Route Add command in Windows

I would like to know in which circumstance "Route Add" command is used in Windows computer.
If a computer already has IP address/Subnet Mask/DG/Preferred DNS/Alternate DNS, why would use the ADD Route ?

Thank you
jskfanAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

awawadaCommented:
Normally you will not use "Route Add" . But in some circumstances, you may have to test a network configured to duplicate another environment, or you may be configuring a more complex network topology that requires the use of additional routes. Adding routes to your machine is a useful testing tool for some of these situations.

Source:
http://www.howtogeek.com/howto/windows/adding-a-tcpip-route-to-the-windows-routing-table/

http://windowsitpro.com/networking/q-when-i-add-static-ip-route-what-value-do-i-use-interface
jskfanAuthor Commented:
Not clear..
If you have your PC plugged to Vlan10, which means the virtual interface Vlan10 of the switch is your default gateway (ex: 10.20.30.40)
if you use Add Route to change your DG to 40.50.60.70, then how is your computer going to talk to Vlan40 while it is still  plugged to Vlan10 ?
jskfanAuthor Commented:
http://www.howtogeek.com/howto/windows/adding-a-tcpip-route-to-the-windows-routing-table/
OK
I see it on the above link, is like you real DG will take care of that ..
Need More Insight Into What’s Killing Your Network

Flow data analysis from SolarWinds NetFlow Traffic Analyzer (NTA), along with Network Performance Monitor (NPM), can give you deeper visibility into your network’s traffic.

jskfanAuthor Commented:
But do not see which circumstances you use it
jskfanAuthor Commented:
After doing some reading, I think I understood a little bit the usage of the command.

if you run a Traceroute to a destination, and you get many hops to get to the destination, when add route to the final hop make it faster.? or it will not work at all ?
awawadaCommented:
For an example

Routing
If you are in the 12.0.0.0 network you can send data to R1 , R3 or R4 (all Routers). With Route Add you can tell only to use R4.

Do you understand now? :)

@jskfan
Why do you post the same Link I did???

"After doing some reading, I think I understood a little bit the usage of the command."


I see you are new. You should only answer questions you can.
arnoldCommented:
One uses route add under specific circumstances as others pointed out, one mainly deals wit VPNs such as PPTP where you do not want all traffic when the VPN is established to go through the VPNm by removing the check on the use as default gateway, but there are several IP segments that are behind the VPN excluding the segment the assigned VPN IP is on.

I.e. Your remote LAN has the Ips 10.0.0.0/16 192.168.0.0/24 and 172.16.16.0/19
When the PPTP connection is established, the VPN IP assigned to your system is 192.168.0.14.
Now in order to access the two other networks, you would
Route add net 10.0.0.0 mask 255.255.0.0 192.168.0.14 # for the first
route add net 172.16.16.0 mask 255.255.224.0  192.168.0.14

Without those access to the other network will be routed through your internal router and will never connect.

Hope this clarifies it.

Often VPNs setup th Cisco, etc. the above will not work as their setup is different and requires a specific match no matter what routing rules you add directing the traffic through the VPN, the lack of a match will mean the traffic will not be accepted, will not be encrypted and will not be sent through the VPN.
arnoldCommented:
Your traceroute example is incorrect. A traceroute is similar to giving directions to a person to get from Point A to Point B.
A to C to D to E to B
The time it takes to get from point to point B can not be sped up, but the length of directions can be.
I.e. When a person you ask to go to point B knows who to get to E from, the directions needed is from E to B. Thought he person will still need to go from a to c to d and to E to get to B.

The other use of route add is when the system has two networks connected (usually that is a bad practice) as it bypasses any firewall rules that might be in place as that system could potentially be the weakest link that can breach the link.
With that said, route add can be used to specify an alternate route for some IPs from following "default routing pattern without it"
zalazarCommented:
As mentioned in the previous post "route add" will also be used when having more than 1 NIC on a computer.
Altough it will make security more difficult you see this quite a lot in enterprise environments.
When you e.g. have 2 NICs.
NIC-1 for all production related communication and NIC-2 for Management or Backup.
To avoid problems on only 1 NIC a Default Gateway will be configured and this will be NIC-1.
As the management/backup servers can only be reached via the Management NIC-2 you need to route these networks to the default gateway of the Management VLAN.
This can be done via the "route add" command.
Most of the time you will also use the "-p" option which makes the route persistent (permanent).
Fred MarshallPrincipalCommented:
You use route add when you want packets to go differently than the normally-established routes.  
(I didn't use "default" here because the default route has more special meaning).

The normally established routes would include routes such as:
1) any destination on the local subnet goes to the local interface.
2) any destination NOT on the local subnet goes to the gateway.
3) the default address 0.0.0.0 goes to the gateway.

So, here is where you need a route added:
a) any destination on the local subnet which *should not* go to the local interface (I can't think of an example here).
b)  any destination NOT on the local subnet BUT which should not or need not go to the gateway.  An example would be a VPN or MPLS interface that's not integral to the gateway device.  Say you have a local subnet of 10.0.0.0/24 and a VPN which goes to subnet 10.0.1.0/24 and has a local device at 10.0.0.254.  Then you would need to add a route to 10.0.1.0/24 pointing to 10.0.0.254 as the next hop.
c) any destination on a VPN which has been determined by a 3rd party.  For example, 192.168.1.99 is reached via a VPN device at 10.0.0.222.  So, you would add a route for that purpose.

Really, the last two are the same thing - matching case #2.
And, the last case, #3,  of the default address 0.0.0.0 doesn't provide an example.  You likely wouldn't add a route to change the destination, you'd change the gateway address on the NIC.

And generally, it's better practice to put these routes in the gateway device so the route add command isn't used as much as it could be.  If it were, then all the affected computers would have to have routes added.  It's much easier to manage by adding single routes in the gateway device.
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
The last paragraph of above comment is indeed when we mostly see routes added - if we build a on-demand site-2-site VPN (using routing, and hence our original IPs, or NATting to a totally different address range not used otherwise) to a customer, and the admin on that remote network does not want to implement the routing on the default gateway. One reason is that this is used as a simple method for access protection (at least for direct access), or the network routes should be as isolated and distributed as possible (versus a centralized routing).

Of course we create routes on our own network clients to have access to those networks, if it isn't our default gateway managing the VPN (then the client route is superfluous but harmless).

On another note: don't mix up VLANs and routing. VLANs are (usually) implemented to isolate traffic for security reasons, and to reduce broadcast traffic. Without internal routing (in the switcht) VLANs cannot communicate with each other.
Routing is always used to cross network boundaries. VLANs only use that feature, but are not closely related.
jskfanAuthor Commented:
In the example where a computer has 2 Nics connected to 2 different networks.
One Nic to production and One Nic just  for Management.
You still can configure on each TCP/IP adapter properties : IP address, subnet mask, DG, preferred DNS, alternate DNS.

and you can run :
route add 10.0.0.0 mask 255.0.0.0 192.168.0.1
where 10.0.0.0 is the Production Network and 192.168.0.1 is the Management interface IP address
Correct ?
arnoldCommented:
Usually, when you have two nics that are not bound/teamed you want only one to have the default gateway defined, though you could have both. The problem in the example or production/management, not all paths are available out of the management interface such that setting management port with a default gateway will lead to problems including if someone adds the wrong route, te saturation of the management network in a ...........

Management, backup networks is solely to offload network traffic to avoid impacting production applications.
I.e. Backing a 600gb DB that is being actively accessed you would not want it going over the same network adapter.
jskfanAuthor Commented:
the only scenario that I saw 2 Network adapters configured , one with DG and one without is on windows cluster
The network adapter used for heartbeat does not have DG or DNS ,, just ip address and subnet mask...
In this scenario I have seen usage of Route Add command...
Still not clear about the usage of this command
arnoldCommented:
Route add deals with making sure that a particular traffic either has to go through the specified interface or a way to preclude a certain network from going through one interface.

i.e. want to avoid at all cost traffic from this system going to IP x.x.x.x
route add x.x.x.x mask 255.255.255.255 0.0.0.0
once added, any attempt going to x.x.x.x will fail as the routing table sends the packet to the internal interface.

Commonly it was used when using windows based VPNs where (PPTP) where you did not want the remote side to be the default gateway but had more than one segment accessible via the remote VPN.

VPN connects your system gets an IP on the 172.16.15.0/24 segment but the following IPs were accessible/needed through this VPN. One way is to allow the VPN configuration to be the only path for all traffic when established, or use
route add 10.0.0.0 mask 255.255.0.0 172.16.15.x to include access to this segment on the remote system.

You have to identify the scenario where you are testing or what you want.

Usually, routing rules are set on routers/firewalls so it is less and less likely to be used on a workstation.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jskfanAuthor Commented:
Thanks I will get back to this later
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.