Semantics of how subnets work












1















Suppose I have host1 with configured IP 1.2.3.4 and subnet mask 255.255.255.0 connected to a router.



Is the following statement absolutely, semantically correct:



"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?



In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?



Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host? Because the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?










share|improve this question







New contributor




JSStuball is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 1





    Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.

    – Johan Myréen
    26 mins ago
















1















Suppose I have host1 with configured IP 1.2.3.4 and subnet mask 255.255.255.0 connected to a router.



Is the following statement absolutely, semantically correct:



"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?



In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?



Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host? Because the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?










share|improve this question







New contributor




JSStuball is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 1





    Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.

    – Johan Myréen
    26 mins ago














1












1








1








Suppose I have host1 with configured IP 1.2.3.4 and subnet mask 255.255.255.0 connected to a router.



Is the following statement absolutely, semantically correct:



"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?



In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?



Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host? Because the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?










share|improve this question







New contributor




JSStuball is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












Suppose I have host1 with configured IP 1.2.3.4 and subnet mask 255.255.255.0 connected to a router.



Is the following statement absolutely, semantically correct:



"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?



In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?



Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host? Because the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?







networking subnet netmask






share|improve this question







New contributor




JSStuball is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question







New contributor




JSStuball is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question






New contributor




JSStuball is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 2 hours ago









JSStuballJSStuball

1061




1061




New contributor




JSStuball is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





JSStuball is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






JSStuball is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 1





    Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.

    – Johan Myréen
    26 mins ago














  • 1





    Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.

    – Johan Myréen
    26 mins ago








1




1





Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.

– Johan Myréen
26 mins ago





Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.

– Johan Myréen
26 mins ago










2 Answers
2






active

oldest

votes


















2















"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?




In traditional IP routing, yes. Packet forwarding is done by choosing the most specific matching route from the routing table (there is no special distinction between "connected interface" vs "default gateway", they're both just standard routes). So if the router has two routes matching the packet, one for 0.0.0.0/0 (default gateway) and another for 1.2.3.0/24 (local subnet), the latter always wins.



Although you should note that routers don't necessarily have a default gateway (especially in the so-called "default-free zone", which really just means they have more-specific routes for absolutely everything).



Also, I say "traditional IP routing" because routers might do more than just destination-based route matching. For example, in IPv6, some systems support routes which match against source and destination; e.g. you can have routes from ::/0 to ::/0 via <gw1> and from 2001:db8::/48 to ::/0 via <gw2>.



It is also common (in both IPv4 and IPv6) to implement policy-based routing which might match packets by protocol, or by firewall mark. If a router has two upstreams (two default routes), it'll often want to use policy routing to ensure that packets received from upstream 1 will have their replies sent to the same upstream 1, even if the routing table would prefer upstream 2.




In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?




Yes. If the routing table says the destination is local but the router fails to receive an ARP/NDP reply, it will not fall back to another, less-specific route – it will immediately give up and return some sort of ICMP error, probably "Destination host unreachable".



(Whether the destination is in the same network as the source usually doesn't affect anything. Even if it means sending the packet out the same interface as it arrived in, the router still behaves the same way.)




Finally, if I (absurdly) choose a subnet mask of /0 for host1, [...] the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?




Changing the subnet mask on a host has no effect on the router. The router doesn't know what subnet mask is configured on other hosts; it'll behave according to how its own interfaces are configured. (And vice versa, the host doesn't know how the router is configured.)



If you directly configure a router to have a /0 subnet mask on some interface, it absolutely does not start acting like a switch. It still acts as a router, but if it had a default route before, it simply has two default routes now – one of them just happens to claim that all hosts are local on the specified interface.



If the router prefers this second default route, you'll still see the usual "local subnet" behavior: the router will keep trying to ARP/NDP every destination directly on this interface (assuming it's a broadcast interface like Ethernet/Wi-Fi), and still won't forward the packets until it has received an ARP reply and learned the destination's MAC address.



And if you configure a host to have a /0 subnet mask, basically the same thing happens: two default routes, one of them local, so the host will try to make ARP queries for every destination and fail. (The only difference between hosts and routers is that a host won't forward received packets while a router will. Otherwise they process routing tables in much the same way.)




Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host?




Normally yes, because the host will never succeed at ARP queries for destinations which aren't really local.



But you can have the router spoof replies to those queries – a feature called "Proxy ARP". With it enabled, when the host tries to make an ARP query for some distant host, it'll learn the local router's MAC address instead, and from that point everything appears to work as if the host had a normal gateway route. (The only difference is that the host will end up having a huge ARP cache.)



This is more commonly used when the host thinks it's on a standard subnet (say, a /24) but cannot actually send Ethernet frames to anything else except the local router. A hosting company might configure its switches to drop all packets except from/to "trusted" router port (port isolation), and enable proxy-ARP on the router. This allows traffic even between customers on the same subnet to be filtered according to the router's firewall rules, which they'd normally bypass.






share|improve this answer

































    0














    In your example (ip: 1.2.3.4 mask: 255.255.255.0) all packets with a destination other than the range 1.2.3.0-1.2.3.255 will be sent to the gateway.



    If the destination belongs to the network (1.2.3.50) but is not present, the packet will not be sent to the gateway either.



    If your host has a subnet mask /0 (0.0.0.0), nothing will be sent to the gateway






    share|improve this answer























      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "3"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });






      JSStuball is a new contributor. Be nice, and check out our Code of Conduct.










      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1396279%2fsemantics-of-how-subnets-work%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      2















      "The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?




      In traditional IP routing, yes. Packet forwarding is done by choosing the most specific matching route from the routing table (there is no special distinction between "connected interface" vs "default gateway", they're both just standard routes). So if the router has two routes matching the packet, one for 0.0.0.0/0 (default gateway) and another for 1.2.3.0/24 (local subnet), the latter always wins.



      Although you should note that routers don't necessarily have a default gateway (especially in the so-called "default-free zone", which really just means they have more-specific routes for absolutely everything).



      Also, I say "traditional IP routing" because routers might do more than just destination-based route matching. For example, in IPv6, some systems support routes which match against source and destination; e.g. you can have routes from ::/0 to ::/0 via <gw1> and from 2001:db8::/48 to ::/0 via <gw2>.



      It is also common (in both IPv4 and IPv6) to implement policy-based routing which might match packets by protocol, or by firewall mark. If a router has two upstreams (two default routes), it'll often want to use policy routing to ensure that packets received from upstream 1 will have their replies sent to the same upstream 1, even if the routing table would prefer upstream 2.




      In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?




      Yes. If the routing table says the destination is local but the router fails to receive an ARP/NDP reply, it will not fall back to another, less-specific route – it will immediately give up and return some sort of ICMP error, probably "Destination host unreachable".



      (Whether the destination is in the same network as the source usually doesn't affect anything. Even if it means sending the packet out the same interface as it arrived in, the router still behaves the same way.)




      Finally, if I (absurdly) choose a subnet mask of /0 for host1, [...] the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?




      Changing the subnet mask on a host has no effect on the router. The router doesn't know what subnet mask is configured on other hosts; it'll behave according to how its own interfaces are configured. (And vice versa, the host doesn't know how the router is configured.)



      If you directly configure a router to have a /0 subnet mask on some interface, it absolutely does not start acting like a switch. It still acts as a router, but if it had a default route before, it simply has two default routes now – one of them just happens to claim that all hosts are local on the specified interface.



      If the router prefers this second default route, you'll still see the usual "local subnet" behavior: the router will keep trying to ARP/NDP every destination directly on this interface (assuming it's a broadcast interface like Ethernet/Wi-Fi), and still won't forward the packets until it has received an ARP reply and learned the destination's MAC address.



      And if you configure a host to have a /0 subnet mask, basically the same thing happens: two default routes, one of them local, so the host will try to make ARP queries for every destination and fail. (The only difference between hosts and routers is that a host won't forward received packets while a router will. Otherwise they process routing tables in much the same way.)




      Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host?




      Normally yes, because the host will never succeed at ARP queries for destinations which aren't really local.



      But you can have the router spoof replies to those queries – a feature called "Proxy ARP". With it enabled, when the host tries to make an ARP query for some distant host, it'll learn the local router's MAC address instead, and from that point everything appears to work as if the host had a normal gateway route. (The only difference is that the host will end up having a huge ARP cache.)



      This is more commonly used when the host thinks it's on a standard subnet (say, a /24) but cannot actually send Ethernet frames to anything else except the local router. A hosting company might configure its switches to drop all packets except from/to "trusted" router port (port isolation), and enable proxy-ARP on the router. This allows traffic even between customers on the same subnet to be filtered according to the router's firewall rules, which they'd normally bypass.






      share|improve this answer






























        2















        "The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?




        In traditional IP routing, yes. Packet forwarding is done by choosing the most specific matching route from the routing table (there is no special distinction between "connected interface" vs "default gateway", they're both just standard routes). So if the router has two routes matching the packet, one for 0.0.0.0/0 (default gateway) and another for 1.2.3.0/24 (local subnet), the latter always wins.



        Although you should note that routers don't necessarily have a default gateway (especially in the so-called "default-free zone", which really just means they have more-specific routes for absolutely everything).



        Also, I say "traditional IP routing" because routers might do more than just destination-based route matching. For example, in IPv6, some systems support routes which match against source and destination; e.g. you can have routes from ::/0 to ::/0 via <gw1> and from 2001:db8::/48 to ::/0 via <gw2>.



        It is also common (in both IPv4 and IPv6) to implement policy-based routing which might match packets by protocol, or by firewall mark. If a router has two upstreams (two default routes), it'll often want to use policy routing to ensure that packets received from upstream 1 will have their replies sent to the same upstream 1, even if the routing table would prefer upstream 2.




        In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?




        Yes. If the routing table says the destination is local but the router fails to receive an ARP/NDP reply, it will not fall back to another, less-specific route – it will immediately give up and return some sort of ICMP error, probably "Destination host unreachable".



        (Whether the destination is in the same network as the source usually doesn't affect anything. Even if it means sending the packet out the same interface as it arrived in, the router still behaves the same way.)




        Finally, if I (absurdly) choose a subnet mask of /0 for host1, [...] the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?




        Changing the subnet mask on a host has no effect on the router. The router doesn't know what subnet mask is configured on other hosts; it'll behave according to how its own interfaces are configured. (And vice versa, the host doesn't know how the router is configured.)



        If you directly configure a router to have a /0 subnet mask on some interface, it absolutely does not start acting like a switch. It still acts as a router, but if it had a default route before, it simply has two default routes now – one of them just happens to claim that all hosts are local on the specified interface.



        If the router prefers this second default route, you'll still see the usual "local subnet" behavior: the router will keep trying to ARP/NDP every destination directly on this interface (assuming it's a broadcast interface like Ethernet/Wi-Fi), and still won't forward the packets until it has received an ARP reply and learned the destination's MAC address.



        And if you configure a host to have a /0 subnet mask, basically the same thing happens: two default routes, one of them local, so the host will try to make ARP queries for every destination and fail. (The only difference between hosts and routers is that a host won't forward received packets while a router will. Otherwise they process routing tables in much the same way.)




        Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host?




        Normally yes, because the host will never succeed at ARP queries for destinations which aren't really local.



        But you can have the router spoof replies to those queries – a feature called "Proxy ARP". With it enabled, when the host tries to make an ARP query for some distant host, it'll learn the local router's MAC address instead, and from that point everything appears to work as if the host had a normal gateway route. (The only difference is that the host will end up having a huge ARP cache.)



        This is more commonly used when the host thinks it's on a standard subnet (say, a /24) but cannot actually send Ethernet frames to anything else except the local router. A hosting company might configure its switches to drop all packets except from/to "trusted" router port (port isolation), and enable proxy-ARP on the router. This allows traffic even between customers on the same subnet to be filtered according to the router's firewall rules, which they'd normally bypass.






        share|improve this answer




























          2












          2








          2








          "The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?




          In traditional IP routing, yes. Packet forwarding is done by choosing the most specific matching route from the routing table (there is no special distinction between "connected interface" vs "default gateway", they're both just standard routes). So if the router has two routes matching the packet, one for 0.0.0.0/0 (default gateway) and another for 1.2.3.0/24 (local subnet), the latter always wins.



          Although you should note that routers don't necessarily have a default gateway (especially in the so-called "default-free zone", which really just means they have more-specific routes for absolutely everything).



          Also, I say "traditional IP routing" because routers might do more than just destination-based route matching. For example, in IPv6, some systems support routes which match against source and destination; e.g. you can have routes from ::/0 to ::/0 via <gw1> and from 2001:db8::/48 to ::/0 via <gw2>.



          It is also common (in both IPv4 and IPv6) to implement policy-based routing which might match packets by protocol, or by firewall mark. If a router has two upstreams (two default routes), it'll often want to use policy routing to ensure that packets received from upstream 1 will have their replies sent to the same upstream 1, even if the routing table would prefer upstream 2.




          In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?




          Yes. If the routing table says the destination is local but the router fails to receive an ARP/NDP reply, it will not fall back to another, less-specific route – it will immediately give up and return some sort of ICMP error, probably "Destination host unreachable".



          (Whether the destination is in the same network as the source usually doesn't affect anything. Even if it means sending the packet out the same interface as it arrived in, the router still behaves the same way.)




          Finally, if I (absurdly) choose a subnet mask of /0 for host1, [...] the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?




          Changing the subnet mask on a host has no effect on the router. The router doesn't know what subnet mask is configured on other hosts; it'll behave according to how its own interfaces are configured. (And vice versa, the host doesn't know how the router is configured.)



          If you directly configure a router to have a /0 subnet mask on some interface, it absolutely does not start acting like a switch. It still acts as a router, but if it had a default route before, it simply has two default routes now – one of them just happens to claim that all hosts are local on the specified interface.



          If the router prefers this second default route, you'll still see the usual "local subnet" behavior: the router will keep trying to ARP/NDP every destination directly on this interface (assuming it's a broadcast interface like Ethernet/Wi-Fi), and still won't forward the packets until it has received an ARP reply and learned the destination's MAC address.



          And if you configure a host to have a /0 subnet mask, basically the same thing happens: two default routes, one of them local, so the host will try to make ARP queries for every destination and fail. (The only difference between hosts and routers is that a host won't forward received packets while a router will. Otherwise they process routing tables in much the same way.)




          Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host?




          Normally yes, because the host will never succeed at ARP queries for destinations which aren't really local.



          But you can have the router spoof replies to those queries – a feature called "Proxy ARP". With it enabled, when the host tries to make an ARP query for some distant host, it'll learn the local router's MAC address instead, and from that point everything appears to work as if the host had a normal gateway route. (The only difference is that the host will end up having a huge ARP cache.)



          This is more commonly used when the host thinks it's on a standard subnet (say, a /24) but cannot actually send Ethernet frames to anything else except the local router. A hosting company might configure its switches to drop all packets except from/to "trusted" router port (port isolation), and enable proxy-ARP on the router. This allows traffic even between customers on the same subnet to be filtered according to the router's firewall rules, which they'd normally bypass.






          share|improve this answer
















          "The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?




          In traditional IP routing, yes. Packet forwarding is done by choosing the most specific matching route from the routing table (there is no special distinction between "connected interface" vs "default gateway", they're both just standard routes). So if the router has two routes matching the packet, one for 0.0.0.0/0 (default gateway) and another for 1.2.3.0/24 (local subnet), the latter always wins.



          Although you should note that routers don't necessarily have a default gateway (especially in the so-called "default-free zone", which really just means they have more-specific routes for absolutely everything).



          Also, I say "traditional IP routing" because routers might do more than just destination-based route matching. For example, in IPv6, some systems support routes which match against source and destination; e.g. you can have routes from ::/0 to ::/0 via <gw1> and from 2001:db8::/48 to ::/0 via <gw2>.



          It is also common (in both IPv4 and IPv6) to implement policy-based routing which might match packets by protocol, or by firewall mark. If a router has two upstreams (two default routes), it'll often want to use policy routing to ensure that packets received from upstream 1 will have their replies sent to the same upstream 1, even if the routing table would prefer upstream 2.




          In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?




          Yes. If the routing table says the destination is local but the router fails to receive an ARP/NDP reply, it will not fall back to another, less-specific route – it will immediately give up and return some sort of ICMP error, probably "Destination host unreachable".



          (Whether the destination is in the same network as the source usually doesn't affect anything. Even if it means sending the packet out the same interface as it arrived in, the router still behaves the same way.)




          Finally, if I (absurdly) choose a subnet mask of /0 for host1, [...] the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?




          Changing the subnet mask on a host has no effect on the router. The router doesn't know what subnet mask is configured on other hosts; it'll behave according to how its own interfaces are configured. (And vice versa, the host doesn't know how the router is configured.)



          If you directly configure a router to have a /0 subnet mask on some interface, it absolutely does not start acting like a switch. It still acts as a router, but if it had a default route before, it simply has two default routes now – one of them just happens to claim that all hosts are local on the specified interface.



          If the router prefers this second default route, you'll still see the usual "local subnet" behavior: the router will keep trying to ARP/NDP every destination directly on this interface (assuming it's a broadcast interface like Ethernet/Wi-Fi), and still won't forward the packets until it has received an ARP reply and learned the destination's MAC address.



          And if you configure a host to have a /0 subnet mask, basically the same thing happens: two default routes, one of them local, so the host will try to make ARP queries for every destination and fail. (The only difference between hosts and routers is that a host won't forward received packets while a router will. Otherwise they process routing tables in much the same way.)




          Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host?




          Normally yes, because the host will never succeed at ARP queries for destinations which aren't really local.



          But you can have the router spoof replies to those queries – a feature called "Proxy ARP". With it enabled, when the host tries to make an ARP query for some distant host, it'll learn the local router's MAC address instead, and from that point everything appears to work as if the host had a normal gateway route. (The only difference is that the host will end up having a huge ARP cache.)



          This is more commonly used when the host thinks it's on a standard subnet (say, a /24) but cannot actually send Ethernet frames to anything else except the local router. A hosting company might configure its switches to drop all packets except from/to "trusted" router port (port isolation), and enable proxy-ARP on the router. This allows traffic even between customers on the same subnet to be filtered according to the router's firewall rules, which they'd normally bypass.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited 20 mins ago

























          answered 1 hour ago









          grawitygrawity

          234k36495550




          234k36495550

























              0














              In your example (ip: 1.2.3.4 mask: 255.255.255.0) all packets with a destination other than the range 1.2.3.0-1.2.3.255 will be sent to the gateway.



              If the destination belongs to the network (1.2.3.50) but is not present, the packet will not be sent to the gateway either.



              If your host has a subnet mask /0 (0.0.0.0), nothing will be sent to the gateway






              share|improve this answer




























                0














                In your example (ip: 1.2.3.4 mask: 255.255.255.0) all packets with a destination other than the range 1.2.3.0-1.2.3.255 will be sent to the gateway.



                If the destination belongs to the network (1.2.3.50) but is not present, the packet will not be sent to the gateway either.



                If your host has a subnet mask /0 (0.0.0.0), nothing will be sent to the gateway






                share|improve this answer


























                  0












                  0








                  0







                  In your example (ip: 1.2.3.4 mask: 255.255.255.0) all packets with a destination other than the range 1.2.3.0-1.2.3.255 will be sent to the gateway.



                  If the destination belongs to the network (1.2.3.50) but is not present, the packet will not be sent to the gateway either.



                  If your host has a subnet mask /0 (0.0.0.0), nothing will be sent to the gateway






                  share|improve this answer













                  In your example (ip: 1.2.3.4 mask: 255.255.255.0) all packets with a destination other than the range 1.2.3.0-1.2.3.255 will be sent to the gateway.



                  If the destination belongs to the network (1.2.3.50) but is not present, the packet will not be sent to the gateway either.



                  If your host has a subnet mask /0 (0.0.0.0), nothing will be sent to the gateway







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered 1 hour ago









                  Gert Jan KraaijeveldGert Jan Kraaijeveld

                  1112




                  1112






















                      JSStuball is a new contributor. Be nice, and check out our Code of Conduct.










                      draft saved

                      draft discarded


















                      JSStuball is a new contributor. Be nice, and check out our Code of Conduct.













                      JSStuball is a new contributor. Be nice, and check out our Code of Conduct.












                      JSStuball is a new contributor. Be nice, and check out our Code of Conduct.
















                      Thanks for contributing an answer to Super User!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1396279%2fsemantics-of-how-subnets-work%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      404 Error Contact Form 7 ajax form submitting

                      How to know if a Active Directory user can login interactively

                      Refactoring coordinates for Minecraft Pi buildings written in Python