What is Address Resolution Protocol?
Address Resolution Protocol is an important network protocol that is used for linking the logical "Internet Protocol Address" (IP) to the physical "Machine Address" (MAC). In other words, we can say, ARP maps OSI "Layer 3" (Network) addresses to "Layer 2" (Data Link) addresses.
Why do we need ARP?
OK, we already know ARP maps IP addresses to MAC addresses. But why do we need that? Any hardware (let's say ethernet adapter) that is built for use in a Local Area Network (LAN) must be assigned a unique address by the manufacturer. This address is called the Media Access Control Address (MAC). MAC addresses are crucial because the hosts within a local network are able to communicate by means of MAC adresses. In order a host in a LAN to send packets to another host in the same local network, it should know the receiver host's MAC addresses.
Now, let's take a look at one example to figure out how ARP works or why we need it:
Let's say you sit on your chair in your living room, turn your laptop on and you want to send an e-mail to your friend. By clicking the "Send" button, you let your e-mail program (by the help of IP Stack) prepare the TCP/IP packets which contain your e-mail message. Keep in mind that the destination IP address is stuffed into the header part of IP datagrams by the Network Layer. All this information is passed down to the Data Link Layer (Layer 2). Assuming that the ARP table in your local host is empty, your computer will broadcast an ARP Request in your Local Area Network (your LAN is your broadcast domain unless any counter-measures are taken).
Since ARP Request is a broadcast message, all the hosts in your Local Area Network receive the request (for example, your smart phone, which has the same Wi-Fi connection with your laptop). However, only the one who has that IP address will reply (in this case, your smart phone will have no chance). In our case, the target IP would be the e-mail server's IP. Well it's not in your house, or better to say, it's an external IP which does not exist in your Local Area Network. Hopefully, in your house, you have a generous gateway (router), which helps you communicate with the outside world. The router would not turn you down. It will look in its routing table. Well, OK, it may not have that IP, but its routing table tells that it has a route to the destination network. So, the router will reply with is own MAC address (such a gentleman!!).
Now that your computer knows where to send the packets in your LAN. To communicate within the same physical network, your computer will encapsulate the IP packets inside the Data Link frames and send them to the router. The router will receive them, see that the destination MAC address matches its own. Hence, it will decapsulate the frames and pass the data up to its Network Layer. At the Network Layer, the router will figure out that the destination IP does not match its own IP. Well, there is one more option then: These packets are supposed to be routed (clever guy!!). The router will look up its routing table in order to figure out from which interface to send the packets out. Hopefully, there is a correct math, so that the router will re-encapsulate the IP Packets in order to form the Data Link Frames to be sent to the next hop.
Please keep in mind that this procedure will be repeated several times in order your IP packets that carry the e-mail massage data to reach the required network. The reason for several repeatitions is obvious: there normally are several hops between your laptop and the e-mail server.
Let's say you sit on your chair in your living room, turn your laptop on and you want to send an e-mail to your friend. By clicking the "Send" button, you let your e-mail program (by the help of IP Stack) prepare the TCP/IP packets which contain your e-mail message. Keep in mind that the destination IP address is stuffed into the header part of IP datagrams by the Network Layer. All this information is passed down to the Data Link Layer (Layer 2). Assuming that the ARP table in your local host is empty, your computer will broadcast an ARP Request in your Local Area Network (your LAN is your broadcast domain unless any counter-measures are taken).
Since ARP Request is a broadcast message, all the hosts in your Local Area Network receive the request (for example, your smart phone, which has the same Wi-Fi connection with your laptop). However, only the one who has that IP address will reply (in this case, your smart phone will have no chance). In our case, the target IP would be the e-mail server's IP. Well it's not in your house, or better to say, it's an external IP which does not exist in your Local Area Network. Hopefully, in your house, you have a generous gateway (router), which helps you communicate with the outside world. The router would not turn you down. It will look in its routing table. Well, OK, it may not have that IP, but its routing table tells that it has a route to the destination network. So, the router will reply with is own MAC address (such a gentleman!!).
Now that your computer knows where to send the packets in your LAN. To communicate within the same physical network, your computer will encapsulate the IP packets inside the Data Link frames and send them to the router. The router will receive them, see that the destination MAC address matches its own. Hence, it will decapsulate the frames and pass the data up to its Network Layer. At the Network Layer, the router will figure out that the destination IP does not match its own IP. Well, there is one more option then: These packets are supposed to be routed (clever guy!!). The router will look up its routing table in order to figure out from which interface to send the packets out. Hopefully, there is a correct math, so that the router will re-encapsulate the IP Packets in order to form the Data Link Frames to be sent to the next hop.
Please keep in mind that this procedure will be repeated several times in order your IP packets that carry the e-mail massage data to reach the required network. The reason for several repeatitions is obvious: there normally are several hops between your laptop and the e-mail server.
ARP Request
As mentioned above, the hosts need to know the destination MAC address in order to communicate with each other within a physical network. ARP Request is a broadcast message in order to learn the MAC address of a given IP address.
ARP Request is simply: "Hey, tell me. What is the MAC Adress of IP address a.b.c.d ?" or "Who the hack has this IP address a.b.c.d?"
The host which has the given IP address replies the request while all others just ignore it.
ARP Table (ARP Cache)
Think of such a case: before each packet you send, you have to ask everyone in your LAN to whom the IP address a.b.c.d belongs to, . That would be awful! Hopefully, the world is not that cruel!! As it would be far too expensive to broadcast an ARP Request and wait for the response before sending data, each IP stack has an ARP table, also known as ARP cache.
Going back to our example above, once your laptop learns that it has to send the IP Packets which contain your e-mail message to the router, it will hold this information as an entry in its own ARP table. This means that it does not need to broadcast ARP Request and wait for answers for the rest of the packets that contain your e-mail message. This is a huge amount of time saving.
Entries in the ARP cache are simply IP Address to MAC Adress mappings. No matter which IP device you are using, it will have an ARP table. The ARP entries can be dynamic or static. In case of dynamic ARP, as long as an ARP entry is used, it will be kept in the ARP table.
When a host is down or disconnected from the Ethernet, there is a period of time during which other hosts may have an ARP cache entry for the disconnected host. After the time-out value, the state of the entry will change, reflecting the need to verify the reachability of the MAC address. In this case, other hosts in the local area network will send ARP Requests in order to figure out whether their ARP entry should still exist or if the owner of the IP address in the entry is still alive. When the disconnected host fails to respond ARP Request, the ARP table entry will be marked as INCOMPLETE.
Understanding ARP Entry States
Each entry in the ARP cache has a state.
When the system receives a successful response for the requested IP address within a certain time limit, the system marks the ARP cache entry of the related IP address as RESOLVED. An entry in the RESOLVED state remains in the ARP cache until the timeout period expires.
When the system sends one or more ARP Requests to learn the MAC address of a given IP address but does not get any response back, the system marks the ARP cache entry of the related IP address as INCOMPLETE.
When the system has made the maximum number of allowed requests but still receives no response, the related ARP cache entry will be marked as DOWN. An entry with a DOWN state remains in the ARP cache until 20 seconds of elapse time expires, unless there is a gratious ARP message (an ARP reply without having any request) for the given IP address. After the elapse time, the entry is deleted by the system.
When the system sends one or more ARP Requests to learn the MAC address of a given IP address but does not get any response back, the system marks the ARP cache entry of the related IP address as INCOMPLETE.
When the system has made the maximum number of allowed requests but still receives no response, the related ARP cache entry will be marked as DOWN. An entry with a DOWN state remains in the ARP cache until 20 seconds of elapse time expires, unless there is a gratious ARP message (an ARP reply without having any request) for the given IP address. After the elapse time, the entry is deleted by the system.
