Hello Leroy,
On 30.12.19 07:56, Leroy Tennison wrote:
How is the "next hop" done between system interfaces when the > destination has no MAC address?
This is done according to the link technology in question. As an
example, say an IP packet is received on an Ethernet interface and
meeds to be sent via a PPP interface to its destination. The Ethernet
link encapsulation is removed, the IP packet inspected to determine
the egress interface, and then the egress frame, in this case a PPP
frame with an IP packet, is built.
Possibly another way to ask the question is "How is data transfer
between interfaces on the same system done?"
This is an implementation detail of the system in question.
Is there an rfc or standard which specifies this?
I do not know any, and I do not think this should be standardized.
The reason I ask is that OpenVPN tun interfaces (client and server)
don't have MAC addresses. My former understanding was that ARP was
used to determine the next hop (either a router or the destination
system depending on the situation) MAC address in order to transmit
the frame but that obviously doesn't apply in this situation.
I haven't been able to find anything which discusses how frames move
from interface to interface internally on a system.
In general, IP packets move between interfaces of an IP forwarding
device ("router"), not frames. Frames move between ports of the same
link (unmodified, in the Ethernet case).
The OpenVPN tun case is an instance of an IP forwarding device.
Logically speaking, with a grain of generalization applied, IP packets
are sent through some kind of processing pipeline. At first the ingress
link encapsulation is removed, a decision is made whether or not to
forward the packet (think ACLs), where to forward the packet to (think
available routes), and then the egress frame containing the IP packet
is built according to the link technology used on egress.
There are additional things done to the IP packet, at least decreasing
its TTL. There could be some encapsulation, e.g., IP in DTLS in UDP in
IP for the OpenVPN case. The details vary depending on what is done in
the specific case.
When looking at an Ethernet switch with IP forwarding capability
(commonly known as an L3 switch or multi-layer switch), both ingress
and egress interfaces use Ethernet. Thus the general process above is
replaced by a special process that just* switches MAC addresses
according to the result of a forwarding information base (FIB) lookup.
The Cisco implementation of this is called Cisco Express forwarding
(CEF), you may find quite a bit of information if you search for it on
the web.
* This is a bit more complicated, because the IP TTL needs to be
decreased and the Ethernet frame checksum (FCS) needs to be
re-computed, but switching (rewriting) MAC addresses is the basic
idea.
Thanks,
Erik
