Overview: ARP Basics
Goal: Visualize ARP activities of MAC lookup and interactions of ARP request, ARP reply, ARP cache、Ping command line.
Topology: Two hosts H1, H2 are directly connected. There IP-MAC addresses are (IP.H1, MAC.H1), (IP.H2, MAC.H2) respectively.
Steps: 1) H1 ping H2 fails due to ARP miss. H1 sends ARP Request to find out H2's MAC.
2) H2 responds ARP Reply with its MAC to H1.
3) H1 ping H2 again and succeeds.
H1 ping H2: ARP miss
H1 ping H2. Ping prints its command message in H1's command window.
To create Ping packet, H1 needs to know H2's MAC. But ARP cache does not have H2's MAC. Therefore, H1 is unable to send ping out. This is called ARP miss. It's a common cause of packet loss.
H1 sends ARP request
To find H2's MAC, H1 sends ARP Request and adds an entry (IP.H2, Incomplete) in ARP cache. It says: I'm looking for H2's MAC.
ARP Request header includes a few parameters: sender IP is H1's IP, sender mac is H1's MAC, target IP is H2's IP, target mac is 0. (You may click ARP Request to see its headers).
H2 responds ARP reply
After receiving ARP request, H2 adds H1's address to its ARP cache as (IP.H1, MAC.H2).
Then H2 checks ARP Request's protocol header and learns that this query is for itself. H2 responds and sends ARP Reply to H1. (Click ARP Reply to see its protocol header)
H1 recevies ARP reply
When receiving ARP Reply, H1 updates its ARP cache and changes the entry (IP.H2, Incomplete) to (IP.H2, Mac.H2).
H1 ping H2 again
Now the first ping timeout. Ping prints a "." in the H1 command window to indicate a timeout.
Then H1 sends next ping.
No ARP miss this time. Ping does find H2's MAC in ARP cache.
H2 echo H1
When receiving ping, H2 sends an Echo to respond.
H2 is able to find H1's MAC in ARP cache. No ARP miss for sending Echo.
H1 receives echo
After receiving Echo, H1 prints a "!" to indicate ping success.
1. What is ARP?
ARP stands for Address Resolution Protocol. In Ethernet environment, when an application/protocol wants to send a packet, it needs to use the target node's MAC address to encapsulate its link header. But the application only knows the target's IP address, not its MAC address. So it uses ARP's service to get the target MAC address.
2. Why ARP?
OSI model modularize network tasks into 7 layers and defines inter-layer interfaces. This way, a layer can implement several technologies. In IP network, IP address is in layer 3 (network layer), Ethernet MAC address is in layer 2 (link layer).
However, when transmitting a packet, the application/protocol needs to encapsulate network header and link header first. Applications usually know about target node's IP address, not its MAC address. Therefore, we need a way to find layer 2 address without violating OSI layered structure? ARP is the answer: It maps a network address to link address. In the case of IP-Ethernet network, ARP maps an IP address to a MAC address...
3. What is ARP cache?
ARP protocol stores discovered (IP, MAC) dresses in a local cache. When an application asks ARP protocol for the MAC address of an IP address, ARP lookup its ARP cache first. If found, return the MAC. Otherwise, send an ARP Request to broadcast an inquiry in the LAN. When ARP reply is received, ARP stores the newly discovered MAC in its ARP cache. Next time, if another application is asking for the MAC of this IP again, ASRP can return the MAC immediately.
4. What are ARP commands?
It varies across operating systems or router vendors. But they do similar tasks. For example:
- Display ARP cache content: show arp; arp -a
- Clear ARP cache: arp -d
5. How is ARP related to encapsulation?
When creating a packet, the application/protocol needs to encapsulate the packet's link header. The application needs to set destination MAC to the target node's MAC. Since the application does not know the MAC, It asks for ARP. To know more about encapsulation, see Encapsulation > 0. Encapsulation Overview.
|Single step forward|
|Backup one step|
|Read the next page|
|Read the last page|
|Don’t show me this message next time.|