MAC Addresses And IP Addresses: Highlighting The Facts

Understanding MAC Addresses And IP Addresses

In my previous article, I have talked much about how data travels across the network. In this article, I want to talk more about MAC addresses and IP Addresses. Follow me as we will look at that in this article. There are two primary addresses assigned to a device on an Ethernet LAN:

 

  • Physical address (the MAC address) – This is used for Ethernet NIC to Ethernet NIC communications on the same network.
  • The logical address (the IP address) – This is used to send the packet from the original source to the final destination.

IP addresses are used to identify the address of the original source device and the final destination device. The destination IP address may be on the same IP network as the source or maybe on a remote network.
Note: Most applications use DNS (Domain Name System) to determine the IP address when given a domain name such as www.cisco.com. DNS is discussed in a later module.
Ethernet MAC addresses have different purposes. These addresses are used to deliver the data link frame with the encapsulated IP packet from one NIC to another NIC on the same network. If the destination IP address is on the same network, the destination MAC address will be that of the destination device.

The figure shows the Ethernet MAC addresses and IP addresses for PC-A sending an IP packet to the file server on the same network.
The Layer 2 Ethernet frame contains:

 

  • Destination MAC address – This is the MAC address of the file server’s Ethernet NIC.
  • Source MAC address – This is the MAC address of PC-A’s Ethernet NIC.

The Layer 3 IP packet contains:

  • Source IP address – This is the IP address of the original source, PC-A.
  • Destination IP address – This is the IP address of the final destination, the file server.
The figure shows a P C connected to a server. The P C is sending data to the server. The P C puts the Layer 3 source and destination I P addresses in the packet header and then puts the Layer 2 source and destination MAC addresses in the frame header.

Communicating on a Local Network

Destination on Remote Network

When the destination IP address is on a remote network, the destination MAC address will be the address of the host’s default gateway. The default gateway address is the address of the router’s NIC, as shown in the figure. Using a postal analogy, this would be similar to a person taking a letter to their local post office. They only need to leave the letter at the post office. It then becomes the responsibility of the post office to forward the letter towards its final destination.

 

The figure shows the Ethernet MAC addresses and IPv4 addresses for PC-A. It is sending an IP packet to a file server on a remote network. Routers examine the destination IPv4 address to determine the best path to forward the IPv4 packet. This is similar to how the postal service forwards mail based on the address of the recipient.

 

When the router receives the Ethernet frame, it de-encapsulates the Layer 2 information. Using the destination IP address, it determines the next-hop device and then encapsulates the IP packet in a new data link frame for the outgoing interface. Along with each link in a path, an IP packet is encapsulated in a frame specific to the particular data link technology associated with that link, such as Ethernet. If the next-hop device is the final destination, the destination MAC address will be that of the device’s Ethernet NIC.

 

How are the IPv4 addresses of the IPv4 packets in a data flow associated with the MAC addresses on each link along the path to the destination? This is done through a process called Address Resolution Protocol (ARP).

 

The figure shows P C A connected to router r 1, which is connected to R 2. R 2 is connected to a file server. P C A is sending data to the file server. P C A builds a packet with its own I P address as the source and the destination I P address of the file server. P C A then builds a frame with its own MAC address as the source and the MAC address for R 1 as the destination.

Using Ping And Traceroute Utilities

 

Ping-Test Connectivity

In my previous article,  you were introduced to the ping and traceroute (tracert) tools. In this topic, you will learn about the situations in which each tool is used, and how to use them. Ping is an IPv4 and IPv6 testing utility that uses ICMP echo request and echo reply messages to test connectivity between hosts. In this article, we will talk about ways of using ping and traceroute utilities. 

 

To test connectivity to another host on a network, an echo request is sent to the host address using the ping command. If the host at the specified address receives the echo request, it responds with an echo reply. As each echo reply is received, ping provides feedback on the time between when the request was sent and when the reply was received.

This can be a measure of network performance.
Ping has a timeout value for the reply. If a reply is not received within the timeout, ping provides a message indicating that a response was not received. This may indicate that there is a problem, but could also indicate that security features blocking ping messages have been enabled on the network. It is common for the first ping to timeout if address resolution (ARP or ND) needs to be performed before sending the ICMP Echo Request.

After all the requests are sent, the ping utility provides a summary that includes the success rate and average round-trip time to the destination.
Type of connectivity tests performed with ping include the following:

  • Pinging the local loopback
  • Pinging the default gateway
  • Pinging the remote host

Ping the Loopback

Ping can be used to test the internal configuration of IPv4 or IPv6 on the localhost. To perform this test, ping the local loopback address of 127.0.0.1 for IPv4 (::1 for IPv6).
A response from 127.0.0.1 for IPv4, or::1 for IPv6, indicates that IP is properly installed on the host. This response comes from the network layer. This response is not, however, an indication that the addresses, masks, or gateways are properly configured. Nor does it indicate anything about the status of the lower layer of the network stack. This simply tests IP down through the network layer of IP. An error message indicates that TCP/IP is not operational on the host.
shows the Ethernet properties dialogue box shows that Internet Protocol Version 4 (TCP/IPv4) is installed and active which is proved with a ping to 127.0.0.1

Ping the Default Gateway

You can also use ping to test the ability of a host to communicate on the local network. This is generally done by pinging the IP address of the default gateway of the host. A successful ping to the default gateway indicates that the host and the router interface serving as the default gateway are both operating on the local network.
For this test, the default gateway address is most often used because the router is normally always operational. If the default gateway address does not respond, a ping can be sent to the IP address of another host on the local network that is known to be operational.
If either the default gateway or another host responds, then the local host can successfully communicate over the local network. If the default gateway does not respond but another host does, this could indicate a problem with the router interface serving as the default gateway.
One possibility is that the wrong default gateway address has been configured on the host. Another possibility is that the router interface may be fully operational but have security applied to it that prevents it from processing or responding to ping requests.
The graphic shows the Ethernet properties dialogue box configured with a static IP address, subnet mask, and default gateway. The topology shows the PC sending an echo request to the router default gateway and the router’s echo-response reply.

Ping a Remote Host

Ping can also be used to test the ability of localhost to communicate across an internetwork. The local host can ping an operational IPv4 host of a remote network, as shown in the figure. The router uses its IP routing table to forward the packets.

PEOPLE ALSO READ:  Reconnaissance Attacks In Networking: How It Works

If this ping is successful, the operation of a large piece of the internetwork can be verified. A successful ping across the internetwork confirms communication on the local network, the operation of the router serving as the default gateway, and the operation of all other routers that might be in the path between the local network and the network of the remote host.

Additionally, the functionality of the remote host can be verified. If the remote host could not communicate outside of its local network, it would not have responded.

Note: Many network administrators limit or prohibit the entry of ICMP messages into the corporate network; therefore, the lack of a ping response could be due to security restrictions.

 

an animation shows a ping echo request to a remote network that is routed through a router and the echo reply that is routed back from the remote network

Traceroute – Test the Path

Ping is used to test connectivity between two hosts but does not provide information about the details of devices between the hosts. Traceroute (tracert) is a utility that generates a list of hops that were successfully reached along the path. This list can provide important verification and troubleshooting information. If the data reaches the destination, then the trace lists the interface of every router in the path between the hosts. If the data fails at some hop along the way, the address of the last router that responded to the trace can provide an indication of where the problem or security restrictions are found.
Round Trip Time (RTT)
Using traceroute provides round-trip time for each hop along the path and indicates if a hop fails to respond. The round-trip time is the time a packet takes to reach the remote host and for the response from the host to return. An asterisk (*) is used to indicate a lost or unreplied packet.
This information can be used to locate a problematic router in the path or may indicate that the router is configured not to reply. If the display shows high response times or data losses from a particular hop, this is an indication that the resources of the router or its connections may be overused.

 

IPv4 TTL and IPv6 Hop Limit
Traceroute makes use of a function of the TTL field in IPv4 and the Hop Limit field in IPv6 in the Layer 3 headers, along with the ICMP Time Exceeded message.
Play the animation in the figure to see how the traceroute takes advantage of TTL.
The first sequence of messages sent from traceroute will have a TTL field value of 1. This causes the TTL to time out the IPv4 packet at the first router. This router then responds with an ICMPv4 Time Exceeded message. Traceroute now has the address of the first hop.

 

Traceroute then progressively increments the TTL field (2, 3, 4…) for each sequence of messages. This provides the trace with the address of each hop as the packets time out further down the path. The TTL field continues to be increased until the destination is reached, or it is incremented to a predefined maximum.

After the final destination is reached, the host responds with either an ICMP Port Unreachable message or an ICMP Echo Reply message instead of the ICMP Time Exceeded message.

ICMP Packet Format

ICMP is encapsulated directly into IP packets. In this sense, it is almost like a transport layer protocol, because it is encapsulated into a packet, however, it is considered to be a Layer 3 protocol. ICMP acts as a data payload within the IP packet. It has a special header data field, as shown in the figure.
ICMP uses message codes to differentiate between different types of ICMP messages. These are some common message codes:

 

  • 0 – Echo reply (response to a ping)
  • 3 – Destination Unreachable
  • 5 – Redirect (use another route to your destination)
  • 8 – Echo request (for ping)
  • 11 – Time Exceeded (TTL became 0)

As you will see later in the course, a cybersecurity analyst knows that the optional ICMP payload field can be used in an attack vector to exfiltrate data.

Understanding Internet Control Message Protocol

Although IP is only a best-effort protocol, the TCP/IP suite does provide for messages to be sent in the event of certain errors. These messages are sent using the services of ICMP. The purpose of these messages is to provide feedback about issues related to the processing of IP packets under certain conditions, not to make IP reliable. ICMP messages are not required and are often not allowed within a network for security reasons.

 

ICMP is available for both IPv4 and IPv6. ICMPv4 is the messaging protocol for IPv4. ICMPv6 provides these same services for IPv6 but includes additional functionality. In this course, the term ICMP will be used when referring to both ICMPv4 and ICMPv6.

 

The types of ICMP messages and the reasons why they are sent are extensive. We will discuss some of the more common messages.
ICMP messages common to both ICMPv4 and ICMPv6 include:

  • Host confirmation
  • Destination or Service Unreachable
  • Time exceeded
  • Route redirection

 

Host Confirmation

An ICMP Echo Message can be used to determine if a host is operational. The local host sends an ICMP Echo Request to a host. If the host is available, the destination host responds with an Echo Reply. Click Play in the figure to see an animation of the ICMP Echo Request/Echo Reply. This use of the ICMP Echo messages is the basis of the ping utility.

animation of host 1 sending a ping ICMP echo request to host 2 and the ICMP echo reply from host 2 back to host 1
Destination or Service Unreachable
When a host or gateway receives a packet that it cannot deliver, it can use an ICMP Destination Unreachable message to notify the source that the destination or service is unreachable. The message will include a code that indicates why the packet could not be delivered.
These are some of the Destination Unreachable codes for ICMPv4:

  • 0 – Net unreachable
  • 1 – Host unreachable
  • 2 – Protocol unreachable
  • 3 – Port unreachable

Note: ICMPv6 has similar but slightly different codes for Destination Unreachable messages.

Time Exceeded

An ICMPv4 Time Exceeded message is used by a router to indicate that a packet cannot be forwarded because the Time to Live (TTL) field of the packet was decremented to 0. If a router receives a packet and decrements the TTL field in the IPv4 packet to zero, it discards the packet and sends a Time Exceeded message to the source host.
ICMPv6 also sends a Time Exceeded message if the router cannot forward an IPv6 packet because the packet has expired. IPv6 does not have a TTL field. It uses the hop limit field to determine if the packet has expired.

ICMPv6 RS and RA Messages

The informational and error messages found in ICMPv6 are very similar to the control and error messages implemented by ICMPv4. However, ICMPv6 has new features and improved functionality not found in ICMPv4. ICMPv6 messages are encapsulated in IPv6.
ICMPv6 includes four new protocols as part of the Neighbor Discovery Protocol (ND or NDP).
Messaging between an IPv6 router and an IPv6 device:

  • Router Solicitation (RS) message
  • Router Advertisement (RA) message

Messaging between IPv6 devices:

  • Neighbour Solicitation (NS) message
  • Neighbour Advertisement (NA) message
Router Solicitation
Address Resolution
Duplicate Address Detection (DAD)
  1. RA messages are sent by routers to provide addressing information to hosts using Stateless Address Autoconfiguration (SLAAC). The RA message can include addressing information for the host such as the prefix, prefix length, DNS address, and domain name. A router will send an RA message periodically or in response to an RS message. A host using SLAAC will set its default gateway to the link-local address of the router that sent the RA.
  2. When a host is configured to obtain its addressing information automatically using SLAAC, the host will send an RS message to the router requesting an RA message.

The Need For IPv6 Network Addressing

IPv6 is designed to be the successor to IPv4. IPv6 has a larger 128-bit address space, providing 340 undecillion (i.e., 340 followed by 36 zeroes) possible addresses. However, IPv6 is more than just larger addresses. In this article, I want to discuss the need for IPv6 Network Addressing.

When the IETF began its development of a successor to IPv4, it used this opportunity to fix the limitations of IPv4 and include enhancements. One example is Internet Control Message Protocol version 6 (ICMPv6), which includes address resolution and address autoconfiguration not found in ICMP for IPv4 (ICMPv4).

PEOPLE ALSO READ:  Data Confidentiality In Cybersecurity: What You Should Know

 

The depletion of IPv4 address space has been the motivating factor for moving to IPv6. As Africa, Asia and other areas of the world become more connected to the internet, there are not enough IPv4 addresses to accommodate this growth. As shown in the figure, four out of the five RIRs have run out of IPv4 addresses.

 

The graphic shows a global map of the five regional internet registries and their IPv4 exhaustion dates. ARINs IPv4 exhaustion date is July 2015, RIPE NCCs exhaustion date is September 2012, APNICs exhaustion date is June 2014, LACNICs exhaustion date is April 2011, and AfriNICs projected exhaustion date is 2020.

RIR IPv4 Exhaustion Dates

IPv4 has a theoretical maximum of 4.3 billion addresses. Private addresses in combination with Network Address Translation (NAT) have been instrumental in slowing the depletion of IPv4 address space. However, NAT is problematic for many applications, creates latency, and has limitations that severely impede peer-to-peer communications.

 

With the ever-increasing number of mobile devices, mobile providers have been leading the way with the transition to IPv6. The top two mobile providers in the United States report that over 90% of their traffic is over IPv6.

 

Most top ISPs and content providers such as YouTube, Facebook, and NetFlix, have also made the transition. Many companies like Microsoft, Facebook, and LinkedIn are transitioning to IPv6-only internally. In 2018, broadband ISP Comcast reported deployment of over 65% and British Sky Broadcasting over 86%.

 

Internet of Things
The internet of today is significantly different from the internet of past decades. The internet of today is more than email, web pages, and file transfers between computers. The evolving internet is becoming an Internet of Things (IoT). No longer will the only devices accessing the internet be computers, tablets, and smartphones. The sensor-equipped, internet-ready devices of tomorrow will include everything from automobiles and biomedical devices, to household appliances and natural ecosystems.
With an increasing Internet population, a limited IPv4 address space, issues with NAT and the IoT, the time has come to begin the transition to IPv6.

IPv6 Addressing Formats

The first step to learning about IPv6 in networks is to understand the way an IPv6 address is written and formatted. IPv6 addresses are much larger than IPv4 addresses, which is why we are unlikely to run out of them.

IPv6 addresses are 128 bits in length and written as a string of hexadecimal values. Every four bits is represented by a single hexadecimal digit; for a total of 32 hexadecimal values, as shown in the figure. IPv6 addresses are not case-sensitive and can be written in either lowercase or uppercase.

16-bit Segments or Hextets

Preferred Format

The previous figure also shows that the preferred format for writing an IPv6 address is x:x:x:x:x:x:x:x, with each “x” consisting of four hexadecimal values. The term octet refers to the eight bits of an IPv4 address. In IPv6, a hextet is the unofficial term used to refer to a segment of 16 bits, or four hexadecimal values. Each “x” is a single hextet which is 16 bits or four hexadecimal digits.

Preferred format means that you write IPv6 address using all 32 hexadecimal digits. It does not necessarily mean that it is the ideal method for representing the IPv6 address. In this module, you will see two rules that help to reduce the number of digits needed to represent an IPv6 address.
These are examples of IPv6 addresses in the preferred format.

2001 : 0db8 : 0000 : 1111 : 0000 : 0000 : 0000: 0200
2001 : 0db8 : 0000 : 00a3 : abcd : 0000 : 0000: 1234
2001 : 0db8 : 000a : 0001 : c012 : 9aff : fe9a: 19ac
2001 : 0db8 : aaaa : 0001 : 0000 : 0000 : 0000: 0000
fe80 : 0000 : 0000 : 0000 : 0123 : 4567 : 89ab: cdef
fe80 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000: 0001
fe80 : 0000 : 0000 : 0000 : c012 : 9aff : fe9a: 19ac
fe80 : 0000 : 0000 : 0000 : 0123 : 4567 : 89ab: cdef
0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000: 0001
0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000: 0000 

Rule 1 – Omit Leading Zeros

The first rule to help reduce the notation of IPv6 addresses is to omit any leading 0s (zeros) in any hextet. Here are four examples of ways to omit leading zeros:

  • 01ab can be represented as 1ab
  • 09f0 can be represented as 9f0
  • 0a00 can be represented as a00
  • 00ab can be represented as ab

This rule only applies to leading 0s, NOT to trailing 0s, otherwise the address would be ambiguous. For example, the hextet “abc” could be either “0abc” or “abc0”, but these do not represent the same value.

 
Type Format
Preferred
2001 : 0db8 : 0000 : 1111 : 0000 : 0000 : 0000 : 0200
No leading 0s
2001 :  db8 :    0 : 1111 :    0 :    0 :    0 :  200
Preferred
2001 : 0db8 : 0000 : 00a3 : ab00 : 0ab0 : 00ab : 1234
No leading 0s
2001 :  db8 :    0 :   a3 : ab00 :  ab0 :   ab : 1234
Preferred
2001 : 0db8 : 000a : 0001 : c012 : 90ff : fe90 : 0001
No leading 0s
2001 :  db8 :    a :    1 : c012 : 90ff : fe90 :    1
Preferred
2001 : 0db8 : aaaa : 0001 : 0000 : 0000 : 0000 : 0000
No leading 0s
2001 :  db8 : aaaa :    1 :    0 :    0 :    0 :    0
Preferred
fe80 : 0000 : 0000 : 0000 : 0123 : 4567 : 89ab : cdef
No leading 0s
fe80 :    0 :    0 :    0 :  123 : 4567 : 89ab : cdef
Preferred
fe80 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0001
No leading 0s
fe80 :    0 :    0 :    0 :    0 :    0 :    0 :    1
Preferred
0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0001
No leading 0s
   0 :    0 :    0 :    0 :    0 :    0 :    0 :    1
Preferred
0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000
No leading 0s
   0 :    0 :    0 :    0 :    0 :    0 :    0 :    0

Rule 2- Double Colon

The second rule to help reduce the notation of IPv6 addresses is that a double colon (::) can replace any single, contiguous string of one or more 16-bit hextets consisting of all zeros. For example, 2001:db8:cafe:1:0:0:0:1 (leading 0s omitted) could be represented as 2001:db8:cafe:1::1. The double colon (::) is used in place of the three all-0 hextets (0:0:0).
The double colon (::) can only be used once within an address, otherwise there would be more than one possible resulting address. When used with the omitting leading 0s technique, the notation of IPv6 address can often be greatly reduced. This is commonly known as the compressed format.
Here is an example of the incorrect use of the double colon: 2001:db8::abcd::1234.
The double colon is used twice in the example above. Here are the possible expansions of this incorrect compressed format address:

  • 2001:db8::abcd:0000:0000:1234
  • 2001:db8::abcd:0000:0000:0000:1234
  • 2001:db8:0000:abcd::1234
  • 2001:db8:0000:0000:abcd::1234

If an address has more than one contiguous string of all-0 hextets, best practice is to use the double colon (::) on the longest string. If the strings are equal, the first string should use the double colon (::).

 
Type Format
Preferred
2001 : 0db8 : 0000 : 1111 : 0000 : 0000 : 0000 : 0200
Compressed/spaces
2001 :  db8 :    0 : 1111 :                    :  200
Compressed
2001:db8:0:1111::200
Preferred
2001 : 0db8 : 0000 : 0000 : ab00 : 0000 : 0000 : 0000
Compressed/spaces
2001 :  db8 :    0 :    0 : ab00 ::
Compressed
2001:db8:0:0:ab00::
Preferred
2001 : 0db8 : aaaa : 0001 : 0000 : 0000 : 0000 : 0000
Compressed/spaces
2001 :  db8 : aaaa :    1 ::
Compressed
2001:db8:aaaa:1::
Preferred
fe80 : 0000 : 0000 : 0000 : 0123 : 4567 : 89ab : cdef
Compressed/spaces
fe80 :                    :  123 : 4567 : 89ab : cdef
Compressed
fe80::123:4567:89ab:cdef
Preferred
fe80 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0001
Compressed/spaces
fe80 :                                         :    1
Compressed
fe80::0
Preferred
0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0001
Compressed/spaces
::                                                  1
Compressed
::1
Preferred
0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000
Compressed/spaces
::
Compressed
::

IPv6 Prefix Length

The prefix, or network portion, of an IPv4 address can be identified by a dotted-decimal subnet mask or prefix length (slash notation). For example, an IPv4 address of 192.168.1.10 with dotted-decimal subnet mask 255.255.255.0 is equivalent to 192.168.1.10/24.
In IPv4 the /24 is called the prefix. In IPv6 it is called the prefix length. IPv6 does not use the dotted-decimal subnet mask notation. Like IPv4, the prefix length is represented in slash notation and is used to indicate the network portion of an IPv6 address.
The prefix length can range from 0 to 128. The recommended IPv6 prefix length for LANs and most other types of networks is /64, as shown in the figure.
The graphic shows an IPv6 address divided into a 64-bit prefix and a 64-bit interface ID. The 64-bit prefix is 2001:0db8:000a:0000. The 64-bit interface ID is 0000:0000:0000:0000.

IPv6 Prefix Length

It is strongly recommended to use a 64-bit Interface ID for most networks. This is because stateless address autoconfiguration (SLAAC) uses 64 bits for the Interface ID. It also makes subnetting easier to create and manage.

How Router Makes Host Forwarding Decision

 

With both IPv4 and IPv6, packets are always created at the source host. The source host must be able to direct the packet to the destination host. To do this, host end devices create their own routing table. This topic discusses how end devices use routing tables. In this article, I want to talk about how router makes host forwarding decisions.

Another role of the network layer is to direct packets between hosts. A host can send a packet to the following:

  • Itself – A host can ping itself by sending a packet to a special IPv4 address of 127.0.0.1 or an IPv6 address ::/1, which is referred to as the loopback interface. Pinging the loopback interface tests the TCP/IP protocol stack on the host.
  • Local host – This is a destination host that is on the same local network as the sending host. The source and destination hosts share the same network address.
  • Remote host – This is a destination host on a remote network. The source and destination hosts do not share the same network address.
PEOPLE ALSO READ:  How Nigerian Scam Yahoo Yahoo Works

The figure illustrates PC1 connecting to a local host on the same network, and to a remote host located on another network.

 

The diagram shows a host, PC1, connecting to a local host, PC2, on the same network and to a remote host, a server, on another network. PC1 and PC2 are connected to a switch on network 192.168.10.0/24. PC1 has an address of .10 and PC2 has an address of .15. The switch is connected to a router, R1, at address .1. On the other side of the R1 is a connection to the cloud where the remote host resides.

 

Whether a packet is destined for a local host or a remote host is determined by the source end device. The source end device determines whether the destination IP address is on the same network that the source device itself is on. The method of determination varies by IP version:

 

  • In IPv4 – The source device uses its own subnet mask along with its own IPv4 address and the destination IPv4 address to make this determination.
  • In IPv6 – The local router advertises the local network address (prefix) to all devices on the network.

In a home or business network, you may have several wired and wireless devices interconnected together using an intermediary device, such as a LAN switch or a wireless access point (WAP). This intermediary device provides interconnections between local hosts on the local network. Local hosts can reach each other and share information without the need for any additional devices.

If a host is sending a packet to a device that is configured with the same IP network as the host device, the packet is simply forwarded out of the host interface, through the intermediary device, and to the destination device directly.

Of course, in most situations we want our devices to be able to connect beyond the local network segment, such as out to other homes, businesses, and the internet. Devices that are beyond the local network segment are known as remote hosts.

When a source device sends a packet to a remote destination device, then the help of routers and routing is needed. Routing is the process of identifying the best path to a destination. The router connected to the local network segment is referred to as the default gateway.

Default Gateway

The default gateway is the network device (i.e., router or Layer 3 switch) that can route traffic to other networks. If you use the analogy that a network is like a room, then the default gateway is like a doorway. If you want to get to another room or network you need to find the doorway.
On a network, a default gateway is usually a router with these features:

  • It has a local IP address in the same address range as other hosts on the local network.
  • It can accept data into the local network and forward data out of the local network.
  • It routes traffic to other networks.

A default gateway is required to send traffic outside of the local network. Traffic cannot be forwarded outside the local network if there is no default gateway, the default gateway address is not configured, or the default gateway is down.

A Host Routes to the Default Gateway

A host routing table will typically include a default gateway. In IPv4, the host receives the IPv4 address of the default gateway either dynamically from Dynamic Host Configuration Protocol (DHCP) or configured manually. In IPv6, the router advertises the default gateway address or the host can be configured manually.
In the figure, PC1 and PC2 are configured with the IPv4 address of 192.168.10.1 as the default gateway.
The diagram shows two hosts, PC1 and PC2, connected to a switch on network 192.168.10.0/24, the local network route. The switch is connected to a router, R1, which is then connected to the cloud representing remote networks. PC1 has an address of .10, PC2 has an address of .15, and the router interface to which the switch is connected has an address of .1. The PCs, the switch, and the router interface all have a direct connection.
Having a default gateway configured creates a default route in the routing table of the PC. A default route is the route or pathway your computer will take when it tries to contact a remote network.
Both PC1 and PC2 will have a default route to send all traffic destined to remote networks to R1.

Host Routing Tables

On a Windows host, the route print or netstat -r command can be used to display the host routing table. Both commands generate the same output. The output may seem overwhelming at first, but is fairly simple to understand.
The figure displays a sample topology and the output generated by the netstat –r command.
The diagram shows a network topology consisting of a host, PC1, connected to a switch on network 192.168.10.0/24. The switch is connected to a router, R1, which is then connected to the cloud. PC1 has an address of .10 and the router interface to which the switch is connected has an address of .1.

IPv4 Routing Table for PC1

C:\Users\PC1> netstat -r
(output omitted)
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination         Netmask       Gateway       Interface    Metric
          0.0.0.0           0.0.0.0   192.168.10.1   192.168.10.10       25
        127.0.0.0         255.0.0.0       On-link        127.0.0.1      306
        127.0.0.1   255.255.255.255       On-link        127.0.0.1      306
  127.255.255.255   255.255.255.255       On-link        127.0.0.1      306
     192.168.10.0     255.255.255.0       On-link    192.168.10.10      281
    192.168.10.10   255.255.255.255       On-link    192.168.10.10      281
   192.168.10.255   255.255.255.255       On-link    192.168.10.10      281
        224.0.0.0         240.0.0.0       On-link        127.0.0.1      306
        224.0.0.0         240.0.0.0       On-link    192.168.10.10      281
  255.255.255.255   255.255.255.255       On-link        127.0.0.1      306
  255.255.255.255   255.255.255.255       On-link    192.168.10.10      281
(output omitted)
Note: The output only displays the IPv4 route table.
Entering the netstat -r command or the equivalent route print command displays three sections related to the current TCP/IP network connections:

  • Interface List – Lists the Media Access Control (MAC) address and assigned interface number of every network-capable interface on the host, including Ethernet, Wi-Fi, and Bluetooth adapters.
  • IPv4 Route Table – Lists all known IPv4 routes, including direct connections, local network, and local default routes.
  • IPv6 Route Table – Lists all known IPv6 routes, including direct connections, local network, and local default routes.
 
truehost
telegram
CRMNuggets Whatsapp Channel

Leave a Reply

Your email address will not be published. Required fields are marked *