Why are subnet-masks relevant for the individual computer on the network?

networking router ip routing subnet
9,816

Solution 1

Your original assumptions are not entirely correct. What you call a "router" is two devices in one – a two-port router internally connected to a multiple-port Ethernet switch. (Here's an example diagram.)

This means that the computers are directly connected at layer 2, and can send packets to each other without going through the router core – they're simply relayed between ports by the switch chip. (The router has its own "port" in the switch.)

So if you look at the packets using Wireshark, you'll see that they directly use each other's MAC addresses, while "outside" packets always have the router's MAC as the destination.

(I'm assuming you're​ talking about the typical "wireless routers" found in most homes, which are the usual cause of this kind of question. A bigger network would have a separate router with one port per subnet, and a few separate switches (perhaps a master one plus one per floor/room), and several dozens of computers connected to those switches.)

It's roughly the same with Wi-Fi networks, except "switch" is replaced with "wireless bridge" aka "access point". In both cases, connected computers can send packets directly to each other at layer 2, without going through the router.

Comments:

When I stated router, I did actually mean switch. My mistake. My point beeing, that each computer in a subnetwork is not connected to each other, but rather to a switch, which then can pass on packages to the correct destination. An ethernet-frame does not contain the subnet-mask, as the switch already has this knowledge, and hence does not need it to do the correct switching.

That's again incorrect. Switches do not have this knowledge; their switching core works at layer 2 and does not know anything about IP – it forwards Ethernet frames purely based on the 'destination MAC address' field.

Therefore, hosts need the subnet mask to figure out what MAC address to use as the destination:

  • If the peer is within the same subnet, it's assumed to be on-link by definition – so the Ethernet frame will have peer's MAC as destination.

  • For peers outside the subnet, the Ethernet frame will have the gateway's MAC as destination.

(This applies to the default configuration. Some special-snowflake networks alter this – e.g. most operating systems allow adding extra "on-link" routes for additional subnets; conversely, some switches may be configured spoof ARP responses such that even "on-link" traffic is forced through the gateway.)

Solution 2

How does a computer know if a destination address is in the same subnet on in another?

Checking the local adddress and the subnet mask.

Let's check a couple examples:

If my computer has the IP 192.168.0.1 and the mask is 255.0.0.0 it means that any address from 192.0.0.0to 192.255.255.255 is in the same subnet. The packets to all those other computers don't need to go through the router, they can be send directly. Send an ARP packet to get the MAC adddress of the destination computer and then send the packet.

But, if my computer has the IP 192.168.0.1 and the mask is 255.255.255.128 then the computers in the same subnet are from IP adddress 192.168.0.0to 192.168.0.127 only. They can be reached directly (send ARP, find MAC address,etc.). Any other address, for example 192.168.0.200 must be reached passing through the router.

Solution 3

Something non-obvious about IP is that every IP device is itself a router.

This can be seen on a normal PC with the command "route print". You are connected to two networks: your local Ethernet or wifi segment, and the localhost network. Every packet needs to be subject to a decision as to which network to put it on.

This becomes more apparent if you put your computer on two networks, say a "public" and "private" one. Now you definitely need the subnet mask in order to decide which network to send the packet on.

Many people will accidentally discover that a PC with a single network connection may work with a wrongly configured submask: they just end up sending everything to the gateway.

Solution 4

I see this mentioned in some of the other answers here but I think it could be clearer: On computers with multiple network interfaces, the subnet mask may be used to automatically determine which physical interface to send IP traffic on based on the destination IP address.

If you're sending a packet to a device on a LAN connected to one of the interfaces, in order to know which interface to send it on (if you haven't configured a route explicitly), the computer can check the interfaces to see if subnet_mask & destination_ip == subnet_mask & interface_ip (by & I mean bitwise-and and by == I mean to assert equality), and if there's a match, choose that interface.

That way if you've got e.g.:

  • Interface A with 192.168.1.42/24
  • Interface B with 10.0.0.15/24
  • Interface C with 192.168.2.97/24

And you send a packet to 192.168.2.123 and don't have a route set up, it can be determined that interface C should be used because 255.255.255.0 & 192.168.2.123 == 255.255.255.0 & 192.168.2.97.

This wouldn't be possible if the subnet mask wasn't known, and so you'd have to have a route set up for every single IP address you sent data to.

Solution 5

TCP/IP could have been designed as you suggest -- leaf nodes would send everything to the router, and it would forward it to the target, which might be on the same subnet as the sender.

But this would not be optimal design, for two reasons:

  1. It uses more bandwidth: Every packet between devices on the same subnet has to be transmitted twice: once from the sender to the router, and again from the router to the receiver. On networks where the router is also the network switch, this actually isn't any extra bandwidth, since it was going to go through the switch anyway. But not all network technologies work like that. The original Ethernet design was a bus technology, with no central switch or repeater.

  2. It puts more load on the router. Even if the router is also the switch, it's a little more work because it has go up to Layer 3 routing implementation, rather than the simpler Layer 2 switching.

A general philosophy embodying the design of TCP/IP is that end nodes are intelligent devices, so they're assumed to be able to do some of the work. They don't have to know the full network topology like backbone routers do, but they know enough about the local environment to take on some of the initial local-vs-remote routing task. It doesn't take much code to implement this simple initial routing.

Furthermore, non-router devices are not necessarily on just one subnet. You can easily have multiple network cards in a PC -- many have both Ethernet and WiFi. And each of those can be connected to a different subnet, and addresses plus subnet masks are used to determine which network card to use. If you run virtual machines, there's likely to be a virtual subnet connecting them to the host system.

Share:
9,816

Related videos on Youtube

Orpedo
Author by

Orpedo

Updated on September 18, 2022

Comments

  • Orpedo
    Orpedo over 1 year

    I understand how subnet-masks are used to divide a network into sub-networks, but, why does every computer in the network need to know the subnet-mask and not just the router?

    I could understand it, if each computer were physically connected to each other with a wire, but all packets needs to go through the router anyway.

    Let's say that I have a computer on a network 192.168.0.0/255.255.255.0, which has the IP 192.168.0.1.

    If that computer tries to reach a computer outside the sub-network, lets say 192.168.1.1, it transmits the message to the router, the router identifies that the IP is outside the sub-network IP-range, and rather than transmitting it on the sub-network, it transmits it to the network it is connected to (perhaps another router).

  • Sir Adelaide
    Sir Adelaide about 7 years
    Thanks, while the linked diagram wasn't clear to me, your explanation made sense and I learned something new.
  • Orpedo
    Orpedo about 7 years
    Rather condecending answer, but okay. If you think that was my last sentence, your browser is not loading the entire page.
  • Orpedo
    Orpedo about 7 years
    When I stated router, I did actually mean switch. My mistake. My point beeing, that each computer in a subnetwork is not connected to each other, but rather to a switch, which then can pass on packages to the correct destination. An ethernet-frame does not contain the subnet-mask, as the switch already has this knowledge, and hence does not need it to do the correct switching. But why is the subnet-mask then given for the cuputer/device, when it does not need it for anything?
  • Admin
    Admin about 7 years
    When a packet is sent to an IP address that is not in the ARP cache, the subnet mask is used to decide whether to: 1. send an ARP request for the destination IP address, and use the result as the destination MAC address for the original packet; or 2. use the router's MAC address as the destination MAC address for the original packet.
  • user1686
    user1686 about 7 years
    @Orpedo: Switches don't speak IP and do not know anything about subnet structure; they rely entirely on the destination MAC field. Therefore, the subnet mask is needed to figure out what MAC address (i.e. which recipient host's) to put on the Ethernet frame in the first place.
  • barlop
    barlop about 7 years
    @Orpedo ok I didn't notice that. i've removed that line asking if you stopped writing, and i've included and replied to the rest of that paragraph. That was actually quite a key paragraph funnily enough 'cos the answer to it addresses the subject of your question.
  • user1686
    user1686 about 7 years
    The latter method is sometimes used deliberately; see MAC forced forwarding.
  • user253751
    user253751 about 7 years
    @Orpedo Switches are "Ethernet routers". They use Ethernet addresses (MAC addresses) to figure out where to send Ethernet packets. As opposed to IP routers which use IP addresses to figure out where to send IP packets.
  • user1686
    user1686 about 7 years
    But why does it need to know whether it's in the same subnet? That's the actual question here.
  • jcbermu
    jcbermu about 7 years
    If the destination is in the same subnet the computer will send the packet directly, otherwise it will send it to the router. That's all!!!!
  • ninjalj
    ninjalj about 7 years
    Re: switch vs bridge. Switch is typically used for transparent bridges, ie bridges that have a database (Forwarding Information Base IIRC) that relate MACs and ports, and fill the FIB by learning the MACs from the source MAC in ethernet frames. As opposed to other kinds of bridges, e.g. proxy-ARP bridges. Another meaning of switch is more generic, it can mean a device at any layer, e.g. an L7-switch routes connections based on application-level metadata, a router could also be called an L3-switch,... </lexicographic rant>
  • ninjalj
    ninjalj about 7 years
    Re: a router not transmitting something to the same network it came from: indeed it can, and it will also transmit an ICMP-redirect telling the origin: "hey, the target is in your network, you can communicate with it directly".
  • barlop
    barlop about 7 years
    @ninjalj I suppose if you have a hub connected to the router, then the router will receive a packet destined for the network that it came from.. But if you have a switch (I guess people rarely have hubs now apart from for diagnostic purposes).. then the switch won't be sending a packet to the router if the packet is destined to come back through that switch to the network that it originated from. And the boxes that combine routers and switches of course by definition, have a switch. There are no boxes that combine router and hub.
  • AnoE
    AnoE about 7 years
    "When the IP address is on the same network, then the packet is directed to the switch" (and similar statements) - this is not the case. The packet is never "directed to the switch". Packets are directed to a MAC. The sender does not care (nor, probably, even know) whether there is a switch on the other side of the cable; it might well be a direct connection to the receiver with a single ethernet cable, and it would not change anything regarding this point.
  • barlop
    barlop about 7 years
    @AnoE good point, I had in mind not hitting the router, but I shouldn't have said directed to the switch 'cos yeah it'll hit the switch anyway, i'll correct now.
  • barlop
    barlop about 7 years
    @AnoE good point, I had in mind not hitting the router, but I shouldn't have said directed to the switch 'cos yeah it'll hit the switch anyway, i'll correct now.. BTW, when it comes to switch directing packets, I wouldn't say packets are directed to a MAC (address), they're directed to the device with the MAC address.. yeah it's obvious but in case somebody has no clue then it's worth getting the terminology 100% correct.
  • AnoE
    AnoE about 7 years
    Yes, the nomenclature is very confusing for your average joe these days because vendors keep calling their "switch + WLAN bridge + pseudo-router" thingamagicks just "router" these days. :D
  • ninjalj
    ninjalj about 7 years
    @barlop: a typical case when a router may receive a frame destined for the same network it receives that frame from, is when the subnet mask is not correctly configured in the sending host, which I would think would be relevant to this question.
  • Orpedo
    Orpedo about 7 years
    @user20574 that was a good illustration :)
  • user253751
    user253751 about 7 years
    @Orpedo for historical reasons we typically run IP over Ethernet, so the Ethernet packet's payload is an IP packet, and the Ethernet packet's destination address is the Ethernet address of the next IP router. It goes further up, too. If you run Tor over IP then the IP packet's payload is a Tor packet* and the IP packet's destination address of the next Tor router. (*for the analogy to work you have to count TCP and Tor together)
  • Barmar
    Barmar about 7 years
    I think his point is that it's not necessary for every device to be a router. All the non-router devices could just send everything to the router, and it will forward it to the target, even if it's on the same network as the sender.
  • Szeraax
    Szeraax about 7 years
    I previously mentioned what would happen if we didn't use networks and gateways when I meant what would happen if we didn't use netmasks. If we didn't use Gateways and networks.... the internet would be a giant flat network and in order to talk to google's DNS server, you would have to broadcast the packet across the entire internet and see if Google responded. The internet would immediately break with everyone doing that kind of broadcast traffic.
  • barlop
    barlop about 7 years
    @Barmar could you please quote who and what you are replying to otherwise your comment makes no sense if e.g. they delete their comment, which may have happened in your case. What you wrote there may be interesting if seeing the context, can you provide the context barmar.
  • Barmar
    Barmar about 7 years
    @barlop I'm referring to the original question, not replying to a comment.
  • barlop
    barlop about 7 years
    Very interesting point in this answer.. but i'd note that linux machines have a setting called something along the lines of iprouting, and it's often by default off. And when it's off, what it means is that any packets that computer receives from another computer, don't get routed or forwarded on to anywhere. And also many wouldn't consider a device to be a router if it can't or won't receive packets from another computer and forward them on. Even if(as we see in windows and linux), it has a routing table.
  • barlop
    barlop about 7 years
    @Barmar oh, well if that's the a point or question you think hasn't been addressed - .. the answer is that having a hierarchy - switch, router, lessons the load on the router. But the questioner was confused by the incorrect thought that all packets go to the router anyway, and that was at the root of the question.
  • Barmar
    Barmar about 7 years
    @barlop That's essentially the answer I posted myself.
  • Wayne Jhukie
    Wayne Jhukie about 7 years
    "iprouting" setting: you can turn off forwarding but you need to have a routing table to know which interface to use for outgoing packets, even if the options are only "lo" and "eth0". Re "send everything to router": the advantages of not doing that are clearer with shared layer2 networks but nobody uses 10base2 any more.
  • TOOGAM
    TOOGAM about 7 years
    @Barmar: "All the non-router devices could just send everything to the router, and it will forward it to the target, even if it's on the same network as the sender." No. Wrong. It doesn't work that way. In theory, it could. In practice, it doesn't. Routers may try to optimize their resources by simply ignoring traffic that goes to the same subnet as where the traffic may come from. Since that is actually how (at least some) routers work, other devices must be complex enough to know that sending traffic to a router would be a waste of time, or else those other devices won't communicate right
  • user1686
    user1686 about 7 years
    There are two modes of working without subnet masks – either the host tries to access everything at L2 directly, or uses the L3 gateway for everything. You're assuming the former would be the only option, but that's not true – the original question and all other answers are more about the latter mode, which is even used in practice in some networks.
  • user1686
    user1686 about 7 years
    Meanwhile, I think ATM networks were designed this way (probably as a result of being circuit-oriented) – there was no broadcast and no distinction between routers and switches; tree/star topology all the way.
  • Barmar
    Barmar about 7 years
    @TOOGAM My comment was meant to be in theory, not actual practice. This whole question is about why TCP/IP is designed as it is, so I was talking about how the original designers could have done otherwise.
  • Barmar
    Barmar about 7 years
    @TOOGAM Have you read my answer, not just my comments? I think I make essentially the same points there.
  • Barmar
    Barmar about 7 years
    @grawity Indeed, in the 70's and 80's there was a big difference in philosophy between the telcos and academics when designing their networks. Telcos were used to smart networks with dumb end nodes (e.g. telephones), and they designed their networks with circuit switching managed by the core.
  • user1686
    user1686 about 7 years
    @TOOGAM: In practice, it does sometimes work this way.
  • Orpedo
    Orpedo about 7 years
    Already marked an answer, but this was actually quite a short and helpful answer.
  • G-Man Says 'Reinstate Monica'
    G-Man Says 'Reinstate Monica' about 7 years
    I believe that this is almost totally wrong.  Network interfaces don’t know anything about IP; they respond to (and automatically apply) MAC addresses.  That’s why we have ARP: so, if I know the IP address of a machine on my local network, I can learn its MAC address and use that to communicate to the machine.  Well, there’s a broadcast MAC address, which is used in all broadcasts.  The broadcast IP address exists just for uniformity.
  • devoured elysium
    devoured elysium almost 5 years
    @jcbermu But his question was based on the idea that for most home networks, packets are anyway indeed going to pass through the router anyway -- both when they need to be sent outside and when they need to be redirected to any other subnet-local devices.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to build a gateway from my Linux OS
Multiple IPs on Multiple NICs same subnet
Is the external IP of my wireless Router my WAN IP / Public IP address ? if not then what is it?
How to use ip rule and ip route commands for IPv6 addresses?
Communication possible between 192.168.0.x and 192.168.1.x?
What kind of tools exist that can change the IP source address of an IP packet?
how to split up network into two subnets with only one router
How can I find the external IP address of my router if the router is a subnet of bigger LAN
Communicating with devices on a different subnet
How to route only specific subnet (source ip) to a particular interface?