The job of a router for home use can be broken down into a set of functions which include

– separating your private local network (LAN) from the public Internet (WAN)
– providing a shared access gateway IP address to the wider Internet for your network computers and devices
– controling secure access into and out of your private network to the Internet
– routing selected IP packet traffic to different connected ports and interfaces
– providing internal or local wired and wireless network interfaces
– providing dynamic IP addresses for local devices and doing packet address translation
– managing a ranges of communication protocols and services

IP Packets and IP Addresses

IP packets are the currency of the Internet and local networks. They are the units of information that passes between nodes on a network.

A network router node on the Internet has the special job of directing these IP packets to their intended destination. A router will decide if the intended destination of a packet is on a local network it has access to, in which case it routes the packet locally. If not the router finds the best route to send the packet onto where it will be collected by yet another router which will do the same job and so on.

On a local network with one home router an IP packet arriving from the Internet will be destined for a local host. Each IP packet contains the unique address of its sender and the unique address of the intended receiver. These unique address are called IP addresses and are present in every IP packet.

Routers separates your private local network (LAN) from the public Internet (WAN)

Shared WAN Port

Routers generally have one distinct ethernet port called a WAN (wide area network) port. This port provides the interface to your ISP (Internet service provider). The router directs all information destined to or received from the Internet via this port. The basic unit of information passing this gateway WAN port are IP packets which are common to both the Internet and your internal local network. The router has the job of routing these packets in and out of your network via the WAN port and routing them within the local network to and from local computers and devices as needed.

Router LAN Ports

Most routers have a number of ethernet ports designed to be used on your internal LAN (local are network). You would typically connect computers, printers, storage and other IP addressable devices to these LAN ports. Each port is assigned a fixed or dynamic IP address on the local network so that packets can be directed around the local network and in and out of the local network to the WAN port.

Router IP Address Allocation DCHP

A router can provide IP addresses dynamically to all devices on a local subnetwork. This is done using a router based protocol called DCHP (dynamic host control protocol). Computers on your network can be configured to accept these temporary address which they use to send and receive IP packets to and from the router. Computers on the local subnet can also be allocated fixed IP addresses as needed. DCHP is a convenient protocol to save network control and configuration work. The router normally leases out these IP addresses from a pre-configured address pool for periods of time which can also be configured in the router. Once the lease expires on an address or the computer using it is turned off and is no longer available on the local network, the IP address is returned to the address pool.

Router Address Translation and WAN port Sharing (NAT)

The routers WAN port is allocated a fixed or dynamic IP address from your ISP. This address is routable on the Internet unlike the special addresses used on the local LAN which cannot be routed on the internet.

To keep the number of addresses required on the internet to a minimum and provide a degree of isolation between the local networks and the Internet the WAN IP address is shared by all its hosts on its local subnets.

If an IP packet is sent to the router destined for some host on the Internet. The router keeps a dynamic table of the senders local IP address and the destination address of the IP packet from that host and swaps the packets sender address in the IP packet for that of the routers WAN’s IP address. So to the outside world the IP packet looks to be coming from the routers WAN address. When the router receives a response IP packet from the Internet the senders IP address is checked against local computers who sent packets to this address and matching packets are then sent to the local computer but the router this time swaps the destination WAN address in the IP packet to the original local host computers local LAN IP address so it looks like the packet came directly from an external Internet based source addressed directly to it. In this way all local machines share a common WAN IP address. This cool process is called network address translation or NAT.

Wired LAN Ports and Virtual Wireless Ports

The link protocol used on the LAN is ethernet. Ethernet frames encapsulate IP packets within them. This link protocol operates on network devices used to communicate on the physical LAN ports or the wireless router interface within the router. The wireless interface device creates the local access point (AP) which can be configured to periodically broadcast its name wirelessly. In both wired and wireless cases the ethernet protocol is used to convey IP packets to and from hosts on the LAN via a network device operating the ethernet protocol.

In this way, the wireless interface when provided, on a wireless router is just another network device interface that is logically the same as the wired interface provided on the LAN ethernet ports.

Ethernet Frames and MAC Addresses

Devices connected to these physical LAN ports or wirelessly connected ports operate at the link layer 2 using ethernet protocol which uses its own data encapsulating frames to send and receive IP packets using the unique physical address of any device on the LAN. All such LAN based interface devices wired or wireless are manufactured with a unique address called is MAC (media access control) address built in them. This is the what ethernet uses to direct these ethernet frames to the correct devices on the LAN.

Public and Private IP Addresses

As indicated earlier there are a set of standards which designate a range of private IP addresses to be used only on internal LAN’s. These IP addresses are reserved for private networks (sometimes called localnet). These are routable only on a LAN. WAN routers will not route the following IP addresses.

Local Network IP addresses

Possible local IP addresses are taken from the ranges shown below. The 192.168.0.0/16 range is the most familiar. Often forgotten is the 172.16.0.0/12 range.

10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255

Each 8 bits of the 32 bits comprising an IP4 address, separated by a dot is called an octet, and represents a decimal number in the range of 0..255.

The 32 bits long (IP4) IP addresses are composed of 2 parts. A network part and a host part. The first network part defines the address of the subnetwork a host belongs to and the host part determines the number of possible host addresses on that subnetwork. we often see in configuration programs something called a subnet mask. This is the number of bits used to form the network part of an IP address.

A local LAN address defined as 192.168.3.200/26 for example has 26 bits used to define the network part (network mask) of the address (the /26 part) and the remaining 6 bits (32 in total) is used to define the possible number of hosts addresses (6 binary bits represents 64 decimal in this case) hosts. So what a router would ask if it received an IP packet with this destination address in it is; “What subnetwork is this packet destined for and is this address on on my subnetwork” If the router is configured to manage packets for a subnet address this IP packet belongs to, the router knows wether to forward the IP packet on or use it locally because this address is on a local subnetwork it manages.

In our example address 192.168.3.200/26 the final value of the possible network addresses for /26 based sub networks are .0 to .63, .64 to .127, .128 to .191, and from .192 to .255. Now the final part of our IP packet address is 200 and this part of the network address falls in the sub net range .192. to .255 so the network address this packet address belongs to and is destined for is subnetwork 192.168.3.192. The corresponding broadcast address for this subnet is 192.168.192.63. If the router is configured to manage the local subnetwork 192.168.3.192/26 it routes the IP packet through the local appropriate interface port assigned to this subnet. The network mask in this case would be the first 26 bits of the IP address or in the usual octet form 255.255.255.192.

Router Firewall

Your home router will also contain a firewall which can be simple or sophisticated. It can be used to control IP packets both in and out of your router to the WAN port. IP packets belonging to higher application level protocols like HTTP, FTP, DNS and POP3 for example and using UDP and TCP layer 4 protocols and specific port addresses can be passed on or blocked by a router firewall. The firewall can be used to restrict access by IP addresses or MAC addresses. Routers can also forward packets to applications listening on local ports on hosts on the local LAN or even via the WAN interface to other hosts outside the LAN. Virtual LANs can be used by your router to securely route VLAN traffic over secure encrypted tunnels using the IP protocol for delivery. Access to Internet resources can be blocked by parental control methods and access by time of day etc. The list goes on. Lots of things are possible depending on your router sophistication and the protocols it will support.

Wireless Connections SSID and WPA Encryption

Wireless routers employ encryption techniques to protect the data in IP packets passing over the air waves. Secure access is provided by an additional protocol which uses a passkey of phrase supplied by a user and configured in the router set-up. The common and most secure of these is WPA and WPA/2 Personal for home use and the encryption algorithm used is either TKIP or AES.

Wireless routers can broadcast their Identity in the local air space using a name called a SSID. Wifi enabled devices can recognise this Identify. If a user provides the secure key for the WPA (wireless protected access) protocol employed by the router a Wifi connection can be established. From then on the connected device logically acts just like it was connected to a wired LAN port. In practice the channel media in this case radio waves can be interfered with, packets can be lost and retransmitted and noise can effect the signalling rate of the channel. All these factors can affect the expected data rate of the wireless connection. A wired connection on the other hand can offer consistent data rates due to the channel medium being used.

Look here to …find out more about choosing wireless routers

See here also to…find out real data rates on practical wireless 802.11n networks