Packet Forwarding

Unanswered Question

I am looking to define the process of how a packet is forwarded to a host. In particular the IP address and MAC address. I believe the IP address stays static while the source and destination MAC address changes as it moves across the network.

For instance, a host sends a packet to a router and then to a host. As the packet cross the router what will be the source MAC and Destination MAC?

I think I am looking for clarification on the process.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
blatkinson Wed, 04/25/2007 - 23:17

You are correct. You'd be surprised how many people do not understand this process when it comes to a broadcast multiple access ethernet network.

The host (specifically, the IP process running as software in the TCP/IP stack of the OS) creating the packet basically makes a decision by looking at its own IP address and subnet mask (really there is an IP route table for IP on the host which already has this figured out) to determine if this newly created packet is destined for another host within the same logical IP network (not requiring a gateway router) or a host on a remote network (requiring a gateway router). If the destination is a local host the sender will first need to send an ARP broadcast requesting the MAC addr of the final destination before it can create the frame to encapsulate the packet. There is an ARP cache to cut down on future ARP queries. If the destination is a remote host the sender will first need to send an ARP broadcast requesting the MAC addr of the intermediate system (gateway router; configured ahead of time by the host administrator or more likely DHCP) based on the IP address of the default gateway in the host route table. Keep in mind this will NOT be the L3 packet destination address, but is the L3 IP addr of the gateway router for the sake of having an IP addr to ARP and retrieve a reply from that router with the router's MAC address so the sending host can make sure the router gets the L2 frame. Inside the L2 frame will still be a L3 packet that has the L3 IP addr of the ultimate destination host. The router just de-encapsulates the frame sent to it via the L2 MAC and looks inside, sees a packet, knows it is not for the router, but since it is a router its job is to forward the packet.

If the outbound interface is also a multiple access network, it will need to somehow map the known L3 addr to an un-known L2 addr. In the case of ethernet this would be another ARP broadcast sent on this remote network and the router would go through pretty much the same process the original sending host did. With Frame Relay, you can map DLCIs to IPs in the router for this.

By the way, this is the reason you will see the first echo or a ICMP ping request typically time-out on an ethernet network if the ARP cache is empty. The ARP process is invoked but the ARP reply takes longer than the time-out set by the ping program.


This Discussion