From owner-freebsd-questions@FreeBSD.ORG Fri May 6 21:17:13 2011 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EDC541065673 for ; Fri, 6 May 2011 21:17:13 +0000 (UTC) (envelope-from norgaard@locolomo.org) Received: from mail.locolomo.org (97.pool85-48-194.static.orange.es [85.48.194.97]) by mx1.freebsd.org (Postfix) with ESMTP id 9CD588FC12 for ; Fri, 6 May 2011 21:17:13 +0000 (UTC) Received: from gamma.local (unknown [189.152.15.136]) by mail.locolomo.org (Postfix) with ESMTPSA id 8FEA51C0841 for ; Fri, 6 May 2011 23:17:08 +0200 (CEST) Message-ID: <4DC4654C.2020902@locolomo.org> Date: Fri, 06 May 2011 16:17:00 -0500 From: =?ISO-8859-1?Q?Erik_N=F8rgaard?= User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 MIME-Version: 1.0 To: questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Link and network level in the tcp/ip stack X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 May 2011 21:17:14 -0000 Hi: This is a generic question about may, should and must: I have the following setup: 192.168.28/24 +---------------+ |.196 |.1 SRV GW--------- RN |.28 |.1 +---------------+ 10.225.162/24 The server, SRV, has default gateway set to 192.168.28.1, no routing has been configured for the 10.225.162/24 network. The gateway is a router, no NAT or firewall. Yup, we do have this setup, don't ask why. Now, the remote node RN pings the server on 192.168.28.196 fine, no problem. Then it pings 10.225.162.28 and get destination unreachable. OK, so I did tcpdump first on the 10.225.162.28 interface, and saw icmp echo requests coming in, but no replies going out. Then I did tcpdump on the other interface and got this: 13:39:43.233419 arp who-has 192.168.28.1 tell 10.225.162.28 obviously no reply, wrong network. So, the system strips the link layer and completely forgets about it? with the added overhead of having to figure things out again to send a reply? Since the server also keeps an updated arp table it's not like the link layer is completely delegated to the nic to take care of. For incoming connections, I would assume that the link address is preserved for replying, no need to send any arp requests. This also means that no routing would need to be defined on the 10.225.162.28 interface to receive connections from non-local nodes. What is the may/should/must protocol recommendation on this? I can't figure whether keeping the link layer for the reply will introduce loop problems or rather solve them. Thanks, Erik