1
1
Let's say we have two host, they are A 10.0.1.3 and B 10.0.1.4. And A wants to send a packet to B, will A looked for a router to send the packet? Or it just use ARP to send the packet by datalink level.
My problem is if the host just use ARP to send packages in the same subnet, how can we send packets with VPN. And it seems if we assign an ip to the host doesn't make sense anymore.
dspjm
Posted 2013-09-02T14:31:23.260
Reputation: 346
2
In the absence of a specific route defined, A will consult its routing table, deduce that the destination is on the local network, and arp for it.
If you don't want it to do this, then add a route saying where the packet should be sent. Lets say your VPN is at 10.0.1.6:
route add -host 10.0.1.4 gw 10.0.1.6
or
route add 10.0.1.4 mask 255.255.255.255 10.0.1.6
This will add a more specific route than the one created by the local network, and so will force the packet to be sent to 10.0.1.6.
Ideally, you would never have devices with the same network address on different subnets.
Paul
Posted 2013-09-02T14:31:23.260
Reputation: 52 173
1
There are two point here to answer:
One a normal network (e.g. no VPN) this is what happens:
A wants to send to B
No router is involved. There is no 'using ARP by datalink level' (whatever that may mean). The IP stack on A will simple address the packet to B on a NIC selected from the routing table. If A already has B's MAC cached it will simply fire off its packet. If it does not have the MAC then it will first need to do an ARP discovery before it can assemble the packet.
Now a VPN changes things a bit.
If B is a VPN host it will still seem to be on the same subnet. However some extra mechanism is in place to intercept data send to hosts on the VPN. Usually this is in the form of a different NIC which will acts as a tunnel to the other side of the VPN. Other then the VPN software on both sides no routers are involved.
Hennes
Posted 2013-09-02T14:31:23.260
Reputation: 60 739
There are routers needed to carry the encapsulated/tunneled packets through the internet, still. =) – mveroone – 2013-09-02T14:43:14.503
True. Should I change that to 'no routers inside your control' are used? – Hennes – 2013-09-02T14:44:27.210
Hum... i don't know how to say it clearly. Virtualization is always hard to explain ^^ – mveroone – 2013-09-02T14:47:23.430
0
On the same subnet, no packet will send to router for communication of two host.
To understand VPN, I explain two kind of links:
Point To Point: The link is between two devices,not more. It's same as Water Pipe. If you strew some water from one side,it will come out from other side.
Multi-Access: A device's interface will see more than a device can communicate.
Ethernet is Multi-Access link, more than two device can be connected to an Ethernet switch (typical switch which these days used). So source device need to specify destination device address in data link layer (destination MAC address in Ethernet header). Therefore, Ethernet uses ARP to get MAC address of destination node
VPN is Point-To-Point link, packet send from one side, will come out from other side. Any address (IP, MAC, ...) which destination has,it will receive the packet. So VPN does not require ARP and destination IP address is not important (does not require to be in the same subnet mask)
If you see a VPN unencrypted packet with Wireshark, you will see two network layer headers,but one datalink header! Because VPN is point to point,so second data link layer header has no effect.
SuB
Posted 2013-09-02T14:31:23.260
Reputation: 706
VPN uses a tunnel. Real packets are routed, but outside the tunnel, it's as-if it was local, and thus uses ARP. – mveroone – 2013-09-02T14:34:47.780
Traffic on the same subnet will not go via the router. It's only when you want to leave the subnet the gateway(router) will be used. – Qben – 2013-09-02T14:35:57.100
Possibly relevant reading: http://serverfault.com/questions/49765/how-does-ipv4-subnetting-work
– Hennes – 2013-09-02T14:43:25.533IP address is not sufficient. Please specify subnet mask. These IP addresses can be in the same subnet or not, according to the subnet mask used. – SuB – 2013-09-02T20:17:06.117