ccnahub.com http://www.ccnahub.

com/ip-fundamentals/understanding-arp-request/
Understanding ARP Request
Understanding ARP Request Article covers the following CCNA/ICND1 Exam Topics:
Under Operation of IP Data Networks:
1. Identify common applications and their impact on the network.
2. Predict the data flow between two hosts across a network.
Recommended Study Plan:
1. Download the ICND1v2 Exam Topics Sheet from Cisco Website.
2. Follow the Steps and the Articles under IP Networks Fundamentals by order.
3. Or Start with Web Browser DNS Lookup Article.
Average Time Required Studying this Article: 1 Hour
ARP Protocol Process Mapping IP address to MAC Address
Address Resolution Protocol (ARP) used only on Ethernet Networks by Data Link Layer to provide two basic
functions:
Resolving IPv4 addresses to MAC addresses
Maintain a cache of MAC to IP address Mapping Table
Locally speaking inside the LAN, if a shared folder located in a server with IP 192.168.1.10 (using windows
environment) DNS will resolve human names such \shared-folder to server IP Address that host the shared folder, but
still the network need to resolve one more level to Data link address, and since ethernet standard is used , ARP is
called to resolve IP Addresses to MAC addresses only on Ethernet Networks.
Why ARP is needed?
IP routing logic requires that network devices encapsulate IP packets inside Data-Link frames based on the link type
used, and If Ethernet link type is used, then ARP resolution from IP Addresses to MAC addresses is required to
encapsulate IP packets inside Ethernet frames.
Whenever a host or a router needs to communicate with other hosts or routers, they encapsulate TCP or UDP
segments in an IP packet. Hosts and Routers Network Layer knows all the important pieces to build an IP packet
such destination IP address and source IP address, but in Ethernet Network and when it comes to encapsulating an
IP packet inside a frame using destination and source MAC addresses, hosts and routers do not know neighbors
NICs or interfaces MAC addresses beforehand, hence, ARP get evolved.
TCP/IP defines ARP as the method by which any host or router on a LAN can dynamically learn the MAC address of
another host or router on the same LAN. ARP includes a protocol called ARP request, which is a message that asks
the simple request if this is your IP address, please reply with your MAC address. ARP also includes the ARP Reply
message, which indeed lists both the original IP address and the matching MAC address.
Detailed ARP Request and Reply Process
Based on the figure above, PC1s Ethernet cable plugged into SW2, the following steps take place to show how PC1
initially learned its Default Gateways (R3) MAC address in order to route an IP packets outside its LAN network.
Step 1: PC1s Network Layer sends an IP packet encapsulated with destination IP address of R3 (192.168.1.1) as a
receiver, and a source MAC address of PC1 (192.168.1.100) as sender.
Step 2: PC1s Data-Link Layer encapsulate the IP packet inside an Ethernet Frame with a broadcast destination MAC
Address (FFFF.FFFF.FFFF), which means all devices on this LAN will receive this message, and a source MAC
address of PC1 NIC interface as sender.
Step 3: The switch receives the broadcast frame, learn the source MAC address and record it along the interface port
number in its MAC table (1), and flood the broadcast frame from all ports except the port where it was received (2).
Step 4: All devices receive the broadcast packet and drop it, except R3. R3 replies to PC1 with its MAC address since
the IP packet included ARP message request indicating its IP address in the destination field.
Step 5: PC1 receives the ARP reply request indicating R3s MAC address, learn the MAC address and saves it in its
MAC table.
Step 6: PC1s Network layer is ready right now to create an IP packet heading to Web-server instead of R3, and
ready to encapsulate it inside an Ethernet Frame to be forward to R3 MAC address as next-hop.
Notice, how PC1 has to prepare the pieces before completing web page request, resolving Name to IP using DNS (1)
learn R3 MAC address (2), and finally creates an HTTP Get request IP packet heading to a web-server.
Lets Dig Deeper into the Process
Note that R3 IP Address (192.168.1.1) known to PC1 as Default Gateway by DHCP or Static configuration. The
following figure shows how PC1 created an IP packet indicating R3 IP address as destination, and encapsulated the
packet inside a frame indicating an ARP Request as destination Broadcast address ( FFFF.FFFF.FFFF) inside the
frame.
Once PC1 release a broadcast frame, it will hit all network devices on this LAN address which is 192.168.1.0/24. After
R3 receives the broadcast frame, replies with its MAC, and PC1 learn R3s MAC address, the next figure shows how
PC1 created a new IP packet indicating Web-Servers IP address this time, and encapsulated the IP packet inside a
Frame heading this time to R3 MAC address as next-hop instead of Broadcast Address since PC1 learned R3s MAC
address already.
Note that Hosts save the ARP replies in their ARP cache or ARP table for future use as they do with DNS queries.
ARP is not used every time the host or the router needs to forward a packet to neighbor device. Each time a host or
router needs to send a packet encapsulated inside an Ethernet Frame, it first checks its ARP table for correct IP
address and matching MAC address. Hosts and routers will let ARP cache entries time out to clean up the table, so
occasionally ARP Requests traffic can be seen on LAN.
Unicast, Broadcast, and Multicast Frames
Why we need different types of Ethernet frames? To understand how ARP service works, its good to look at the
difference among all 3 types of Ethernet frames communication. By looking at the figures below and for simplicity,
note how each type has different color. Unicast is Orange and what inside the circle corresponds to the color as well,
and so on.
Unicast frame: indicates that only 2 network devices talking to each other.
(Remember Hubs dont care and they broadcast everything Unicast, Broadcast, and Multi-Cast. In contrast, switches
do care, why? Because they know how to talk Ethernet language, therefore, know how to deal with MAC addresses of
any Ethernet frame type).
Broadcast frame: indicates that a single machine sending a frame to everyone on the LAN.
Multicast frame: indicates that a group of devices are willing to respond to a specific machine request on the
network, or a single network device is trying to talk only to a specific group of devices that are willing to listen to a
specific Multicast frame that hold a MAC address such this one 0100.5E7F.0001.
And finally Little bit about ICMP why its needed for troubleshooting?
Internet Control Message Protocol (ICMP)
Troubleshooting tools Use to verify connectivity such ping and traceroute commands.
ICMP Includes some primary tools for troubleshooting and verifying basic network connectivity, commands such
Packet Internet Groper (Ping) and Traceroute (tracert in windows).
Ping uses ICMP to send a message called ICMP echo request to another IP address. The host with that IP address
should reply with an ICMP echo reply packet. If that works, you successfully have tested the IP network. In another
words, you know that the network can deliver an IP packet from one host to the other and back. ICMP does not rely on
any application; it tests basic layer 1, 2, and 3 connectivity of TCP/IP model. The following shows a ping reply from a
host google.com.
Traceroute uses ICMP as well, is a network tool used to test and shows an IP packet route taken by PC1s Internet
Protocol (IP) across the routers that are located between PC1 and Web-server. E.g. the following shows a windows
tracert command from a host to google.com.
Detailed ICMP header
Next: Understanding TCP and UDP Protocols
Go to top
About Imad Daou
He is the founder of CCNA HUB, a CCNA Training HUB to help CCNA students get certified. Imad has more than 10
years of IT experience as Field Service and Consulting Engineer. A+, Network+, Server+, Security+, Storage+, HP,
Dell, and IBM Hardware Certified. He's a Professional SMB IT Consultant.
Facebook Twitter Linkedin Google
Copyright secured by Digiprove 2013 Imad DaouSome Rights Reserved
Original content here is published under these license terms: X
License
Type:
Attribution, Share Alike
License
Summary:
You may copy this content, create derivative work from it, and re-publish it, provided you include an
overt attribution to the author(s) and the re-publication must itself be under the terms of this license or
similar.
License
URL:
http://creativecommons.org/licenses/by-sa/3.0/