Default gateway: leaving your own network

Why you need it

When you have a packet for 8.8.8.8, you ask two questions:

Is it in my subnet? Compare IP+mask against the local network. If yes, send it directly over arp and an Ethernet frame
If not, where do you send it? This is where the default gateway comes in: a special route that says "anything I don't know about, hand to this router"

In Linux it looks like this:

$ ip route

default via 192.168.1.1 dev eth0     # ← there it is, the default gateway

192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.50

The first line means "everything unknown → send to 192.168.1.1". The second means "my own subnet → directly over eth0".

Where it comes from

Three typical paths:

DHCP provides it in option 3 (router). At home that is your Wi-Fi router
Set by hand (/etc/network/interfaces, NetworkManager, cloud-init)
Received via RA (router advertisement) in IPv6

How it is used

When a packet for 8.8.8.8 leaves:

The stack checks the routing-table. The match for 8.8.8.8 is default
The default route says: next hop = 192.168.1.1
The stack checks: 192.168.1.1 is in my subnet, so I send an L2 frame
ARP for 192.168.1.1 → we get the router's MAC
We build a frame with dst MAC = router's MAC, dst IP = 8.8.8.8
The router catches the frame, sees the dst IP is not its own, and walks its own table

An important point: in the L2 header the destination is the gateway's MAC, not the final server. At L3 the destination stays 8.8.8.8. At each hop the L2 header is rewritten, the L3 one is not.

Several gateways

Multiple default routes with different metrics, for failover between providers or Wi-Fi/Ethernet
Policy routing (ip rule), different gateways for different source IPs or netfilter marks
VPNs often change the default gateway to the tunnel, so all traffic goes through the VPN

When it breaks

No default route: you ping 8.8.8.8 and get network is unreachable. Fixed with ip route add default via X
Gateway unreachable: packets leave, but ARP cannot find the MAC. You see it in ip neigh as FAILED
Wrong gateway (not in your subnet): the stack rejects it immediately, next hop is not directly reachable

§ команды

bash

ip route show default

Show the default gateway

bash

ip route add default via 192.168.1.1 dev eth0

Set it by hand (if DHCP did not provide one or for manual configuration)

bash

ip route del default

Delete the default route. All packets to foreign networks start failing

bash

ip route get 8.8.8.8

Which route will be used for a specific destination

Why you need it

When you have a packet for 8.8.8.8, you ask two questions:

Is it in my subnet? Compare IP+mask against the local network. If yes, send it directly over arp and an Ethernet frame
If not, where do you send it? This is where the default gateway comes in: a special route that says "anything I don't know about, hand to this router"

In Linux it looks like this:

$ ip route

default via 192.168.1.1 dev eth0     # ← there it is, the default gateway

192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.50

The first line means "everything unknown → send to 192.168.1.1". The second means "my own subnet → directly over eth0".

Where it comes from

Three typical paths:

DHCP provides it in option 3 (router). At home that is your Wi-Fi router
Set by hand (/etc/network/interfaces, NetworkManager, cloud-init)
Received via RA (router advertisement) in IPv6

How it is used

When a packet for 8.8.8.8 leaves:

The stack checks the routing-table. The match for 8.8.8.8 is default
The default route says: next hop = 192.168.1.1
The stack checks: 192.168.1.1 is in my subnet, so I send an L2 frame
ARP for 192.168.1.1 → we get the router's MAC
We build a frame with dst MAC = router's MAC, dst IP = 8.8.8.8
The router catches the frame, sees the dst IP is not its own, and walks its own table

An important point: in the L2 header the destination is the gateway's MAC, not the final server. At L3 the destination stays 8.8.8.8. At each hop the L2 header is rewritten, the L3 one is not.

Several gateways

Multiple default routes with different metrics, for failover between providers or Wi-Fi/Ethernet
Policy routing (ip rule), different gateways for different source IPs or netfilter marks
VPNs often change the default gateway to the tunnel, so all traffic goes through the VPN

When it breaks

No default route: you ping 8.8.8.8 and get network is unreachable. Fixed with ip route add default via X
Gateway unreachable: packets leave, but ARP cannot find the MAC. You see it in ip neigh as FAILED
Wrong gateway (not in your subnet): the stack rejects it immediately, next hop is not directly reachable

Default gateway: leaving your own network

Why you need it

Where it comes from

How it is used

Several gateways

When it breaks

§ команды

§ см. также

Default gateway: leaving your own network

Why you need it

Where it comes from

How it is used

Several gateways

When it breaks

§ команды

§ см. также