What is ARP and How it works?
From time to time I find myself going back fundamentals; one of these key fundamentals that is worth reviewing is the Address Resolution Protocol, this protocol is one of the main building blocks of any ethernet network on the planet.
Every time a network device is sending an Ethernet frame to another device, it constructs an Ethernet frame. In order to be able to construct the frame it needs to find the hardware address (MAC address) mapping of the destination IP address. ARP is responsible for doing this job.
What is Address Resolution Protocol?
ARP is a network protocol used to find out the hardware (MAC) address of a device from an IP address. It is used when a device wants to communicate with another device on a local network. The sending device uses ARP to translate IP addresses to MAC addresses. The device sends an ARP request message containing the IP address of the receiving device. All devices on a local network segment see the message, but only the device that has that IP address responds with the ARP reply message containing its MAC address. The sending device now has enough information to send the packet to the receiving device.
How ARP works?
When we have two hosts (A & B) trying to communicate with each other, here are the steps Host-A needs to take before forwarding frames to Host-B:
- Host-A wants to communicate with Host A. R1 checks its routing table. The subnet on which Host-B resides is a directly connected subnet.
- Host-A checks its ARP table to find out whether the Host-B's MAC address is known. If it is not, Host-A will send an ARP request to the broadcast MAC address of FF:FF:FF:FF:FF:FF.
- Host-B receives the frame and sends its MAC address to Host-A (ARP reply). The host also updates its own ARP table with the MAC address of Host-A.
- Host-A receives the reply and updates the ARP table with the MAC address of Host-B.
- Since both hosts now know each other MAC addresses, the communication can occur.
Each time a device sends an ARP message, network resources are consumed. This means that for two hosts to communicate; ARP messages should be exchanged between them and repeated for every packet. Imagine how ugly this could be, when transferring large data streams like large file exchange via FTP.
ARP caching provides the solution for this efficiency problem as explained below.
ARP Caching & Timeout
If you know you are going to send many emails to a friend; is it effective to call him every time asking for his email address?.
I think the answer would be no unless you are in love :) may be. Simply you call him once asking for the address and cache the information somewhere for future uses and that's exactly what ARP does by caching MAC address information.
When a host sends an ARP request to another host and a reply is received the sender caches the received information in the ARP table for later use.
Going back to our analogy of the email exchange, what if you know that you are not going to send any more emails to your friend "broke up or so :)"
Would it be still effective to keep his address in your cache table ?. Probably not, you better timeout unused information to save up space and resouces. Again this is exactly what ARP does to save resources and make sure the information in the ARP table stays up to date.
If an ARP entry is not used for a defined amount of time known as the "ARP timeout" the entry is removed from the caching table to save resources and keep things tidy.
There is no standard value for this amount of time and it varies from one vendor to another. I will limit my discussion to Cisco devices to clear up the idea.
Entries in the ARP table can be static; created by manual configuration.Static entries remain in the table forever and are not timed out.
Dynamic entries; are created automatically by the normal operation of the protocol and they timeout. The default timeout timer for is 4 hours for Cisco devices, this means that a dynamic ARP entry will remain for 4 hours in the cache table before the router attempt to refresh the entry. If the entry is no longer needed it will be removed.
You can show the ARP table using the command show arp, and change the timeout timer on a Cisco device for a specific interface using the interface level command arp timeout <x> seconds.
R1#show ip arp Protocol Address Age (min) Hardware Addr Type Interface Internet 18.104.22.168 - ca00.0a74.0008 ARPA FastEthernet0/0 Internet 22.214.171.124 97 ca02.0a74.0008 ARPA FastEthernet0/0 Internet 126.96.36.199 - ca00.0a74.0006 ARPA FastEthernet0/1 Internet 188.8.131.52 136 ca04.0a74.0008 ARPA FastEthernet0/1 !-- setting the timeout for 10 seconds R1(config-if)#int f0/0 R1(config-if)#arp timeout 10 !-- see the debug output, shows 10 seconds difference between replies based on our timeout interval R1# Jan 1 00:01:14: IP ARP: sent req src 184.108.40.206 ca00.0a74.0008, dst 220.127.116.11 ca02.0a74.0008 FastEthernet0/0 Jan 1 00:01:14: IP ARP: arp_process_request: 18.104.22.168, hw: ca02.0a74.0008; rc: 3 Jan 1 00:01:14: IP ARP: rcvd rep src 22.214.171.124 ca02.0a74.0008, dst 126.96.36.199 FastEthernet0/0 Jan 1 00:01:14: IP ARP: creating entry for IP address: 188.8.131.52, hw: ca02.0a74.0008
R1# Jan 1 00:01:24: IP ARP: sent req src 184.108.40.206 ca00.0a74.0008, dst 220.127.116.11 ca02.0a74.0008 FastEthernet0/0 Jan 1 00:01:24: IP ARP: arp_process_request: 18.104.22.168, hw: ca02.0a74.0008; rc: 3 Jan 1 00:01:24: IP ARP: rcvd rep src 22.214.171.124 ca02.0a74.0008, dst 126.96.36.199 FastEthernet0/0 Jan 1 00:01:24: IP ARP: creating entry for IP address: 188.8.131.52, hw: ca02.0a74.0008
Important Note: ARP cache table is not the same as MAC address table used by switches and each one has its own different timers.