cisco networking academy chabot college elec 99.05 address resolution protocol

CISCO NETWORKING ACADEMYCISCO NETWORKING ACADEMY

Chabot CollegeChabot College

ELEC 99.05ELEC 99.05 Address Resolution ProtocolAddress Resolution Protocol


ARPARP

• Layer 2 (MAC) address processing– Performed in NIC hardware– Fast– Low CPU overhead

• Layer 3 (IP) address processing– Performed in software– Slow– High CPU overhead


ARPARP

• Problem:

Layer 3 knows the network address that a message should be sent to...

But layer 3 has no ability to actually send a message over the media!


ARPARP

• To send, Layer 3 needs the services of Layer 2.

• To use those services, there must be a way to tie

Layer 3 (IP) addresses toLayer 2 (MAC) addresses


ARPARP

• Address Resolution Protocol, or ARPAddress Resolution Protocol, or ARP, is used to “map” IP addresses to MAC addresses.


The ARP TableThe ARP Table



• The ARP table is stored in area of Random-Access Memory on each host.

• Such an area of memory is often called a cache. The ARP table is often referred to as an ARP cacheARP cache.

• Entries in the ARP table “age out.” They are removed from the table after a period of inactivity.



• Examine your curriculum PC’s arp table now.

• Start | Programs | MS-DOS Prompt• At the prompt, type arp -a



• Examine your curriculum PC’s arp table now.

• Start | Programs | MS-DOS Prompt• At the prompt, type arp -a

Microsoft(R) Windows 98 (C)Copyright Microsoft Corp 1981-1998.

C:\WINDOWS>arp -a



• You may see one or more entries in your PC’s arp table:


C:\WINDOWS>arp -a

Interface: 192.168.0.2 on Interface 0x2000003 Internet Address Physical Address Type 192.168.0.1 00-a0-c5-e2-ad-b8 dynamic

C:\WINDOWS>



• Or you may find that your PC’s arp cache is empty:

•

• Why might it be empty?• Aging...


C:\WINDOWS>arp -aNo ARP Entries Found


Aging OutAging Out

For Microsoft Windows hosts:

• Initial mappings have a 2-minute “time-to-live”.• An entry that is used twice in 2 minutes is

automatically given a 10-minute time-to-live.


ARPARP

• Problem:

The IP address of a host is known, but it’s MAC address is not.

How can IP learn the MAC addresses of a host?


ARPARP

• Solution:

IP issues an ARP request


Sending MessagesSending Messages

• The use of ARP depends on the message destination:– 1. Local destination - the source and

destination hosts are on the same network segment.

– 2. Remote destination - source and destination are on different network segments.


Sending Example: Sending Example: LocalLocalFrom Network A, Host 1

To Network A, Host 3

Network A Network B

Host1 Host2 Host3 Host1


Sending Example: Sending Example: LocalLocalFrom Network A, Host 1

To Network A, Host 3

Source & destination IP address are on the same subnet:

Network A Network B



Sending Example: Sending Example: LocalLocal

Step One:• Is the IP address in the ARP cache?

– If yes, use the cached MAC address to address the message.

– If no, go to Step 2...



Step Two: (when there is no ARP entry)• Send ARP requestARP request to find MAC address of

destination.• The ARP Request is a layer-2 broadcast

frame. Therefore, each computer on the network– accepts the frame– passes it up to layer 3 to determine if it is the

owner of the requested IP address.



Step Three: (performed by just one computer) • ARP Reply is sent directly to the hardware

address of the requesting system.

Note - Only the owner of the requested IP address will provide the ARP reply. All other hosts disregard the request.



Step Four:• Upon receiving the reply, the requesting

machine will add the address into its ARP cache and use the newly discovered MAC address to address the message.


Sending Example: Sending Example: RemoteRemoteFrom Network A, Host 1

To Network B, Host 1

Network A Network B



Sending Example: Sending Example: RemoteRemoteFrom Network A, Host 1

To Network B, Host 1

Source & destination IP address are not on the same subnet:

Network A Network B



Sending Example: Sending Example: RemoteRemote

Step One:• Is the IP address local (same subnet)? No.

To leave a subnet or network, a computer must use the services of a routerrouter.

Routers are sometimes called gatewaysgateways for this reason.


Default GatewayDefault Gateway

Default Gateway:Default Gateway: the network interface (of a router) to which the client sends traffic that is destined for other networks.

DefaultGateway

Network A

Host1 Host2 Host3

OtherNetworks



Step Two:• Sending computer checks for a default

gateway in its TCP/IP configuration.• If no default gateway is installed, the

sending computer cannot send the message.



Step Three:• Sending computer checks ARP table for IP

and MAC address of default gateway.• If there is no ARP entry for the default

gateway, the sending computer sends an ARP request, looking for the router.



Step Four:• Gateway router sends ARP Reply directly

to the hardware address of the requesting system.

Note - Only the router will provide the ARP reply. All other hosts disregard the request.



Step Five:• Sending computer addresses message

using non-local destination hosts’s IP, but uses default gateway’s MAC address.

(The computer will always use the MAC address of the default gateway when addressing messages to hosts on a remote IP network.)


Sending SummarySending Summary

• Local Destination...– IP address - destination host– MAC address - destination host

• Remote Destination...– IP address - destination host– MAC address - default gateway of

router


Proxy ARPProxy ARP

• A rarely used variation of ARP.• Used only between subnets of the same net.• Hosts are configured to view all subnets as a single network.

This is typically done by configuring the workstation with a smaller subnet mask than the network really uses.The hosts don’t know there is a router between them and the destination host. The hosts don’t have a default gateway defined.

• Proxy ARP occurs when the router is configured to send an ARP reply to the requesting host on behalf of the destination host. The router gives its own MAC address in the ARP reply.


Proxy ARPProxy ARP

• Exam question says: In Proxy ARP, a router helps a device on one subnet to find the MAC address of a host on another subnet.

• This is the “correct” answer, but it isn’t true.Actually the router gives its own MAC address.

• Rarely used. Only important for the exam.

• For technical detail, follow this link...


Router’s ARP tableRouter’s ARP table

• Usually bigger than workstation’s table• Can have addresses from more than one

network• Includes what interface or port that network

is connected to in the table


Router’s ARP tableRouter’s ARP table

Protocol Address Age (min) Hardware Addr Interface

Internet 169.199.73.195 8 00e0.2908.398d Ethernet0

Internet 169.199.73.194 5 0000.0c77.01f4 Ethernet0

Internet 207.124.101.220 15 00e0.24e7.bc43 Ethernet1

Internet 207.124.101.201 2 00e0.ff42.0034 Ethernet1


Duplicate IP AddressesDuplicate IP Addresses• How would ARP behave if two hosts were

accidentally assigned the same IP address?

Network A

Host1 Host2 Host3 Host3 Host5

Duplicate IP Addresses


Duplicate IP AddressesDuplicate IP Addresses• Two MAC addresses would be mapped to the

same IP address - a forbidden condition!

Network A

Host1 Host2 Host3 Host3 Host5

Duplicate IP Addresses

ARP ReplyARP Reply


ARP QuizARP Quiz

Network A

Host1 Host2

Network B


Network C

From: Network A Host 1 To:Network C Host 2

• Sending from NetA Host1 to NetC Host 2• Which MAC addresses must be known or

discovered with ARP?


ARP QuizARP Quiz• Which MAC addresses must be known?

Default Gateway of Network A

Default GatewayMAC

Network A

Host1 Host2

Network B


Network C




Default Gateway of Network ADefault Gateway of Network B

Default GatewayMAC

Network A

Host1 Host2

Network B


Network C


Default GatewayMAC



Default Gateway of Network ADefault Gateway of Network BHost 2 on Network C

Default GatewayMAC

Network A

Host1 Host2

Network B


Network C


Default GatewayMAC

HostMAC

cisco networking academy chabot college elec 99.05 address resolution protocol

Documents

arp request slide

type arp

arp entries

use of arp

arp cachesuch

cisco networking academy

arp table age

pcs arp cache