US Region

Grandmetric LLC
Lewes DE 19958
16192 Coastal Hwy USA
EIN: 98-1615498
+1 302 691 94 10

EMEA Region

ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43


Grandmetric LTD
Office 584b
182-184 High Street North
E6 2JA
+44 20 3321 5276

  • en
  • pl
  • ARP – what is it for ?

    ARP – what is it for ?

    Date: 07.11.2016


    One may think that this subject is insignificant as everyone from networking domain knows what ARP is. In era of SDN’s, virtualization, clouds that may seem be the old well known topic, but to tell you the truth, I still meet network engineers (they are called professionals) applying for a job who can’t define ARP or explain how can one find the physical address of the machine while having only IP!

    That’s why I feel I need to explain this once more. When a computer (lets call it Host A) plugs in to the Ethernet port it receives an IP address (while using DHCP) and then starts to communicate with other hosts (they all have unique IP addresses). As you may also know, in Ethernet segment IP packets are encapsulated with Ethernet frames which have source and destination MAC addresses in headers. Remember that from the Ehternet switch perspective frames are language of Ethernet not IP packets! So every end device has a IP and MAC address and needs mechanism to map others IPs to MACs. This mapping mechanism is called ARP.

    How does it work?

    If Host_A (let’s assume IP= wants to communicate with other host – Host_B (assume Host_B has IP= it needs to encapsulate the packet directed to B with Ethernet frame BUT doesn’t know what destination MAC to inject into the frame yet, and that is the trigger!

    When A sees that B is in it’s subnet it ARPs for IP in following words: Who has Request message for unkown MAC is sent to ALL Ethernet addresses (broadcast). In Ethernet notation such address is FF:FF:FF:FF:FF:FF (all ones). In source MAC address field, Host A includes its MAC. In the ARP request message A includes it’s IP Address. The frame then is received by all devices in ethernet segment thanks to broadcast. The owner of requested IP, responds with ARP reply with unicast back to Host A and includes its own MAC in message. After that, Host A stores Host’s B MAC address in IP – MAC mapping table, this table is called ARP table. From now, host A knows that when sending traffic to Host B, it has to encapsulate the packets with frames with MAC B in destination.

    ARP Table, ARP request and ARP reply, ARP - what is it for?

    ARP request and ARP reply communication scheme – fundamentals

    What if the host B is not in our subnet?

    When Host A wants to send traffic beyond the subnet it belongs to, it will always use MAC address of gateway as a destination. So if default gateway IP address is received via DHCP offer, the ARP request for default gateway is the first thing to resolve when communicating with outside the subnet.


    [1] RFC 826 –



    Grandmetric is an IT Next Generation Systems integration company helping clients with their IT transformation, infrastructure automation, LAN, WiFi, SD-WAN & SDN delivery. Fast growing Grandmetric team is becoming also a referal point in Cloud migrations and DC Stack management with their Storage, OS and virtualization experience. Grandmetric provides technical insights along with technical trainings in areas of expertise. Latest projects cover also IoT subjects R&D in the area of IoT backend development, big data analysis and monitoring. Based on above experience in production systems maintenance, new division – Grandmetric Managed Services (GMS) maintaining IT infrastructure of corporates & globally present customers is available for demanding IT environments.

    29 December 2020 at 12:01

    one point i doubted, ARP requests should be between hosts connected through a layer 3 device, as switches have no way to understand DES/SRC IP, and broadcasts do not cross layer 3 boundary am i missing something?!. in the above example if the switch was in between two hosts, why did not it use unknown unicast flooding?

    Marcin Bialy
    29 December 2020 at 12:23

    Hi Ahmed, thanks for the question. ARP is a mechanism that works between ethernet devices (i.e. hosts) connected to the same layer 2 segment, so in fact there is no need for L3 device at all. Imagine two laptops connected to layer 2 ethernet (dumb) switch. They still use ARP for IP – MAC resolution and no L3 device is needed. Broadcasts do not cross the l3 boundary, right. In above example L2 switch is between two host, but the L2 switch doesn’t interpret ARP at all but performs “standard” bcast flooding like L2 switches do in case of all ones in destination MAC address and learns the source unicast MAC address. Hope this answers your question.



    Leave a Reply

    Your email address will not be published. Required fields are marked *