ARP (Address Resolution Protocol) explained

Hi, I just need some clarification on my question please.

I understand that ARP request is a L2 protocol and it’s used to get the destination MAC address of the next hop/device IP address within the LAN. My question is if ARP in not used in for example three router are located around the globe and they are NOT connected directly, then what would be the alternative protocol to be used here in this case if ARP request is not use? Thanks!

Hello Eyad

When you have communication between hosts that are not directly connected, you must go through several “hops” from network to network to get there. That’s where IP routing comes in. IP routing, which operates at Layer 3 of the OSI model, allows for end-to-end communication and enables a packet to find its way to the destination based on the destination IP address.

However, ARP is still used in this process. Routing involves finding the very next hop to which the packet should be sent to get to its destination. Once a router determines the next hop IP from its routing table, it needs to encapsulate that IP packet into an Ethernet frame. What destination MAC address will it put there? The MAC address that corresponds to the next-hop IP. If it doesn’t know it already from its ARP table, it will send out an ARP request for that information.

So on a hop by hop basis, ARP is still used. That’s the great thing about the OSI layered model, ARP operates at Layer 2 on a hop by hop basis, while IP works at Layer 3 dealing with end to end communication.

Take a look at this post as well, as it may add some helpful information:

I hope this has been helpful!

Laz

1 Like

Excellent. I got now. Thanks for your help!

1 Like

Hi Rene
Can you pls explain how switch learn mac address with the below topo ? If u can give mac address table info along with the interfaces info , it would be great. Pls explain beginning with ARP

Host A - Switch 1 - Switch 2 - Host B

Also in the video u had explained that the switch learnt mac address of Host A and the flood since it is does not know where mac address of B is . But my question , when Host A does not know mac of Host B , it send ARP and when ARP reply comes, switch learns both mac address of A and B. Is that correct.
Also in the video u had explained that the switch learnt mac address of Host A and the flood since it is does not know where mac address of B is . But my question , when Host A does not know mac of Host B , it send ARP and when ARP reply comes, switch learns both mac address of A and B. Is that correct.

Hello Ananth

In a topology like the one you show in your post, MAC address learning on all of the ports for SW1 and SW2 will be the same. A switch will always populate its MAC address table with the source MAC addresses arriving on specific ports. This is also done on the ports connecting the two switches. And it is also important to note that this is done regardless of the port type. If SW1 and SW2 are connected via a trunk, MAC address learning will still occur on those ports.

So in essence, the MAC address table entries for the port on SW2 where SW1 connects, should have multiple MAC addresses, including all of the hosts connected to SW1.

Now concerning ARP, you are correct. ARP responses are unicast responses that contain the source MAC address of the responding host. That means that the switch will indeed learn about that MAC address and populate the MAC address table accordingly. So after an ARP exchange, a switch will know the MAC addresses of both hosts.

However, the lesson was written in this way to emphasize that these are two separate processes, independent from each other, but related. This is the reason why Rene emphasized that when a switch doesn’t have a particular MAC address in the MAC address table, any frame destined for that MAC address will be initially flooded.

Keep in mind that there are many cases where ARP is not sufficient to keep that MAC address table up to date. For example, a MAC table entry expires, by default, after 300 seconds (5 minutes). An ARP entry in a host expires after four hours, again by default. This means that hosts may send traffic to destination MAC addresses that have expired without needing to send an ARP request. In this case, the flooding of such frames is a necessary part of the process of communication.

I hope this has been helpful!

Laz

Hi Laz,

Thanks. Also one more question. Do we need to configure access ports and trunk ports exclusively on a live cisco switch?

Also if I use network simulator , seems no need to configure access and trunk ports . Is that correct?

Does switch have ARP table? Could you pls explain with ARP for the below data flow

Host A - Swich1 - Switch 2- Host B

Hello Ananth

By default, a Cisco switch had DTP enabled on all of its ports. Now this means that ports will become either access or trunk ports depending upon what is connected to the other end of that link. If it is a PC, it will be an access port. If it is a switch with a port configured as a trunk, then the port will also become a trunk. For more information about how DTP works, take a look at this lesson:

Now this is the case for physical switches, as well as for switches in simulators like Packet Tracer or emulators like CML or GNS3.

In any case, it’s always a good idea (best practice) to explicitly configure the ports as you want them. That way you avoid security risks that are associated with DTP, as described in the lesson above.

You may also find this lesson useful:

I hope this has been helpful!

Laz

Hi Laz,

Thanks.

Does switch have ARP table? Could you pls explain with ARP for the below data flow

Host A - Swich1 - Switch 2- Host B

Hello Ananth

Yes, all network devices that operate IP over an Ethernet network maintain an ARP table. But we must not confuse the ARP table with the MAC address table.

The ARP table maintains an IPv4 to MAC address mapping so that a device can correctly populate the destination MAC address field within the Ethernet frame when it is sending packets on the network. ARP is thus used when the host itself is the source of the packet.

The MAC address table maintains a MAC address to switchport mapping and exists only within switches. This is used for transient traffic (not sourced from the switch itself) so that the appropriate egress port will be chosen based on the destination MAC in the frame.

Now switches also maintain an ARP table, but only for traffic sourced from the switch. So if you ping from the CLI of the switch to a host, then the ARP table will indeed be used.

For more info, take a look at this NetworkLessons Note on ARP and its associated links.

I hope this has been helpful!

Laz

Concerning the ARP protocol , i would like to know if let’s say h1 doesn’t know the mac address of h2. How does it get it ? Is it by pinging h2 ?

Hello Fisnell

If H1 needs to send information to H2 and it doesn’t know the MAC address of H2, it will send an ARP request. The ARP request is sent to the multicast MAC address of FF:FF:FF:FF:FF:FF which means it goes to all hosts on the segment. That ARP request contains the destination IP address H1 wishes to reach. H2 will receive this broadcast ARP request, see that the IP address in the request is its own, and respond to H1 with an ARP reply containing its own MAC address.

H1 can now encapsulate that IP packet into an Ethernet frame with the appropriate destination MAC address to reach H2. A more detailed description of this process can be found in the following lesson:

I hope this has been helpful!

Laz

Hi, just after some clarity on ARP lookups. Take the following scenario…Host A wants to connect Host C via https e.g. access a webpage. Router B sits in the middle

**
Host A - internal LAN
Router B (perimeter/firewall) - gateway for Host A
Host C - on the public internet somewhere
**

If Host A does not have an ARP entry for Host C in its ARP table, which will happen:

i) Host A sends an ARP request to find the MAC address only for Router B, and Router B does an ARP lookup for Host C
ii) Host A sends an ARP request to find the MAC address for destination Host C - it does this directly from itself

Just trying to get clarity on ARP on trying to find a ARP lookup when devices are outside of the network, how this works and what role is played by who.

Thanks.

Hello Irfan

In your scenario, host A and host C are in different network segments, and are thus on different subnets. Remember that ARP is used to populate the destination address field of the Ethernet frame with the MAC address of the very next hop. That next hop may be the destination host, or it may be the local default gateway.

So when Host A sends an ARP request, it will first check to see if the IP address of Host C is on the same subnet. In your scenario, it is not, so then the ARP request will be for the MAC address of the configured default gateway, which is Router B. So for that particular communication, from Host A to Router B, the destination MAC address is that of Router B.

When Router B routes that packet and encapsulates it, it will send an ARP request on the subnet where Host C resides. Host C will respond, and Router B will place in the Ethernet header the destination MAC of Host C.

So ARP takes place for each “communication leg” requesting the MAC address of the very next hop, and not of the ultimate destination.

There are cases where a router may relay the MAC address of a particular host from one subnet to another, and that’s called Proxy ARP. For more information about that, take a look at this lesson:

I hope this has been helpful!

Laz

Hello,

I’d like to know how an ARP request between hosts that are physically located in two separate branch offices (so separated by a WAN link) but belong to the same VLAN gets delivered.

Topology:
Host A → Switch A → Router A → ISP → Router B → Switch B → Host B

Both host A and host B are in VLAN 99. When host A sends an ARP request for host B’s MAC address, that ARP request gets forwarded to Router A. Shouldn’t Router A filter/drop the frame (because routers separate broadcast domains, and an ARP request is a broadcast frame)? But aren’t there real-world topologies where the same VLAN is configured in different branch offices, meaning there is at least one router between the hosts that belong to the same VLAN? So that tells me this should work, but how?

Can someone please explain this to me?

Thanks, and have a nice weekend.
Attila

Hello Attila

It all depends upon what you mean when you say the two remote hosts “belong to the same VLAN.” Looking at your topology, if you have these routers in place without any tunneling mechanism (such as GRE, QinQ, or something else) then you cannot have HostA and HostB in the same VLAN. You may assign them with the same VLAN ID, but that doesn’t make them part of the same segment. Indeed, they are not in the same network segment because as you mention in your post, there are routing devices between them. In such a situation, Host A and Host B would have IP addresses in different subnets. In this case, ARP would not be used by Host A to determine the MAC address of Host B. ARP would be used by Host A to find the MAC address of the next hop, which would be Router A.

Now if you have tunneling mechanisms in place that allow VLAN 99 to span across the WAN, then Host A and Host B can actually be in the same network segment and have IP addresses within the same subnet. One of the most common methods of doing this is using QinQ, which allows you to span a VLAN across the WAN. This means that any broadcast sent from Host A would be tunneled and would reach Host B. And of course, this includes ARP requests.

I hope this has been helpful!

Laz

1 Like

Hello Laz,

Thank you again for the thorough response.

I’m still in the review phase of my CCNA preparations, and this topic isn’t an exam topic (so the materials don’t cover it), but I suspected that something like this had to work. Thank you for confirming it! :slight_smile: By the way, the reason why I was thinking that the VLANs should be in the same subnet in this case was that all materials say that it’s best practice to keep things straight and have the same IP subnet per VLAN. Although for a reason that doesn’t apply in the setup where the hosts are separated by routers.

If I remember correctly, this is the only situation where a misconfigured VLAN/subnet pair can cause issues (at least on a CCNA-level setup):

  1. All hosts are in the same VLAN (for example: VLAN 1).
  2. Host A’s subnet mask is misconfigured, and it thinks it’s in the same subnet as host B.
  3. Host A and host B aren’t separated by a router, only by one or more switch.

In this situation, host A thinks it can ARP for host B, and since (1) the destination address of host A’s frame is the all Fs MAC address, and (2) both hosts are in the same VLAN, and (3) there’s no router to stop/filter the broadcast frame, the switch(es) forward the frame out all the other ports, which means host A’s ARP reaches host B.

I wonder: would an L3 switch also stop the ARP frame by host A? Which of its functionalities would dictate its actions: forwarding the frame out all the other ports that belong to the same VLAN as the sender’s (its L2 logic), or filtering the frame because it’s a broadcast frame (its L3 logic)?

Thank you very much for your continued support! I hope I’m not asking too many questions. I just want to make sure that I’m as prepared as I can be when taking my exam, which I hope is going to be soon now (2-3 weeks maybe).

Attila

Hello Attila

It is indeed best practice to ensure that each VLAN you create corresponds to a different subnet/network segment, and you should make sure that all hosts within each VLAN/subnet/network segment have the correct subnet mask.

Now the rest of the scenario that you are describing is an interesting one. If both Host A and Host B are in the same VLAN, they should have the same subnet mask. However, if one subnet mask was misconfigured, then communication between those hosts would fail.

For example, let’s say Host A has an address of 10.10.10.10/24 and Host B has an address of 10.10.10.210/25. As far as Host A is concerned, Host B is in its own subnet, but as far as Host B is concerned, Host A is not in its own subnet. If Host A sends an ARP request for 10.10.10.210, it will essentially send a broadcast that will reach host B. Host B will respond with its MAC address with a unicast frame. Now because this communication is completely on Layer 2, IP addresses are not involved in getting the frame to the destination. So Host A will successfully learn Host B’s MAC address.

However, for all subsequent communication that uses IP addresses, Host B will always send traffic intended to Host A to the default gateway because it considers Host A outside of its own subnet.

An L3 switch will always contain an ARP request to within the VLAN from which it was sent. This is the nature of broadcast communication, and this is not limited only to ARP requests. Does that make sense?

I hope this has been helpful!

Laz

1 Like

Hello Laz,

Thank you.

“However, for all subsequent communication that uses IP addresses, Host B will always send traffic intended to Host A to the default gateway because it considers Host A outside of its own subnet.”

I’m not sure I understand why this would fail, but I have a theory.

Host B’s default gateway will know how to find Host A (or ARP for its MAC address), so Host B’s default gateway can send the frame to Host A. Host A will see that the frame is destined for it (Host A), because its (Host A’s) MAC address is in the destination field of the frame. Then, Host A sees that the frame’s source MAC address is not the one it (Host A) thinks Host B’s MAC address should be (because the frame’s source MAC address is that of Host B’s default gateway), so Host A updates its ARP cache. Host A’s updated ARP cache now matches Host B’s MAC address with the IP address of Host B’s default gateway.

Then I guess what happens next (and this is where things stop working, if I’m correct) is Host A, when it tries to contact Host B, is going to use the MAC address of Host B’s default gateway as the destination MAC address in the frame, and use Host B’s IP address in the packet’s destination IP address field. Then, Host B’s default gateway will see the mismatch between the destination MAC and IP addresses, and will drop the packet.

Is this why the communication fails?

Have a nice week.
Attila

Hello Attila

Hmm, not quite. Let me write it another way. Take a look at this diagram:
image

Note the subnet masks of each host and the router. Now, let’s go through the process of communication after the ARP request has been successfully received. So H2 wants to ping H1. It already has H2’s MAC address in its ARP table. Let’s see what happens:

H2 pings H1:

  • H2 prepares the packet with the destination IP address of 10.10.10.10
  • H2 sees that this IP address is outside of its subnet (the /25 subnet ranges from .129 to .255)
  • Therefore, H2 will send the packet to its configured default gateway.
  • It uses the ARP process to find the MAC address of the default gateway, populates the destination MAC and send it on its way.
  • When this reaches the switch, it will see the MAC address in the MAC address table and send it out of the port connected to the router.
  • The router will receive it, see that it is indeed its own MAC address, but it has an IP address that does not belong to it. If the router is configured correctly, it will route the packet out of the same interface, with the appropriate MAC address of H1.
  • It will go to the switch and be sent out of the interface that corresponds to the MAC address of H1 according to the MAC address table.
  • Finally the packet will reach H1.

But what happens in the opposite direction with the response to the ping?

  • H1 sees that H2 is in the same subnet (H1 tries to respond to the ping so it searches for the 10.10.10.210 address in its ARP table.
  • It looks it up but can’t find it, so it sends out an ARP request (broadcast)
  • When H2 receives this ARP request, it sees that the request comes from a device in another subnet that is not its own. So it drops the request.

The result is that H1 never gets to find out what the MAC address of H2 is. I’ve labbed this up using packet tracer, and you can see exactly this event in the following output:

image
So H1 gets a timeout and the ping response fails.

So traffic from H2 to H1 will reach its destination, while traffic from H1 to H2 will not.

Remember, this is a situation you should never have. Configuring different subnets is not best practice and will result in such unpredictable communication. Make sure your subnets are correctly configured.

I hope this has been helpful!

Laz

1 Like