ARP Caching and Timeout


From time to time I find myself craving to the fundamentals; I do this for two main reasons, the first one is that fundamentals are the building blocks of all complex networking topics and deeply understanding them makes a better engineer, the second one is longing to simplicity after doing some complex tasks.

One of these fundamentals that is worth reviewing is the Address Resolution Protocol, this protocol is one of the main building blocks of any network existing on earth today.

Every time a network device is sending an Ethernet frame to another device, it constructs a frame and to construct the frame it needs to find the hardware address mapping of the IP address. ARP is responsible for doing this job.

Each time a device sends an ARP message, network resources are consumed. This means that for two hosts to communicate; ARP messages should be exchanged between them and repeated for every packet. Imagine how ugly is this when transferring large data streams like large file exchange via FTP.

ARP caching provides the solution for this efficiency problem as explained below.

ARP Caching

If you know you are going to send many emails to a friend; is it effective to call him every time askingĀ  for his email address?. I think the answer is no unless you are fascinated by listening to his voice. Simply you call him one time asking for the address and cache the information somewhere for future uses and that’s exactly what ARP does.

When a host sends an ARP request to another host and a reply is received the sender caches the received information is a table for later use.

Going back to our analogy of the email sender, what if you know that you are not going to send any more emails to your friend “God keep you friends :) ” Is it still effective to keep his address in your cache table ?. I think not, you have to timeout unused information. Again this is exactly what ARP does.

If an ARP entry is not used a specific amount of time called the ARP timeout the entry is removed from the caching table.

There is no standard value for this amount of time and it varies from one vendor to another. I will limit my discussion to Cisco devices to clear up the idea.

One more point to mention here is that entries in the ARP table can be static; created by manual configuration or dynamic; created automatically by the normal operation of the protocol. Static entries remain in the table forever and are not timed out.

The default timeout timer for is 4 hours for Cisco devices, this means that a dynamic ARP entry will remain for 4 hours in the cache table before the router attempt to refresh the entry. If the entry is no longer needed it will be removed.

You can show the ARP table using the command show arp and change the timeout timer for a specific interface using the interface level command arp timeout <x> seconds.

Configuration

R1#show ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  13.13.13.1              -   ca00.0a74.0008  ARPA   FastEthernet0/0
Internet  13.13.13.3             97   ca02.0a74.0008  ARPA   FastEthernet0/0
Internet  15.15.15.1              -   ca00.0a74.0006  ARPA   FastEthernet0/1
Internet  15.15.15.5            136   ca04.0a74.0008  ARPA   FastEthernet0/1

!-- setting the timeout for 10 seconds
R1(config-if)#int f0/0
R1(config-if)#arp timeout 10

!-- see the debug output, shows 10 seconds difference between replies
R1#
Jan  1 00:01:14: IP ARP: sent req src 13.13.13.1 ca00.0a74.0008,
                 dst 13.13.13.3 ca02.0a74.0008 FastEthernet0/0
Jan  1 00:01:14: IP ARP: arp_process_request: 13.13.13.3, hw: ca02.0a74.0008; rc: 3
Jan  1 00:01:14: IP ARP: rcvd rep src 13.13.13.3 ca02.0a74.0008, dst 13.13.13.1 FastEthernet0/0
Jan  1 00:01:14: IP ARP: creating entry for IP address: 13.13.13.3, hw: ca02.0a74.0008
R1#
Jan  1 00:01:24: IP ARP: sent req src 13.13.13.1 ca00.0a74.0008,
                 dst 13.13.13.3 ca02.0a74.0008 FastEthernet0/0
Jan  1 00:01:24: IP ARP: arp_process_request: 13.13.13.3, hw: ca02.0a74.0008; rc: 3
Jan  1 00:01:24: IP ARP: rcvd rep src 13.13.13.3 ca02.0a74.0008, dst 13.13.13.1 FastEthernet0/0
Jan  1 00:01:24: IP ARP: creating entry for IP address: 13.13.13.3, hw: ca02.0a74.0008

Note: ARP cache table is not the same as MAC address table used by switches and each one has its own different timers.


No related posts.


You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

AddThis Social Bookmark Button

8 Responses to “ARP Caching and Timeout”

  1. Nice Post, although basic but some people don’t care about basics

  2. Nice article, but the misspelled words take away from the message.

  3. floorripper Says:

    I think that the article is very useful and clearly written.

    Basics are very importatnt and we networkers tend fo forget the basics as we move on the CCNP or CCIP or another track as Voice and Wifi…
    Companies like Amazon or Google will get you a hard time on the interviews about the basics.

    Take care

  4. Very nice article .I have one question to ask. when a computer’s NIC is initiated ,how does it communicate with the switch to which it is attached .assume that no application programs want to send any frames to the switch, does the NIC sent its MAC and IP address to the switch in such a scenario?

  5. Nice artical. No use knowing latest technology wihout its basics. To make innovative thoughts we should be in comfortable with basics. I wish you to continue the same for different protocols as well.

    Thank you once again.

    Regards
    Ramesh P

  6. @wbh, I know this is a bit late, but without Applications, a NIC will not send out frames, nor will it advertise its existence.

    I’ve seen this many times, especially with “on-demand-only” devices like security cameras. They will literally sit on the network dead silent (unless they’re told to do things like update time via NTP or whatever) for days, months, YEARS. They still work, they’re perfectly fine. They’re just waiting on someone to call them up and ask for data.

    They then spring to life as soon as you send a ping or other packet to their address, and MAC/ARP tables are populated.

    The thing to remember is, if you send a packet to an IP that’s not listed in the ARP table, an ARP is broadcasted, which means every device on the LAN gets that frame, so it’s not necessary for the device to constantly tell the switch “Hey, I’m here, my MAC is blah blah blah.”

  7. Brook Papworth Says:

    Very useful post – simple explanation of ARP as they relate to a Cisco environment with the ARP timeout value. Thank you!

  8. very nice article. It is clear and helps alot for entry level engineers.

Leave a Reply