Blog

IP and Mobile Trends and Education

 

ARP – what is it for ?

Author:


07.11.2016

One may think that this subject is insignificant as everyone from networking domain knows what ARP is. In era of SDN’s, virtualization, clouds that may seem be the old well known topic, but to tell you the truth, I still meet network engineers (they are called professionals) applying for a job who can’t define ARP or explain how can one find the physical address of the machine while having only IP!

That’s why I feel I need to explain this once more. When a computer (lets call it Host A) plugs in to the Ethernet port it receives an IP address (while using DHCP) and then starts to communicate with other hosts (they all have unique IP addresses). As you may also know, in Ethernet segment IP packets are encapsulated with Ethernet frames which have source and destination MAC addresses in headers. Remember that from the Ehternet switch perspective frames are language of Ethernet not IP packets! So every end device has a IP and MAC address and needs mechanism to map others IPs to MACs. This mapping mechanism is called ARP.

How does it work?

If Host_A (let’s assume IP=192.168.1.10) wants to communicate with other host – Host_B (assume Host_B has IP=192.168.1.20) it needs to encapsulate the packet directed to B with Ethernet frame BUT doesn’t know what destination MAC to inject into the frame yet, and that is the trigger!

When A sees that B is in it’s subnet it ARPs for IP 192.168.1.20 in following words: Who has 192.168.1.20? Request message for unkown MAC is sent to ALL Ethernet addresses (broadcast). In Ethernet notation such address is FF:FF:FF:FF:FF:FF (all ones). In source MAC address field, Host A includes its MAC. In the ARP request message A includes it’s IP Address. The frame then is received by all devices in ethernet segment thanks to broadcast. The owner of requested IP, responds with ARP reply with unicast back to Host A and includes its own MAC in message. After that, Host A stores Host’s B MAC address in IP – MAC mapping table, this table is called ARP table. From now, host A knows that when sending traffic to Host B, it has to encapsulate the packets with frames with MAC B in destination.

ARP Table, ARP request and ARP reply, ARP - what is it for?

ARP request and ARP reply communication scheme – fundamentals

What if the host B is not in our subnet?

When Host A wants to send traffic beyond the subnet it belongs to, it will always use MAC address of gateway as a destination. So if default gateway IP address is received via DHCP offer, the ARP request for default gateway is the first thing to resolve when communicating with outside the subnet.

References:

[1] RFC 826 – https://tools.ietf.org/html/rfc826

Author

Marcin Bialy

Marcin Biały is Network and Security Architect with over 10 years of experience, with Service Provider and Enterprise networking background. He used to work for large service providers, global vendors and integration services companies as Network Architect, Leading Architect and Techincal Solution Manager positions. He designed, implemented and supported dozens large scale projects and infrastructure migrations, solved hundreds of tickets and spent hours with CLI and GUI of many flavors. Marcin is also holding industry recognizable certificates such as CCNP, CCNA, CSSI, FCNSP, FCNSA and more.

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code


 

Newsletter