One may think that this subject is insignificant as everyone from networking domain knows what ARP is. In era of SDN’s, virtualization, clouds that may seem be the old well known topic, but to tell you the truth, I still meet network engineers (they are called professionals) applying for a job who can’t define ARP or explain how can one find the physical address of the machine while having only IP!
That’s why I feel I need to explain this once more. When a computer (lets call it Host A) plugs in to the Ethernet port it receives an IP address (while using DHCP) and then starts to communicate with other hosts (they all have unique IP addresses). As you may also know, in Ethernet segment IP packets are encapsulated with Ethernet frames which have source and destination MAC addresses in headers. Remember that from the Ehternet switch perspective frames are language of Ethernet not IP packets! So every end device has a IP and MAC address and needs mechanism to map others IPs to MACs. This mapping mechanism is called ARP.
How does it work?
If Host_A (let’s assume IP=192.168.1.10) wants to communicate with other host – Host_B (assume Host_B has IP=192.168.1.20) it needs to encapsulate the packet directed to B with Ethernet frame BUT doesn’t know what destination MAC to inject into the frame yet, and that is the trigger!
When A sees that B is in it’s subnet it ARPs for IP 192.168.1.20 in following words: Who has 192.168.1.20? Request message for unkown MAC is sent to ALL Ethernet addresses (broadcast). In Ethernet notation such address is FF:FF:FF:FF:FF:FF (all ones). In source MAC address field, Host A includes its MAC. In the ARP request message A includes it’s IP Address. The frame then is received by all devices in ethernet segment thanks to broadcast. The owner of requested IP, responds with ARP reply with unicast back to Host A and includes its own MAC in message. After that, Host A stores Host’s B MAC address in IP – MAC mapping table, this table is called ARP table. From now, host A knows that when sending traffic to Host B, it has to encapsulate the packets with frames with MAC B in destination.
What if the host B is not in our subnet?
When Host A wants to send traffic beyond the subnet it belongs to, it will always use MAC address of gateway as a destination. So if default gateway IP address is received via DHCP offer, the ARP request for default gateway is the first thing to resolve when communicating with outside the subnet.
References:
[1] RFC 826 – https://tools.ietf.org/html/rfc826
one point i doubted, ARP requests should be between hosts connected through a layer 3 device, as switches have no way to understand DES/SRC IP, and broadcasts do not cross layer 3 boundary am i missing something?!. in the above example if the switch was in between two hosts, why did not it use unknown unicast flooding?
Hi Ahmed, thanks for the question. ARP is a mechanism that works between ethernet devices (i.e. hosts) connected to the same layer 2 segment, so in fact there is no need for L3 device at all. Imagine two laptops connected to layer 2 ethernet (dumb) switch. They still use ARP for IP – MAC resolution and no L3 device is needed. Broadcasts do not cross the l3 boundary, right. In above example L2 switch is between two host, but the L2 switch doesn’t interpret ARP at all but performs “standard” bcast flooding like L2 switches do in case of all ones in destination MAC address and learns the source unicast MAC address. Hope this answers your question.
best
Marcin