From Slashdot: Comcast goes after NAT users

Fri Jan 25 21:37:45 CST 2002

> I agree with most of your analysis, but not your conclusion.  Well,
> actually, it depends on what you meant by "the originating device".
>
> Did you mean the originating device of the IP packet, or the originating
> device of the Ethernet frame(s)?  A router is rarely the originating device
> of an IP packet (a computer usually is), but for any IP packet the router
> forwards over an Ethernet segment the router builds a new Ethernet frame
> (with its own Ethernet MAC address) encapsulating the tired old IP packet.

No no. Let me clarify. Actually there are two MAC addresses (As well as two IP
addresses) in each packet going over Ethernet: A Source and a Destination MAC
Address. The Destination MAC address is set by the application Layer. The Source
address is set by the Data Link layer (Ethernet card) of the sending host. When
a packet is received by a router it checks the destination MAC address and if it
matches with it's own MAC, it passes it on to the OS. The router then check the
IP address to figure out where to route it and then changes the
***Destination*** MAC address to the next-hop router/PC in the routing table. If
the source MAC address were to be changed by each router, the routers would have
to keep state of all the connections going in and out of it. This way, it can
simply forward packets and forget about them.

> Supporting thesis:  An IP packet proper contains no MAC address at all.  A
> MAC address is part of an Ethernet frame that may encapsulate an IP packet,
> if that IP packet is traversing an ISO network layer 2 or below protocol
> that uses MAC addresses (such as Ethernet).

Correct, IP packets don't contain a MAC address, since a MAC address information
resides in the data link layer (layer 2) part of the packet and IP is the
network layer (layer 3).

> The MAC address is only used at the Ethernet layer of the protocol
> stack.  When machine A generates an IP packet to send out over an Ethernet
> LAN, one of the last things it does is slap its own MAC address into the
> Ethernet frame that's going to transport the IP packet.  When machine B
> receives the Ethernet packet, it looks at it, realizes it's an IP packet,
> rips the IP packet out of the Ethernet frame before passing it up the
> protocol stack to the IP layer.  The IP layer (layer 3 of the ISO stack)
> and above neither knows or cares what a MAC address is.

Yes, of the receiving host, not the router. Routers only change the Destination
MAC address and then forward the packet based on it's IP information. Source
address remains intact.

> If machine B is a router, the IP layer of it decides where the IP packet is
> destined for.  If its decision is that it has to go out on an interface
> that happens to be Ethernet, then the Ethernet layer of machine B slaps
> machine B's MAC address onto the packet before pushing it out over the
> wire.  If the outbound interface is, say, ATM, there will be NO MAC address
> on the ATM cells that encapsulate the IP packet.

Whoa there pilgrim! ATM does NOT encapsulate IP packets. The ATM Adaptation
Layer (AAL) converges packets from upper layers into ATM cells. If you had a 1k
packet AAL would segment it into 21 fragments and place each fragment into a
cell for transport. It doesn't remove any information from the physical layer
since it will need it on the other end when it puts the packet back together.

> A proper IP router will not (cannot) reveal a MAC address from a host on
> one interface to another host on a different interface.

I'm not catching what your throwing here...

> Now an Ethernet bridge is another animal entirely, and some routers do a
> nasty bit of deception called proxy ARP.

Yes, bridges are a completely different thing. They are used to segment a
network to reduce traffic. However, not used very much today since most modern
switch act as a bridge in many ways.