Question about broadcast address traffic within a subnet
-
@johnpoz My question is finally answered!! Thank you so much! I owe you a beer.
-
No problem - glad I could help... I would suggest you read up on how traffic is actually sent on the wire.. its sent to a specific mac address.. when client wants to talk to 1.2.3.4, if that is on its own network, then it arps for it! and then sends the traffic to that mac address.
When the IP is not on its local network it sends it to the mac address of the gateway (pfsense) pfsense sees this traffic since sent to its mac, and says oh hey that is meant to go to 8.8.8.8 or where ever. Do I have a route to this network? Then send it to the mac address of the gateway or the default gateway mac, if don't have direct route to get to network that 8.8.8.8 sits on..
Traffic is only ever actually sent to a mac address
Example here me pinging 8.8.8.8
Notice the mac address is the mac address of pfsense 9.253.. as I posted earlier..
this is how switches know which port to send traffic on, because the switch uses its arp table and says hey mac xyz is connected to port 4.. So sends the traffic out port 4, and not all the ports. When switch sees traffic to mac abc, and its not in the switches arp table - then it arps out all its ports, to find out which port that mac is on, etc..
Once you understand how this stuff actually works ;) Then it all becomes easy to figure out what is wrong...
example - is is the mac address table of my switch, and you can see what macs are on what ports
sg300-28#sho mac address-table Flags: I - Internal usage VLAN Aging time is 300 sec Vlan Mac Address Port Type ------------ --------------------- ---------- ---------- 2 00:08:a2:0c:e6:20 gi5 dynamic 2 02:11:32:25:6d:d0 gi26 dynamic 2 02:11:32:28:77:34 gi26 dynamic 2 04:18:d6:c0:1c:90 gi7 dynamic 2 04:18:d6:c0:1f:6b gi11 dynamic 2 0c:51:01:8c:19:ae gi9 dynamic 2 80:2a:a8:13:4f:07 gi9 dynamic 2 88:b2:91:98:d6:f0 gi9 dynamic 2 f4:06:16:4f:f6:36 gi7 dynamic 3 00:08:a2:0c:e6:21 gi6 dynamic 3 64:52:99:6b:84:76 gi7 dynamic 3 8c:ae:4c:f5:59:82 gi3 dynamic 3 b8:27:eb:31:70:ab gi16 dynamic 3 b8:27:eb:38:d8:4d gi18 dynamic 4 00:08:a2:0c:e6:20 gi5 dynamic 4 50:c7:bf:06:63:83 gi7 dynamic 4 50:c7:bf:21:73:52 gi9 dynamic 4 50:c7:bf:21:81:58 gi9 dynamic 4 50:dc:e7:28:08:70 gi7 dynamic 4 5c:cf:7f:df:84:1e gi9 dynamic 4 68:54:fd:47:87:32 gi7 dynamic 4 88:3f:4a:f0:cb:9c gi7 dynamic 4 a8:1b:6a:24:ec:26 gi27 dynamic 7 00:04:20:ed:f8:62 gi7 dynamic 7 00:08:a2:0c:e6:23 gi8 dynamic 7 0c:08:b4:48:cc:63 gi7 dynamic 7 5c:ad:76:d5:36:2d gi7 dynamic 7 88:de:a9:5c:9a:81 gi11 dynamic 7 d0:4d:2c:12:bf:f3 gi7 dynamic 9 00:08:a2:0c:e6:24 gi4 dynamic 9 00:11:32:7b:29:7d gi26 dynamic 9 00:11:32:7b:29:7e gi24 dynamic 9 00:13:3b:2f:67:62 gi10 dynamic 9 00:13:3b:2f:67:63 gi28 dynamic 9 70:6e:6d:f3:11:93 0 self 9 c0:7b:bc:65:4f:13 gi7 dynamic 9 c0:7b:bc:65:4f:1c gi7 dynamic 99 00:01:5c:82:36:46 gi13 dynamic 99 00:08:a2:0c:e6:25 gi1 dynamic sg300-28# -
@johnpoz said in Question about broadcast address traffic within a subnet:
No problem - glad I could help... I would suggest you read up on how traffic is actually sent on the wire.. its sent to a specific mac address.. when client wants to talk to 1.2.3.4, if that is on its own network, then it arps for it! and then sends the traffic to that mac address.
When the IP is not on its local network it sends it to the mac address of the gateway (pfsense) pfsense sees this traffic since sent to its mac, and says oh hey that is meant to go to 8.8.8.8 or where ever. Do I have a route to this network? Then send it to the mac address of the gateway or the default gateway mac, if don't have direct route to get to network that 8.8.8.8 sits on..
Traffic is only ever actually sent to a mac address
Example here me pinging 8.8.8.8
Notice the mac address is the mac address of pfsense 9.253.. as I posted earlier..
this is how switches know which port to send traffic on, because the switch uses its arp table and says hey mac xyz is connected to port 4.. So sends the traffic out port 4, and not all the ports. When switch sees traffic to mac abc, and its not in the switches arp table - then it arps out all its ports, to find out which port that mac is on, etc..
Once you understand how this stuff actually works ;) Then it all becomes easy to figure out what is wrong...
example - is is the mac address table of my switch, and you can see what macs are on what ports
sg300-28#sho mac address-table Flags: I - Internal usage VLAN Aging time is 300 sec Vlan Mac Address Port Type ------------ --------------------- ---------- ---------- 2 00:08:a2:0c:e6:20 gi5 dynamic 2 02:11:32:25:6d:d0 gi26 dynamic 2 02:11:32:28:77:34 gi26 dynamic 2 04:18:d6:c0:1c:90 gi7 dynamic 2 04:18:d6:c0:1f:6b gi11 dynamic 2 0c:51:01:8c:19:ae gi9 dynamic 2 80:2a:a8:13:4f:07 gi9 dynamic 2 88:b2:91:98:d6:f0 gi9 dynamic 2 f4:06:16:4f:f6:36 gi7 dynamic 3 00:08:a2:0c:e6:21 gi6 dynamic 3 64:52:99:6b:84:76 gi7 dynamic 3 8c:ae:4c:f5:59:82 gi3 dynamic 3 b8:27:eb:31:70:ab gi16 dynamic 3 b8:27:eb:38:d8:4d gi18 dynamic 4 00:08:a2:0c:e6:20 gi5 dynamic 4 50:c7:bf:06:63:83 gi7 dynamic 4 50:c7:bf:21:73:52 gi9 dynamic 4 50:c7:bf:21:81:58 gi9 dynamic 4 50:dc:e7:28:08:70 gi7 dynamic 4 5c:cf:7f:df:84:1e gi9 dynamic 4 68:54:fd:47:87:32 gi7 dynamic 4 88:3f:4a:f0:cb:9c gi7 dynamic 4 a8:1b:6a:24:ec:26 gi27 dynamic 7 00:04:20:ed:f8:62 gi7 dynamic 7 00:08:a2:0c:e6:23 gi8 dynamic 7 0c:08:b4:48:cc:63 gi7 dynamic 7 5c:ad:76:d5:36:2d gi7 dynamic 7 88:de:a9:5c:9a:81 gi11 dynamic 7 d0:4d:2c:12:bf:f3 gi7 dynamic 9 00:08:a2:0c:e6:24 gi4 dynamic 9 00:11:32:7b:29:7d gi26 dynamic 9 00:11:32:7b:29:7e gi24 dynamic 9 00:13:3b:2f:67:62 gi10 dynamic 9 00:13:3b:2f:67:63 gi28 dynamic 9 70:6e:6d:f3:11:93 0 self 9 c0:7b:bc:65:4f:13 gi7 dynamic 9 c0:7b:bc:65:4f:1c gi7 dynamic 99 00:01:5c:82:36:46 gi13 dynamic 99 00:08:a2:0c:e6:25 gi1 dynamic sg300-28#Fantastic tutorial! What about broadcast traffic? Do they also follow the mac address rule?
-
broadcast is sent to all FFs for the mac - so it goes everwhere!!! That is on that same L2 network, if switch sees that on say vlan X, then all ports that are also in vlan X would see that traffic. Ports in vlan Y wouldn't get sent that traffic.
For dumb switches - all ports would see it, because all ports are in the same vlan on a dumb switch (vlan 1)..
If you want to see that in action - just sniff on say machine A, and pfsense and then send a ping to 192.168.4.255 from machine B..
edit: I would show you an example of this, but its time to watch some TV with the wife! ;)
-
@johnpoz
A much appreciated thanks! I have consumed more than enough of your time this evening and have no more questions for you regarding this topic. Definitely do not ignore the wife!! Perhaps I can trouble you again sometime in the future?
