8 - ARP, Local Subnets and Default Gateways

Reminder that MT is week 6 Wednesday.

How can we go from using an ethernet switch to using an IP address? ARP - Address Resolution Protocol is the process:

Consider the following:

Pasted image 20250204151701.png

Where does PC1 get PC2's MAC address? We have to create the following frame:

The protocol to get these MAC addresses prior to any other communications is called ARP:

IP address MAC Address
... ...
  • Translates a layer 3 address (IP) to a layer 2 address (MAC).

Namely, when we say ping 1.2.3.4 via IP Addressing (IP Protocol), we need to convert this IP to the MAC in order to send the "packet" over the network. This is the process.

ARP Request/Reply

An ARP Request:

  • Broadcasts the frame
  • Sets the MAC address first to all 1's
  • When the switch sees it, it broadcasts out automatically to all interfaces

Essentially, it's asking all the switches:

"who has IP x.x.x.x"

Then a switch broadcasts it (really a PC would):

"it is A:B:C:D"

via an ARP Reply, but now it is:

  • directly sent to the requester
  • gives the IP address and the associated MAC address

An Example

Consider our example from earlier:

Pasted image 20250204151701.png

Say PC1 wants to know what IP 129.4.3.11 has for a MAC address:

  1. PC1 sends an ARP request out to the switch, who broadcasts it to everyone else like the Router and PC2.
  1. PC2 recognizes it's its IP, so it sends it's IP address and it's MAC.
  2. PC1 recognizes it needed that, and adds it to the ARP table.

PC1 Arp Cache:

IP Address MAC Address
129.4.3.11 MAC2

Now on PC1 can respond to keep PC2 in check:

PC2 Arp Cache:

IP Address MAC Address
129.4.3.2 MAC1
Over a period of time, these entries will fizzle out. However, because these MAC addresses often don't change (and even the IPs for that matter) these often don't change and thus stay in there.
Note

Any IP Addressing (IP Protocol) layer 3 device will have an ARP table.

Warning

Any device that is not involved in this interaction (ex: some PC3) would not log these requests. Essentially, every request/reply pair will be logged only by the two devices in question.

Another Table?

This seems like a Routing Table right? The difference here is that this is not address learning (namely, you are mapping different layered things: MAC and IP. A routing table will instead map IPs to IPs for routing).

Side-Note - Ethernet broadcasts

There's two types of ethernet broadcasts on the switch specifically. Namely:

  • Explicit: Destination MAC is all 1's (an all 1's broadcast)
  • Implicit: Broadcast a frame if the destination MAC is NOT in the MAC address table on the switch

Routers are a Blocking Point

When the ARP broadcast hits a router, since it's a layer 3 device it will not allow it to pass the ARP request along. Thus, it will not forward that traffic to the greater internet.

Configure PC

What do you need to configure your PC to use a network?

Recall that the subnet mask says how many bits are the subnet. For example, 129.65.33.2/24 is on the subnet 129.65.33.0 (again, just AND with 24 1s on the left).

Now if you ping 8.5.4.3, this IP is not on the subnet. So what your PC will do will:

Example

Consider again:

Pasted image 20250204154306.png

Say PC1 calls ping 129.4.3.11. It will:

  1. Determine the subnet of the IP being pinged (and determines its own subnet):
    1. For the example: PC1 has IP 129.4.3.2 with subnet mask /26, so then our subnet is 129.4.3.0/26.
  2. Now it'll look at the IP it's pinging (here 129.4.3.11) and do the same thing:
    1. Here it's 129.4.3.0/26
  3. Now if they are the same (like in this case) then send it directly to the destination. You can ARP - Address Resolution Protocol for the MAC address if needed.

Let's say PC1 wants to call ping 8.5.7.3 now:

  1. The subnet of itself is the same.
  2. The subnet for the destination is 8.5.7.0/26
  3. These are different, so you send the traffic to the router via the Default Gateway! It'll ARP - Address Resolution Protocol on the default gateway (if needed), then sends the packet once it has the MAC address.
Note

If you don't have a default gateway, the router is gonna say "SOL" to your device, leading to an unresponsive ping.

But notice the router needs to be on the same subnet! Otherwise, the router will never be able to allow ARP send/requests on the LAN.

For example, if PC1 wants to ping PC3 it will:

  1. Determine it's own subnet (same as before: 129.4.3.0/26)
  2. Determine the destination subnet (129.4.3.128/26)
  3. These are different, so then it's going to use the default gateway to forward that to the router (again ARP - Address Resolution Protocol for the default gateway if needed).
Warning

You cannot ARP - Address Resolution Protocol over a different subnet!

Note

When PC1 tries to ping PC3 via the Default Gateway, the only entry in the ARP table will be the Default Gateway. That's because it only needed the MAC address for the router, since it's only dealing with that router in that subnet.

A Worked Example

Pasted image 20250204160541.png

Say PC1 calls ping 1294.3.11/26:

  1. PC1's subnet: 129.4.3.0/26
  2. PC2's subnet (same as `PC1)
  3. They're the same, so ARP - Address Resolution Protocol on the subnet. This is a broadcast request. "Who has 129.4.3.11? Give me your MAC!":
4. `PC2` will see this request and send a *reply*:
  1. Both PC1 and PC2 will see this, and write down these MAC-IP mappings in their ARP caches.
  2. Now we deal with the ping part (see 1 Intro to Networks (Ping, Traceroute, Wireshark) for more info). There's two parts:
    First, PC1 will make an echo request frame.

Second, it hits the switch, and forwards to PC2. It sees it and sends an echo reply frame (very similar to the one above, just flipped MAC addresses.

A Different Example

Say it's the same example, but now PC1 will ping 8.2.3.4:

  1. PC1 finds its own subnet: (129.4.3.0/26)
  2. Finds the IP's subnet: 8.2.3.0/26
  3. These are different, so look at the Default Gateway. It is 129.4.3.18. It'll ARP - Address Resolution Protocol for the MAC of the router.
  4. The router R1 sees this, and responds with it's MACR MAC address (see the other example for the header information).
  5. Both PC1 and R1 note these in their ARP cache. Note that now PC1 has info on both PC2 and R1, while R1 only knows about PC2.
  6. The ping happens, doing the echo request to R1:

which gets sent to the internet by R1 via it's own request. It then sends that forward to :

Writing the Commands

Pasted image 20250204162340.png

Notice here that the ARP cache will only have one entry, since all ping's will only query for the default gateway's MAC address.

Gateways of Last Resort

What is the Default Gateway used by the routers? It's usually just the ISP (Internet Service Provider)'s. Note that if two routers are connected on a subnet and then have each other has gateways of last resort, then the traffic will just loop forever since they will redirect to each other.