Articles

Routers Explained: How Layer 3 Routing Works (2026)

March 12, 2026 7 min read intermediate

Routers don’t just magically send packets; they’re essentially the traffic cops of the internet, making crucial decisions based on a three-layer address.

Let’s watch a packet traverse a couple of routers. Imagine this simple setup:

Host A (192.168.1.10) -- Router 1 (eth0: 192.168.1.1, eth1: 10.0.0.1) -- Router 2 (eth0: 10.0.0.2, eth1: 172.16.0.1) -- Host B (172.16.0.20)

Host A wants to send a packet to Host B. The packet has a destination IP of 172.16.0.20.

  1. Host A’s Decision: Host A looks at its own IP (192.168.1.10) and the destination IP (172.16.0.20). It knows 192.168.1.0/24 is its local network. Since 172.16.0.20 is not on its local network, it needs to send the packet to its default gateway, which is Router 1’s interface on its local network: 192.168.1.1. The packet’s source IP remains 192.168.1.10, and the destination IP remains 172.16.0.20. The packet’s next hop is 192.168.1.1.

  2. Router 1’s Decision: The packet arrives at Router 1’s eth0 interface. Router 1 strips off the Layer 2 (Ethernet) header from Host A. Now, it looks at the Layer 3 (IP) header. The destination IP is 172.16.0.20. Router 1 consults its routing table.

    Here’s a simplified routing table for Router 1:

    Destination        Next Hop           Interface
192.168.1.0/24     directly connected  eth0
10.0.0.0/24        directly connected  eth1
0.0.0.0/0          1.1.1.1            eth2  (Assuming eth2 connects to ISP)

    Router 1 compares 172.16.0.20 against its table.

    • 192.168.1.0/24: Doesn’t match.
    • 10.0.0.0/24: Doesn’t match.
    • 0.0.0.0/0 (default route): This is a catch-all. Router 1 sends the packet to 1.1.1.1 via eth2.

    Correction: My initial example setup was too simple for a demonstration. Let’s adjust Router 1’s table to actually forward the packet towards Router 2.

    Revised Router 1 Routing Table:

    Destination        Next Hop           Interface
192.168.1.0/24     directly connected  eth0
10.0.0.0/24        directly connected  eth1

    Now, Router 1 looks at 172.16.0.20. It still doesn’t have a direct route for that network. What does it do? It consults its default route if one exists. If there’s no specific route for 172.16.0.0/24, it will send it to its default gateway. Let’s assume Router 1’s default gateway is also configured to point towards Router 2’s network. This is where routing protocols like OSPF or BGP come in to dynamically build these tables, but for a static example, let’s say Router 1 knows how to reach the 10.0.0.0/24 network, and the next hop within that network to reach 172.16.0.0/24 is Router 2’s 10.0.0.2 interface.

    Corrected Router 1 Routing Table (for this scenario):

    Destination        Next Hop           Interface
192.168.1.0/24     directly connected  eth0
10.0.0.0/24        directly connected  eth1
172.16.0.0/24      10.0.0.2           eth1  <-- This is how Router 1 knows to send it to Router 2

    Router 1 looks at 172.16.0.20. It finds the most specific match: 172.16.0.0/24. The next hop is 10.0.0.2 via eth1. Router 1 modifies the packet: it decrements the TTL (Time To Live), calculates a new IP header checksum, and crucially, rewrites the Layer 2 (Ethernet) header. The new source MAC is Router 1’s eth1 MAC, and the new destination MAC is the MAC address of Router 2’s eth0 interface (which Router 1 knows via ARP or other means). The IP addresses (192.168.1.10 and 172.16.0.20) remain unchanged.

  3. Router 2’s Decision: The packet arrives at Router 2’s eth0 interface. Router 2 strips off the Layer 2 header. It looks at the destination IP: 172.16.0.20. Router 2 consults its routing table.

    Router 2 Routing Table:

    Destination        Next Hop           Interface
10.0.0.0/24        directly connected  eth0
172.16.0.0/24      directly connected  eth1

    Router 2 sees 172.16.0.20 matches 172.16.0.0/24 directly connected on eth1. It decrements TTL, recalculates checksum, and rewrites the Layer 2 header. The source MAC is Router 2’s eth1 MAC, and the destination MAC is Host B’s MAC address (learned via ARP). The IP header (192.168.1.10 to 172.16.0.20) is untouched.

  4. Host B: The packet arrives at Host B’s network interface. Host B checks the destination IP (172.16.0.20) and accepts the packet.

The core of Layer 3 routing is the routing table. This table is a map that tells the router: "If you have a packet destined for Network X, send it to Next Hop Y via Interface Z." Routers build these tables either statically (you manually configure them) or dynamically using routing protocols (like RIP, OSPF, EIGRP, BGP) which exchange routing information with other routers.

When a router receives a packet, it performs a longest prefix match against its routing table. This means it looks for the entry in its table that has the most specific network match for the destination IP address. If 172.16.0.20 needs to go to 172.16.0.0/24 and there’s also a default route 0.0.0.0/0, the /24 route will always be chosen because it’s more specific.

The IP header itself is quite resilient; it’s designed to get the packet from source to final destination, surviving many hops. The Layer 2 headers, however, are entirely local to each hop. Each router strips off the old Layer 2 header and creates a new one for the next segment of the journey, using the MAC addresses of its own interface and the next-hop router’s interface. This is why routers are often called Layer 3 devices – they operate at the IP layer and don’t care about the specific Ethernet, Wi-Fi, or other Layer 2 technology used between them.

The concept of the "next hop" is critical. A router doesn’t necessarily know the entire path to the destination. It only knows the next step. It forwards the packet to the next hop, and that next hop router then repeats the process. This distributed decision-making is what makes the internet scalable.

You’ll often see routing tables populated with "directly connected" routes. These represent networks that the router has an interface on. When a packet’s destination IP falls within one of these directly connected networks, the router knows it can send the packet directly to the host without needing to forward it to another router.

The Time To Live (TTL) field in the IP header is a simple mechanism to prevent packets from endlessly looping on the network. Each router decrements the TTL by one. If the TTL reaches zero before the packet reaches its destination, the router discards the packet and typically sends an ICMP "Time Exceeded" message back to the source. This is why you might see ping commands fail with "Time exceeded from this side" – it means the packet got too many hops away from the destination.

The most surprising truth about routing is that the destination IP address never changes during transit. It’s the source IP that can change, particularly in Network Address Translation (NAT) scenarios where a router swaps private internal IP addresses for a public external one. But for standard routing, the original source and final destination IPs are preserved from the moment the packet leaves the source host until it arrives at the destination host.

Next, you’ll want to understand how these routing tables get populated dynamically using routing protocols.

Want structured learning?

Take the full Computer Networking course →