By what route do packets travel if I use an external IP address for my home server?

1

1

Question

If I connect to my home server via the domain name (i.e. via the external IP address), where do the packets travel? Do they travel to the home router, to my ISP router, and then back? Presumably if they touch my ISPs router, then I will get charged for this usage.

Background

I've set up OwnCloud on my home server. I'll often connect from the same intranet, and can use 192.168.1.1. However, if I'm on a different network, I connect via a domain name that has been dynamically assigned to the IP address. For ease of configuration, I was thinking of specifying the server by using the domain name at all times.

Some testing

I've tested by pinging, and get slightly quicker results when using the internal IP address.

$ ping -c 10 192.168.1.1
...
rtt min/avg/max/mdev = 1.064/1.173/1.263/0.072 ms
$ ping -c 10 myname.dynu.com
...
rtt min/avg/max/mdev = 1.191/1.459/2.549/0.375 ms

I've tried using traceroute on both. The internal IP address times out (perhaps because of firewall settings?). The external has one hop to my-external-ip-address.dyn.iinet.net.au. I'm not sure if this refers to my router, or the node at the exchange.

Sparhawk

Posted 2014-06-26T12:18:07.057

Reputation: 1 201

Answers

2

If you've an ordinary NAT/PAT configuration, when you attempt to make a connection from an inside, private networked host, to its neighbour, also on the inside, private network, via the outside, public IP address in DNS:

Your browsing host attempts to establish a TCP connection on IP A.B.C.D, port X. It consults its local routing table, which does not have a specific match for A.B.C.D, and so goes to its default gateway.

Your default gateway receives a packet from its inside interface, addressed to A.B.C.D, consults its routing table, and has an exact match, to its outside, public interface. The packet is not forwarded further, as it has reached its apparent destination. In the case of the PING (ICMP echo request) above, which is not a TCP packet and thus does not require a NAT or PAT, the router itself sourced an ICMP echo reply and sent it back, adding a few tenths of a millisecond to the RTT.

Unfortunately, most PAT implementations can only handle outside to inside translations, and cannot process an inside to inside translation. In the case of a TCP request from the inside, to the router's public IP, the router will drop the packet. It may or may not send an ICMP message to inform the requesting host: the request will time out if it doesn't; it will be instantly refused if it does.

This particular instance of traffic will not traverse your ISP's connection.

Here is additional information on your goal of setting up a 'hairpinned' connection: https://superuser.com/a/444207/214597

Nevin Williams

Posted 2014-06-26T12:18:07.057

Reputation: 3 725

Nice answer! I guess I'm lucky then; in its default configuration, my Billion 7300ra automatically hairpins for me. (I do have the http/https ports forwarded though.) So from the ping results, is the interpretation that the router is slower to return the ping that it is to forward it to the server, which pings back, again via the router? – Sparhawk – 2014-06-27T13:53:40.460

1Well, when you ping the server's private IP, it's on the same network; there's direct routes, and local ARP entries. With the public IP, there's just a few extra steps, as it's on a different IP network. Its switching fabric/processor/architecture is also probably significantly different, as well as its prioritization to replying to ICMP. I'd have not raised an eyebrow had it added 5 or 10 ms: routers have better things to do than reply to ICMP. – Nevin Williams – 2014-06-27T14:59:00.823

Asked: 2014-06-26T12:18:07.057

Viewed: 151 times

Active: 2014-06-27T13:33:23.963