• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 225
  • Last Modified:

Routing Puzzler

I ran into the following puzzle I can not duplicate.

I helped a friend with his network and noticed that his workstations were configured with 192.168.0.0/24 network block. All very standard. What was odd however was that he had an HP printer on a totally different network address. Something like 34.25.4.6 and it worked. I could even punch in the printer address in netscape and get the printer configuration screen.

I typed route and there was a persistant route:
34.25.4.6 255.255.255.255 192.168.0.100
Each workstation had a persistant route pointing to its own local IP address.

Unfortunatly I "fixed" it before really understanding how they got it to work.

Any ideas on what they did to make this work.
They have windows me workstations and an NT server.

I don't have a problem it is just bugging me that I don't understand how they make it work.





0
davidpm
Asked:
davidpm
  • 5
  • 4
  • 2
  • +2
1 Solution
 
escheiderCommented:
My first thought would be that the Router <192.168.0.100> was allowing traffic to be routed between the two networks <192.168.0.100> and <34.25.4.5> as your route indicates.  It shows that you are adding a specific hosts to the routing table and using 192.168.0.100 as your gateway.
0
 
cincin77Commented:
I think it works as follows:

192.168.0.100 is machine that makes routing.
Think from the printer side:
printer would like to reach a computer in the subnet 192.168.0.0/24. it realizes that the target machine is on another subnet and looks for its default gateway which is 192.168.0.100. it prepares an arp packet for the mac address of the machine with IP 192.168.0.100 and broadcasts it. As the machine 192.168.0.100 gets this arp request it replys to the printer with its MAC address and printer can send its packets to its default gateway. And there must be a route on the machine stating:
Send the packets with a destination IP of 34.25.4.5 through the interface with the IP address of 192.168.0.100.
So the packets can go in two ways.

As you see from the point of IP, all of this can happen as  it is in your case.
0
 
scraig84Commented:
I am getting a different impression from your post than the last two guys...

My understanding of your post was that each workstation pointed to itself for the gateway - not that every device is pointing to 192.168.0.100 as a gateway.  This address was simply an example, right?

If so, then it is fairly simple.  You'll notice in a workstation's route table that any time a broadcast is used, the gateway is itself - for example 255.255.255.255 is likely in your table now with the gateway as your IP address.  Therefore rather than trying to route this over a router, or try to get the device's MAC through an ARP request (which it couldn't do since it would be considered remote), the route table told the workstation to send it out with a broadcast MAC.  This would definitely get the packet there.  The printer could respond in the same way or some IP clients (non-windows) can be told to arp for remote devices.

This is HIGHLY inefficient, as it forces all machines to process every packet going to the printer enough to see that the IP address is not theirs, but it should work.
0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 
andyalderSaggar makers bottom knockerCommented:
So maybe someone added jetadmin on each PC (which finds jetdirects on any network address) rather than just on one PC to configure it. 192.192.192.192.....
0
 
escheiderCommented:
kinda sounds like we need more information, since everyone is coming up with different theories..
0
 
andyalderSaggar makers bottom knockerCommented:
Me speak nonsense, 192.0.0.192 was what I meant (guessing davidpm's "Something like 34.25.4.6" address to be jetdirect default address. Assumed that his predecessor had followed something similar to http://www.hp.com/cposupport/networking/support_doc/bpj06552.html but jetadmin discovery methods use similar tricks.
0
 
davidpmAuthor Commented:
Scraig84 interpreted my scribbles correctly. Each workstation had the printer address routed to its local address.
As a further test I did the following on a different network.
Confirmed that the address of my workstation is 192.168.255.203/24
I plugged a Sonicwall router that has a web administration interface and an address of 192.168.168.168

On my 98 workstation I went to dos and typed
route add 192.168.168.168 mask 255.255.255.255 192.168.255.203

Then went to my browser and put in the 192.168.168.168 address.

IT WORKED!


Should be easy for anyone to test, all you need is two computers. Just use ping instead of a web server/browser for proof.

So does this mean that Scraig84 is corrent?
>> the route table told the workstation to send it out with a broadcast MAC.  

If so what exactly does the above quote mean. IOW under what other circumstaces are packets sent with a broadcast MAC and why? In what way does this route statement make this happen? I know what a broadcast IP address is but what is a broadcast MAC?

I thought I knew IP. Guess I know nada. Sigh%%%







0
 
davidpmAuthor Commented:
This may be an answer to one part of the my question.

http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/arp.html

The revelent passage.
>>An Ethernet network uses two hardware addresses which identify the source and destination of each frame sent by the Ethernet. The destination address (all 1's) may also identify a broadcast packet (to be sent to all connected computers).
0
 
andyalderSaggar makers bottom knockerCommented:
>So does this mean that Scraig84 is corrent?
>>> the route table told the workstation to send it out >with a broadcast MAC.  

In a way. The routing table entry tells the workstation that the normally remote IP address is on the local broadcast domain, it broadcasts ARP for the mac address and then everything following is unicast, same as normal.

I was more suggesting a reason for those static routes being there in the first place.
0
 
davidpmAuthor Commented:
Andy what you say makes a lot of sense. It seem highly unlikely that that it would have to broadcast for each packet. If I get a chance and set this up again make a connection and check my arp table and the mac of the remote device is there that should confirm your contention.
Do you agree?

0
 
davidpmAuthor Commented:
Andy does this mean that you disagree with the "highly inefficent comment".

As to whey they did it that way it could be as simple as they not knowing how to change the IP of the printer. This is very likely because when I showed them the web interface they were amazed.

I'm still not clear as to exactly
>>>
The routing table entry tells the workstation that the normally remote IP address is on the
local broadcast domain,<<
this happens. When else does this happen. Is this an anomoly or artifact or a built-in concept used for other purposes.
0
 
scraig84Commented:
I just did a test with it and traced what happens.  Andy is correct that rather than sending every packet to a broadcast MAC, it forces the workstation to arp locally for the address.  So, the "highly inefficient" comment would be incorrect on my part.  Since most OS's don't even need to have broadcast addresses in their routing tables, I made the assumption that if another route was placed in, that it would be treated the same as other broadcasts.

Anyway, at least you know why it works at this point.  Bizarre way of deciding to make something function though!
0
 
andyalderSaggar makers bottom knockerCommented:
>Bizarre way of deciding to make something function
though!
I certainly agree with that.

When else does it happen? look at the normal routing table, there's a static route to the local subnet through the local NIC, something like

10.0.0.0  255.255.0.0  10.0.10.101  10.0.10.101 1
which tells the machine that anything on 10.0.x.x on my PC belongs on the local cable and not to send it to the default gateway.

Also the case of 2 subnets on a single hub without a router to forward packets, say 192.168.0.0 and 192.168.1.0, you could adjust the subnet mask to /23(supernet) or you could add a static route like

192.168.1.0 255.255.255.0 192.168.0.1 192.168.0.1 1
except that you would have to add this route on every PC and the route would be different on each since the gateway to the other subnet is through it's own IP address which makes it almost un-maintainable except as a temporary workaround.
0
 
davidpmAuthor Commented:
I wish this screen allowed split points. Scraig was first to get it even though he wasn't exactly right at first.

Andy thanks for your clarifications.
I have a related question I'm sure you will be able to help with. I'll post a referance to it here so you will get a notification when it apears.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 5
  • 4
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now