Updated on Apr 2, 2024 by

What Is ARP?

Address Resolution Protocol (ARP) serves the purpose of associating IP addresses with MAC addresses. Consequently, hosts or Layer 3 network devices are required to uphold an ARP table, which functions as a repository for storing the linkage details between IP and MAC addresses. ARP entries typically fall into two categories: static and dynamic. In simpler terms, ARP ensures a correspondence between IP and MAC addresses, and the ARP table contains both static and dynamic entries.

Why Do We Need ARP?

ARP is essential for establishing a correlation between IP addresses and MAC addresses.

In the context of communication on a local area network (LAN), hosts or other Layer 3 network devices must possess knowledge of the destination IP address to which they intend to send IP packets. However, before these IP packets can traverse the physical network, they must be equipped with corresponding MAC addresses. Thus, hosts and Layer 3 network devices are compelled to uphold an ARP table, serving as a repository to store crucial mapping information associating IP addresses with their respective MAC addresses.

What Are the Types of ARP?

Dynamic ARP

Dynamic ARP entries are automatically created and updated as ARP packets are sent and received, and they can be influenced by Static ARP entries. These entries are particularly suitable for complex networks that require swift transmission of delay-sensitive services.

Static ARP

In contrast, Static ARP empowers network administrators to manually establish fixed IP-to-MAC mappings. These entries, unlike their dynamic counterparts, remain immune to aging or overwriting by dynamic ARP entries, bolstering system security.

While ARP dynamically learns entries on a network, there is a vulnerability to ARP attacks that may lead to incorrect updates or aging of dynamic ARP entries, disrupting communication among authorized users.

Static ARP entries, on the other hand, offer an additional layer of security. Configuring a static ARP entry ensures that devices can only communicate using the specified MAC address, preventing network attackers from manipulating the IP-to-MAC mapping through ARP packets.

Static ARP entries come in two types: short and long.

  • Short entries lack VLAN and outbound interface specifications, requiring an ARP Request packet for packet forwarding.

  • Long static ARP entries include VLAN and outbound interface details, enabling direct packet forwarding and are thus recommended.

Gratuitous ARP

Gratuitous ARP serves various functions. It aids in detecting IP address conflicts by broadcasting ARP Request packets when a device interface status changes to Up. Additionally, it advertises a new MAC address to notify other devices before the ARP entry ages out. Moreover, in VRRP groups, Gratuitous ARP is used to notify other devices of master/backup switchovers.

Proxy ARP

Proxy ARP is a method where a device within a network responds to ARP requests for a network address that is not part of that specific network.

Key characteristics of Proxy ARP include:

  1. Gateway Deployment: Proxy ARP is implemented at the gateway without requiring adjustments to the configurations of individual hosts on the network.

  2. Topology Shielding: It serves to shield the physical network topologies. This enables hosts on disparate physical networks to communicate using the same network ID.

  3. Host-Specific Impact: Proxy ARP exclusively influences the ARP tables on hosts, ensuring that it doesn't have any impact on the ARP table and routing table on the gateway.

In simpler terms, Proxy ARP operates at the gateway level without needing modifications on individual hosts. It facilitates communication across different physical networks while specifically influencing the ARP tables on hosts, leaving the gateway's ARP table and routing table unaffected.

How Does ARP Work?

Dynamic ARP sends out ARP Request packets and unicasts ARP Reply packets to complete address resolution.

TFigure of address resolution process

Figure of address resolution process

In the depicted scenario, Host_1 and Host_3 share the same network segment, and Host_1 is needed to communicate with Host_3.

  1. Initially, Host_1 checks its local ARP table for Host_3's ARP entry. If located, Host_1 utilizes this MAC address for data packet encapsulation into a frame, which is then sent to Host_3. In the absence of Host_3's MAC address, Host_1 initiates an ARP Request packet broadcast.

  2. Switch_1 receives and forwards the ARP Request packet within the relevant broadcast domain.

  3. Within the broadcast domain, both Host_2 and Host_3 receive the ARP Request packet. Host_3, recognizing its IP address as the destination, updates its ARP table with the source IP and MAC addresses from the ARP Request packet. Subsequently, Host_3 unicast an ARP Reply packet to Host_1.

  4. Switch_1 forwards the ARP Reply packet to Host_1, who updates its ARP table with Host_3's MAC address. Host_1 then encapsulates the data packet into a frame and transmits it to Host_3.

In contrast, Host_1 and Host_4 belong to different network segments, with a set default gateway address (Router's IP address) on Host_1. To facilitate communication between Host_1 and Host_4, Host_1 must initially discover the Router's MAC address. The process for Host_1 to learn the Router's MAC address and for the Router to learn Host_4's MAC address mirrors the previous interaction between Host_1 and Host_3. Upon reaching the Router, the data packet from Host_1 is forwarded to Host_4.

ARP Aging Mechanism

Illustrated in the above figure, if Host_1 consistently sends an ARP Request packet each time it transmits data to Host_3, it significantly elevates network communication traffic. Moreover, all other hosts on the network are compelled to receive and process these ARP Request packets, leading to a decline in network efficiency. To address this issue, each host or device maintains a high-speed cache that securely stores recently acquired IP-to-MAC mappings, denoted as dynamic ARP entries.

Before transmitting a packet, a host or device initiates a search in the local high-speed cache for the requisite IP-to-MAC mappings. If the MAC address is located, the host or device omits sending an ARP Request packet and directly forwards the data packet to the identified MAC address. In cases where the MAC address is not found, the host or device broadcasts an ARP Request packet for address resolution.

Dynamic ARP entries undergo aging and updating processes to prevent exceeding the capacity limit of ARP tables and ensure the accuracy of entries. Aging parameters encompass aging time, the number of aging probe attempts, and aging probe mode. Upon expiration of the aging time for a dynamic ARP entry, the device dispatches an aging probe packet (ARP Request packet) to ascertain the presence of the peer device. Upon receipt of an ARP Reply packet, the dynamic ARP entry is updated. If no ARP Reply packet is received, the dynamic ARP entry is removed.

The aging probe packet can be either unicast or broadcast. By default, the device broadcasts the final ARP aging probe packet to the peer host or device, while using unicast for other ARP aging probe packets. In scenarios where the MAC address of the peer device is fixed, an interface can be configured to unicast ARP aging probe packets.

If the interface undergoes a status change to Down, the device promptly removes dynamic ARP entries associated with that interface.

ARP Packet Format

The length of an ARP packet is 42 bytes. The first 14 bytes are Ethernet frame headers, whereas the final 28 bytes contain ARP packet information.

Below is a figure describing the fields within an ARP packet.

Fields Within an ARP Packet

Fields Within an ARP Packet

FS Same Day Shipping Ensures Your Business Success
Nov 20, 2023
FS Same Day Shipping Ensures Your Business Success
Related Topics