Packet-Flow in different networks

Welcome back to another article on the journey of cracking an interview. The previous article discussed the packet flow between two hosts within the same subnet. But what if we have two hosts in different networks? Let’s consider a scenario as shown below. We all know that each host maintains an ARP table, binding its IP address with its MAC address. Host A will have a binding like 10.1.1.1 – 0A, Host B will have 20.1.1.1 – 0B, and the Router will have bindings like 10.1.1.100 – 0C – G0/0/0, and 20.1.1.100 – 0D – G0/0/1. We also know that the router maintains a RIB table containing information in the form of 10.1.1.0/24 – G0/0/0, 20.1.1.0/24 – G0/0/1.

Similarly, as discussed in the previous section, let’s ping from Host A to Host B, but this time, they belong to different networks. Let’s see how this plays out. This echo request(8) is passed to Layer 3, which encapsulates it into a packet. The IP header adds the source IP as 10.1.1.1 and destination IP as 20.1.1.1, and a protocol field with a value of 1 indicating that the encapsulated data is of the type ICMP. It also adds a TTL value of 128 (if it is a Windows machine), 255 for Cisco IOS, and 64 for a Linux system. Now, this packet is handed to Layer 2 protocol which adds an Ethernet header. It reads the MAC address from the ARP table and adds that entry in the source MAC, which is 0A. Now, for the destination MAC address, it checks the destination IP, performs an operation, and determines that Host B belongs to another subnet. Therefore, it generates an ARP request for the gateway address, not the destination address itself, by keeping the current packet on hold. The Ethernet header also adds a type field with a value of 0x0800 as the encapsulated data is from the IPv4 protocol. Here, the frame wouldn’t be encapsulated completely because it doesn’t have the destination MAC address.

Now, this Layer 2 protocol will delegate the responsibility to the ARP protocol to obtain the MAC address of the destination host. ARP will generate an ARP request packet with the source IP as 10.1.1.1, destination IP as 10.1.1.100, source MAC as 0A, destination MAC as 00, and an opcode field with a value of 1 indicating that this is an ARP request. This ARP request is then encapsulated by the Layer 2 protocol with the source MAC as 0A, destination MAC as FF (broadcast), and type field as 0x0806 indicating that the encapsulated data is ARP. This Ethernet broadcast is passed to Layer 1, converted to bits, and sent on the physical medium. These bits are de-encapsulated to Layer 2 frame and accepted by the gateway, which is Router 1 on the g0/0/0 interface, as it is a broadcast frame. The router will remove the Ethernet header and give it to ARP. It determines that it needs to forward the payload to ARP using the type field (0x0806). ARP opens the ARP packet, checks the destination address which is 10.1.1.100, and accepts that it is its own address. Then, it checks the opcode which is 1, meaning it is an ARP request. It understands that this request is generated by 10.1.1.1, which has a MAC of 0A. The router adds this entry in its ARP table. Now, ARP generates an ARP reply with the source IP as 10.1.1.100, destination IP as 10.1.1.1, source MAC as 0C, destination MAC as 0A, and opcode as 2 (ARP reply). This ARP message is handed over to Layer 2 protocol, which adds the Ethernet header with the source MAC as 0C, destination MAC as 0A, and type as 0x0806. This frame is then passed to Layer 1 protocol and converted to bits, which are received by Host A. Host A accepts this when these bits are de-encapsulated to Layer 2 protocol and have the destination MAC address as its own MAC address. The remaining payload is handed to ARP as the type field has a value of 0x0806. When the ARP protocol receives this frame, it checks the destination IP and finds that it is its own IP, so it accepts that and then checks the opcode value which is 2, meaning it is an ARP response. Then, it checks the source IP and source MAC address and adds this entry to the ARP table. Now, Host A will add the MAC address of the gateway as the destination MAC while keeping the destination IP as 20.1.1.1 itself. The Layer 3 packet would have the source IP as 10.1.1.1 and destination IP as 20.1.1.1, TTL = 28, and protocol field as 1. This packet will be handed to Layer 2 which will add the Ethernet header with source MAC as 0A, destination MAC as 0C (this MAC is of the gateway), and type field as 0x0800. This frame is converted to bits and sent as discussed above and received by the gateway at the g0/0/0 interface. The router will accept that on Layer 2 as it has its own MAC address and then will check the destination IP. It will find that it is not its own IP address and therefore will check the routing table. It will find that 20.1.1.0/24 is present in its routing table and it needs to forward out from the g0/0/1 interface. The router will change the Layer 2 information, where it will change the source MAC as 0D, but it doesn’t know the MAC address of 20.1.1.1, and therefore will generate the ARP request. Once it receives the ARP reply, the router will update its ARP table and will have an entry for the same.

Now, from the next time when Host A pings Host B, Layer 3 would have the source IP as 10.1.1.1 and destination IP as 20.1.1.1. The Layer 2 information will be changed but the Layer 3 information will remain the same. So the flow for Layer 2 would be source MAC – 0A, destination MAC – 0C. Once received by the router, the packet rewriter will change the information only on Layer 2 and will have the source MAC as 0D and destination MAC as 0B. Once it is received by Host B, it will generate an ICMP reply, which will have Layer 3 information such as source IP as 20.1.1.1 and destination IP as 10.1.1.1. Layer 2 information will have the source MAC as 0B and destination MAC as 0D. Once received by the router, it will change the Layer 2 info while keeping the Layer 3 same. Source MAC would be 0C and destination MAC would be 0A. So, this is how the communication would take place. I know a lot of information is being presented, but this is how you can understand the workings of internet services.