Can different network segments in the same VLAN be pinged? Summary and analysis of various intercommunication and incommunicability in the network

The IP addresses of the same VLAN and the same network segment can communicate directly with each other, so can the IP addresses of different network segments of the same VLAN communicate with each other? In this issue, we recommend an article that can solve some strange problems encountered in the network and deepen your understanding of the network.

[[273386]]

1. Can different network segments in the same VLAN be pinged successfully?

We have already been familiar with how the same VLAN and the same network segment can communicate with each other, and how different VLANs can communicate with each other, but we have not discussed in detail how the same VLAN and different network segments can communicate with each other. Let's take a look at it today.

Example 1:

Now there are two computers, they are in the same VLAN,

• pcA IP address: 10.1.1.1/8
• pcB IP address: 11.1.1.1/8

1. No gateway, A pings B

Destination host reported as unreachable

Obviously, machine A found that the other party was not in the same network segment as itself, and tried to find a gateway, but the gateway did not exist, so it reported that the host was unreachable. The Sniffer on B did not capture any packets, and the network card only sent but did not receive. Obviously, the data did not go out.

2. Set the gateway to the other party's IP, A ping B

The ping is working fine. Why is it working fine?

From the packets captured by the Sniffer on computer A, we can see that when A was pinging the other party, A first performed an ARP broadcast, which asked what the MAC of 11.1.1.1 was.

Obviously, this ARP broadcast can be received by B (because they are in the same VLAN), and 11.1.1.1 is exactly B's IP address, so B should respond to this ARP request. The following figure shows the packet capture on A. A first broadcasts ARP and then receives a response from B.

In this way, A has B's MAC, and B learns A's MAC when it receives A's ARP broadcast, so the two parties can PING.

3. Set the gateway to yourself, A ping B

It can be pinged as well. The packet captured on A is as follows:

The result is the same as in the second case. A still broadcasts the MAC of 11.1.1.1 first. After B receives this ARP broadcast, B is obliged to respond. Then both parties know each other's MAC, so they can PING successfully.

Different from the second case, we can clearly know here that 11.1.1.1 in ARP refers to the IP address specified in PING rather than the gateway (gateway A is 10.1.1.1 at this time). So does 11.1.1.1 in the second case also refer to the IP specified in PING? Let's take a look at it below.

2. Ping three non-existent IP addresses to gain a deeper understanding of the principles of network communication

Set the gateway to yourself and ping 3 non-existent IPs:

• One is in the same network segment as yourself;
• One is in the same network segment as the gateway;
• One is not in the same network segment as anyone else;

1. PING the IP in the same network segment as your own. The PING returns a timeout. The packet capture result on B is as follows:

It can be seen that A sent an ARP broadcast querying 10.1.1.2 instead of querying the gateway (10.1.1.1). Since this IP does not exist, no machine responded.

2. PING the IP in the same network segment as the gateway.

After the timeout, B received the ARP broadcast about 11.1.1.2 from A. Since the address 11.1.1.2 does not exist, no machine responded.

3. PING an IP that is not in the same network segment as anyone else

After the timeout, B received an ARP broadcast about 100.1.1.1 from A. Since the address 100.1.1.1 does not exist, no machine responds.

From the above three experiments, we can see that when the gateway is set to itself, no matter what the PING address is, the ARP broadcast sent by the computer directly inquires about the MAC corresponding to the IP specified in PING, without inquiring about the gateway's MAC. This is consistent with the description in Volume 1. In fact, the computer will still ask for the gateway's MAC before broadcasting the IP specified by the PING command, but here this step is skipped because the gateway is itself.

Is this really the case? Let’s verify it again.

3. The IP address of B in the gateway setting of computer A does not exist in the gateway setting of B

The gateway of computer A is set to the IP address of computer B, but the gateway of computer B is set to a non-existent IP (and is not in the same network as computer A or computer B). There are three PING situations.

1. PING the IP address in the same network segment as the gateway and capture the packets on A. You can see that A first sends out an ARP broadcast request for the gateway 11.1.1.1 (correspondingly, B receives this broadcast request), and B responds to 11.1.1.1 with ARP. However, this IP address does not exist, so the PING result times out.

2. PING is not in the same network segment as anyone else, so it times out. The result is similar to that in 5.2. A sends a request for gateway 11.1.1.1, and B responds. But the PING times out.

3. PING the address of computer B, but the result is timed out. Why is this not working? According to the above test, computers A and B can obtain each other's MAC. Under Ethernet, if there is MAC, there should be communication. But it is not working at this time. Check the packets captured by Sniffer and you can find:

A sends an ARP broadcast request for 11.1.1.1, and B responds to 11.1.1.1. However, it receives multiple ARP broadcast requests for 100.1.1.1 from B, and the request for 100.1.1.1 does not get a response from B. It seems that B is trying to query the MAC corresponding to B's gateway (100.1.1.1). B will not respond to the PING until the gateway MAC gets a response.

From all the experiments above, we can see that when a computer communicates with an address that is not in the same network segment, the computer first looks for the gateway's MAC. If the gateway MAC does not respond, it will not respond to the PING.

Therefore, situations 1 and 2 in Example 1 are special cases, which just take advantage of the fact that the gateway and the host IP are the same to deceive the computer. If the gateways of AB are set to have nothing to do with AB IP, they will definitely not be able to communicate with each other.