Quick Links

When you set up a network in your office, and depending on the equipment and setup used, just how smart and/or efficient could that network actually be? Today's SuperUser Q&A post has the answer to a curious reader's question.

Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.

Photo courtesy of felixtriller (Flickr).

The Question

SuperUser reader bizzehdee wants to know just how smart and/or efficient the network in his workplace office really is:

There is an argument within my office about how smart/efficient the network we have set up really is. We have a fiber line and a cable line running into a load balancing router, which has a hardware firewall and a 64 port switch connected to it. Each of our workstations are connected to the switch (about 30 machines) plus an NAS and a couple of internal test servers (all assigned 192.168.0.x addresses).

If workstation A wants to communicate with workstation B, is our network smart enough to go:

A → Switch → B and only travel via the first most common connection, or would the path be A → Switch → Firewall → Router → Firewall → Switch → B and have to use that full route every time?

How smart and/or efficient could their workplace office network actually be?

The Answer

SuperUser contributors Ben N and Nathan Adams have the answer for us. First up, Ben N:

Routers are not necessary unless your traffic needs to move to a different subnet. When a computer wants to send some IP traffic to a different machine on its subnet, it needs the recipient's MAC address, since IP addresses are not a thing at the switch level/layer (Layer 2 of the OSI model).

If it does not know the MAC address, it broadcasts an ARP request saying, "Hey, whoever has this IP address, could you tell me your MAC address please?" When the machine gets a response, that address is then attached to the packet, and the switch uses it to send the packet out via the correct physical port.

When the destination is not on the same subnet, routers need to be involved. The sender gives the packet to the appropriate router (usually the default gateway unless you have special routing needs), which sends it through the network to the intended recipient.

Unlike switches, routers know about and have IP addresses, but they also have MAC addresses and that is the MAC address that initially gets put on packets that need routing (MAC addresses never leave the subnet).

You can see router IP addresses in the gateway column of the output of route print on Windows. Destinations that do not require routing have On-link there.

Followed by the answer from Nathan Adams:

If two computers are connected to the same VLAN on a switch and share the same subnet mask, the switch should deliver the packet without hitting your firewall or router.

You can verify this by running tracert 192.168.0.X (assuming you are using Windows) and you should see a direct route to that system.


Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.