Unicast Flooding due to Asymmetric Routing

Hello Rosna,

Each router in your network can be used as a default gateway by your hosts but the problem is that most hosts only support a default gateway.

That’s why we use “gateway redundancy” protocols like HSRP, VRRP, and GLBP. You can read more about this here:

About the switch…A switch is a layer two device so all it “cares” about is forwarding Ethernet frames. It only cares about looking at the source MAC addresses to learn addresses and looking at the destination MAC address to figure out where to send it to.

ARP is just one protocol that you can find in an Ethernet frame…an Ethernet frame can also contain an IPv4 packet, an IPv6 packet or some other protocols.

ARP is used to bind a layer two address (MAC address) to a layer three address (IP address). We only need this on a switch if you access the switch with telnet/SSH or if you configure your switch as a router (that’s a layer three switch).


what does symmetric Routing look like ?

Hello Pipat

When referring to routing, asymmetric and symmetric are terms used to describe the path that the packets between two endpoints take. Symmetric routing takes places when two hosts are communicating with each other and all traffic sent from Host A to Host B takes the exact same path (passes through the same routers) as traffic that is sent from Host B to Host A.

Asymmetric routing takes place when traffic sent from Host A to Host B is different than the route taken for traffic sent from Host B to Host A.

These paths can and often are different because there may be multiple redundant paths or load balancing routing configurations that allow for the use of multiple routes to get from one host to another. Symmetric and Asymmetric routing are not static situations but can and do change based on the routing parameters and policies that are in place as well as on the changing state of network traffic and potential link failures.

I hope this has been helpful!


Hi Rene,

Again it is an excellent example and made me think.

When a datagram starts at a host for a specific destination on a different subnet what changes is the L2 header.
I think in your write up , ‘Unicast flooding can occur when a switch doesn’t know the destination MAC address’ can be better written as ‘Unicast flooding can occur when a switch cannot learn the mac address to port binding for a host’. As the frame has the destinaton Mac and not all Fs but it does not know which port to send it to and floods the frame to all pots of a Vlan. the one for which it is meant receives along with others who discards it but network performance degrades.

Many thanks and regards,


Hi @sutandrac1,

I agree, this sounds better. I just changed this.


Hi Lazaros,
Would you please simplify Symmetric and Asymmetric routing?
Although this question has been asked but I didn’t get the concept.

Hello Muhammad

Symmetric routing simply refers to the fact that the route taken from host A to host B is the same route, in reverse, that is taken from host B to host A. Now in Rene’s topology, it may look like the same route is taken in both cases, and yet Rene refers to one of the scenarios as asymmetric and the other as symmetric.

This is because a route is defined by where the routing takes place. So more precisely, symmetric routing is routing where the routers through which a packet is routed are the same as those used for the return journey, in reverse order.

With this in mind, in the topology in the Lab, a symmetric routing scenario is one where:

  • H1 --> SW1 --> H2 (where SW1 is used as the default gateway of H1 and the packets are routed there)
  • H2 --> SW1 --> H1 (where SW1 is again used as the default gateway of H2 and the packets are routed there)

An asymmetric routing scenario is one where:

  • H1 --> SW1 --> H2 (where SW1 is used as the default gateway of H1 and the packets are routed there)
  • H2 --> SW2 --> H1 (where SW2 is again used as the default gateway of H2 and the packets are routed there)

I hope this has been helpful in clarifying it further!


Great explaination.
Anyway I can’t understand the advantages of asymmetric routing.

For example in the case where H1 and H2 would be two routers to exit outside…why should I implement a topology like this?


Hello Giovanni

There really isn’t a reason why you would deliberately create asymmetric routing. The purpose of the lesson here is to inform you of the concept. You may set up a network like this without realizing that asymmetric routing is actually taking place.

Now having said that, the only time you would want to deliberately set up a network like this is if you want to more evenly distribute routing responsibilities between two devices. If you have a large network and all your routing takes place in one of the two L3 switches, a lot of CPU and memory would be used on that switch to route everything while the other’s resources remain idle. Although this is true, there are other more appropriate ways to distribute such routing responsibilities (such as Gateway Redundancy protocols).

In that case, you probably wouldn’t create such a scenario, but you’d look at implementing a multi-homed edge topology using BGP similar to those found in the following lesson.

I hope this has been helpful!


Hi Rene

You have mentioned “SW2 will put the IP packet from host 2 in an Ethernet frame that has its own MAC address as the source.”
What do you mean by “own MAC address as the source”, which address?
What source address you are referring to? do you mean the source address of VLAN10 (SVI) or source address as the Base address of the switch?
I also want to check that the IP packet which is encapsulated under Ethernet frame will have Src as host2’s MAC address and dst as host1’s MAC address, is that correct?


Hi @vikrants31,

Good question. The IP packet is routed, so the source MAC address is the MAC address of the VLAN 10 SVI. I just updated this sentence to include that.

This would be true if H1 and H2 were in the same VLAN. When H2 wants to send an IP packet to H1, the source IP address is and the destination IP address is

From H2’s perspective, is on another subnet so it will send the IP packet to its default gateway (SW2 - The source MAC address is H2, the destination MAC address is SW2’s VLAN20 SVI.

Hope this helps!


The diagrams under the section titled “Traffic path from Host 2 to host 1” has incorrect interface and switch labels that causes confusion. For instance, the first diagram in this section shows SW2 with two interfaces to connected hosts labeled Fa0/1 and Fa0/3. Now, this switch may in fact have these interfaces but I am assuming that we are trying to stay in strict accordance with the network diagram shown at the beginning of this lesson (four hosts, two switches, separate and distinct interface labels). The subsequent diagrams are similarly incorrectly labeled as you progress through this section.


Hi Brad

Once again, thanks for pointing this out. We’ll get to fixing it as soon as possible.


Hi Rene and Team,

Thank you for your great posts and articles to assist with our Studies!

In regards to why SW1 will never learn the MAC address of H2 – Would it be possible for you to explain this again?

In my understanding, if H1 wants to ping H2 the following happens:

SW1 has an ARP entry which is still valid for H2 (Default 4 hours) but the MAC address table entry has been flushed as 5 minutes have passed – Therefore, SW1 doesn’t know which interface to forward the packet out of, so it broadcasts this traffic out of all interfaces (Which is why H3 receives these). Once SW2 receives the packet it passes it on to H2 – I think the issue is when the reply packet is sent from H2.

As SW2 already has an ARP entry for H1 – An ARP request does not take place and the packet is routed as an IP packet which is why the mac address of H1 is stripped from the frame and replaced with SW2’s own MAC, hence SW1 not ever learning H2’s MAC.

Please let me know if I am completely incorrect with the above description :blush:

Thanks for your support.

Hello Andrew

Let me walk through it myself as well, I think it will be easier to explain:

  1. H1 pings H2
  2. Because H2 is in a different subnet, H1 sends the packet to the default gateway, that is, SVI VLAN 10 on SW1.
  3. SW1 decapsulates the frame and looks at the IP header. Destination IP address is that of H1. If it has the ARP entry, then it knows the destination MAC address to place in the frame header, and it does so.
  4. If it has no entry for the destination MAC in the MAC table, then it will be flooded out of all ports on VLAN 20 and all trunks that include VLAN 20, so H3 does indeed receive it too).
  5. SW2 will receive the packet. If the MAC address of H2 is in the MAC address table, then it will be forwarded only out of Fa0/2. Otherwise it will be flooded to all VLAN 20 ports.
  6. H2 receives the ping, and responds to the IP address of H1. It sends the response to the SVI VLAN 20 of SW2.
  7. It decapsulates the frame, checks the destination IP, and uses the ARP cache to find the destination MAC, and populates the frame header with destination MAC.
  8. If it doesn’t have an entry in the MAC address table for this destination MAC, it will be sent out all of the VLAN 10 access interfaces and trunks that include VLAN 10, reaching SW1.
  9. if the destination MAC is in the MAC table, the frame is forwarded out of Fa0/1 to go to H1. If it is not in the MAC table, it is flooded out of all VLAN 10 access ports and trunk ports that include VLAN 10.

Sorry for restating this, but it helps in verification. Your understanding is indeed correct. SW1 will never learn H2’s MAC address because all traffic between H1 and H2 is routed at SW2, so H1’s MAC address never reaches SW1 for it to be recorded.

I hope this has been helpful!


Hi Laz,

Thank you very much for your quick and detailed response - This is very much appreciated!

You have cleared this is up for me :slight_smile:

Many Thanks,


1 Like

Hi Guys, I understand that the destination MAC for broadcast traffic is ffff.ffff.ffff but what is the destination MAC address used for unknown unicast frames? Thanks - Gareth.

Ok - there isn’t a specific unknown unicast MAC address (I think), the MAC address for the desired destination host is used and flooded via every port apart from the ingress.

Hello Gareth

Yes, that’s it. When we say “unknown” MAC address, we mean a MAC address that is not found within the MAC address table of the switch. And in the case described in the lesson, the switch will never learn this MAC address, so all such traffic will be flooded.

Remember that a switch populates its MAC address table by taking the source MAC address of a frame and associating it with the port on which it came in on. This information is placed in the MAC address table. In the scenario described in the lesson, the MAC address of H2 will never be learned by SW1 because all incoming traffic from this device is routed on SW2, so the only MAC address SW1 will see is that of the SVI on SW2.

So the MAC address of H2 will remain unknown forever, and will cause flooding on SW1.

I hope this has been helpful!


Hi Rene,

I am confused a bit. When you say that SW1 have ARP entry of H2, so, I believe it knows the MAC address of H2.

SW1#show ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet          101   0017.5aed.7af1  ARPA   Vlan20

SW1#show mac address-table address 0017.5aed.7af1
          Mac Address Table

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----

Is it because that it does not know how to reach the MAC of H2 ,it floods the packet towards all VLAN 20 ports except the port from where it received the packet?

Please help clear the confusion.