The Secret That Default Gateway Did Not Mean to Keep

by Bill Heller

One of the things I’ve learned over my years of learning, and teaching, is one of the most basic rules or processes of IP (Internet Protocol) communications that is also the least learned rule. This rule I speak of has to do with how a host like a PC, knows to communicate with a device at Layer 2 or that it must send data to its default gateway to communicate with it and how it gets its data to the Default Gateway.

The first part of this process has to do with the host making the choice between sending the data to a local Layer 2 address versus sending it to its Default Gateway.

When a host has created a packet which it encapsulated with a source and destination IP address, it can look at that destination address and compare that address to its own IP stack. The IP stack will specify the hosts IP address and network or subnet mask. For example, if a host has an IP address of and its subnet mask is it is capable of determining what range of addresses are on its own subnet. If the address the host is trying to talk to in this case is any address between and then the host knows that the address is on its own subnet.

If the host IS on the same subnet with the destination, then it will try to reach that device via a Layer 2 conversation. It will try to converse MAC address to MAC address. If it does not know the MAC address of the destination, it will use Address Resolution Protocol (ARP) to find out which MAC address belongs to the specified destination IP address and then use said ARP obtained MAC address as the destination Layer 2 address for communication with the other host, and use its own MAC address as the source address.

But what if we find out that the destination IP address is NOT on our own subnet? Then what to do?  Well you, like most people, would probably say “we send it to the Default Gateway”… and you’d be right. But here is where I play the role of a bit of a stinker. This is the point at which I say “Okay, to which address shall we send this packet then?” This is the part of the lesson that is so widely misunderstood.

Often times I have received very confused responses to the preceding question. People will say “Well they send it to the Default Gateway” and I lure them in and say “Oh, so they send it to the IP address for the case above, assuming that’s the address of the Default Gateway?”  So many times they look at me funny like and say “Yeah.” And I take it a step further … ”So, the host changes the destination IP address to and then the router itself puts the correct address on, say” Another funny look… ”Yeah.”

The answer is No.

And I understand why. I have attended many, many trainings over the years, and when the concept of the Default Gateway is explained nearly everyone leaves out the most important part of this process.  This leaves probably millions of technical people to misunderstand this process. And I have gotten this response from actual CCNPs! Expectations on this sort of thing run much higher, yes?  But no. This little detail seems to be as unpopular as the necessity of taxes in a society so let me just call it out.

When the host realizes that the destination address it is trying to send a packet to is not on its own subnet it most certainly tries to send it to its Default Gateway. But it does NOT try to send it to the IP address of its Default Gateway! It sends it to the MAC address … the Layer 2 address of its Default Gateway. Because remember, it talks to addresses on its own subnet via Layer 2 communication … and its Default Gateway IS on its subnet! The host will obtain the MAC address of the Default Gateway using the same ARP process as it does for any IP address it wants to talk to on its subnet, and then form a Layer 2 header which uses the MAC address of the host as the source MAC and the MAC address of the Default Gateway as the destination MAC address. The IP address is of course the original Source and Destination IP address encapsulated on the packet from the host in the first place.

Knowledge of this little fundamental process is vital in understanding other technologies I shall write about in the future, like HSRP, VRRP, GLBP and vPC! Stay tuned.

Related Training:
Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR)
Enterprise Networking

Related Posts

Close Bitnami banner