From time to time I find myself craving to the fundamentals; I do this for two main reasons, the first one is that fundamentals are the building blocks of all complex networking topics and deeply understanding them makes a better engineer, the second one is longing to simplicity after doing some complex tasks.
One of these fundamentals that is worth reviewing is the Address Resolution Protocol, this protocol is one of the main building blocks of any network existing on earth today.
Every time a network device is sending an Ethernet frame to another device, it constructs a frame and to construct the frame it needs to find the hardware address mapping of the IP address. ARP is responsible for doing this job.
Each time a device sends an ARP message, network resources are consumed. This means that for two hosts to communicate; ARP messages should be exchanged between them and repeated for every packet. Imagine how ugly is this when transferring large data streams like large file exchange via FTP.
ARP caching provides the solution for this efficiency problem as explained below.
If you know you are going to send many emails to a friend; is it effective to call him every time asking for his email address?. I think the answer is no unless you are fascinated by listening to his voice. Simply you call him one time asking for the address and cache the information somewhere for future uses and that’s exactly what ARP does.
When a host sends an ARP request to another host and a reply is received the sender caches the received information is a table for later use.
Going back to our analogy of the email sender, what if you know that you are not going to send any more emails to your friend “God keep you friends :)” Is it still effective to keep his address in your cache table ?. I think not, you have to timeout unused information. Again this is exactly what ARP does.
If an ARP entry is not used a specific amount of time called the ARP timeout the entry is removed from the caching table.
There is no standard value for this amount of time and it varies from one vendor to another. I will limit my discussion to Cisco devices to clear up the idea.
One more point to mention here is that entries in the ARP table can be static; created by manual configuration or dynamic; created automatically by the normal operation of the protocol. Static entries remain in the table forever and are not timed out.
The default timeout timer for is 4 hours for Cisco devices, this means that a dynamic ARP entry will remain for 4 hours in the cache table before the router attempt to refresh the entry. If the entry is no longer needed it will be removed.
You can show the ARP table using the command show arp and change the timeout timer for a specific interface using the interface level command arp timeout <x> seconds.
R1#show ip arp Protocol Address Age (min) Hardware Addr Type Interface Internet 184.108.40.206 - ca00.0a74.0008 ARPA FastEthernet0/0 Internet 220.127.116.11 97 ca02.0a74.0008 ARPA FastEthernet0/0 Internet 18.104.22.168 - ca00.0a74.0006 ARPA FastEthernet0/1 Internet 22.214.171.124 136 ca04.0a74.0008 ARPA FastEthernet0/1 !-- setting the timeout for 10 seconds R1(config-if)#int f0/0 R1(config-if)#arp timeout 10 !-- see the debug output, shows 10 seconds difference between replies R1# Jan 1 00:01:14: IP ARP: sent req src 126.96.36.199 ca00.0a74.0008, dst 188.8.131.52 ca02.0a74.0008 FastEthernet0/0 Jan 1 00:01:14: IP ARP: arp_process_request: 184.108.40.206, hw: ca02.0a74.0008; rc: 3 Jan 1 00:01:14: IP ARP: rcvd rep src 220.127.116.11 ca02.0a74.0008, dst 18.104.22.168 FastEthernet0/0 Jan 1 00:01:14: IP ARP: creating entry for IP address: 22.214.171.124, hw: ca02.0a74.0008 R1# Jan 1 00:01:24: IP ARP: sent req src 126.96.36.199 ca00.0a74.0008, dst 188.8.131.52 ca02.0a74.0008 FastEthernet0/0 Jan 1 00:01:24: IP ARP: arp_process_request: 184.108.40.206, hw: ca02.0a74.0008; rc: 3 Jan 1 00:01:24: IP ARP: rcvd rep src 220.127.116.11 ca02.0a74.0008, dst 18.104.22.168 FastEthernet0/0 Jan 1 00:01:24: IP ARP: creating entry for IP address: 22.214.171.124, hw: ca02.0a74.0008
Note: ARP cache table is not the same as MAC address table used by switches and each one has its own different timers.