I'm running a Cisco 1841 and a 2960 switch at home. I have a PS3 and a media server, both of which are running in the same subnet. I use the PS3 to stream movies directly from my server regularly.
Anyway, I run netflow in my 1841 router to monitor network traffic. I had netflow set to monitor the router's LAN int. Theoretically, when I stream movies from the media server to the PS3, since both are in the same subnet and have the same default gateway, packets should never hit the router LAN int, and be switched locally in the 2960. However, when I checked my netflow monitor, traffic spiked whenever movies are streaming. I was sure that nothing else is hogging the pipe, and the source LAN IP confimed traffic was coming from my server to the PS3.
I had since change netflow to only monitor ingress/egress on the WAN int. Also I have statically configured the IP settings on my PS3 and media server to ensure both have the same default gateway and mask.
My question is: in what scenario would packets sourced from and destined to hosts of a same subnet be forwarded to the router first then back? Generally, when the same packet goes in and out of the same router int, the network design is flawed, and ICMP redirects usually pops up here and there. However, there is only 1 router and 1 switch in play here....
Something to think about if you are bored
My question is: in what scenario would packets sourced from and destined to hosts of a same subnet be forwarded to the router first then back?
They are probably not being forwarded to the router and back again if they have the correct subnet/subnet mask settings. What you may be seeing is the packet is being sent to both destination host and also the router interface. If the subnet/subnet masks don't match then they may well be sent via the router interface.
If they do have the same subnet/subnet mask then if the packets are unicast this is because there is no mac-address to port mapping for the destination host hence the switch has to send the packet to all ports in the vlan. A common problem that can cause this is unicast flooding, have a look at this doc for an explanation -
Alternatively if the packet is multicast then it may be because you have not enabled IGMP snooping or you don't have anything making the IGMP queries so the switch has to send the multicast stream to all ports in the vlan ie. the multicast becomes a broadcast.