Address Resolution Protocol

Any host with a packet that is destined to a known IP address will need the destination interface MAC address to be able to send the packet.

Note

A host will have the IP address of the destination host through name to IP address resolution, utilizing the Domain Name System (DNS) to be covered later in this content. In understanding how ARP works, the step to retrieve the destination IP address is assumed to have been accomplished.

For example, in the scenario topology below, host1 is sending a packet to host3, knowing its interface IP address, 192.168.1.213.

_images/basictopowithIP.png

host1 needs the destination MAC address to send the Ethernet packet:

_images/needmac.png

host1 can create the IP packet with all of its fields along with the Ethernet packet that encapsulates the IP packet in its payload, except the missing destination MAC address for the host0.

_images/knownaddrs.png

This is where the Address Resolution Protocol comes into play. ARP is used by the host operating systems to retrieve the MAC address of a host interface with a known IP address.

Implementation Insight

ARP is implemented by each host’s operating system using the guideline specified in the RFC 826 An Ethernet Address Resolution Protocol. Each operating system has a different command line option to show its ARP table as it is populated with translations learned for various destination IP addresses to MAC addresses. For example, the ARP table in the MAC OS can be retrieved using the command:

arp -a

Host operating systems save ARP tables for MAC-IP address pairs:

Host ARP Table

MAC

IP

Expiration Time

host1 MAC

host1 IP

T0

host3 MAC

host3 IP

T2

An ARP Packet

The ARP packet is an Ethernet protocol packet with a type field set to the reserved number for ARP, 0x0806. Here is an ARP request packet:

_images/arpflowchpktfields1.png

The operation code (arp.opcode) indicates that this is an ARP request:

arp.opcode = 1

The target IP address indicates the interface IP for which the MAC address is requested.

_images/arpflowchpktfields2.png

The reply packet has an ARP opcode for reply:

arp.opcode = 2
_images/arpreplypacket.png

The host with the interface IP address that is equal to the target IP address will send a reply.

_images/arpflowreplypacket.png

Broadcast Message

A layer 2 broadcast message is forwarded to all ports other than the incoming port of a bridge for the broadcast domain. A broadcast message will reach all hosts connected in a broadcast domain.

_images/bcastpacket.png

The destination MAC address for broadcast is a reserved MAC address, FF:FF:FF:FF:FF:FF, and it would never be added to the bridge L2 tables.

_images/flowchbcast.png

The Ethernet MAC learning bridge behavior is updated with the case when destination MAC address of a packet is the broadcast MAC address.

_images/flowchbcastforwarding.png

The packet destination MAC is checked by the bridge and if it is this reserved address of all 1 bits, FF:FF:FF:FF:FF:FF, no lookup is performed as shown in the flow chart. Instead, the bridge designates all ports other than the incoming port as outgoing ports and forwards the packet on them.

ARP Request

ARP is used by the host operating systems to request the MAC address of a host with a known IP address. ARP request is broadcast to all layer 2 hosts within the broadcast domain. Please note that the ARP operation code for request is 1.

_images/arpreqfields.png

ARP Flow Chart

Host OS continuously sets the bindings for the pairs, (MAC, IP), of interfaces in the ARP table as new ARP packets are received at the host interface. The set action causes these records to become refreshed in order to maintain frequent talkers in the table so less number of ARP exchanges are needed in the future.

The behavior of the protocol in host OS is mapped on a flow chart using the RFC specification for the ARP.

Note

The ARP operation code (whether this is a REQUEST or a REPLY or other) is not checked until the very end of the flow chart.

_images/arpflowch.png

A host receives an Ethernet packet with packet Ethertype field equal to 0x0806. It removes the Ethernet header and retrieves the ARP packet from the payload portion of the Ethernet packet if the packet’s destination MAC address is either equal to the host interface MAC or the reserved broadcast MAC address, FF:FF:FF:FF:FF:FF.

_images/arpflowch1.png

Next, the sender IP address in the ARP packet is checked. If the host ARP table has the sender IP address, the ARP table entry is refreshed with the sender MAC address in the ARP packet.

_images/arpflowch2.png

Then, the target IP address is compared with the host’s interface IP address. If it is equal, then the host updates its ARP table entry with the sender interface IP and MAC address.

_images/arpflowch3.png

Finally, if the packet ARP opcode is request, the host replies with an ARP reply packet.

_images/arpflowch4.png

Broadcast Message in Layer 2

Assuming that the bridges start with an empty L2 table, if a broadcast message is sent by one of the hosts in the following topology, the events and updates on L2 tables and the bridge behavior can be traced as follows:

_images/reqpkt1.png

bridge1 L2 table

Port

MAC

1

host1 MAC

bridge2 L2 table

Port

MAC

When host1 sends an ARP request, the broadcast message is forwarded on all ports of the bridges other than the incoming one, starting with bridge1 below.

_images/reqpkt2.png

Similarly, this broadcast packet will be forwarded on all ports of bridge2 as well except the incoming port.

_images/reqpkt3.png

The updated layer 2 tables for both bridges will include the MAC address of host1 interface at this time.

bridge1 L2 table

Port

MAC

1

host1 MAC

bridge2 L2 table

Port

MAC

0

host1 MAC

In essence, the broadcast message from host1 reached all hosts within the broadcast domain. If any one of the host interfaces in the broadcast domain has the IP address in the ARP request, that host will respond with its interface MAC address.

When host3 receives this packet and matches its interface IP address with the ARP request’s target IP address field, it sends a reply to the requester. This is not a broadcast packet. Since by this time the bridge1 L2 table includes an entry for the MAC address of host1, the packet will be directly forwarded in the network.

bridge1 L2 table

Port

MAC

1

host1 MAC

2

host3 MAC

bridge2 L2 table

Port

MAC

0

host1 MAC

1

host3 MAC
_images/reqpkt4.png

The ARP reply packet includes the requested host3 MAC address. And, the ARP operation type is set to reply.

_images/arprepfields.png

Host ARP Table

The host1 operating system can update its ARP table with an entry for the host3 MAC address to IP address mapping along with an expiration time to hold this entry in memory.

host1 ARP Table

MAC

IP

Expiration Time

host3 MAC

host3 IP

T0