The Hop-by-Hop Idea
A packet does not carry a full map of the internet. It carries a destination IP address. Your device sends it to the default gateway — your home router. The router forwards it to the ISP. The ISP forwards it to the next router, and so on until the packet reaches a router that knows how to deliver it to the destination network. Each router makes an independent local decision: which interface and next hop gets this packet one step closer to its destination?
Routing Table vs ARP Table vs MAC Table
Three different tables exist at different layers and serve distinct purposes — they are frequently confused:
- Routing table (Layer 3): Maps destination IP prefixes to next-hop IP addresses and egress interfaces. Used by routers to decide where to forward packets between networks. Contains prefixes like
203.0.113.0/24 via 10.0.0.1. - ARP table (Layer 2/3 boundary): Maps IP addresses to MAC addresses on the local subnet. A router needs to know the MAC address of the next-hop router or directly connected host to encapsulate the packet in an Ethernet frame. ARP entries are learned dynamically and expire.
- MAC table (Layer 2): Maps MAC addresses to switch ports. Used by Ethernet switches to forward frames only to the correct port rather than flooding. Entirely local to the switch — switches have no concept of IP addresses or routing.
Longest Prefix Match and the Default Route
When multiple routing table entries could match a destination, the router selects the most specific one — the entry with the longest prefix length. A route to 203.0.113.0/24 wins over a route to 203.0.0.0/16 for a packet destined to 203.0.113.5 because /24 is more specific. The default route, 0.0.0.0/0, matches every destination with a prefix length of zero — it is always the least specific entry and is used only when no more specific route exists. Home routers have exactly one route in their table pointing to the ISP, which acts as the default for all internet traffic.
Autonomous Systems and BGP
The internet is not one network — it is a collection of independently operated networks called Autonomous Systems (ASes), each identified by an Autonomous System Number (ASN). An ISP is an AS. A large cloud provider is an AS. A CDN is an AS. Each AS controls its own routing policy and announces to its neighbours which IP prefixes it can deliver traffic to.
BGP (Border Gateway Protocol) is the protocol that carries these announcements between ASes. When your ISP's router needs to reach an IP address in another AS, it consults the BGP routing table to find the path — the sequence of ASes that traffic must traverse. Interior routing protocols (OSPF, IS-IS) handle routing within a single AS, while BGP handles routing between ASes.
Interior Routing: OSPF and IS-IS
Inside a large ISP or enterprise network, BGP is not used for internal routing. OSPF (Open Shortest Path First) and IS-IS (Intermediate System to Intermediate System) are link-state protocols that build a complete topology map of the internal network. Every router running OSPF or IS-IS knows the full graph of routers and links, runs Dijkstra's algorithm to compute the shortest path to every destination, and installs those paths in its routing table. They converge quickly after failures and support traffic engineering features that allow operators to steer traffic away from congested links.
What Affects the Path
| Factor | How it changes routing | User impact |
|---|---|---|
| Peering | ASes exchange traffic directly at IXPs instead of through paid transit | Lower latency when peering is local and uncongested |
| Transit | Traffic rides through an upstream carrier that charges for reachability | Can add geographic distance, cost, or congestion |
| ECMP | Equal-cost multipath — multiple paths with the same metric share load | Traffic distributed across multiple links; one failure only drops some flows |
| Anycast | The same IP prefix announced from multiple geographic locations | You reach the nearest node; used by DNS root servers and CDNs |
| Failure | A link or prefix is withdrawn from BGP | Temporary packet loss and route reconvergence |
| Policy | Networks prefer some paths for business or technical reasons | The chosen path may not be geographically shortest |
ECMP: Load Balancing Across Multiple Paths
When two or more routes to the same destination have equal cost metrics, a router can use Equal-Cost Multi-Path (ECMP) routing to distribute traffic across all of them simultaneously. ECMP is common inside ISP and data centre networks. The router hashes packet headers (typically source IP, destination IP, source port, destination port, and protocol) to consistently assign each flow to one path, ensuring packets within a single TCP connection follow the same route. ECMP improves aggregate throughput and provides automatic failover if one path fails — only the flows hashed to the failed path are affected.
Anycast Routing
In anycast, the same IP address or prefix is announced from multiple physical locations simultaneously. BGP propagates all announcements, and each network on the internet chooses the one that appears closest or most preferred based on normal BGP path selection. A client connecting to an anycast address reaches whichever instance is topologically nearest according to BGP. DNS root servers all use anycast — there are 13 root server addresses but hundreds of physical instances worldwide. Cloudflare's 1.1.1.1 resolver uses anycast so queries are answered by the nearest data centre. CDNs use anycast extensively for the same reason.
Traceroute and Reading Hops
traceroute (macOS/Linux), tracert (Windows), and mtr send packets with incrementing TTL values. Each router that decrements the TTL to zero sends back an ICMP Time Exceeded message, revealing its address and the round-trip time to that hop. This shows the visible path between your device and a destination.
Traceroute results need careful interpretation. Some routers rate-limit or discard ICMP TTL-exceeded responses while still forwarding normal traffic correctly. A hop showing asterisks (*) is not necessarily dropping packets — it may simply not respond to traceroute probes. Packet loss at an intermediate hop only matters if the same loss appears at all subsequent hops. Asymmetric routing means the return path may differ from the forward path, so round-trip times shown by traceroute reflect both directions combined.
Why Internet Routing Is Decentralised
There is no central routing authority for the internet. Each AS independently decides which routes to accept, which to prefer, and which to announce. This decentralisation makes the internet resilient — no single point controls all routing decisions — but it also means mistakes propagate. A misconfigured BGP announcement from one AS can affect routing globally within minutes. Route filtering, RPKI (Resource Public Key Infrastructure), and IRR (Internet Routing Registry) filtering are tools operators use to limit the blast radius of misconfigurations and hijacks.
Frequently Asked Questions
What is internet routing?
Internet routing is the process of forwarding IP packets from one network to another until they reach the destination. Routers make hop-by-hop decisions using routing tables, with BGP coordinating reachability between autonomous systems.
Does routing always choose the shortest path?
No. Internet routing is driven by BGP policy, peering relationships, transit costs, capacity, and operator preferences. The chosen path is often the best policy path, not the shortest geographic or hop-count path.
How can I see my route to a website?
Use traceroute on macOS or Linux, tracert on Windows, or mtr on systems where it is available. These tools show the visible router hops and round-trip times between your device and a destination.