Semantics of how subnets work












1















Suppose I have host1 with configured IP 1.2.3.4 and subnet mask 255.255.255.0 connected to a router.



Is the following statement absolutely, semantically correct:



"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?



In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?



Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host? Because the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?










share|improve this question


















  • 1





    Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.

    – Johan Myréen
    Jan 20 at 12:51






  • 1





    "The router will forward a packet sent by host1 down its default gateway if and only if for all its connected interfaces, the destination IP address bitwise AND with host1's subnet mask for that interface does not equal host1's network address for that interface" would be more accurate.

    – jcaron
    Jan 20 at 15:42








  • 1





    @jcaron That's not true at all. If received by the router, it will send the packet to the destination host. This situation, however, should normally not happen anyway, because host1 should realize that the destination is on the same link and send the packet directly to the destination host. A more accurate statement would be "The router will forward any packet down its default gateway if and only if there isn't a more specific route matching the destination address." Also note that there need not be default route at all, if the networks are isolated and are all known to the router.

    – Johan Myréen
    Jan 20 at 18:32











  • @JohanMyréen Oops, indeed, looks like I only read half of the sentence. I somehow thought it read "host1 will forward a packet down its default gateway...". But that means the original sentence is even weirder, the behaviour of the router has nothing to do with the configuration of host1...

    – jcaron
    Jan 20 at 23:21


















1















Suppose I have host1 with configured IP 1.2.3.4 and subnet mask 255.255.255.0 connected to a router.



Is the following statement absolutely, semantically correct:



"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?



In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?



Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host? Because the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?










share|improve this question


















  • 1





    Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.

    – Johan Myréen
    Jan 20 at 12:51






  • 1





    "The router will forward a packet sent by host1 down its default gateway if and only if for all its connected interfaces, the destination IP address bitwise AND with host1's subnet mask for that interface does not equal host1's network address for that interface" would be more accurate.

    – jcaron
    Jan 20 at 15:42








  • 1





    @jcaron That's not true at all. If received by the router, it will send the packet to the destination host. This situation, however, should normally not happen anyway, because host1 should realize that the destination is on the same link and send the packet directly to the destination host. A more accurate statement would be "The router will forward any packet down its default gateway if and only if there isn't a more specific route matching the destination address." Also note that there need not be default route at all, if the networks are isolated and are all known to the router.

    – Johan Myréen
    Jan 20 at 18:32











  • @JohanMyréen Oops, indeed, looks like I only read half of the sentence. I somehow thought it read "host1 will forward a packet down its default gateway...". But that means the original sentence is even weirder, the behaviour of the router has nothing to do with the configuration of host1...

    – jcaron
    Jan 20 at 23:21
















1












1








1








Suppose I have host1 with configured IP 1.2.3.4 and subnet mask 255.255.255.0 connected to a router.



Is the following statement absolutely, semantically correct:



"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?



In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?



Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host? Because the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?










share|improve this question














Suppose I have host1 with configured IP 1.2.3.4 and subnet mask 255.255.255.0 connected to a router.



Is the following statement absolutely, semantically correct:



"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?



In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?



Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host? Because the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?







networking subnet netmask






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 20 at 11:16









JSStuballJSStuball

1113




1113








  • 1





    Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.

    – Johan Myréen
    Jan 20 at 12:51






  • 1





    "The router will forward a packet sent by host1 down its default gateway if and only if for all its connected interfaces, the destination IP address bitwise AND with host1's subnet mask for that interface does not equal host1's network address for that interface" would be more accurate.

    – jcaron
    Jan 20 at 15:42








  • 1





    @jcaron That's not true at all. If received by the router, it will send the packet to the destination host. This situation, however, should normally not happen anyway, because host1 should realize that the destination is on the same link and send the packet directly to the destination host. A more accurate statement would be "The router will forward any packet down its default gateway if and only if there isn't a more specific route matching the destination address." Also note that there need not be default route at all, if the networks are isolated and are all known to the router.

    – Johan Myréen
    Jan 20 at 18:32











  • @JohanMyréen Oops, indeed, looks like I only read half of the sentence. I somehow thought it read "host1 will forward a packet down its default gateway...". But that means the original sentence is even weirder, the behaviour of the router has nothing to do with the configuration of host1...

    – jcaron
    Jan 20 at 23:21
















  • 1





    Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.

    – Johan Myréen
    Jan 20 at 12:51






  • 1





    "The router will forward a packet sent by host1 down its default gateway if and only if for all its connected interfaces, the destination IP address bitwise AND with host1's subnet mask for that interface does not equal host1's network address for that interface" would be more accurate.

    – jcaron
    Jan 20 at 15:42








  • 1





    @jcaron That's not true at all. If received by the router, it will send the packet to the destination host. This situation, however, should normally not happen anyway, because host1 should realize that the destination is on the same link and send the packet directly to the destination host. A more accurate statement would be "The router will forward any packet down its default gateway if and only if there isn't a more specific route matching the destination address." Also note that there need not be default route at all, if the networks are isolated and are all known to the router.

    – Johan Myréen
    Jan 20 at 18:32











  • @JohanMyréen Oops, indeed, looks like I only read half of the sentence. I somehow thought it read "host1 will forward a packet down its default gateway...". But that means the original sentence is even weirder, the behaviour of the router has nothing to do with the configuration of host1...

    – jcaron
    Jan 20 at 23:21










1




1





Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.

– Johan Myréen
Jan 20 at 12:51





Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.

– Johan Myréen
Jan 20 at 12:51




1




1





"The router will forward a packet sent by host1 down its default gateway if and only if for all its connected interfaces, the destination IP address bitwise AND with host1's subnet mask for that interface does not equal host1's network address for that interface" would be more accurate.

– jcaron
Jan 20 at 15:42







"The router will forward a packet sent by host1 down its default gateway if and only if for all its connected interfaces, the destination IP address bitwise AND with host1's subnet mask for that interface does not equal host1's network address for that interface" would be more accurate.

– jcaron
Jan 20 at 15:42






1




1





@jcaron That's not true at all. If received by the router, it will send the packet to the destination host. This situation, however, should normally not happen anyway, because host1 should realize that the destination is on the same link and send the packet directly to the destination host. A more accurate statement would be "The router will forward any packet down its default gateway if and only if there isn't a more specific route matching the destination address." Also note that there need not be default route at all, if the networks are isolated and are all known to the router.

– Johan Myréen
Jan 20 at 18:32





@jcaron That's not true at all. If received by the router, it will send the packet to the destination host. This situation, however, should normally not happen anyway, because host1 should realize that the destination is on the same link and send the packet directly to the destination host. A more accurate statement would be "The router will forward any packet down its default gateway if and only if there isn't a more specific route matching the destination address." Also note that there need not be default route at all, if the networks are isolated and are all known to the router.

– Johan Myréen
Jan 20 at 18:32













@JohanMyréen Oops, indeed, looks like I only read half of the sentence. I somehow thought it read "host1 will forward a packet down its default gateway...". But that means the original sentence is even weirder, the behaviour of the router has nothing to do with the configuration of host1...

– jcaron
Jan 20 at 23:21







@JohanMyréen Oops, indeed, looks like I only read half of the sentence. I somehow thought it read "host1 will forward a packet down its default gateway...". But that means the original sentence is even weirder, the behaviour of the router has nothing to do with the configuration of host1...

– jcaron
Jan 20 at 23:21












2 Answers
2






active

oldest

votes


















5















"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?




In traditional IP routing, yes. Packet forwarding is done by choosing the most specific matching route from the routing table (there is no special distinction between "connected interface" vs "default gateway", they're both just standard routes). So if the router has two routes matching the packet, one for 0.0.0.0/0 (default gateway) and another for 1.2.3.0/24 (local subnet), the latter always wins.



Although you should note that routers don't necessarily have a default gateway (especially in the so-called "default-free zone", which really just means they have more-specific routes for absolutely everything).



Also, I say "traditional IP routing" because routers might do more than just destination-based route matching. For example, in IPv6, some systems support routes which match against source and destination; e.g. you can have routes from ::/0 to ::/0 via <gw1> and from 2001:db8::/48 to ::/0 via <gw2>.



It is also common (in both IPv4 and IPv6) to implement policy-based routing which might match packets by protocol, or by firewall mark. If a router has two upstreams (two default routes), it'll often want to use policy routing to ensure that packets received from upstream 1 will have their replies sent to the same upstream 1, even if the routing table would prefer upstream 2.




In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?




Yes. If the routing table says the destination is local but the router fails to receive an ARP/NDP reply, it will not fall back to another, less-specific route – it will immediately give up and return some sort of ICMP error, probably "Destination host unreachable".



(Whether the destination is in the same network as the source usually doesn't affect anything. Even if it means sending the packet out the same interface as it arrived in, the router still behaves the same way.)




Finally, if I (absurdly) choose a subnet mask of /0 for host1, [...] the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?




Changing the subnet mask on a host has no effect on the router. The router doesn't know what subnet mask is configured on other hosts; it'll behave according to how its own interfaces are configured. (And vice versa, the host doesn't know how the router is configured.)



If you directly configure a router to have a /0 subnet mask on some interface, it absolutely does not start acting like a switch. It still acts as a router, but if it had a default route before, it simply has two default routes now – one of them just happens to claim that all hosts are local on the specified interface.



If the router prefers this second default route, you'll still see the usual "local subnet" behavior: the router will keep trying to ARP/NDP every destination directly on this interface (assuming it's a broadcast interface like Ethernet/Wi-Fi), and still won't forward the packets until it has received an ARP reply and learned the destination's MAC address.



And if you configure a host to have a /0 subnet mask, basically the same thing happens: two default routes, one of them local, so the host will try to make ARP queries for every destination and fail. (The only difference between hosts and routers is that a host won't forward received packets while a router will. Otherwise they process routing tables in much the same way.)




Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host?




Normally yes, because the host will never succeed at ARP queries for destinations which aren't really local.



But you can have the router spoof replies to those queries – a feature called "Proxy ARP". With it enabled, when the host tries to make an ARP query for some distant host, it'll learn the local router's MAC address instead, and from that point everything appears to work as if the host had a normal gateway route. (The only difference is that the host will end up having a huge ARP cache.)



This is more commonly used when the host thinks it's on a standard subnet (say, a /24) but cannot actually send Ethernet frames to anything else except the local router. A hosting company might configure its switches to drop all packets except from/to "trusted" router port (port isolation), and enable proxy-ARP on the router. This allows traffic even between customers on the same subnet to be filtered according to the router's firewall rules, which they'd normally bypass.






share|improve this answer

































    2














    In your example (ip: 1.2.3.4 mask: 255.255.255.0) all packets with a destination other than the range 1.2.3.0-1.2.3.255 will be sent to the gateway.



    If the destination belongs to the network (1.2.3.50) but is not present, the packet will not be sent to the gateway either.



    If your host has a subnet mask /0 (0.0.0.0), nothing will be sent to the gateway






    share|improve this answer























      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "3"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1396279%2fsemantics-of-how-subnets-work%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      5















      "The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?




      In traditional IP routing, yes. Packet forwarding is done by choosing the most specific matching route from the routing table (there is no special distinction between "connected interface" vs "default gateway", they're both just standard routes). So if the router has two routes matching the packet, one for 0.0.0.0/0 (default gateway) and another for 1.2.3.0/24 (local subnet), the latter always wins.



      Although you should note that routers don't necessarily have a default gateway (especially in the so-called "default-free zone", which really just means they have more-specific routes for absolutely everything).



      Also, I say "traditional IP routing" because routers might do more than just destination-based route matching. For example, in IPv6, some systems support routes which match against source and destination; e.g. you can have routes from ::/0 to ::/0 via <gw1> and from 2001:db8::/48 to ::/0 via <gw2>.



      It is also common (in both IPv4 and IPv6) to implement policy-based routing which might match packets by protocol, or by firewall mark. If a router has two upstreams (two default routes), it'll often want to use policy routing to ensure that packets received from upstream 1 will have their replies sent to the same upstream 1, even if the routing table would prefer upstream 2.




      In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?




      Yes. If the routing table says the destination is local but the router fails to receive an ARP/NDP reply, it will not fall back to another, less-specific route – it will immediately give up and return some sort of ICMP error, probably "Destination host unreachable".



      (Whether the destination is in the same network as the source usually doesn't affect anything. Even if it means sending the packet out the same interface as it arrived in, the router still behaves the same way.)




      Finally, if I (absurdly) choose a subnet mask of /0 for host1, [...] the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?




      Changing the subnet mask on a host has no effect on the router. The router doesn't know what subnet mask is configured on other hosts; it'll behave according to how its own interfaces are configured. (And vice versa, the host doesn't know how the router is configured.)



      If you directly configure a router to have a /0 subnet mask on some interface, it absolutely does not start acting like a switch. It still acts as a router, but if it had a default route before, it simply has two default routes now – one of them just happens to claim that all hosts are local on the specified interface.



      If the router prefers this second default route, you'll still see the usual "local subnet" behavior: the router will keep trying to ARP/NDP every destination directly on this interface (assuming it's a broadcast interface like Ethernet/Wi-Fi), and still won't forward the packets until it has received an ARP reply and learned the destination's MAC address.



      And if you configure a host to have a /0 subnet mask, basically the same thing happens: two default routes, one of them local, so the host will try to make ARP queries for every destination and fail. (The only difference between hosts and routers is that a host won't forward received packets while a router will. Otherwise they process routing tables in much the same way.)




      Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host?




      Normally yes, because the host will never succeed at ARP queries for destinations which aren't really local.



      But you can have the router spoof replies to those queries – a feature called "Proxy ARP". With it enabled, when the host tries to make an ARP query for some distant host, it'll learn the local router's MAC address instead, and from that point everything appears to work as if the host had a normal gateway route. (The only difference is that the host will end up having a huge ARP cache.)



      This is more commonly used when the host thinks it's on a standard subnet (say, a /24) but cannot actually send Ethernet frames to anything else except the local router. A hosting company might configure its switches to drop all packets except from/to "trusted" router port (port isolation), and enable proxy-ARP on the router. This allows traffic even between customers on the same subnet to be filtered according to the router's firewall rules, which they'd normally bypass.






      share|improve this answer






























        5















        "The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?




        In traditional IP routing, yes. Packet forwarding is done by choosing the most specific matching route from the routing table (there is no special distinction between "connected interface" vs "default gateway", they're both just standard routes). So if the router has two routes matching the packet, one for 0.0.0.0/0 (default gateway) and another for 1.2.3.0/24 (local subnet), the latter always wins.



        Although you should note that routers don't necessarily have a default gateway (especially in the so-called "default-free zone", which really just means they have more-specific routes for absolutely everything).



        Also, I say "traditional IP routing" because routers might do more than just destination-based route matching. For example, in IPv6, some systems support routes which match against source and destination; e.g. you can have routes from ::/0 to ::/0 via <gw1> and from 2001:db8::/48 to ::/0 via <gw2>.



        It is also common (in both IPv4 and IPv6) to implement policy-based routing which might match packets by protocol, or by firewall mark. If a router has two upstreams (two default routes), it'll often want to use policy routing to ensure that packets received from upstream 1 will have their replies sent to the same upstream 1, even if the routing table would prefer upstream 2.




        In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?




        Yes. If the routing table says the destination is local but the router fails to receive an ARP/NDP reply, it will not fall back to another, less-specific route – it will immediately give up and return some sort of ICMP error, probably "Destination host unreachable".



        (Whether the destination is in the same network as the source usually doesn't affect anything. Even if it means sending the packet out the same interface as it arrived in, the router still behaves the same way.)




        Finally, if I (absurdly) choose a subnet mask of /0 for host1, [...] the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?




        Changing the subnet mask on a host has no effect on the router. The router doesn't know what subnet mask is configured on other hosts; it'll behave according to how its own interfaces are configured. (And vice versa, the host doesn't know how the router is configured.)



        If you directly configure a router to have a /0 subnet mask on some interface, it absolutely does not start acting like a switch. It still acts as a router, but if it had a default route before, it simply has two default routes now – one of them just happens to claim that all hosts are local on the specified interface.



        If the router prefers this second default route, you'll still see the usual "local subnet" behavior: the router will keep trying to ARP/NDP every destination directly on this interface (assuming it's a broadcast interface like Ethernet/Wi-Fi), and still won't forward the packets until it has received an ARP reply and learned the destination's MAC address.



        And if you configure a host to have a /0 subnet mask, basically the same thing happens: two default routes, one of them local, so the host will try to make ARP queries for every destination and fail. (The only difference between hosts and routers is that a host won't forward received packets while a router will. Otherwise they process routing tables in much the same way.)




        Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host?




        Normally yes, because the host will never succeed at ARP queries for destinations which aren't really local.



        But you can have the router spoof replies to those queries – a feature called "Proxy ARP". With it enabled, when the host tries to make an ARP query for some distant host, it'll learn the local router's MAC address instead, and from that point everything appears to work as if the host had a normal gateway route. (The only difference is that the host will end up having a huge ARP cache.)



        This is more commonly used when the host thinks it's on a standard subnet (say, a /24) but cannot actually send Ethernet frames to anything else except the local router. A hosting company might configure its switches to drop all packets except from/to "trusted" router port (port isolation), and enable proxy-ARP on the router. This allows traffic even between customers on the same subnet to be filtered according to the router's firewall rules, which they'd normally bypass.






        share|improve this answer




























          5












          5








          5








          "The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?




          In traditional IP routing, yes. Packet forwarding is done by choosing the most specific matching route from the routing table (there is no special distinction between "connected interface" vs "default gateway", they're both just standard routes). So if the router has two routes matching the packet, one for 0.0.0.0/0 (default gateway) and another for 1.2.3.0/24 (local subnet), the latter always wins.



          Although you should note that routers don't necessarily have a default gateway (especially in the so-called "default-free zone", which really just means they have more-specific routes for absolutely everything).



          Also, I say "traditional IP routing" because routers might do more than just destination-based route matching. For example, in IPv6, some systems support routes which match against source and destination; e.g. you can have routes from ::/0 to ::/0 via <gw1> and from 2001:db8::/48 to ::/0 via <gw2>.



          It is also common (in both IPv4 and IPv6) to implement policy-based routing which might match packets by protocol, or by firewall mark. If a router has two upstreams (two default routes), it'll often want to use policy routing to ensure that packets received from upstream 1 will have their replies sent to the same upstream 1, even if the routing table would prefer upstream 2.




          In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?




          Yes. If the routing table says the destination is local but the router fails to receive an ARP/NDP reply, it will not fall back to another, less-specific route – it will immediately give up and return some sort of ICMP error, probably "Destination host unreachable".



          (Whether the destination is in the same network as the source usually doesn't affect anything. Even if it means sending the packet out the same interface as it arrived in, the router still behaves the same way.)




          Finally, if I (absurdly) choose a subnet mask of /0 for host1, [...] the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?




          Changing the subnet mask on a host has no effect on the router. The router doesn't know what subnet mask is configured on other hosts; it'll behave according to how its own interfaces are configured. (And vice versa, the host doesn't know how the router is configured.)



          If you directly configure a router to have a /0 subnet mask on some interface, it absolutely does not start acting like a switch. It still acts as a router, but if it had a default route before, it simply has two default routes now – one of them just happens to claim that all hosts are local on the specified interface.



          If the router prefers this second default route, you'll still see the usual "local subnet" behavior: the router will keep trying to ARP/NDP every destination directly on this interface (assuming it's a broadcast interface like Ethernet/Wi-Fi), and still won't forward the packets until it has received an ARP reply and learned the destination's MAC address.



          And if you configure a host to have a /0 subnet mask, basically the same thing happens: two default routes, one of them local, so the host will try to make ARP queries for every destination and fail. (The only difference between hosts and routers is that a host won't forward received packets while a router will. Otherwise they process routing tables in much the same way.)




          Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host?




          Normally yes, because the host will never succeed at ARP queries for destinations which aren't really local.



          But you can have the router spoof replies to those queries – a feature called "Proxy ARP". With it enabled, when the host tries to make an ARP query for some distant host, it'll learn the local router's MAC address instead, and from that point everything appears to work as if the host had a normal gateway route. (The only difference is that the host will end up having a huge ARP cache.)



          This is more commonly used when the host thinks it's on a standard subnet (say, a /24) but cannot actually send Ethernet frames to anything else except the local router. A hosting company might configure its switches to drop all packets except from/to "trusted" router port (port isolation), and enable proxy-ARP on the router. This allows traffic even between customers on the same subnet to be filtered according to the router's firewall rules, which they'd normally bypass.






          share|improve this answer
















          "The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?




          In traditional IP routing, yes. Packet forwarding is done by choosing the most specific matching route from the routing table (there is no special distinction between "connected interface" vs "default gateway", they're both just standard routes). So if the router has two routes matching the packet, one for 0.0.0.0/0 (default gateway) and another for 1.2.3.0/24 (local subnet), the latter always wins.



          Although you should note that routers don't necessarily have a default gateway (especially in the so-called "default-free zone", which really just means they have more-specific routes for absolutely everything).



          Also, I say "traditional IP routing" because routers might do more than just destination-based route matching. For example, in IPv6, some systems support routes which match against source and destination; e.g. you can have routes from ::/0 to ::/0 via <gw1> and from 2001:db8::/48 to ::/0 via <gw2>.



          It is also common (in both IPv4 and IPv6) to implement policy-based routing which might match packets by protocol, or by firewall mark. If a router has two upstreams (two default routes), it'll often want to use policy routing to ensure that packets received from upstream 1 will have their replies sent to the same upstream 1, even if the routing table would prefer upstream 2.




          In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?




          Yes. If the routing table says the destination is local but the router fails to receive an ARP/NDP reply, it will not fall back to another, less-specific route – it will immediately give up and return some sort of ICMP error, probably "Destination host unreachable".



          (Whether the destination is in the same network as the source usually doesn't affect anything. Even if it means sending the packet out the same interface as it arrived in, the router still behaves the same way.)




          Finally, if I (absurdly) choose a subnet mask of /0 for host1, [...] the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?




          Changing the subnet mask on a host has no effect on the router. The router doesn't know what subnet mask is configured on other hosts; it'll behave according to how its own interfaces are configured. (And vice versa, the host doesn't know how the router is configured.)



          If you directly configure a router to have a /0 subnet mask on some interface, it absolutely does not start acting like a switch. It still acts as a router, but if it had a default route before, it simply has two default routes now – one of them just happens to claim that all hosts are local on the specified interface.



          If the router prefers this second default route, you'll still see the usual "local subnet" behavior: the router will keep trying to ARP/NDP every destination directly on this interface (assuming it's a broadcast interface like Ethernet/Wi-Fi), and still won't forward the packets until it has received an ARP reply and learned the destination's MAC address.



          And if you configure a host to have a /0 subnet mask, basically the same thing happens: two default routes, one of them local, so the host will try to make ARP queries for every destination and fail. (The only difference between hosts and routers is that a host won't forward received packets while a router will. Otherwise they process routing tables in much the same way.)




          Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host?




          Normally yes, because the host will never succeed at ARP queries for destinations which aren't really local.



          But you can have the router spoof replies to those queries – a feature called "Proxy ARP". With it enabled, when the host tries to make an ARP query for some distant host, it'll learn the local router's MAC address instead, and from that point everything appears to work as if the host had a normal gateway route. (The only difference is that the host will end up having a huge ARP cache.)



          This is more commonly used when the host thinks it's on a standard subnet (say, a /24) but cannot actually send Ethernet frames to anything else except the local router. A hosting company might configure its switches to drop all packets except from/to "trusted" router port (port isolation), and enable proxy-ARP on the router. This allows traffic even between customers on the same subnet to be filtered according to the router's firewall rules, which they'd normally bypass.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Jan 20 at 12:58

























          answered Jan 20 at 11:59









          grawitygrawity

          238k37505560




          238k37505560

























              2














              In your example (ip: 1.2.3.4 mask: 255.255.255.0) all packets with a destination other than the range 1.2.3.0-1.2.3.255 will be sent to the gateway.



              If the destination belongs to the network (1.2.3.50) but is not present, the packet will not be sent to the gateway either.



              If your host has a subnet mask /0 (0.0.0.0), nothing will be sent to the gateway






              share|improve this answer




























                2














                In your example (ip: 1.2.3.4 mask: 255.255.255.0) all packets with a destination other than the range 1.2.3.0-1.2.3.255 will be sent to the gateway.



                If the destination belongs to the network (1.2.3.50) but is not present, the packet will not be sent to the gateway either.



                If your host has a subnet mask /0 (0.0.0.0), nothing will be sent to the gateway






                share|improve this answer


























                  2












                  2








                  2







                  In your example (ip: 1.2.3.4 mask: 255.255.255.0) all packets with a destination other than the range 1.2.3.0-1.2.3.255 will be sent to the gateway.



                  If the destination belongs to the network (1.2.3.50) but is not present, the packet will not be sent to the gateway either.



                  If your host has a subnet mask /0 (0.0.0.0), nothing will be sent to the gateway






                  share|improve this answer













                  In your example (ip: 1.2.3.4 mask: 255.255.255.0) all packets with a destination other than the range 1.2.3.0-1.2.3.255 will be sent to the gateway.



                  If the destination belongs to the network (1.2.3.50) but is not present, the packet will not be sent to the gateway either.



                  If your host has a subnet mask /0 (0.0.0.0), nothing will be sent to the gateway







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Jan 20 at 11:59









                  Gert Jan KraaijeveldGert Jan Kraaijeveld

                  17113




                  17113






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Super User!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1396279%2fsemantics-of-how-subnets-work%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      Human spaceflight

                      Can not write log (Is /dev/pts mounted?) - openpty in Ubuntu-on-Windows?

                      張江高科駅