Address Resolution Protocol (ARP)

The source host uses Address Resolution Protocol (ARP) for determining the destination MAC address. Although the destination MAC address can be a unicast, broadcast, or multicast address, the source MAC address must always be unicast. Every device with an IP address on a network also has an Ethernet MAC address. When a device sends an Ethernet frame, it contains the destination MAC address and Source MAC address. To resolve the destination MAC address,  Address Resolution Protocol (ARP) provides two basic functions:

  • Resolving IPv4 addresses to MAC addresses
  • Maintain a table of mappings

Address Resolution Protocol Functions

Resolving IPv4 Addresses to MAC Addresses

Data link layer encapsulates the incoming packet into an Ethernet frame. Encapsulation process refers to an Address Resolution Protocol (ARP) table in its memory to find the MAC address that mapped to the IPv4 address. Address Resolution Protocol (ARP) table is also known as Address Resolution Protocol (ARP) cache. The Address Resolution Protocol (ARP) table has stored in the RAM. Each sending device searches its Address Resolution Protocol (ARP) table for a destination IPv4 address and a related MAC address.

  • If the destination IPv4 address is on the same network as the source IPv4 address, the device will look at the ARP table for the destination IPv4 address.
  • If the destination IPv4 address is not on the same network to the source IPv4 address, the device will look the ARP table for the IPv4 address of the default gateway.

Each entry of the Address Resolution Protocol (ARP) table binds MAC address with an IPv4 address. The relationship between IPv4 and MAC address called a map. With the help of a map, we can find an IPv4 address in the table and find out the corresponding MAC address.

The Address Resolution Protocol (ARP) table saves the mapping temporarily. If the device received a frame and its find that there is no entry for the corresponding MAC address, then the device sends an ARP request. The ARP request messages encapsulated directly within an Ethernet frame. There is no IPv4 header. The ARP request message includes the following:-

  • Target IPv4 address –The IPv4 address of the destination device.
  • Target MAC address – Unknown MAC address and this will be empty in the ARP request message.
The ARP request encapsulated in an Ethernet frame with the following header information:

Destination MAC address – This is a broadcast address requiring all Ethernet NICs on the LAN to accept and process the ARP request.

Source MAC address – This is the MAC address of the ARP request sender.

Type – ARP messages have a type field of 0x806. This informs the receiving NIC that the data portion of the frame needs to be passed to the ARP process.

ARP requests are a broadcast process, so it’s flooded out to all ports by the switch except the receiving port. The device on the LAN which IPv4 address matches the target IPv4 address in the ARP request will reply. All other devices will discard the ARP request packet. The figure below illustrates the ARP request.

Address Resolution Protocol (ARP) 2

If the destination IPv4 address is not on the same network as the source IPv4 address, the source device needs to send the frame to its default gateway. This is the interface of the router. The device will encapsulate that packet in a frame using the destination MAC address of the local router.

The default gateway IPv4 address stored in the IPv4 configuration of the hosts. When a host creates a packet for a destination, it compares the destination IPv4 address and its own IPv4 address to determine if the two IP addresses located on the same network. If the destination host is not on its same network, the source checks its ARP table for an entry with the IPv4 address of the default gateway. If there is not an entry, it uses the ARP process to determine a MAC address of the default gateway.

Removing Entries from an ARP Table

ARP cache saves the entries for a specified period of the time. The time difference depends on the device operating systems. We can also use the command to manually remove all or some of the entries in the ARP table. After an entry removed, the process for sending an ARP request and receiving an ARP reply must occur again to enter the map in the ARP table.

ARP Tables

  • On a Cisco router, the show ip arp in command is used to display the ARP table.
  • On a Windows, the arp –a command is used to display the ARP table.