARP (IPv4) / ND (IPv6) | ARP cache | LAN segment |
| Point-to-Point | No resolution needed | N/A | T1, Serial link, PPP |
| Frame Relay | Inverse ARP or static map | FR map | Legacy WAN |
| MPLS | Label lookup (LIB/LFIB) | Label cache | Provider backbone |
| GRE Tunnel | Recursive to physical | Tunnel endpoint | VPN overlay |
Recursive Resolution Deep Dive
Let's trace a complex recursive resolution:
Router Configuration:
Interface eth0: 10.1.1.1/24
Interface eth1: 10.2.2.1/24
Routing Table:
10.0.0.0/8 via 172.16.0.1 (BGP)
172.16.0.0/24 via 10.2.2.2 (OSPF)
10.2.2.0/24 connected eth1
Packet arrives for destination: 10.50.50.50
Resolution Chain:
┌─────────────────────────────────────────────────────────────────┐
│ Step 1: Lookup 10.50.50.50 │
│ Matches: 10.0.0.0/8 via 172.16.0.1 │
│ Next-hop: 172.16.0.1 │
│ Directly connected? NO → Continue resolution │
├─────────────────────────────────────────────────────────────────┤
│ Step 2: Lookup 172.16.0.1 │
│ Matches: 172.16.0.0/24 via 10.2.2.2 │
│ Next-hop: 10.2.2.2 │
│ Directly connected? NO → Continue resolution │
├─────────────────────────────────────────────────────────────────┤
│ Step 3: Lookup 10.2.2.2 │
│ Matches: 10.2.2.0/24 connected (eth1) │
│ Directly connected? YES → Resolution complete! │
├─────────────────────────────────────────────────────────────────┤
│ Step 4: ARP for 10.2.2.2 on eth1 │
│ Result: MAC address 00:11:22:33:44:55 │
├─────────────────────────────────────────────────────────────────┤
│ FINAL: Send packet to MAC 00:11:22:33:44:55 via eth1 │
└─────────────────────────────────────────────────────────────────┘
Note: The original BGP next-hop (172.16.0.1) is 2 hops away, but this router forwards to the directly connected 10.2.2.2, which will then handle reaching 172.16.0.1.
In the example above, the packet goes to 10.2.2.2 first, then to 172.16.0.1, then toward destination. This is normal. BGP's next-hop (172.16.0.1) might be the edge of an AS, several internal hops away. The IGP (OSPF) provides the internal path to reach that BGP next-hop.
When multiple paths exist to a destination, routers must select which next hop to use. This selection follows a deterministic process.
Selection Order
Multiple Equal-Cost Paths (ECMP)
Sometimes multiple next hops are equally good:
Scenario: Two paths to 10.0.0.0/8
Path 1: via 10.1.1.2 (OSPF cost 100)
Path 2: via 10.1.1.3 (OSPF cost 100) ← Same cost!
ECMP Options:
1. Install both paths in FIB
2. Load balance traffic across both
3. Achieve higher aggregate bandwidth
4. Provide automatic failover
The Hash Function for Load Balancing
Modern routers use a hash of packet header fields to determine path selection:
Common hash inputs:
- Source IP address
- Destination IP address
- Protocol (TCP/UDP/etc.)
- Source port (if TCP/UDP)
- Destination port (if TCP/UDP)
Hash calculation:
path_index = hash(src_ip, dst_ip, protocol, src_port, dst_port) mod num_paths
Benefits:
- Same flow always takes same path (prevents reordering)
- Different flows naturally spread across paths
- Stateless (no flow tracking needed)
- Fast (hardware-implementable)
Unequal-Cost Load Balancing
Some protocols (notably EIGRP) support unequal-cost load balancing:
Scenario: Two paths to 10.0.0.0/8
Path 1: via 10.1.1.2 (EIGRP metric 100)
Path 2: via 10.1.1.3 (EIGRP metric 200) ← Twice the cost
With variance 2:
- Path 2's metric (200) ≤ Path 1's metric (100) × variance (2) = 200
- Both paths qualify for use
- Traffic split inversely proportional to metric
- Path 1 carries 2/3 of traffic, Path 2 carries 1/3
Most routers limit ECMP to 4-32 equal-cost paths. Beyond this, the load-balancing benefit diminishes while FIB space consumption increases. Cisco IOS defaults to 4 maximum paths; this is configurable with 'maximum-paths' command.
A route is only as good as its next hop. If the next hop is unreachable, the route should not be used. Routers employ various mechanisms to detect next-hop reachability.
Static Route Limitations
Consider a static route:
ip route 10.0.0.0 255.0.0.0 192.168.1.2
What if 192.168.1.2 becomes unreachable? By default, the static route remains active as long as the outgoing interface is up—even if 192.168.1.2 is completely offline.
This leads to black-holed traffic.
Tracked Static Routes Example
! Define an IP SLA to ping the next hop
ip sla 1
icmp-echo 192.168.1.2
frequency 5
ip sla schedule 1 life forever start-time now
! Define a track object based on the SLA
track 1 ip sla 1 reachability
! Static route depends on track object
ip route 10.0.0.0 255.0.0.0 192.168.1.2 track 1
Behavior:
- IP SLA pings 192.168.1.2 every 5 seconds
- If ping fails, track 1 goes down
- When track 1 is down, static route is removed from RIB
- Backup route (if any) becomes active
- When ping succeeds again, route is reinstalled
BFD for Fast Detection
Bidirectional Forwarding Detection operates at millisecond intervals:
BFD session parameters:
- Detection interval: 50-300 milliseconds typical
- Detection time = interval × multiplier (e.g., 100ms × 3 = 300ms)
- Hardware-accelerated on modern platforms
Integration:
- OSPF, BGP, EIGRP, static routes can use BFD
- When BFD detects failure, routing protocol reacts immediately
- Sub-second convergence possible
If a static route's next hop is not directly connected, the router performs recursive lookup. If the IGP route to the next hop disappears, the static route becomes invalid and should be removed. Verify your IOS version handles this correctly—older versions had bugs where invalid recursive statics remained active.
Different routing protocols handle next-hop information differently. Understanding these differences is crucial for multi-protocol environments.
OSPF Next Hop
OSPF uses the advertising router's address as the next hop:
OSPF Behavior:
- Intra-area routes: Next hop = router that advertised the network
- Inter-area routes: Next hop = ABR that summarized the route
- External routes: Next hop = ASBR that redistributed the route
Note: On multi-access networks (Ethernet), OSPF preserves the original
adverted's address as next-hop, not the DR's address.
| Protocol | Next Hop Source | Modification | Notes |
|---|---|---|---|
| OSPF | Advertising router | Preserved through ABRs | Multi-access: original advertiser |
| EIGRP | Neighbor that sent update | Changed at each hop | Always the immediate neighbor |
| RIP | Neighbor that sent update | Changed at each hop | Next-hop field in update |
| BGP (eBGP) | Peer that advertised | Changed to self by default | next-hop-self common |
| BGP (iBGP) | Original eBGP peer | NOT changed by default | Requires IGP reachability |
| IS-IS | Advertising router | Similar to OSPF | Used in large ISPs |
BGP Next Hop: The Critical Challenge
BGP next-hop handling is both powerful and frequently misconfigured.
eBGP Next Hop
Default behavior:
- When receiving route from eBGP peer, next-hop = peer's address
- When advertising to eBGP peer, next-hop = local interface address
Example:
AS 100 Router A (10.1.1.1) ──── (10.1.1.2) Router B AS 200
Router B advertises 10.200.0.0/16 to Router A
Router A receives: 10.200.0.0/16, next-hop 10.1.1.2 ✓
→ 10.1.1.2 is directly connected to A → Route is valid
iBGP Next Hop (The Tricky Part)
Default behavior:
- iBGP does NOT change the next-hop by default
- Routes learned from eBGP are passed to iBGP peers with original next-hop
Problem scenario:
AS 100:
Edge Router A (eBGP peer with external) ─── Core Router B ─── Core Router C
A receives route: 10.200.0.0/16, next-hop 10.1.1.2 (external peer)
A advertises to B via iBGP: 10.200.0.0/16, next-hop 10.1.1.2 (UNCHANGED!)
Problem: B doesn't have a direct route to 10.1.1.2!
Solutions:
1. 'next-hop-self' on A: Changes next-hop to A's address toward B
2. IGP includes external-facing networks: B can reach 10.1.1.2 via IGP
3. Route reflector next-hop handling: Configure appropriately
Apply 'neighbor X next-hop-self' when advertising to iBGP peers if the external peer's network isn't in your IGP. This is almost always the correct configuration for iBGP peerings—it ensures every iBGP peer can resolve the next-hop via IGP.
Next-hop problems are among the most common routing issues. Here's how to diagnose and resolve them.
Common Next Hop Problems
Diagnostic Command Sequence
! Step 1: Check if route exists and verify next-hop
show ip route 10.50.50.50
Output: "... via 192.168.1.1 [110/100] ..."
! Step 2: Check if next-hop is reachable
show ip route 192.168.1.1
Expected: Connected route or valid path
Problem: "not in routing table" → Next hop unreachable!
! Step 3: Check CEF (FIB) status
show ip cef 10.50.50.50
Shows actual forwarding entry
Look for: "attached" (good) or "drop" (bad)
! Step 4: Check ARP resolution
show ip arp 192.168.1.1
Verify MAC address is learned
"Incomplete" = ARP failure
! Step 5: Verify physical connectivity
ping 192.168.1.1
Confirms end-to-end reachability
! Step 6: For BGP, check next-hop status
show ip bgp 10.50.50.0/24
Look for 'Next hop:' and 'Metric:' fields
Check '>' marker (best path) or 'i' (inaccessible)
Resolving iBGP Next-Hop Issues
! Problem: BGP route shows as inaccessible
show ip bgp
*>i 10.200.0.0/16 192.0.2.1 0 100 0 200 i
^^^^^^^^^
Not in IGP!
! Solution 1: Add next-hop-self on advertising router
router bgp 100
neighbor 10.1.1.2 next-hop-self
! Solution 2: Ensure IGP covers the peering network
router ospf 1
network 192.0.2.0 0.0.0.255 area 0
! Verify fix
show ip bgp 10.200.0.0/16
Should now show valid next-hop
BGP marks routes with unreachable next-hops as 'inaccessible' (small 'i' instead of '>'). These routes remain in the BGP table but aren't installed in the RIB/FIB. This is correct behavior—but often confuses operators who see the route in BGP but not in the routing table.
The next hop is the building block of routing—the answer to "where does this packet go now?" Let's consolidate what we've learned:
What's Next
We've seen that when no specific route matches, routers use a default route. But what exactly is a default route, and how does it work? The next page examines default routes in detail—the routes of last resort that connect isolated networks to the broader Internet.
You now understand next hops comprehensively—what they are, how they're determined, how they're resolved to MAC addresses, and how to troubleshoot next-hop issues. This knowledge is essential for understanding packet flow and diagnosing routing problems.