General information

Three types of TCP/IP stack addresses are used to identify network interfaces:

  • local (hardware, most often MAC) addresses
  • network addresses (IP addresses)
  • symbolic (DNS domain) names

There is no functional dependency between a local address, a domain name, and an IP address belonging to the same network interface, so the only way to map one address type to another is to build a correspondence table.

The Address Resolution Protocol (ARP) is used to determine a local address from an IP address. ARP is implemented differently depending on whether it works in a local network (Ethernet, Wi-Fi) with broadcast capability or in a wide area network (MPLS, ATM), which usually does not support broadcast access.

ARP maintains a separate ARP table on each interface of a network adapter or router. During network operation, this table accumulates information about correspondences between IP addresses and MAC addresses of other interfaces in the same network. Initially, when a computer or router is connected to a network, all its ARP tables are empty.

How ARP works

The figure shows a fragment of an IP network that includes two networks: Ethernet1 (with three end nodes: A, B, and C) and Ethernet2 (with two end nodes: D and E). The networks are connected to interfaces 1 and 2 of the router respectively. Each network interface has an IP address and a MAC address. Suppose that at some point the IP module of node C sends a packet to node D. The IP protocol of node C has determined, using the routing table, the IP address of the next router interface: IP1. Now, before packing the packet into an Ethernet frame and sending it to the router, the corresponding MAC address must be determined. To solve this task, the IP protocol calls the ARP protocol.

ARP operation diagram

  1. In the first step, the IP protocol sends the ARP protocol a message roughly like: “What MAC address does the interface with address IP1 have?”
  2. ARP starts by checking its own ARP table. Suppose that the requested IP address is not among the entries it contains.
  3. In this case, ARP creates an ARP request, places it into an Ethernet frame, and broadcasts it. Note that the ARP request propagation area is limited to the Ethernet1 network, because the router acts as a barrier for broadcast frames.
  4. All interfaces in the Ethernet1 network receive the ARP request and pass it to their own ARP protocol. ARP compares the IP1 address specified in the request with the IP address of its own interface.
  5. The ARP protocol that detects a match (in this case, ARP on router interface 1) creates an ARP reply in which the router specifies the local MAC1 address corresponding to the IP1 address of its interface and sends it to the requesting node (node C in this example).

Types of entries in tables

There are two types of entries in ARP tables: dynamic and static.

  • Static entries are created manually using the arp utility and do not expire; more precisely, they exist as long as the computer or router remains powered on.

  • Dynamic entries must be updated periodically. If an entry has not been updated for a certain time (on the order of several minutes), it is removed from the table. Thus, an ARP table contains entries not for all network nodes, but only for those actively participating in network operations. Since this way of storing information is called caching, ARP tables are sometimes called ARP caches.

Today there is a trend toward automating ARP operation in wide area networks. For this purpose, among all routers connected to a given WAN, a special router is selected: an ARP server, which maintains an ARP table for all other nodes and routers in that network. With this centralized approach, the only thing that must be done manually is to enter the IP address and local address of the ARP server into the memory of all computers and routers. When powered on, each node and router registers its address with the ARP server. Whenever it becomes necessary to determine a local address from an IP address, the ARP module sends a request to the ARP server and automatically receives a response.