Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2773
Views
35
Helpful
16
Replies

routing from internal network to external (internet) - is this possible ?

Go to solution
SJ K
Level 5
Level 5

‎04-29-2015 12:25 PM - edited ‎03-07-2019 11:48 PM

Hi all,

I know that private IPs cannot be used on the internet. But what will be the component that is preventing it ?

In this setup below, assuming i am assigned a /24 public ip block, but i am not going to use or assigned them (e.g. NAT), how/where will my packet from host 1 to 8.8.8.8 be dropped ?

Regards
Noob

Labels:
0 Helpful
16 Replies 16

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to SJ K

‎05-01-2015 05:17 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

I am just curious what if the packet has reached the destination network and there's a local subnet that matches the private src ip which you have already mentioned on what will probably happen ("huh" and drop packet ;))

Source IP, private or otherwise, doesn't matter to normal routing.  However, again, as Mfurnival also noted, the validity of the source IP might be considered by a device.

At the same time, its cool to know that DDos attack are actually using "Fake" src IP which is actually the target IP of the attack.

DoS attacks, and other attacks, often "forge" parts of the packet or violate the intent/purpose of certain packet fields.

Just curious Joseph, when we send a ping to a broadcast address, what is the
"actual device" that will actually broadcast the packets out to all recipients in the subnet ?  

That depends on the transit network device.  The original host only needs to send one broadcast packet.  A hub/switch replicates the broadcast frame/packet to all its other ports excluding the ingress port, and for VLAN capable switches, ports not in the same L2 domain.

A router doesn't normally forward full broadcast packets, but it often will forward directed broadcasts.  For the latter, one packet in would just be one packet out.

... which then the individual end devices will check if it is a .255 broadcast IP and replies to it.  Hence i can also say that all L3 broadcast are L2 broadcast as well.

BTW, a directed broadcast IP wouldn't always be just a .255.  It would be represented by all the hosts bits, for that network, set to one.  Also, hosts on that subnet will receive broadcast packets, but it's up to them what to do with them.  I.e. there may not be any reply.  Yes, a network L3 broadcast packet will be delivered as a L2 broadcast frame.

Go to solution
SJ K
Level 5
Level 5
In response to Joseph W. Doherty

‎05-02-2015 01:42 AM

Duly noted.

Thanks Joseph, mfurnival ! and all who have replied.

 

Regards,

Noob

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card