Semantics of how subnets work
Suppose I have host1 with configured IP 1.2.3.4 and subnet mask 255.255.255.0 connected to a router.
Is the following statement absolutely, semantically correct:
"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?
In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?
Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host? Because the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?
networking subnet netmask
asked Jan 20 at 11:16
JSStuballJSStuball
1113
add a comment |
Suppose I have host1 with configured IP 1.2.3.4 and subnet mask 255.255.255.0 connected to a router.
Is the following statement absolutely, semantically correct:
"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?
In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?
Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host? Because the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?
networking subnet netmask
asked Jan 20 at 11:16
JSStuballJSStuball
1113
1
Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.
– Johan Myréen
Jan 20 at 12:51
1
"The router will forward a packet sent by host1 down its default gateway if and only if for all its connected interfaces, the destination IP address bitwise AND with host1's subnet mask for that interface does not equal host1's network address for that interface" would be more accurate.
– jcaron
Jan 20 at 15:42
1
@jcaron That's not true at all. If received by the router, it will send the packet to the destination host. This situation, however, should normally not happen anyway, because host1 should realize that the destination is on the same link and send the packet directly to the destination host. A more accurate statement would be "The router will forward any packet down its default gateway if and only if there isn't a more specific route matching the destination address." Also note that there need not be default route at all, if the networks are isolated and are all known to the router.
– Johan Myréen
Jan 20 at 18:32
@JohanMyréen Oops, indeed, looks like I only read half of the sentence. I somehow thought it read "host1 will forward a packet down its default gateway...". But that means the original sentence is even weirder, the behaviour of the router has nothing to do with the configuration of host1...
– jcaron
Jan 20 at 23:21
add a comment |
Suppose I have host1 with configured IP 1.2.3.4 and subnet mask 255.255.255.0 connected to a router.
Is the following statement absolutely, semantically correct:
"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?
In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?
Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host? Because the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?
networking subnet netmask
asked Jan 20 at 11:16
JSStuballJSStuball
1113
Suppose I have host1 with configured IP 1.2.3.4 and subnet mask 255.255.255.0 connected to a router.
Is the following statement absolutely, semantically correct:
"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?
In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?
Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host? Because the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?
networking subnet netmask
networking subnet netmask
asked Jan 20 at 11:16
JSStuballJSStuball
1113
asked Jan 20 at 11:16
JSStuballJSStuball
1113
asked Jan 20 at 11:16
JSStuballJSStuball
1113
asked Jan 20 at 11:16
JSStuballJSStuball
1113
asked Jan 20 at 11:16
JSStuballJSStuball
1113
1113
1
Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.
– Johan Myréen
Jan 20 at 12:51
1
"The router will forward a packet sent by host1 down its default gateway if and only if for all its connected interfaces, the destination IP address bitwise AND with host1's subnet mask for that interface does not equal host1's network address for that interface" would be more accurate.
– jcaron
Jan 20 at 15:42
1
@jcaron That's not true at all. If received by the router, it will send the packet to the destination host. This situation, however, should normally not happen anyway, because host1 should realize that the destination is on the same link and send the packet directly to the destination host. A more accurate statement would be "The router will forward any packet down its default gateway if and only if there isn't a more specific route matching the destination address." Also note that there need not be default route at all, if the networks are isolated and are all known to the router.
– Johan Myréen
Jan 20 at 18:32
@JohanMyréen Oops, indeed, looks like I only read half of the sentence. I somehow thought it read "host1 will forward a packet down its default gateway...". But that means the original sentence is even weirder, the behaviour of the router has nothing to do with the configuration of host1...
– jcaron
Jan 20 at 23:21
add a comment |
1
Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.
– Johan Myréen
Jan 20 at 12:51
1
"The router will forward a packet sent by host1 down its default gateway if and only if for all its connected interfaces, the destination IP address bitwise AND with host1's subnet mask for that interface does not equal host1's network address for that interface" would be more accurate.
– jcaron
Jan 20 at 15:42
1
@jcaron That's not true at all. If received by the router, it will send the packet to the destination host. This situation, however, should normally not happen anyway, because host1 should realize that the destination is on the same link and send the packet directly to the destination host. A more accurate statement would be "The router will forward any packet down its default gateway if and only if there isn't a more specific route matching the destination address." Also note that there need not be default route at all, if the networks are isolated and are all known to the router.
– Johan Myréen
Jan 20 at 18:32
@JohanMyréen Oops, indeed, looks like I only read half of the sentence. I somehow thought it read "host1 will forward a packet down its default gateway...". But that means the original sentence is even weirder, the behaviour of the router has nothing to do with the configuration of host1...
– jcaron
Jan 20 at 23:21
1
1
Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.
– Johan Myréen
Jan 20 at 12:51
Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.
– Johan Myréen
Jan 20 at 12:51
1
1
"The router will forward a packet sent by host1 down its default gateway if and only if for all its connected interfaces, the destination IP address bitwise AND with host1's subnet mask for that interface does not equal host1's network address for that interface" would be more accurate.
– jcaron
Jan 20 at 15:42
"The router will forward a packet sent by host1 down its default gateway if and only if for all its connected interfaces, the destination IP address bitwise AND with host1's subnet mask for that interface does not equal host1's network address for that interface" would be more accurate.
– jcaron
Jan 20 at 15:42
1
1
@jcaron That's not true at all. If received by the router, it will send the packet to the destination host. This situation, however, should normally not happen anyway, because host1 should realize that the destination is on the same link and send the packet directly to the destination host. A more accurate statement would be "The router will forward any packet down its default gateway if and only if there isn't a more specific route matching the destination address." Also note that there need not be default route at all, if the networks are isolated and are all known to the router.
– Johan Myréen
Jan 20 at 18:32
@jcaron That's not true at all. If received by the router, it will send the packet to the destination host. This situation, however, should normally not happen anyway, because host1 should realize that the destination is on the same link and send the packet directly to the destination host. A more accurate statement would be "The router will forward any packet down its default gateway if and only if there isn't a more specific route matching the destination address." Also note that there need not be default route at all, if the networks are isolated and are all known to the router.
– Johan Myréen
Jan 20 at 18:32
@JohanMyréen Oops, indeed, looks like I only read half of the sentence. I somehow thought it read "host1 will forward a packet down its default gateway...". But that means the original sentence is even weirder, the behaviour of the router has nothing to do with the configuration of host1...
– jcaron
Jan 20 at 23:21
@JohanMyréen Oops, indeed, looks like I only read half of the sentence. I somehow thought it read "host1 will forward a packet down its default gateway...". But that means the original sentence is even weirder, the behaviour of the router has nothing to do with the configuration of host1...
– jcaron
Jan 20 at 23:21
add a comment |
2 Answers
2
active
oldest
votes
"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?
In traditional IP routing, yes. Packet forwarding is done by choosing the most specific matching route from the routing table (there is no special distinction between "connected interface" vs "default gateway", they're both just standard routes). So if the router has two routes matching the packet, one for 0.0.0.0/0 (default gateway) and another for 1.2.3.0/24 (local subnet), the latter always wins.
Although you should note that routers don't necessarily have a default gateway (especially in the so-called "default-free zone", which really just means they have more-specific routes for absolutely everything).
Also, I say "traditional IP routing" because routers might do more than just destination-based route matching. For example, in IPv6, some systems support routes which match against source and destination; e.g. you can have routes from ::/0 to ::/0 via <gw1> and from 2001:db8::/48 to ::/0 via <gw2>.
It is also common (in both IPv4 and IPv6) to implement policy-based routing which might match packets by protocol, or by firewall mark. If a router has two upstreams (two default routes), it'll often want to use policy routing to ensure that packets received from upstream 1 will have their replies sent to the same upstream 1, even if the routing table would prefer upstream 2.
In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?
Yes. If the routing table says the destination is local but the router fails to receive an ARP/NDP reply, it will not fall back to another, less-specific route – it will immediately give up and return some sort of ICMP error, probably "Destination host unreachable".
(Whether the destination is in the same network as the source usually doesn't affect anything. Even if it means sending the packet out the same interface as it arrived in, the router still behaves the same way.)
Finally, if I (absurdly) choose a subnet mask of /0 for host1, [...] the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?
Changing the subnet mask on a host has no effect on the router. The router doesn't know what subnet mask is configured on other hosts; it'll behave according to how its own interfaces are configured. (And vice versa, the host doesn't know how the router is configured.)
If you directly configure a router to have a /0 subnet mask on some interface, it absolutely does not start acting like a switch. It still acts as a router, but if it had a default route before, it simply has two default routes now – one of them just happens to claim that all hosts are local on the specified interface.
If the router prefers this second default route, you'll still see the usual "local subnet" behavior: the router will keep trying to ARP/NDP every destination directly on this interface (assuming it's a broadcast interface like Ethernet/Wi-Fi), and still won't forward the packets until it has received an ARP reply and learned the destination's MAC address.
And if you configure a host to have a /0 subnet mask, basically the same thing happens: two default routes, one of them local, so the host will try to make ARP queries for every destination and fail. (The only difference between hosts and routers is that a host won't forward received packets while a router will. Otherwise they process routing tables in much the same way.)
Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host?
Normally yes, because the host will never succeed at ARP queries for destinations which aren't really local.
But you can have the router spoof replies to those queries – a feature called "Proxy ARP". With it enabled, when the host tries to make an ARP query for some distant host, it'll learn the local router's MAC address instead, and from that point everything appears to work as if the host had a normal gateway route. (The only difference is that the host will end up having a huge ARP cache.)
This is more commonly used when the host thinks it's on a standard subnet (say, a /24) but cannot actually send Ethernet frames to anything else except the local router. A hosting company might configure its switches to drop all packets except from/to "trusted" router port (port isolation), and enable proxy-ARP on the router. This allows traffic even between customers on the same subnet to be filtered according to the router's firewall rules, which they'd normally bypass.
answered Jan 20 at 11:59
grawitygrawity
238k37505560
add a comment |
In your example (ip: 1.2.3.4 mask: 255.255.255.0) all packets with a destination other than the range 1.2.3.0-1.2.3.255 will be sent to the gateway.
If the destination belongs to the network (1.2.3.50) but is not present, the packet will not be sent to the gateway either.
If your host has a subnet mask /0 (0.0.0.0), nothing will be sent to the gateway
answered Jan 20 at 11:59
Gert Jan KraaijeveldGert Jan Kraaijeveld
17113
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1396279%2fsemantics-of-how-subnets-work%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?
In traditional IP routing, yes. Packet forwarding is done by choosing the most specific matching route from the routing table (there is no special distinction between "connected interface" vs "default gateway", they're both just standard routes). So if the router has two routes matching the packet, one for 0.0.0.0/0 (default gateway) and another for 1.2.3.0/24 (local subnet), the latter always wins.
Although you should note that routers don't necessarily have a default gateway (especially in the so-called "default-free zone", which really just means they have more-specific routes for absolutely everything).
Also, I say "traditional IP routing" because routers might do more than just destination-based route matching. For example, in IPv6, some systems support routes which match against source and destination; e.g. you can have routes from ::/0 to ::/0 via <gw1> and from 2001:db8::/48 to ::/0 via <gw2>.
It is also common (in both IPv4 and IPv6) to implement policy-based routing which might match packets by protocol, or by firewall mark. If a router has two upstreams (two default routes), it'll often want to use policy routing to ensure that packets received from upstream 1 will have their replies sent to the same upstream 1, even if the routing table would prefer upstream 2.
In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?
Yes. If the routing table says the destination is local but the router fails to receive an ARP/NDP reply, it will not fall back to another, less-specific route – it will immediately give up and return some sort of ICMP error, probably "Destination host unreachable".
(Whether the destination is in the same network as the source usually doesn't affect anything. Even if it means sending the packet out the same interface as it arrived in, the router still behaves the same way.)
Finally, if I (absurdly) choose a subnet mask of /0 for host1, [...] the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?
Changing the subnet mask on a host has no effect on the router. The router doesn't know what subnet mask is configured on other hosts; it'll behave according to how its own interfaces are configured. (And vice versa, the host doesn't know how the router is configured.)
If you directly configure a router to have a /0 subnet mask on some interface, it absolutely does not start acting like a switch. It still acts as a router, but if it had a default route before, it simply has two default routes now – one of them just happens to claim that all hosts are local on the specified interface.
If the router prefers this second default route, you'll still see the usual "local subnet" behavior: the router will keep trying to ARP/NDP every destination directly on this interface (assuming it's a broadcast interface like Ethernet/Wi-Fi), and still won't forward the packets until it has received an ARP reply and learned the destination's MAC address.
And if you configure a host to have a /0 subnet mask, basically the same thing happens: two default routes, one of them local, so the host will try to make ARP queries for every destination and fail. (The only difference between hosts and routers is that a host won't forward received packets while a router will. Otherwise they process routing tables in much the same way.)
Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host?
Normally yes, because the host will never succeed at ARP queries for destinations which aren't really local.
But you can have the router spoof replies to those queries – a feature called "Proxy ARP". With it enabled, when the host tries to make an ARP query for some distant host, it'll learn the local router's MAC address instead, and from that point everything appears to work as if the host had a normal gateway route. (The only difference is that the host will end up having a huge ARP cache.)
This is more commonly used when the host thinks it's on a standard subnet (say, a /24) but cannot actually send Ethernet frames to anything else except the local router. A hosting company might configure its switches to drop all packets except from/to "trusted" router port (port isolation), and enable proxy-ARP on the router. This allows traffic even between customers on the same subnet to be filtered according to the router's firewall rules, which they'd normally bypass.
answered Jan 20 at 11:59
grawitygrawity
238k37505560
add a comment |
"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?
In traditional IP routing, yes. Packet forwarding is done by choosing the most specific matching route from the routing table (there is no special distinction between "connected interface" vs "default gateway", they're both just standard routes). So if the router has two routes matching the packet, one for 0.0.0.0/0 (default gateway) and another for 1.2.3.0/24 (local subnet), the latter always wins.
Although you should note that routers don't necessarily have a default gateway (especially in the so-called "default-free zone", which really just means they have more-specific routes for absolutely everything).
Also, I say "traditional IP routing" because routers might do more than just destination-based route matching. For example, in IPv6, some systems support routes which match against source and destination; e.g. you can have routes from ::/0 to ::/0 via <gw1> and from 2001:db8::/48 to ::/0 via <gw2>.
It is also common (in both IPv4 and IPv6) to implement policy-based routing which might match packets by protocol, or by firewall mark. If a router has two upstreams (two default routes), it'll often want to use policy routing to ensure that packets received from upstream 1 will have their replies sent to the same upstream 1, even if the routing table would prefer upstream 2.
In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?
Yes. If the routing table says the destination is local but the router fails to receive an ARP/NDP reply, it will not fall back to another, less-specific route – it will immediately give up and return some sort of ICMP error, probably "Destination host unreachable".
(Whether the destination is in the same network as the source usually doesn't affect anything. Even if it means sending the packet out the same interface as it arrived in, the router still behaves the same way.)
Finally, if I (absurdly) choose a subnet mask of /0 for host1, [...] the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?
Changing the subnet mask on a host has no effect on the router. The router doesn't know what subnet mask is configured on other hosts; it'll behave according to how its own interfaces are configured. (And vice versa, the host doesn't know how the router is configured.)
If you directly configure a router to have a /0 subnet mask on some interface, it absolutely does not start acting like a switch. It still acts as a router, but if it had a default route before, it simply has two default routes now – one of them just happens to claim that all hosts are local on the specified interface.
If the router prefers this second default route, you'll still see the usual "local subnet" behavior: the router will keep trying to ARP/NDP every destination directly on this interface (assuming it's a broadcast interface like Ethernet/Wi-Fi), and still won't forward the packets until it has received an ARP reply and learned the destination's MAC address.
And if you configure a host to have a /0 subnet mask, basically the same thing happens: two default routes, one of them local, so the host will try to make ARP queries for every destination and fail. (The only difference between hosts and routers is that a host won't forward received packets while a router will. Otherwise they process routing tables in much the same way.)
Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host?
Normally yes, because the host will never succeed at ARP queries for destinations which aren't really local.
But you can have the router spoof replies to those queries – a feature called "Proxy ARP". With it enabled, when the host tries to make an ARP query for some distant host, it'll learn the local router's MAC address instead, and from that point everything appears to work as if the host had a normal gateway route. (The only difference is that the host will end up having a huge ARP cache.)
This is more commonly used when the host thinks it's on a standard subnet (say, a /24) but cannot actually send Ethernet frames to anything else except the local router. A hosting company might configure its switches to drop all packets except from/to "trusted" router port (port isolation), and enable proxy-ARP on the router. This allows traffic even between customers on the same subnet to be filtered according to the router's firewall rules, which they'd normally bypass.
answered Jan 20 at 11:59
grawitygrawity
238k37505560
add a comment |
"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?
In traditional IP routing, yes. Packet forwarding is done by choosing the most specific matching route from the routing table (there is no special distinction between "connected interface" vs "default gateway", they're both just standard routes). So if the router has two routes matching the packet, one for 0.0.0.0/0 (default gateway) and another for 1.2.3.0/24 (local subnet), the latter always wins.
Although you should note that routers don't necessarily have a default gateway (especially in the so-called "default-free zone", which really just means they have more-specific routes for absolutely everything).
Also, I say "traditional IP routing" because routers might do more than just destination-based route matching. For example, in IPv6, some systems support routes which match against source and destination; e.g. you can have routes from ::/0 to ::/0 via <gw1> and from 2001:db8::/48 to ::/0 via <gw2>.
It is also common (in both IPv4 and IPv6) to implement policy-based routing which might match packets by protocol, or by firewall mark. If a router has two upstreams (two default routes), it'll often want to use policy routing to ensure that packets received from upstream 1 will have their replies sent to the same upstream 1, even if the routing table would prefer upstream 2.
In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?
Yes. If the routing table says the destination is local but the router fails to receive an ARP/NDP reply, it will not fall back to another, less-specific route – it will immediately give up and return some sort of ICMP error, probably "Destination host unreachable".
(Whether the destination is in the same network as the source usually doesn't affect anything. Even if it means sending the packet out the same interface as it arrived in, the router still behaves the same way.)
Finally, if I (absurdly) choose a subnet mask of /0 for host1, [...] the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?
Changing the subnet mask on a host has no effect on the router. The router doesn't know what subnet mask is configured on other hosts; it'll behave according to how its own interfaces are configured. (And vice versa, the host doesn't know how the router is configured.)
If you directly configure a router to have a /0 subnet mask on some interface, it absolutely does not start acting like a switch. It still acts as a router, but if it had a default route before, it simply has two default routes now – one of them just happens to claim that all hosts are local on the specified interface.
If the router prefers this second default route, you'll still see the usual "local subnet" behavior: the router will keep trying to ARP/NDP every destination directly on this interface (assuming it's a broadcast interface like Ethernet/Wi-Fi), and still won't forward the packets until it has received an ARP reply and learned the destination's MAC address.
And if you configure a host to have a /0 subnet mask, basically the same thing happens: two default routes, one of them local, so the host will try to make ARP queries for every destination and fail. (The only difference between hosts and routers is that a host won't forward received packets while a router will. Otherwise they process routing tables in much the same way.)
Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host?
Normally yes, because the host will never succeed at ARP queries for destinations which aren't really local.
But you can have the router spoof replies to those queries – a feature called "Proxy ARP". With it enabled, when the host tries to make an ARP query for some distant host, it'll learn the local router's MAC address instead, and from that point everything appears to work as if the host had a normal gateway route. (The only difference is that the host will end up having a huge ARP cache.)
This is more commonly used when the host thinks it's on a standard subnet (say, a /24) but cannot actually send Ethernet frames to anything else except the local router. A hosting company might configure its switches to drop all packets except from/to "trusted" router port (port isolation), and enable proxy-ARP on the router. This allows traffic even between customers on the same subnet to be filtered according to the router's firewall rules, which they'd normally bypass.
answered Jan 20 at 11:59
grawitygrawity
238k37505560
"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?
In traditional IP routing, yes. Packet forwarding is done by choosing the most specific matching route from the routing table (there is no special distinction between "connected interface" vs "default gateway", they're both just standard routes). So if the router has two routes matching the packet, one for 0.0.0.0/0 (default gateway) and another for 1.2.3.0/24 (local subnet), the latter always wins.
Although you should note that routers don't necessarily have a default gateway (especially in the so-called "default-free zone", which really just means they have more-specific routes for absolutely everything).
Also, I say "traditional IP routing" because routers might do more than just destination-based route matching. For example, in IPv6, some systems support routes which match against source and destination; e.g. you can have routes from ::/0 to ::/0 via <gw1> and from 2001:db8::/48 to ::/0 via <gw2>.
It is also common (in both IPv4 and IPv6) to implement policy-based routing which might match packets by protocol, or by firewall mark. If a router has two upstreams (two default routes), it'll often want to use policy routing to ensure that packets received from upstream 1 will have their replies sent to the same upstream 1, even if the routing table would prefer upstream 2.
In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?
Yes. If the routing table says the destination is local but the router fails to receive an ARP/NDP reply, it will not fall back to another, less-specific route – it will immediately give up and return some sort of ICMP error, probably "Destination host unreachable".
(Whether the destination is in the same network as the source usually doesn't affect anything. Even if it means sending the packet out the same interface as it arrived in, the router still behaves the same way.)
Finally, if I (absurdly) choose a subnet mask of /0 for host1, [...] the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?
Changing the subnet mask on a host has no effect on the router. The router doesn't know what subnet mask is configured on other hosts; it'll behave according to how its own interfaces are configured. (And vice versa, the host doesn't know how the router is configured.)
If you directly configure a router to have a /0 subnet mask on some interface, it absolutely does not start acting like a switch. It still acts as a router, but if it had a default route before, it simply has two default routes now – one of them just happens to claim that all hosts are local on the specified interface.
If the router prefers this second default route, you'll still see the usual "local subnet" behavior: the router will keep trying to ARP/NDP every destination directly on this interface (assuming it's a broadcast interface like Ethernet/Wi-Fi), and still won't forward the packets until it has received an ARP reply and learned the destination's MAC address.
And if you configure a host to have a /0 subnet mask, basically the same thing happens: two default routes, one of them local, so the host will try to make ARP queries for every destination and fail. (The only difference between hosts and routers is that a host won't forward received packets while a router will. Otherwise they process routing tables in much the same way.)
Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host?
Normally yes, because the host will never succeed at ARP queries for destinations which aren't really local.
But you can have the router spoof replies to those queries – a feature called "Proxy ARP". With it enabled, when the host tries to make an ARP query for some distant host, it'll learn the local router's MAC address instead, and from that point everything appears to work as if the host had a normal gateway route. (The only difference is that the host will end up having a huge ARP cache.)
This is more commonly used when the host thinks it's on a standard subnet (say, a /24) but cannot actually send Ethernet frames to anything else except the local router. A hosting company might configure its switches to drop all packets except from/to "trusted" router port (port isolation), and enable proxy-ARP on the router. This allows traffic even between customers on the same subnet to be filtered according to the router's firewall rules, which they'd normally bypass.
answered Jan 20 at 11:59
grawitygrawity
238k37505560
edited Jan 20 at 12:58
answered Jan 20 at 11:59
grawitygrawity
238k37505560
answered Jan 20 at 11:59
grawitygrawity
238k37505560
answered Jan 20 at 11:59
grawitygrawity
238k37505560
238k37505560
add a comment |
add a comment |
In your example (ip: 1.2.3.4 mask: 255.255.255.0) all packets with a destination other than the range 1.2.3.0-1.2.3.255 will be sent to the gateway.
If the destination belongs to the network (1.2.3.50) but is not present, the packet will not be sent to the gateway either.
If your host has a subnet mask /0 (0.0.0.0), nothing will be sent to the gateway
answered Jan 20 at 11:59
Gert Jan KraaijeveldGert Jan Kraaijeveld
17113
add a comment |
In your example (ip: 1.2.3.4 mask: 255.255.255.0) all packets with a destination other than the range 1.2.3.0-1.2.3.255 will be sent to the gateway.
If the destination belongs to the network (1.2.3.50) but is not present, the packet will not be sent to the gateway either.
If your host has a subnet mask /0 (0.0.0.0), nothing will be sent to the gateway
answered Jan 20 at 11:59
Gert Jan KraaijeveldGert Jan Kraaijeveld
17113
add a comment |
In your example (ip: 1.2.3.4 mask: 255.255.255.0) all packets with a destination other than the range 1.2.3.0-1.2.3.255 will be sent to the gateway.
If the destination belongs to the network (1.2.3.50) but is not present, the packet will not be sent to the gateway either.
If your host has a subnet mask /0 (0.0.0.0), nothing will be sent to the gateway
answered Jan 20 at 11:59
Gert Jan KraaijeveldGert Jan Kraaijeveld
17113
In your example (ip: 1.2.3.4 mask: 255.255.255.0) all packets with a destination other than the range 1.2.3.0-1.2.3.255 will be sent to the gateway.
If the destination belongs to the network (1.2.3.50) but is not present, the packet will not be sent to the gateway either.
If your host has a subnet mask /0 (0.0.0.0), nothing will be sent to the gateway
answered Jan 20 at 11:59
Gert Jan KraaijeveldGert Jan Kraaijeveld
17113
answered Jan 20 at 11:59
Gert Jan KraaijeveldGert Jan Kraaijeveld
17113
answered Jan 20 at 11:59
Gert Jan KraaijeveldGert Jan Kraaijeveld
17113
answered Jan 20 at 11:59
Gert Jan KraaijeveldGert Jan Kraaijeveld
17113
17113
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1396279%2fsemantics-of-how-subnets-work%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.
– Johan Myréen
Jan 20 at 12:51
1
"The router will forward a packet sent by host1 down its default gateway if and only if for all its connected interfaces, the destination IP address bitwise AND with host1's subnet mask for that interface does not equal host1's network address for that interface" would be more accurate.
– jcaron
Jan 20 at 15:42
1
@jcaron That's not true at all. If received by the router, it will send the packet to the destination host. This situation, however, should normally not happen anyway, because host1 should realize that the destination is on the same link and send the packet directly to the destination host. A more accurate statement would be "The router will forward any packet down its default gateway if and only if there isn't a more specific route matching the destination address." Also note that there need not be default route at all, if the networks are isolated and are all known to the router.
– Johan Myréen
Jan 20 at 18:32
@JohanMyréen Oops, indeed, looks like I only read half of the sentence. I somehow thought it read "host1 will forward a packet down its default gateway...". But that means the original sentence is even weirder, the behaviour of the router has nothing to do with the configuration of host1...
– jcaron
Jan 20 at 23:21