ARP (Address Resolution Protocol) explained

(apurva p) #61

hi Rene,

can you upload a lesson about isis protocol .


(Abhishek D) #62

Lot of times when we ping , we see . !!!
i mean to say the first thing is a . (dot)
is it becoz of our host (router/PC/) trying to find the ARP ?

(Andrew P) #63

You are exactly right! Usually that first time out is the ARP delay.

(Networklessons Admin) split this topic #64

19 posts were merged into an existing topic: ARP (Address Resolution Protocol) explained

(Abey C) #65

Have a small question about the need for ARP or in otherwords, MAC address.

When the packet has already reached the target network, can’t the packet be sent to the recipient based on the unique host id(in that network) alone (the last 8 ip address bits in the case of a /24 network, for example) ? What is need for the concept of MAC address and hence ARP protocol ?


(Rene Molenaar) #66

Hi Abc,

Something to keep in mind is that IP is just the “envelope”, IP doesn’t describe anything at all about how to actually send an electric signal on the wire or anything like that. We need other protocols like that…on our LAN, we use Ethernet for this:

Ethernet describes what wires to use, how to send electrical signals etc. Also keep in mind that it doesn’t just carry IP traffic…it could be IPv6 or any other protocols, before IP, that could have been IPX for example.

Besides Ethernet, there’s also other protocols…on our WAN, you might use DSL for example. We use these networks to transport IP but we also don’t use Ethernet (nor MAC addresses) there.


(Abey C) #67

Ok. Thank you Rene.

Understand that ethernet takes care of the low level packet transfer functions for IP, by interfacing with electrical specifications . And this is needed because there is no other mechanism inbuilt in the electrical systems for packet transfer based on unique IP in the context of LAN networks.


(Rene Molenaar) #68

That’s it yes…Ethernet is the mail delivery, postman, mailbox, trucks etc. IP is just the envelope that we try to transport :slight_smile:

(Abey C) #69

Guess its somewhat clear. Thanks a lot Rene.

(sam w) #70

I Just have one query. Here is my scenario:


I want to communicate with google. I have google’s ip address, and I need MAC address of google to continue the communication with it.

Initially, i send a broadcast ARP request for my router, and I get the MAC address of my router.
So I want to know the google server MAC address to communicate. Whenever I see Wireshark I just see my PC send ARP to router and router replies to it. Usually, the router will ARP next router, and the process goes and finds the MAC address of google and communication happens.

Please explain this process. I am not clear. In the Wireshark, i see only PC to ROUTER and ROUTER to PC. How my router sends arp request to other router and get it.


(Rene Molenaar) #71

Hi Sam,

First of all, your computer will never know the MAC address of any of Google’s servers. MAC addresses are only used on the local segment.

Here’s how it works:

  1. Your PC wants to send something to one of Google’s servers, let’s assume the Google DNS at Your computer is configured to use IP address with default gateway

  2. Your PC figures that is not in its own subnet, so it has to send something to the default gateway. It will look up the MAC address of in its ARP table and if it’s not there, it sends an ARP request.

  3. The IP packet makes it to your router, which does a lookup in its routing table to figure out where to forward packets for to. Let’s say it has an entry for with as the next hop (that’s the second router). The router will do a lookup in its ARP table for the MAC address of If it’s not there, it will do an ARP request, gets a reply and forwards the IP packet.

  4. The second router now has the IP packet, let’s assume it is directly connected to the google DNS server. It does a lookup in its routing table, finds as directly connected. The router does a lookup in its ARP table for, if it’s not there it does an ARP request…gets a reply and can then deliver it to the destination.

I hope this helps!

(Juan Manuel L) #72


Level 3 router (SVI) in a VLAN keeps ARP entries for 4 hours. If I replace a host in this VLAN ( different MAC address due to different NIC) but I maintain the same IP, how does level 3 router (SVI) realizes that MAC address has changed for this IP address in its arp table?

Thanks a lot

(Lazaros Agapides) #73

Hello Juan

It is true that ARP entries by default are kept in the ARP table for four hours. As you mentioned very correctly, this can be a problem if you install a new PC with the same IP address. Other cases where this could be a problem is if a server has a backup NIC card and the first fails, the backup will have the same IP address but a different MAC address.

In order to solve these issues, we use something called a Gratuitous ARP.

Gratuitous ARP is a sort of “advance notification”, it updates the ARP cache of other systems before they ask for it (no ARP request) or to update outdated information. More information about Gratouitous ARP can be found at RFC 5227.

The gratuitous ARP packet has the following characteristics:

* Both source and destination IP in the packet are the IP of the host issuing the gratuitous ARP
* The destination MAC address is the broadcast MAC address (ff:ff:ff:ff:ff:ff)
* This means the packet will be flooded to all ports on a switch
* No reply is expected

Gratuitous ARP is used for some reasons:

* Update ARP tables after a MAC address for an IP changes (failover, new NIC, etc.)
* Update MAC address tables on L2 devices (switches) that a MAC address is now on a different port
* Send gratuitous ARP when interface goes up to notify other hosts about new MAC/IP bindings in advance so that they don’t have to use ARP requests to find out

I hope this has been helpful!


(Juan Manuel L) #74

Thanks a lot for your great explanation, Lazaros.

Do you know if cisco switches have got the same default behavior with gratuitous arp packets? I means, I have just replaced a Cisco 2955 switch for a new Cisco 3850, and since then users complain about the refreshing arp time when changing damaged IP devices. I have found that in older Cisco2955 there is not any specific arp command, so I suppose that it must allow gratuitous arp packets as default, while in Cisco 3850 there is a global command “ip gratuitous arp non-local”

(Lazaros Agapides) #75

Hello Manuel

By default, Cisco devices do respond to gratuitous arp requests as long as they come from the local network. That is what theip gratuitous arp local command means. Here is some output from a production 3650 switch I have:

Alikarnassos3650_1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Alikarnassos3650_1(config)#ip arp ?
  gratuitous  Gratuitous ARP control
  incomplete  Fine-tune the ARP Retry parameters
  inspection  Arp Inspection configuration
  poll        IP ARP polling for unnumbered interfaces
  proxy       Global proxy ARP configuration
  track       ARP Track configuration

Alikarnassos3650_1(config)#ip arp grat
Alikarnassos3650_1(config)#ip arp gratuitous ?
  local  Accept only local (same subnet) gratuitous arps
  none   Reject all gratuitous arps

Alikarnassos3650_1(config)#ip arp gratuitous local

You can see that the ip arp gratuitous local command accepts and responds to locally generated (same subnet) gratuitous arps. By default however, responding to gratuitous arps from other subnets are disabled.

The ip gratuitous arp non-local that you mentioned has to do with if the switch itself will generate gratuitous arps. This doesn’t affect your specific problem.

You may also want to inspect several other avenues such as the show arp and show arp summary command to see how many arp table entries there are. If there is an extensive number, then maybe the memory allocated to the arp table is being exhausted. Additionally, you are able to adjust the arp timeout on an interface by interface basis using the arp timeout x interface command where x is in seconds. Don’t make it too short as this could result in an arp storm. You should be careful when adjusting such defaults.

I hope this has been helpful for you!


(Juan Manuel L) #76

Thanks Lazaros, your explanation has been very useful. Now is more clear for me.

(Deep) #77

@ReneMolenaar @lagapides @andrew What would be the impact on ARP if two devices (for simplification) are geographically apart? Would not the packet/frame create impact on this?

(Rene Molenaar) #78

ARP is used on LANs and only in a broadcast domain so it’s unlikely to see this happen unless you somehow tunnel L2 over a WAN link.

Also, ARP is a simple protocol. The last ARP reply you receive updates the ARP table, which can be misused:

(Antonio M) #79

Hi Rene,
figure this:

H1 ----- SW -----H2

when a host1 sends a ARP request to know the MAC address of host2 and this one reply, the switch fill in their MAC address table with the MAC of both hosts?

(Rene Molenaar) #80

Hi Antonio,

A switch learns MAC addresses by looking at the source MAC address of a frame. It will see the source MAC address of H1 in its ARP request and the source MAC address of H2 in the ARP reply.