Semantics of how subnets work
Suppose I have host1 with configured IP 1.2.3.4 and subnet mask 255.255.255.0 connected to a router.
Is the following statement absolutely, semantically correct:
"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?
In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?
Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host? Because the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?
networking subnet netmask
asked 2 hours ago
JSStuballJSStuball
1061
New contributor
JSStuball is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Suppose I have host1 with configured IP 1.2.3.4 and subnet mask 255.255.255.0 connected to a router.
Is the following statement absolutely, semantically correct:
"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?
In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?
Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host? Because the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?
networking subnet netmask
asked 2 hours ago
JSStuballJSStuball
1061
New contributor
JSStuball is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.
– Johan Myréen
26 mins ago
add a comment |
Suppose I have host1 with configured IP 1.2.3.4 and subnet mask 255.255.255.0 connected to a router.
Is the following statement absolutely, semantically correct:
"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?
In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?
Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host? Because the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?
networking subnet netmask
asked 2 hours ago
JSStuballJSStuball
1061
New contributor
JSStuball is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Suppose I have host1 with configured IP 1.2.3.4 and subnet mask 255.255.255.0 connected to a router.
Is the following statement absolutely, semantically correct:
"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?
In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?
Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host? Because the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?
networking subnet netmask
networking subnet netmask
asked 2 hours ago
JSStuballJSStuball
1061
New contributor
JSStuball is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 hours ago
JSStuballJSStuball
1061
New contributor
JSStuball is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 hours ago
JSStuballJSStuball
1061
New contributor
JSStuball is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 hours ago
JSStuballJSStuball
1061
asked 2 hours ago
JSStuballJSStuball
1061
1061
New contributor
JSStuball is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
JSStuball is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
JSStuball is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.
– Johan Myréen
26 mins ago
add a comment |
1
Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.
– Johan Myréen
26 mins ago
1
1
Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.
– Johan Myréen
26 mins ago
Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.
– Johan Myréen
26 mins ago
add a comment |
2 Answers
2
active
oldest
votes
"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?
In traditional IP routing, yes. Packet forwarding is done by choosing the most specific matching route from the routing table (there is no special distinction between "connected interface" vs "default gateway", they're both just standard routes). So if the router has two routes matching the packet, one for 0.0.0.0/0 (default gateway) and another for 1.2.3.0/24 (local subnet), the latter always wins.
Although you should note that routers don't necessarily have a default gateway (especially in the so-called "default-free zone", which really just means they have more-specific routes for absolutely everything).
Also, I say "traditional IP routing" because routers might do more than just destination-based route matching. For example, in IPv6, some systems support routes which match against source and destination; e.g. you can have routes from ::/0 to ::/0 via <gw1> and from 2001:db8::/48 to ::/0 via <gw2>.
It is also common (in both IPv4 and IPv6) to implement policy-based routing which might match packets by protocol, or by firewall mark. If a router has two upstreams (two default routes), it'll often want to use policy routing to ensure that packets received from upstream 1 will have their replies sent to the same upstream 1, even if the routing table would prefer upstream 2.
In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?
Yes. If the routing table says the destination is local but the router fails to receive an ARP/NDP reply, it will not fall back to another, less-specific route – it will immediately give up and return some sort of ICMP error, probably "Destination host unreachable".
(Whether the destination is in the same network as the source usually doesn't affect anything. Even if it means sending the packet out the same interface as it arrived in, the router still behaves the same way.)
Finally, if I (absurdly) choose a subnet mask of /0 for host1, [...] the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?
Changing the subnet mask on a host has no effect on the router. The router doesn't know what subnet mask is configured on other hosts; it'll behave according to how its own interfaces are configured. (And vice versa, the host doesn't know how the router is configured.)
If you directly configure a router to have a /0 subnet mask on some interface, it absolutely does not start acting like a switch. It still acts as a router, but if it had a default route before, it simply has two default routes now – one of them just happens to claim that all hosts are local on the specified interface.
If the router prefers this second default route, you'll still see the usual "local subnet" behavior: the router will keep trying to ARP/NDP every destination directly on this interface (assuming it's a broadcast interface like Ethernet/Wi-Fi), and still won't forward the packets until it has received an ARP reply and learned the destination's MAC address.
And if you configure a host to have a /0 subnet mask, basically the same thing happens: two default routes, one of them local, so the host will try to make ARP queries for every destination and fail. (The only difference between hosts and routers is that a host won't forward received packets while a router will. Otherwise they process routing tables in much the same way.)
Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host?
Normally yes, because the host will never succeed at ARP queries for destinations which aren't really local.
But you can have the router spoof replies to those queries – a feature called "Proxy ARP". With it enabled, when the host tries to make an ARP query for some distant host, it'll learn the local router's MAC address instead, and from that point everything appears to work as if the host had a normal gateway route. (The only difference is that the host will end up having a huge ARP cache.)
This is more commonly used when the host thinks it's on a standard subnet (say, a /24) but cannot actually send Ethernet frames to anything else except the local router. A hosting company might configure its switches to drop all packets except from/to "trusted" router port (port isolation), and enable proxy-ARP on the router. This allows traffic even between customers on the same subnet to be filtered according to the router's firewall rules, which they'd normally bypass.
answered 1 hour ago
grawitygrawity
234k36495550
add a comment |
In your example (ip: 1.2.3.4 mask: 255.255.255.0) all packets with a destination other than the range 1.2.3.0-1.2.3.255 will be sent to the gateway.
If the destination belongs to the network (1.2.3.50) but is not present, the packet will not be sent to the gateway either.
If your host has a subnet mask /0 (0.0.0.0), nothing will be sent to the gateway
answered 1 hour ago
Gert Jan KraaijeveldGert Jan Kraaijeveld
1112
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
JSStuball is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1396279%2fsemantics-of-how-subnets-work%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?
In traditional IP routing, yes. Packet forwarding is done by choosing the most specific matching route from the routing table (there is no special distinction between "connected interface" vs "default gateway", they're both just standard routes). So if the router has two routes matching the packet, one for 0.0.0.0/0 (default gateway) and another for 1.2.3.0/24 (local subnet), the latter always wins.
Although you should note that routers don't necessarily have a default gateway (especially in the so-called "default-free zone", which really just means they have more-specific routes for absolutely everything).
Also, I say "traditional IP routing" because routers might do more than just destination-based route matching. For example, in IPv6, some systems support routes which match against source and destination; e.g. you can have routes from ::/0 to ::/0 via <gw1> and from 2001:db8::/48 to ::/0 via <gw2>.
It is also common (in both IPv4 and IPv6) to implement policy-based routing which might match packets by protocol, or by firewall mark. If a router has two upstreams (two default routes), it'll often want to use policy routing to ensure that packets received from upstream 1 will have their replies sent to the same upstream 1, even if the routing table would prefer upstream 2.
In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?
Yes. If the routing table says the destination is local but the router fails to receive an ARP/NDP reply, it will not fall back to another, less-specific route – it will immediately give up and return some sort of ICMP error, probably "Destination host unreachable".
(Whether the destination is in the same network as the source usually doesn't affect anything. Even if it means sending the packet out the same interface as it arrived in, the router still behaves the same way.)
Finally, if I (absurdly) choose a subnet mask of /0 for host1, [...] the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?
Changing the subnet mask on a host has no effect on the router. The router doesn't know what subnet mask is configured on other hosts; it'll behave according to how its own interfaces are configured. (And vice versa, the host doesn't know how the router is configured.)
If you directly configure a router to have a /0 subnet mask on some interface, it absolutely does not start acting like a switch. It still acts as a router, but if it had a default route before, it simply has two default routes now – one of them just happens to claim that all hosts are local on the specified interface.
If the router prefers this second default route, you'll still see the usual "local subnet" behavior: the router will keep trying to ARP/NDP every destination directly on this interface (assuming it's a broadcast interface like Ethernet/Wi-Fi), and still won't forward the packets until it has received an ARP reply and learned the destination's MAC address.
And if you configure a host to have a /0 subnet mask, basically the same thing happens: two default routes, one of them local, so the host will try to make ARP queries for every destination and fail. (The only difference between hosts and routers is that a host won't forward received packets while a router will. Otherwise they process routing tables in much the same way.)
Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host?
Normally yes, because the host will never succeed at ARP queries for destinations which aren't really local.
But you can have the router spoof replies to those queries – a feature called "Proxy ARP". With it enabled, when the host tries to make an ARP query for some distant host, it'll learn the local router's MAC address instead, and from that point everything appears to work as if the host had a normal gateway route. (The only difference is that the host will end up having a huge ARP cache.)
This is more commonly used when the host thinks it's on a standard subnet (say, a /24) but cannot actually send Ethernet frames to anything else except the local router. A hosting company might configure its switches to drop all packets except from/to "trusted" router port (port isolation), and enable proxy-ARP on the router. This allows traffic even between customers on the same subnet to be filtered according to the router's firewall rules, which they'd normally bypass.
answered 1 hour ago
grawitygrawity
234k36495550
add a comment |
"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?
In traditional IP routing, yes. Packet forwarding is done by choosing the most specific matching route from the routing table (there is no special distinction between "connected interface" vs "default gateway", they're both just standard routes). So if the router has two routes matching the packet, one for 0.0.0.0/0 (default gateway) and another for 1.2.3.0/24 (local subnet), the latter always wins.
Although you should note that routers don't necessarily have a default gateway (especially in the so-called "default-free zone", which really just means they have more-specific routes for absolutely everything).
Also, I say "traditional IP routing" because routers might do more than just destination-based route matching. For example, in IPv6, some systems support routes which match against source and destination; e.g. you can have routes from ::/0 to ::/0 via <gw1> and from 2001:db8::/48 to ::/0 via <gw2>.
It is also common (in both IPv4 and IPv6) to implement policy-based routing which might match packets by protocol, or by firewall mark. If a router has two upstreams (two default routes), it'll often want to use policy routing to ensure that packets received from upstream 1 will have their replies sent to the same upstream 1, even if the routing table would prefer upstream 2.
In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?
Yes. If the routing table says the destination is local but the router fails to receive an ARP/NDP reply, it will not fall back to another, less-specific route – it will immediately give up and return some sort of ICMP error, probably "Destination host unreachable".
(Whether the destination is in the same network as the source usually doesn't affect anything. Even if it means sending the packet out the same interface as it arrived in, the router still behaves the same way.)
Finally, if I (absurdly) choose a subnet mask of /0 for host1, [...] the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?
Changing the subnet mask on a host has no effect on the router. The router doesn't know what subnet mask is configured on other hosts; it'll behave according to how its own interfaces are configured. (And vice versa, the host doesn't know how the router is configured.)
If you directly configure a router to have a /0 subnet mask on some interface, it absolutely does not start acting like a switch. It still acts as a router, but if it had a default route before, it simply has two default routes now – one of them just happens to claim that all hosts are local on the specified interface.
If the router prefers this second default route, you'll still see the usual "local subnet" behavior: the router will keep trying to ARP/NDP every destination directly on this interface (assuming it's a broadcast interface like Ethernet/Wi-Fi), and still won't forward the packets until it has received an ARP reply and learned the destination's MAC address.
And if you configure a host to have a /0 subnet mask, basically the same thing happens: two default routes, one of them local, so the host will try to make ARP queries for every destination and fail. (The only difference between hosts and routers is that a host won't forward received packets while a router will. Otherwise they process routing tables in much the same way.)
Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host?
Normally yes, because the host will never succeed at ARP queries for destinations which aren't really local.
But you can have the router spoof replies to those queries – a feature called "Proxy ARP". With it enabled, when the host tries to make an ARP query for some distant host, it'll learn the local router's MAC address instead, and from that point everything appears to work as if the host had a normal gateway route. (The only difference is that the host will end up having a huge ARP cache.)
This is more commonly used when the host thinks it's on a standard subnet (say, a /24) but cannot actually send Ethernet frames to anything else except the local router. A hosting company might configure its switches to drop all packets except from/to "trusted" router port (port isolation), and enable proxy-ARP on the router. This allows traffic even between customers on the same subnet to be filtered according to the router's firewall rules, which they'd normally bypass.
answered 1 hour ago
grawitygrawity
234k36495550
add a comment |
"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?
In traditional IP routing, yes. Packet forwarding is done by choosing the most specific matching route from the routing table (there is no special distinction between "connected interface" vs "default gateway", they're both just standard routes). So if the router has two routes matching the packet, one for 0.0.0.0/0 (default gateway) and another for 1.2.3.0/24 (local subnet), the latter always wins.
Although you should note that routers don't necessarily have a default gateway (especially in the so-called "default-free zone", which really just means they have more-specific routes for absolutely everything).
Also, I say "traditional IP routing" because routers might do more than just destination-based route matching. For example, in IPv6, some systems support routes which match against source and destination; e.g. you can have routes from ::/0 to ::/0 via <gw1> and from 2001:db8::/48 to ::/0 via <gw2>.
It is also common (in both IPv4 and IPv6) to implement policy-based routing which might match packets by protocol, or by firewall mark. If a router has two upstreams (two default routes), it'll often want to use policy routing to ensure that packets received from upstream 1 will have their replies sent to the same upstream 1, even if the routing table would prefer upstream 2.
In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?
Yes. If the routing table says the destination is local but the router fails to receive an ARP/NDP reply, it will not fall back to another, less-specific route – it will immediately give up and return some sort of ICMP error, probably "Destination host unreachable".
(Whether the destination is in the same network as the source usually doesn't affect anything. Even if it means sending the packet out the same interface as it arrived in, the router still behaves the same way.)
Finally, if I (absurdly) choose a subnet mask of /0 for host1, [...] the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?
Changing the subnet mask on a host has no effect on the router. The router doesn't know what subnet mask is configured on other hosts; it'll behave according to how its own interfaces are configured. (And vice versa, the host doesn't know how the router is configured.)
If you directly configure a router to have a /0 subnet mask on some interface, it absolutely does not start acting like a switch. It still acts as a router, but if it had a default route before, it simply has two default routes now – one of them just happens to claim that all hosts are local on the specified interface.
If the router prefers this second default route, you'll still see the usual "local subnet" behavior: the router will keep trying to ARP/NDP every destination directly on this interface (assuming it's a broadcast interface like Ethernet/Wi-Fi), and still won't forward the packets until it has received an ARP reply and learned the destination's MAC address.
And if you configure a host to have a /0 subnet mask, basically the same thing happens: two default routes, one of them local, so the host will try to make ARP queries for every destination and fail. (The only difference between hosts and routers is that a host won't forward received packets while a router will. Otherwise they process routing tables in much the same way.)
Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host?
Normally yes, because the host will never succeed at ARP queries for destinations which aren't really local.
But you can have the router spoof replies to those queries – a feature called "Proxy ARP". With it enabled, when the host tries to make an ARP query for some distant host, it'll learn the local router's MAC address instead, and from that point everything appears to work as if the host had a normal gateway route. (The only difference is that the host will end up having a huge ARP cache.)
This is more commonly used when the host thinks it's on a standard subnet (say, a /24) but cannot actually send Ethernet frames to anything else except the local router. A hosting company might configure its switches to drop all packets except from/to "trusted" router port (port isolation), and enable proxy-ARP on the router. This allows traffic even between customers on the same subnet to be filtered according to the router's firewall rules, which they'd normally bypass.
answered 1 hour ago
grawitygrawity
234k36495550
"The router will forward a packet sent by host1 down its default gateway if and only if for all it's connected interfaces, the interface's configured address bitwise AND with host1's subnet mask does not equal host1's network address"?
In traditional IP routing, yes. Packet forwarding is done by choosing the most specific matching route from the routing table (there is no special distinction between "connected interface" vs "default gateway", they're both just standard routes). So if the router has two routes matching the packet, one for 0.0.0.0/0 (default gateway) and another for 1.2.3.0/24 (local subnet), the latter always wins.
Although you should note that routers don't necessarily have a default gateway (especially in the so-called "default-free zone", which really just means they have more-specific routes for absolutely everything).
Also, I say "traditional IP routing" because routers might do more than just destination-based route matching. For example, in IPv6, some systems support routes which match against source and destination; e.g. you can have routes from ::/0 to ::/0 via <gw1> and from 2001:db8::/48 to ::/0 via <gw2>.
It is also common (in both IPv4 and IPv6) to implement policy-based routing which might match packets by protocol, or by firewall mark. If a router has two upstreams (two default routes), it'll often want to use policy routing to ensure that packets received from upstream 1 will have their replies sent to the same upstream 1, even if the routing table would prefer upstream 2.
In particular, if the destination address is on the same subnet as host1, say 1.2.3.50, but not existing on the local network, is it still true that the router will never forward it down the default gateway?
Yes. If the routing table says the destination is local but the router fails to receive an ARP/NDP reply, it will not fall back to another, less-specific route – it will immediately give up and return some sort of ICMP error, probably "Destination host unreachable".
(Whether the destination is in the same network as the source usually doesn't affect anything. Even if it means sending the packet out the same interface as it arrived in, the router still behaves the same way.)
Finally, if I (absurdly) choose a subnet mask of /0 for host1, [...] the router would be acting as a switch and spamming every packet to all connected interfaces (except the gateawy interface), and never forwarding anything down its default gateway?
Changing the subnet mask on a host has no effect on the router. The router doesn't know what subnet mask is configured on other hosts; it'll behave according to how its own interfaces are configured. (And vice versa, the host doesn't know how the router is configured.)
If you directly configure a router to have a /0 subnet mask on some interface, it absolutely does not start acting like a switch. It still acts as a router, but if it had a default route before, it simply has two default routes now – one of them just happens to claim that all hosts are local on the specified interface.
If the router prefers this second default route, you'll still see the usual "local subnet" behavior: the router will keep trying to ARP/NDP every destination directly on this interface (assuming it's a broadcast interface like Ethernet/Wi-Fi), and still won't forward the packets until it has received an ARP reply and learned the destination's MAC address.
And if you configure a host to have a /0 subnet mask, basically the same thing happens: two default routes, one of them local, so the host will try to make ARP queries for every destination and fail. (The only difference between hosts and routers is that a host won't forward received packets while a router will. Otherwise they process routing tables in much the same way.)
Finally, if I (absurdly) choose a subnet mask of /0 for host1, this effectively blocks the whole internet from my host?
Normally yes, because the host will never succeed at ARP queries for destinations which aren't really local.
But you can have the router spoof replies to those queries – a feature called "Proxy ARP". With it enabled, when the host tries to make an ARP query for some distant host, it'll learn the local router's MAC address instead, and from that point everything appears to work as if the host had a normal gateway route. (The only difference is that the host will end up having a huge ARP cache.)
This is more commonly used when the host thinks it's on a standard subnet (say, a /24) but cannot actually send Ethernet frames to anything else except the local router. A hosting company might configure its switches to drop all packets except from/to "trusted" router port (port isolation), and enable proxy-ARP on the router. This allows traffic even between customers on the same subnet to be filtered according to the router's firewall rules, which they'd normally bypass.
answered 1 hour ago
grawitygrawity
234k36495550
edited 20 mins ago
answered 1 hour ago
grawitygrawity
234k36495550
answered 1 hour ago
grawitygrawity
234k36495550
answered 1 hour ago
grawitygrawity
234k36495550
234k36495550
add a comment |
add a comment |
In your example (ip: 1.2.3.4 mask: 255.255.255.0) all packets with a destination other than the range 1.2.3.0-1.2.3.255 will be sent to the gateway.
If the destination belongs to the network (1.2.3.50) but is not present, the packet will not be sent to the gateway either.
If your host has a subnet mask /0 (0.0.0.0), nothing will be sent to the gateway
answered 1 hour ago
Gert Jan KraaijeveldGert Jan Kraaijeveld
1112
add a comment |
In your example (ip: 1.2.3.4 mask: 255.255.255.0) all packets with a destination other than the range 1.2.3.0-1.2.3.255 will be sent to the gateway.
If the destination belongs to the network (1.2.3.50) but is not present, the packet will not be sent to the gateway either.
If your host has a subnet mask /0 (0.0.0.0), nothing will be sent to the gateway
answered 1 hour ago
Gert Jan KraaijeveldGert Jan Kraaijeveld
1112
add a comment |
In your example (ip: 1.2.3.4 mask: 255.255.255.0) all packets with a destination other than the range 1.2.3.0-1.2.3.255 will be sent to the gateway.
If the destination belongs to the network (1.2.3.50) but is not present, the packet will not be sent to the gateway either.
If your host has a subnet mask /0 (0.0.0.0), nothing will be sent to the gateway
answered 1 hour ago
Gert Jan KraaijeveldGert Jan Kraaijeveld
1112
In your example (ip: 1.2.3.4 mask: 255.255.255.0) all packets with a destination other than the range 1.2.3.0-1.2.3.255 will be sent to the gateway.
If the destination belongs to the network (1.2.3.50) but is not present, the packet will not be sent to the gateway either.
If your host has a subnet mask /0 (0.0.0.0), nothing will be sent to the gateway
answered 1 hour ago
Gert Jan KraaijeveldGert Jan Kraaijeveld
1112
answered 1 hour ago
Gert Jan KraaijeveldGert Jan Kraaijeveld
1112
answered 1 hour ago
Gert Jan KraaijeveldGert Jan Kraaijeveld
1112
answered 1 hour ago
Gert Jan KraaijeveldGert Jan Kraaijeveld
1112
1112
add a comment |
add a comment |
JSStuball is a new contributor. Be nice, and check out our Code of Conduct.
JSStuball is a new contributor. Be nice, and check out our Code of Conduct.
JSStuball is a new contributor. Be nice, and check out our Code of Conduct.
JSStuball is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1396279%2fsemantics-of-how-subnets-work%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Before the on-link router comes into play, we will have to consider what the host originating the packet does. The routing table of the host is first consulted, and the next hop of the packet is determined based on this. If the destination address is in the same subnet, the host sends the packet directly to the destination; it does not pass through the router at all. A router and a host are actually functionally very similar, the essential difference is that a router also forwards packets, i.e. it receives packets on an interface, and re-transmits them if they are not destined for the router.
– Johan Myréen
26 mins ago