The Router's Core Job
A switch moves frames inside one local network using MAC addresses. A router moves packets between different networks using IP addresses. Your laptop at 192.168.1.25 cannot directly reach a website at a public IP on another network — it sends the packet to the router because the destination is outside the local subnet. The router examines the destination IP, consults its routing table, and forwards the packet toward the next hop on the path to that destination.
Routing Table Structure
Every router maintains a routing table — a list of destination prefixes and the information needed to forward packets toward them. A typical entry contains:
- Destination prefix: The network address and mask, such as
10.0.0.0/8or0.0.0.0/0for the default route. - Next hop: The IP address of the neighbouring router to send matching packets to, or the egress interface if directly connected.
- Metric: A cost value used to choose between multiple routes to the same destination. Lower metric typically wins.
- Interface: The physical or logical interface through which packets should leave.
When a packet arrives, the router performs a longest prefix match: it finds the most specific matching entry. A route to 203.0.113.0/24 beats a route to 203.0.0.0/16 for a packet destined to 203.0.113.5, because /24 is more specific. The default route (0.0.0.0/0) matches everything and is used when no more specific route exists — which is how a home router sends all internet-bound traffic to the ISP without needing a route for every destination on the internet.
Static Routes vs Dynamic Routing Protocols
A static route is manually configured and never changes unless an administrator edits it. Home routers use a single static default route pointing at the ISP gateway. Enterprise and ISP routers use dynamic routing protocols that automatically discover and update routes as the network changes:
- RIP (Routing Information Protocol): Simple distance-vector protocol; uses hop count as metric; slow convergence; largely obsolete except in very small networks.
- OSPF (Open Shortest Path First): Link-state protocol; builds a complete map of the network; fast convergence; widely used inside enterprise and ISP networks.
- BGP (Border Gateway Protocol): Path-vector protocol; exchanges routes between autonomous systems; the protocol that holds the internet together.
Router Functions at a Glance
| Function | What it does | Why users notice it |
|---|---|---|
| Default gateway | Receives all traffic leaving the local subnet | Wrong gateway setting means no internet access |
| NAT / PAT | Translates private addresses to a shared public IP; tracks connections | Affects port forwarding, gaming NAT type, and hosting |
| DHCP server | Assigns IP addresses, subnet masks, gateway, and DNS to clients | Bad leases cause duplicate or missing addresses |
| DNS forwarder | Accepts client DNS queries and forwards them to upstream resolvers | Slow or broken forwarder delays every page load |
| Firewall | Blocks unsolicited inbound connections; may filter outbound | Protects devices but can accidentally block services |
| Wi-Fi access point | Provides wireless LAN access | Placement, standard, and channel choice affect speed |
NAT Operation and the PAT Table
Most home routers perform Network Address Translation with Port Address Translation (NAT/PAT). When an internal device sends a packet, the router rewrites the source IP and source port, records the mapping in its connection tracking table, and forwards the packet with the router's public IP as the source. When a reply arrives, the router matches the destination port against the table, rewrites the destination back to the original internal address and port, and delivers it to the correct device.
A typical PAT table entry records: internal IP, internal port, external IP, external port, protocol, and an idle timeout. This lets thousands of devices share one public IP simultaneously, as long as each internal connection uses a distinct port combination. Port forwarding creates a static entry that directs unsolicited inbound traffic on a specific port to a designated internal device.
Router as DHCP Server and DNS Forwarder
Consumer routers almost always run a DHCP server that assigns addresses to devices joining the network. The DHCP lease includes the client's IP address, subnet mask, default gateway (the router itself), DNS server (often also the router itself), and lease duration. The router then acts as a DNS forwarder: it receives client queries, forwards them to the ISP's resolver or a configured upstream resolver (such as 1.1.1.1), and returns the responses. This means the router's IP appears as the DNS server on every client, even though the actual resolution happens upstream.
How a Packet Flows Through a Router
- A packet arrives on an ingress interface (LAN port or Wi-Fi).
- The router checks the destination IP against the routing table using longest prefix match.
- If NAT is required (packet leaving the private network), the source IP and port are translated and the mapping is recorded.
- Firewall rules are evaluated. The packet may be accepted, dropped, or redirected.
- The packet is queued on the egress interface (WAN port) and transmitted toward the next hop.
- For inbound packets, NAT lookup translates the destination back to the correct internal address before delivery to the LAN.
Hardware vs Software Routing and NPU Offload
Basic packet forwarding — routing table lookup, NAT translation, and forwarding — can be offloaded to a dedicated Network Processing Unit (NPU) or hardware accelerator in many consumer and enterprise routers. Hardware-offloaded forwarding can handle gigabit or multi-gigabit throughput while keeping the main CPU nearly idle. Features like VPN encryption, deep packet inspection, content filtering, and smart queue management cannot usually be offloaded and run on the CPU. This is why enabling a VPN server or traffic shaping on a consumer router can reduce throughput from gigabit speeds to hundreds of Mbps or less.
Consumer Router Firmware
Consumer routers ship with vendor firmware (stock firmware) that provides a simplified management interface. OpenWrt is a popular open-source Linux-based alternative firmware that supports a much wider range of features, more detailed configuration, and packages for CAKE/SQM, WireGuard, ad blocking, and custom routing rules. DD-WRT and Tomato are other alternatives. Running third-party firmware voids some warranties and requires care during installation, but it can unlock capabilities that stock firmware deliberately limits.
Frequently Asked Questions
What does a router do?
A router connects separate networks and forwards packets between them using routing table lookups. In a home, it connects the LAN to the ISP, acts as the default gateway, runs NAT, and typically provides DHCP, DNS forwarding, firewall, and Wi-Fi services.
Is a router the same as a modem?
No. A modem or ONT connects to the provider's access network. A router connects your local network to that modem or ONT and manages traffic between devices and the internet. A gateway device combines both roles in one box.
Can a router slow down internet speed?
Yes. A weak CPU, old Wi-Fi radio, slow Ethernet ports, heavy packet inspection, VPN processing, poor placement, or overloaded firmware can all make the router the bottleneck even when the ISP connection is faster.