ARP - Address Resolution Protocol
Consider the following:
Where does PC1 get PC2's MAC address? We have to create the following frame:
The protocol to get these MAC addresses prior to any other communications is called ARP:
- It runs on layer 3 devices
- Over ethernet.
-
Generates the ARP cache/table, like the Routing Table, which looks like:
| IP address | MAC Address |
|---|---|
| ... | ... |
- Translates a layer 3 address (IP) to a layer 2 address (MAC).
Namely, when we say ping 1.2.3.4 via IP Addressing (IP Protocol), we need to convert this IP to the MAC in order to send the "packet" over the network. This is the process.
ARP Request/Reply
An ARP Request:
- Broadcasts the frame
- Sets the MAC address first to all
1's - When the switch sees it, it broadcasts out automatically to all interfaces
Essentially, it's asking all the switches:
"who has IP
x.x.x.x"
Then a switch broadcasts it (really a PC would):
"it is
A:B:C:D"
via an ARP Reply, but now it is:
- directly sent to the requester
- gives the IP address and the associated MAC address
An Example
Consider our example from earlier:
Say PC1 wants to know what IP 129.4.3.11 has for a MAC address:
PC1sends an ARP request out to the switch, who broadcasts it to everyone else like the Router andPC2.
PC2recognizes it's its IP, so it sends it's IP address and it's MAC.PC1recognizes it needed that, and adds it to the ARP table.
PC1 Arp Cache:
| IP Address | MAC Address |
|---|---|
129.4.3.11 |
MAC2 |
Now on PC1 can respond to keep PC2 in check:
PC2 Arp Cache:
| IP Address | MAC Address |
|---|---|
129.4.3.2 |
MAC1 |
| Over a period of time, these entries will fizzle out. However, because these MAC addresses often don't change (and even the IPs for that matter) these often don't change and thus stay in there. |
Any IP Addressing (IP Protocol) layer 3 device will have an ARP table.
Any device that is not involved in this interaction (ex: some PC3) would not log these requests. Essentially, every request/reply pair will be logged only by the two devices in question.
Another Table?
This seems like a Routing Table right? The difference here is that this is not address learning (namely, you are mapping different layered things: MAC and IP. A routing table will instead map IPs to IPs for routing).
Side-Note - Ethernet broadcasts
There's two types of ethernet broadcasts on the switch specifically. Namely:
- Explicit: Destination MAC is all 1's (an all 1's broadcast)
- Implicit: Broadcast a frame if the destination MAC is NOT in the MAC address table on the switch
Routers are a Blocking Point
When the ARP broadcast hits a router, since it's a layer 3 device it will not allow it to pass the ARP request along. Thus, it will not forward that traffic to the greater internet.