Address Resolution Protocol (ARP)

The source host uses Address Resolution Protocol (ARP) to determine the destination MAC address. Although the destination MAC address can be a unicast, broadcast, or multicast address, the source MAC address must always be unicast. Every device with an IP address on a network also has an Ethernet MAC address. When a device sends an Ethernet frame, it contains the destination MAC address and Source MAC address. To resolve the destination MAC address,  Address Resolution Protocol (ARP) provides two basic functions:

  • Resolving IPv4 addresses to MAC addresses
  • Maintain a table of mappings

Address Resolution Protocol Functions

Resolving IPv4 Addresses to MAC Addresses

The data link layer encapsulates the incoming packet into an Ethernet frame. The encapsulation process refers to an Address Resolution Protocol (ARP) table in its memory to find the MAC address mapped to the IPv4 address. The Address Resolution Protocol (ARP) table is called the Address Resolution Protocol (ARP) cache. The Address Resolution Protocol (ARP) table is stored in the RAM. Each sending device searches its Address Resolution Protocol (ARP) table for a destination IPv4 address and a related MAC address.

  • If the destination IPv4 address is on the same network as the source IPv4 address, the device will look at the ARP table for the destination IPv4 address.
  • If the destination IPv4 address is not on the same network as the source IPv4 address, the device will look at the ARP table for the IPv4 address of the default gateway.

Each entry of the Address Resolution Protocol (ARP) table binds a MAC address with an IPv4 address. The relationship between IPv4 and MAC address is called a map. With the help of a map, we can find an IPv4 address in the table and the corresponding MAC address.

The Address Resolution Protocol (ARP) table saves the mapping temporarily. If the device receives a frame and finds no entry for the corresponding MAC address, then the device sends an ARP request. The ARP request messages are encapsulated directly within an Ethernet frame. There is no IPv4 header. The ARP request message includes the following:-

  • Target IPv4 address –The IPv4 address of the destination device.
  • Target MAC address – Unknown MAC address will be empty in the ARP request message.
The ARP request is encapsulated in an Ethernet frame with the following header information:

Destination MAC address – This broadcast address requires all Ethernet NICs on the LAN to accept and process the ARP request.

Source MAC address – This is the MAC address of the ARP request sender.

Type – ARP messages have a type field of 0x806. This informs the receiving NIC that the data portion of the frame needs to be passed to the ARP process.

ARP requests are a broadcast process, so they are flooded out to all ports by the switch except the receiving port. The device on the LAN whose IPv4 address matches the target IPv4 address in the ARP request will reply. All other devices will discard the ARP request packet. The figure below illustrates the ARP request.

If the destination IPv4 address is not on the same network as the source IPv4 address, the source device needs to send the frame to its default gateway, which is the router’s interface. The device will encapsulate that packet in a frame using the destination MAC address of the local router.

The default gateway IPv4 address is stored in the host’s IPv4 configuration. When a host creates a packet for a destination, it compares the destination IPv4 address and its own IPv4 address to determine if the two IP addresses are located on the same network. If the destination host is not on its same network, the source checks its ARP table for an entry with the IPv4 address of the default gateway. If there is no entry, it uses the ARP process to determine the MAC address of the default gateway.

Removing Entries from an ARP Table

ARP cache saves the entries for a specified period of the time. The time difference depends on the device operating systems. We can also use the command to manually remove all or some of the entries in the ARP table. After an entry removed, the process for sending an ARP request and receiving an ARP reply must occur again to enter the map in the ARP table.

ARP Tables

  • The show ip arp in command displays the ARP table on a Cisco router.
  • On Windows, the arp –a command displays the ARP table.