Routing and WAN Basics for Beginners: Static vs Dynamic Routing, IGP vs EGP, and How Networks Choose Paths

Routing and WAN: How Routers Choose the Best Path Across Networks

Once you’ve somewhat internalized IP and subnetting, the next question naturally appears: “Okay, devices in the same subnet can find each other. But how does traffic travel between different subnets?” This is exactly where routing begins. When I first learned routing, the picture in my head was something like this: as if a router is a clerk who looks at packets and says, “Alright, you go this way.” That analogy isn’t actually wrong — it’s just incomplete. Because what a router does isn’t a one-time decision; it’s a continuous “path selection” logic. And that path selection becomes more meaningful as the network grows and WAN/Internet enters the picture.

In this article, I’ll take routing from its fundamental logic and connect it toward the WAN side:

  • “How does a router decide?”
  • What is a default route used for?
  • What’s the difference between static and dynamic routing?
  • What do IGP and EGP mean?
  • What kinds of connection types actually make up what we call WAN?
  • What kind of architecture does an “internet connection” sit in inside a company network?

But most importantly: I’ll explain these not as isolated definitions, but through the needs you encounter step by step while building a network.

1) The starting point of routing: the subnet boundary

In the subnetting article, there was a core rule:
Same subnet → direct communication, different subnet → gateway.

The moment a device understands that the destination IP is not in its own subnet, it sends the traffic to the default gateway. That gateway is most often a router (or a Layer 3 switch doing routing). This makes the router’s role clear:

A router carries traffic between different IP networks (subnets).

So VLANs (L2 segments) are not enough by themselves; if you want communication between VLANs, you need routing. That’s why routing can feel like the “upper layer” of the network — it brings additional control. Because now there is a transition between two worlds, and that transition is managed by a “rule set.”

2) What does a router do when it looks at a packet?

Thinking of a router’s behavior as a simple flow helps a lot:

  1. A packet arrives at the router.
  2. The router looks at the destination IP.
  3. It searches its routing table for the “best path” to that destination.
  4. If it finds one, it forwards the packet out the relevant egress interface (or to a next hop).
  5. If it doesn’t find one, it usually drops the packet (or sends it to the default route if one exists).

Here, the concept of the routing table is central. What we call the router’s “intelligence” is essentially the routing table. A router does not make “intuitive” decisions on its own; it behaves based on whatever is in its table.

3) How do you read a routing table?

While learning routing, what helped me most was thinking of the routing table not as something scary, but as the roadmap the router holds. The router is constantly looking at this table to decide where to send packets. So if you can read the routing table, you can start understanding why the router behaves the way it does.

A routing table typically includes:

  • Destination / Prefix: The target network (e.g., 192.168.10.0/24)
  • Next Hop: The IP of the next router the packet should go to (e.g., 192.168.1.1)
  • Interface: The interface the packet will leave from (e.g., GigabitEthernet0/1)
  • Metric / Cost: A value used to decide which path is “better” if there are multiple options
  • Route Source: Where did this route come from — static or dynamic? (OSPF, BGP, etc.)

For a beginner, the three most essential pieces are: Destination + Next Hop + Interface. Because a router is basically saying: “For this destination, send the packet out this interface, and if needed, forward it to this next hop.”

Longest Prefix Match logic

For a given destination IP, there may be multiple routes in the table. In that case, the router uses the Longest Prefix Match rule: the more specific route is preferred over the more general one.

For example, suppose the table has these two routes:

  • 10.0.0.0/8 → general route
  • 10.10.0.0/16 → more specific route

If the destination IP is 10.10.5.20, the router chooses the /16 route. Because /16 describes a narrower, more detailed range than /8. This logic shows that routing isn’t random — it works with a very clear priority rule.

What does the default route look like?

There is also a route that means “to everywhere.” This is typically:

  • For IPv4: 0.0.0.0/0
  • For IPv6: ::/0

If the router cannot find a specific route for a destination IP, it forwards the traffic using the default route (most often toward the internet/ISP). That’s why even a small mistake in the default route can affect the entire network’s access to the outside world.

The 3 questions I ask myself while reading a routing table

When there’s a problem, looking at the routing table and asking these three questions in order helps a lot:

  1. Is the destination subnet in the table?
    If not, the router simply doesn’t know where to go.
  2. Which path is being selected for this destination (prefix and metric)?
    Sometimes the route exists, but the wrong path is being chosen.
  3. Is there a return path?
    Especially between two routers, the “there is a way out but no way back” situation is very common. The request goes out, but the reply can’t return.

Once you make reading routing tables a habit, troubleshooting becomes clearer too. A general complaint like “There’s no ping” turns into a concrete problem like “There’s no route,” “The next hop is wrong,” or “The default route is wrong.”

4) Default route: “I don’t have to know everything”

In a small network, it’s possible to write a route for every subnet one by one. But when the internet is involved, imagine trying to make a router know all networks in the world individually — it’s impossible. That’s where the default route saves you:

“If you can’t find a specific route for this destination, send it in this direction.”

Typically, the default route points toward the internet:

  • 0.0.0.0/0 → means “everywhere”
  • In IPv6, the equivalent is ::/0

The practical meaning of the default route:
Internal subnets in a company know each other through specific routes, and everything else (the internet) goes to the ISP via the default route.

5) Static routing: simple, but requires effort

Static routing means writing routes manually. Its advantage is simplicity:

  • In small networks it can be very clear and controllable.
  • There are fewer surprises — fewer “what just happened?” moments.

But its disadvantages are obvious:

  • As the network grows, managing routes manually becomes difficult.
  • If a link fails, there is no automatic alternative path selection (manual intervention is required).

I see static routing as a good starting point for “small but orderly” environments. It’s also very educational for learning routing logic, because you consciously build what goes where.

6) Dynamic routing: a natural need as the network grows

As the network grows and the number of routers increases, dynamic routing protocols come into play. The idea is:

  • Routers talk to each other.
  • They share which networks exist where.
  • If a link goes down, they calculate a new path.

At this point, you’ll see routing protocols split into two major worlds: IGP and EGP.

IGP (Interior Gateway Protocol)

Protocols used inside an organization’s own network:

  • OSPF, IS-IS, RIP, etc.

IGP’s goal: to automatically and correctly carry internal routes within the company.

EGP (Exterior Gateway Protocol)

The inter-organization (internet) side:

  • The most important one here is BGP.

BGP is a very large topic, but the core idea is: the internet is the combination of many different networks, and these networks announce to each other via BGP, “I carry these IP blocks.”

For a beginner, for now it’s enough to know this:

  • IGP = internal network
  • EGP/BGP = internet and large inter-network environments

7) What does WAN mean? Where is it different from LAN?

LAN (Local Area Network) is usually the network within the same building/floor/room. WAN (Wide Area Network) is the network that connects different locations. WAN is not a single technology — it’s more of an idea about “distance and connection model.”

WAN’s fundamental challenge is:

  • In a LAN, latency is low, speed is high, and the environment is controlled.
  • In a WAN, latency increases, quality may vary, and the connection depends on an external provider.

That’s why routing becomes more critical in the WAN world. Because it’s no longer just about sending packets — it’s about choosing which link to send them over, building redundancy, and preserving performance.

8) WAN connection types: what might you encounter?

When you talk about WAN in companies, you’ll typically see a few types of connections:

  • Dedicated lines / leased lines: More stable and enterprise-grade.
  • MPLS: Used heavily for many years; for branch connectivity, think of it like a private network.
  • Site-to-site VPN (IPsec): Connecting branches over the internet.
  • SD-WAN: Managing multiple internet links intelligently (a more modern approach).

As a beginner, what matters most here is not memorizing names. It’s enough to understand this:

In WAN, links can be variable — so routing and redundancy become more important.

9) A typical real-world setup: Branch–HQ–Internet

The most understandable WAN scenario is usually this:

  • Headquarters (HQ)
  • Branch office (Branch)
  • A WAN link between them (VPN/MPLS/SD-WAN)
  • Internet breakout from HQ (in some designs, branches may also break out directly)

In this scenario, routing comes into play:

  • How will the branch reach servers in HQ?
  • Does HQ know the return path back to the branch?
  • Where will internet traffic exit? (split tunneling vs full tunnel?)

All of these questions are solved with routing tables and policies.

10) Routing + security: why is the firewall involved?

When you hear routing, it’s easy to think only “finding a path.” But in enterprise architecture, routers and firewalls are often intertwined. Because traffic between subnets is commonly filtered.

  • Router/L3 device: carries the traffic.
  • Firewall: who can access where, which ports are allowed, what each subnet is permitted to do.

Especially since controlling traffic coming from the WAN is critical, firewall and routing are designed together in WAN architectures.

Closing: what changes once you internalize routing?

As you learn routing, a difference appears: the network no longer looks like “one big area,” but like a system where many areas are connected to each other in a controlled way. That also makes troubleshooting much more logical.

For example, when a user says “I can’t reach that server,” you can now ask these questions step by step:

  • Is it in the same subnet?
  • If not, is the gateway correct?
  • Is there a route in the routing table?
  • Is there a return path?
  • Is the WAN link up?
  • Could a firewall be blocking it?

This chain of thinking is the most valuable thing routing gives you.