NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: default gateway on different subnet

On Fri 14 Nov 2008 at 06:26:07 +0100, Michael Kell Jensen wrote:
> Well i dont understand why some say it is broken apparently some of my  
> network guys, friends do it all the time.

Well the reasoning is this. I tried to find it in the original RFCs
which define the Internet Protocol, but presumably the authors found it
so obvious that there was no need to mention it explicitly; at least I
couldn't find it so far. The closest I could find it was a passage in
RFC 950, about subnetting, which I will quote below, but it uses the
weasel-word "Generally" instead of stating that it is the only thinkable

If one host wants to send a packet to another host, there are 2
possibilities: the destination host is on the same network, or it is
not.  If the former, you can send it directly, after finding the
ethernet address of the host. If the latter, you cannot reach the
destination directly, so you have to find out which gateway you need to
use as an intermediary. Most hosts know of only one such intermediary,
the default gateway. It goes without saying that you must be able to
reach the gatway directly, otherwise you'd need to use the gateway to
reach the gateway...

Now, how does one determine if a host is directly reachable? That's what
the netmask is for. The netmask indicates which bits in an address
indicate the network number, and if 2 addresses have the same network
number, they are in the same network and hence directly reachable. So
the host ANDs his own address with the netmask, and also does the same
to the destination address, and if the results match: same network,
therefore directly reachable.

All this of course implies that all hosts (and gateways) on a network
MUST have the same network number. This is such a basic consequence that
it usually isn't even mentioned.

This however was not true for the given situation, which is the
configuration error.

> Look at:
> Networking with a gateway not on the local subnet

I suppose that needs some clarification then, that the situation is not
allowed by the IP standard[1].

Quoted from RFC 950: Internet Standard Subnetting Procedure:
(dg = datagram; read: packet)

   2.2. Changes to Host Software to Support Subnets

      In most implementations of IP, there is code in the module that
      handles outgoing datagrams to decide if a datagram can be sent
      directly to the destination on the local network or if it must be
      sent to a gateway.

      Generally the code is something like this:

         IF ip_net_number(dg.ip_dest) = ip_net_number(my_ip_addr)
                 send_dg_locally(dg, dg.ip_dest)

      (If the code supports multiply-connected networks, it will be more
      complicated, but this is irrelevant to the current discussion.)

      To support subnets, it is necessary to store one more 32-bit
      quantity, called my_ip_mask.  This is a bit-mask with bits set in
      the fields corresponding to the IP network number, and additional
      bits set corresponding to the subnet number field.

      The code then becomes:

         IF bitwise_and(dg.ip_dest, my_ip_mask)
                                   = bitwise_and(my_ip_addr, my_ip_mask)
                 send_dg_locally(dg, dg.ip_dest)
                        gateway_to(bitwise_and(dg.ip_dest, my_ip_mask)))

      Of course, part of the expression in the conditional can be

      It may or may not be necessary to modify the "gateway_to"
      function, so that it too takes the subnet field bits into account
      when performing comparisons.

      To support multiply-connected hosts, the code can be changed to
      keep  the "my_ip_addr" and "my_ip_mask" quantities on a
      per-interface basis; the expression in the conditional must then
      be evaluated for each interface.

[1] but a typical Linuxism (although I believe that a certain big router
maker also likes to get this wrong).

___ Olaf 'Rhialto' Seibert    -- You author it, and I'll reader it.
\X/ rhialto/at/      -- Cetero censeo "authored" delendum esse.

Home | Main Index | Thread Index | Old Index