Skip to main content

How IP Packets are routed on a Local Area Network? Explanation of packet transfer between two systems

Every network engineer should know how packets are routed in network. Its a very simple question asked in every interview.

IP Packet Delivery on a Local Area Network is a fundamental concept, all system and network administrators should have a clear understanding of. How do computers decide to where to send the packets to?  Should they send them directly to the target computers or the gateway, or both?  The answer is simple.
Computers use their local ROUTING table to make that determination.  Yes, even computers have a routing table.  Actually, if a network host is using TCP/IP to communicate on the network, it will have a routing table.
Command to check the route info on computer is route PRINT
Here is an example of a routing table taken from a computer with an IP address of 192.168.0.1.
If you read through this routing table, you will notice that if a packet's network destination address is anything other than an address defined in the 192.168.0.0/24 subnet, it will be sent to the gateway (line 1) which is 192.168.0.254 and will leave out of the interface with an IP of 192.168.0.1.  At first, these tables may be difficult to interpret.  However, once you understand how to read it, it should be simple to determine how the computer will treat outgoing TCP/IP packets.  Another thing you may note is that the table is relatively small.  How can this computer communicate with basically any other computer on the planet with 9 entries in its routing table?  Again, the answer is simple.   If the target computer is not located on the local subnet, it simply sends the packet to the default gateway.  It's the router's job to figure out what to do next.
Let's take a look at an example.  If you notice in the next diagram, we have depicted a network with two subnets segmented by a router.   One subnet is defined on the 192.168.1.0 network while the other is on the 192.168.2.0 network.

So the next question you may have is how does the computer know if the target system is in the same subnet or on a different subnet.  The host uses Boolean math, specifically the AND function. The system converts the source and destination IP to a binary number, applies the subnet mask to both, and compares the results using the AND function.  If the results are the same, the target must be in the same subnet.  If the results are different, the target must be on a remote subnet. The AND function simply compares two numbers as follows.
0 AND 0 = 0
0 AND 1 = 0
1 AND 0 = 0
1 AND 1 = 1

So what happens when WK1 (192.168.1.1) wants to send a packet to WK2 (192.168.1.2)?
  1. Convert the IPs to binary
  2. Apply the subnet mask
  3. AND the results
  4. Compare
192.168.1.1

11000000.10101000.00000001.00000001 (IP 192.168.1.1)
11111111.11111111.11111111.00000000 (Mask 255.255.255.0)
-----------------------------------
11000000.10101000.00000001.00000000 (Subnet 192.168.1.0)


192.168.1.2

11000000.10101000.00000001.00000010 (IP 192.168.1.2)
11111111.11111111.11111111.00000000 (Mask 255.255.255.0)
-----------------------------------
11000000.10101000.00000001.00000000 (Subnet 192.168.1.0)



The results indicate that both 192.168.1.1 and 192.168.1.2 are on the same subnet.  Therefore, WK1 will attempt to deliver the packet directly to WK2 without sending it to the default gateway.  The host will look at its local routing table and see that it needs to send the packet out on the 192.168.1.1 interface.  Before the packet can be delivered, WK1 needs to know the MAC address of WK2. It uses the ARP protocol and sends out a broadcast on the local subnet.  Since this is a broadcast, the destination MAC address is FF-FF-FF-FF-FF-FF.  Every host on the local subnet will receive the packet.  This ARP packet also includes the destination IP address of 192.168.1.2.  Therefore if one of the hosts determines that its IP address matches that in the ARP packet, in this case WK2, it will respond to WK1 including its MAC address.  Now that WK1 has WK2's MAC, it can send the packet directly to WK2.
The packet will include this information for delivery.  Since the MAC is now targetted to WK2, WK2 will be the only system to bring the packet up the TCP/IP stack.
Source IP
192.168.1.1
Dest IP
192.168.1.2
Source MAC
00-16-76-00-00-01
Dest MAC
00-16-76-00-00-02

Lets take another example.  What will happen when WK1 wants to send a packet to WK3?
  1. Convert the IPs to binary
  2. Apply the subnet mask
  3. AND the results
  4. Compare
192.168.1.1

11000000.10101000.00000001.00000001 (IP 192.168.1.1)
11111111.11111111.11111111.00000000 (Mask 255.255.255.0)
-----------------------------------
11000000.10101000.00000001.00000000 (Subnet 192.168.1.0)


192.168.2.1

11000000.10101000.00000010.00000001 (IP 192.168.2.1)
11111111.11111111.11111111.00000000 (Mask 255.255.255.0)
-----------------------------------
11000000.10101000.00000010.00000000 (Subnet 192.168.2.0)



The results indicate that both 192.168.1.1 and 192.168.2.1 are NOT on the same subnet. Therefore, WK1 cannot attempt to deliver the packet directly to WK2.  It must send the packet to the default gateway (according to its routing table).  Before the packet can be delivered to the router, WK1 needs to know the MAC address of the router's interface, 192.168.1.254. It uses the ARP protocol and sends out a broadcast on the local subnet. Since this is a broadcast, the destination MAC address is FF-FF-FF-FF-FF-FF. Every host on the local subnet, including the router, will receive the packet. This ARP packet also includes the destination IP address of 192.168.1.254. Therefore if one of the hosts determines that its IP address matches that in the ARP packet, in this case the router, it will respond to WK1 including its MAC address. Now that WK1 has the router's MAC for the 192.168.1.254 interface, it can send the packet directly to the router.
The packet will include this information for delivery.  Note that the destination IP is that of WK3, but the destination MAC is that of the router.
Source IP
192.168.1.1
Dest IP
192.168.2.1 <-- WK3's IP
Source MAC
00-16-76-00-00-01
Dest MAC
00-00-0C-00-00-01 <-- Router's MAC
When the router receives the packet, it will notice that the destination IP address is not of its own and belongs to another host.  The router will use its local routing table to determine where to send the packet to.  In this case, the router will find that the destination is connected to one of its interfaces.  It will remove its MAC address from the packet and replace it with WK3's once it obtains it via the ARP protocol. 
The packet will include this information for delivery.  Note that the destination IP is still that of WK3, and now the destination MAC is that of WK3.

Source IP
192.168.1.1
Dest IP
192.168.2.1 <-- WK3's IP
Source MAC
00-16-76-00-00-01
Dest MAC
00-16-76-00-00-02 <-- WK3's MAC




Once WK3 receives the packet, the entire cycle occurs in the same manner if WK3 needs to communicate back with WK1.  That's it.  
Labels:

Comments

Post a Comment

Popular posts from this blog

What is QinQ(IEEE 802.1ad)

What is QinQ In this section, we will see about Switching concept QinQ. In service provider networks, This is very important. Service provider use this Switching function to pass customer data from one end to other end with two vlan id’s in own switching network.  Explanation: The QinQ technology is called VLAN dot1q tunnel, 802.1Q tunnel, VLAN Stacking technology. The standard comes from IEEE 802.1ad and it is the expansion of the 802.1Q protocol. QinQ adds one layer of 802.1Q tag (VLAN tag) based on the original 802.1Q packet head. With the double layers of tags, the VLAN quantity is increased to 802.1Q. QinQ encapsulates the private network VLAN tag of the user in the public(service provider) network VLAN Tag to make the packet with double layers of VLAN Tags cross the backbone network (public network) of the operator. In the public network, the packet is passed according to the out layer of VLAN tag (that is the public network VLAN Tag) and the private netw...
Post a Comment
Read more

Beacon Frames, Probe request and response

Beacon frame  is one of the management frames in  IEEE 802.11  based WLANs. It contains all the information about the network. Beacon frames are transmitted periodically, they serve to announce the presence of a wireless LAN and to synchronise the members of the service set. Beacon frames are transmitted by the  access point  (AP) in an infrastructure  basic service set  (BSS). In IBSS network beacon generation is distributed among the stations. Beacons are sent periodically at a time called Target Beacon Transmission Time(TBTT) 1 TU = 1024 microseconds Beacon interval =100 TU (100x 1024 microseconds or 102.4 milliseconds) 1. Timestamp (8 byte) 2. Beacon Interval (2 byte) 3. Capability info (2 byte) 4. SSID (variable size) 5. Supported Rates (variable size) Probe Request:  A station or client becomes active or on a PC when the wlan card it enabled it becomes acti...
Post a Comment
Read more

Difference between Polling and Trap in Network Management – Which one is better?

A Network Manager’s job is to get data from Network Elements and present it to the administrators or operators. There are two ways of doing this activity:  1) Polling and 2) Trap . Here is a quick difference between the two: Polling  : A traditional way of providing operators with the network elements information. It’s characteristics are as follows: ·        Pull Mechanism – Requests and get information from network elements at periodic intervals. The periodic interval is most often configurable. ·        Provides non-real time information. It may happen that some changes happen in network element but polling happens an hour after that. Thus, operator gets to know about the changes after an hour. ·        Higher bandwidth needed. Traps  : When an alarm situation exists a trap can be generated, or if some changes happen at network element, an attribute value chang...
Post a Comment
Read more