Address Resolution Protocol

Last Update By Kim - June 21, 2020

In the earlier articles, we covered how MAC addresses are used for layer 2 hop-to-hop delivery. Here we’ve also covered how IP addresses are used for layer 3 end-to-end delivery between networks. The Address Resolution Protocol (ARP) can be seen as a mixture of the two layers.

The purpose of the ARP network protocol is to find the hardware MAC address of a device from an IP address. ARP is needed when a device wants to communicate with another device on the network, but only knows the IP address and not the MAC address of the other device. It’s important to understand that machines on a local network can't communicate if they don't know the MAC Address of each other.

Most often devices already know each other’s IP address through DNS lookups. However, what is definitely not always known is their MAC addresses. It’s not only network devices such as switches and routers that have an ARP table. Every single device on the network will have its own ARP table which includes host machines.

ARP Example

In this example Host A needs to load the company's internal website from a local webserver. It knows the IP address because of a previous DNS lookup, but the MAC address is unknown. Looking at the IP address, Host A knows the server exists in the local network. Let’s construct a packet from Host A’s perspective with all the information we currently have available:

As you can see Host A is missing the destination MAC address and therefore cannot send the packet to the web server.

To get the missing piece of information, Host A will send an ARP request. ARP requests are always sent as broadcast which means if there had been other hosts connected to this link, they would have received the ARP request as well.

The web server will receive the request and reply with its own MAC address. The ARP response is a unicast message, which means it’s directly addressed to Host A. If there had been other hosts connected on this link, they would not have received the ARP reply. That’s to prevent unnecessary traffic on the network.

Now Host A has all the information needed and can communicate with the web server. In the process, it also updated it’s ARP Table for future reference.

MAC Address Changes

Now let’s expand our previous topology with multiple networks. This time Host A needs to download some employee information stored on an FTP Server in the HR department. Each side of the router is a different network.

When looking at the IP address Host A can conclude that the FTP Server exists in a foreign network. Therefore the packet must be delivered to the nearest router. This is known as the Default Gateway which is always configured on a host, so it knows how to reach other networks. Host A sends a broadcast ARP request and the Router 1 answers with its Mac Address. After the ARP request/reply exchange, the packet looks like this:

Take notice of the source and destination MAC address which is Host A and Router 1 respectively.

When Router 1 receives that packet it will check it's ARP table for the FTP-Server's MAC address. It will then modify the original packet.

Now the source MAC is router 1's interface and the destination MAC Address is the FTP Server. Remember that layer 2 is a hop-to-hop addressing scheme and therefore it will change each time it’s forwarded until it reaches the host.

Comments: