Solved

How ARP works beyond the Router

Posted on 2014-04-11
20
925 Views
Last Modified: 2014-04-16
inside the LAN Switches build an ARP to IP address table for each host in the LAN.
However, I am not sure how ARP works , for instance when a Host with IP address 10.1.1.10 wants to reach another host 192.168.10.10, which is behind another Layer3 device, or sometimes 2 hops away.

Thank you
0
Comment
Question by:jskfan
  • 8
  • 7
  • 5
20 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39994967
inside the LAN Switches build an ARP to IP address table for each host in the LAN.
If you're talking about layer-2 switches, this is not correct.  It is however true for layer-3 switches.
I am not sure how ARP works , for instance when a Host with IP address 10.1.1.10 wants to reach another host 192.168.10.10, which is behind another Layer3 device,
If the destination host is not local, the sending device will use the layer-2 address of it's default-gateway as the destination address for the layer-2 frame.
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 39995989
basically this is what happens when 10.xyz/8 whant to speak with 192.168.xy

- the IP stack notices the destination is not on the same network
- it performs a lookup in the routing table, and finds let's say 10.1.1.1
- it sends ARP WHO HAS 10.1.1.1 REPLYTO 10.xyz
- 10.1.1.1 answers with it's mac address
- the packet is sent to 10.1.1.1
- 10.1.1.1 receives the packet and notices it is not for him
- 10.1.1.1 decrements the TTL
- 10.1.1.1 looks if it has an interface in the same network as the destination
- we'll assume yes, otherwise go up to second line and repeat the cycle to reach the next hop
- 10..1.1.1 selects the interface, let's say 192.168.1.1/16
- 10.1.1.1 sends an ARP WHOHAS 192.168.xy REPLY TO 192.168.1.1 on that interface
- 192.168.xy answers to 192.168.1.1 with it's MAC address
- the router sends the packet using 10.xyz as the source address to the MAC it received

basically, arp traffic is used for communication in the same network only and does not traverse routers

when not on the same network, the routing table is used to determine the IP of the router on the same network and ARP is used to talk with the router

the router repeats the process
0
 

Author Comment

by:jskfan
ID: 39997175
The first step , I believe is :
Host with IP address 10.1.1.10  will send a broadcast " who has IP 192.168.10.10 " ?

The who will respond to Host with IP address 10.1.1.10 ? the router will respond?
if Router1 does not have 192.168.x.x address in its routing table, what protocol will it use to make a request to router2 about the 192.168.x.x network ?
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39997204
No.  If the host has a default gateway defined with a layer-3 device, it WILL not ARP an address on a different network.

If the host has itself as the default gateway, then it will ARP all addresses regardless of where they are. And if the router is configured for Proxy ARP. it will respond to those requests (assuming it has a route to the destination network).
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 39997223
The first step , I believe is :
Host with IP address 10.1.1.10  will send a broadcast " who has IP 192.168.10.10 " ?

like @don said, no. the above steps are the correct ones. ARP packets are only sent to the same network.

if Router1 does not have 192.168.x.x address in its routing table, what protocol will it use to make a request to router2 about the 192.168.x.x network ?

hosts and routers act the same way : if there is no specific route, there should be a gefault gateway. if there is no default gateway (aka catchall route to 0.0.0.0/0), then the packet is dropped, and an icmp no-route-to-host packet is sent back to the source address.

routing protocols create routes. they are not meant to be used dynamically when a packet arrives (but a non-routable packet may trigger something). they are not part of IP specification and there is hence no "normal" protocol.
0
 

Author Comment

by:jskfan
ID: 39997501
so when Host(computer) with IP address 10.1.1.10  want to talk to computer2 that has IP 192.168.10.10 " what would be the process ?

I know skullnobrains described the steps but not clear…I could not understand how steps are chained up...
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39997509
That's already been answered.

This comment.

I would just make one minor change to steps two and three (but the concept is unchanged):

- the IP stack notices the destination is not on the same network
- The host checks its ARP cache for an entry for the default-gateway.
- If there is no entry for the default gateway, it sends an ARP Request to the DG.
0
 

Author Comment

by:jskfan
ID: 39998030
Yes I was referring to Comment ID: 39995989

I wonder if it can be reshaped a little bit to make it clear ?

It sounds like the next hop(Router) does the same thing as the initial computer does, which is the broadcast to find the wanted MAC address. However,in most of articles they say Routers do not do the broadcast….
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39998049
I wonder if it can be reshaped a little bit to make it clear ?
I don't know how it could any clearer.  If you explain what you're not understanding, that would help.

It sounds like the next hop(Router) does the same thing as the initial computer does, which is the broadcast to find the wanted MAC address.
That is correct.
However,in most of articles they say Routers do not do the broadcast….
Hard to say without seeing the article, but I think you're confusing "forwarding of broadcast" with "generating broadcast".

If the outbound interface of the router is an ethernet interface and there is no entry in the ARP cache, then the router will have to ARP for the MAC address of the next router (or the destination if it's on that network).
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 39998330
thanks @don, indeed, i had skipped the possibility that the host has the arp in it's cache

--

as far as broadcast goes, ARP is essentially a broadcast protocol : arp queries are always sent to the whole network. this is precisely the reason why we use IP on top of ARP : to provide routing through the use of addressing

when you read "routers don't do broadcast", the article's author probably referred to IP broadcasts. btw, routers can perfectly route broadcasts but there are blocked on many of them to prevent smurf and smurf-like attacks

--

i'll try to shorten and clarify a bit

all hosts including routers use that same mechanism when they need to sent packets :
- if the host is on my network, choose to communicate directly with it, if not use the next hop found by interrogating the routing table (which is always on my network)
- use arp (or arp cache) to retrieve the mac address of the peer defined at above step
- send the packet to that peer using the mac address retrieved in the previous step

the only difference between a router and other hosts is that a router will accept to receive packets that are not for him and attempt to forward them. in the process, the ARP headers are replaced and the TTL is decremented
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:jskfan
ID: 40002896
<<Hard to say without seeing the article, but I think you're confusing "forwarding of broadcast" with "generating broadcast".>>>
That 's true donjohnson, I was confused about that point..


I was not sure Next hop router will generate a broadcast in order to request the MAC address of the wanted IP address…
So if I understand the Router will still query the next Router asking him " Do you have the MAC address of this IP address ?"  if that's the case the First router will update  MAC to IP address information in its own MAC Table….

Assuming after the Host(computer) has gone through the request of IP to MAC to find the destination host , and the Routers in the way have all updated their MAC to IP address table to include the destination host…
at this point the first router will send back the MAC address of the destination to the requesting Host ??
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40002945
It's a minor terminology issue, but the the term for the table that contains IP addresses and the MAC address which corresponds to that IP address, is the ARP cache or ARP table.  Layer-2 switches have a list of MAC addresses and the interface those MAC addresses are associated with. This is called a MAC Address Table. Also known as the MAC database, CAM table or switching database.

I was not sure Next hop router will generate a broadcast in order to request the MAC address of the wanted IP address…
So if I understand the Router will still query the next Router asking him " Do you have the MAC address of this IP address ?"  if that's the case the First router will update  MAC to IP address information in its own MAC Table….
A device will only send an ARP request if it does not know the MAC address for a particular IP address.  The ARP cache for a Cisco router four hours by default. So once a router ARPs a device once, it typically does not have to query it again.

Assuming after the Host(computer) has gone through the request of IP to MAC to find the destination host , and the Routers in the way have all updated their MAC to IP address table to include the destination host…
at this point the first router will send back the MAC address of the destination to the requesting Host ??
No. A host will NEVER know the MAC address of a device on a different network.  I doesn't need to know that information. Any destination not of the local network is simply forwarded to the default gateway. That router will then send the packet towards the destination.
0
 

Author Comment

by:jskfan
ID: 40003007
<<<Any destination not of the local network is simply forwarded to the default gateway. That router will then send the packet towards the destination.>>>

the router will act on behalf of the HOST.

I want to know how the information chain is lined up..this is why I asked for the steps that the request made by the host reaches the destination and how the response will get back to the originating host…
0
 

Author Comment

by:jskfan
ID: 40003009
it is described on the comment ID: 39995989.
however when  router1 asks Router2 about IP address 192.168.x.y , assuming Router2 knows about it…..then what information Router2 will deliver back to Router1 and what information will Router1 deliver back to the Host ?
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 250 total points
ID: 40003041
Let's try this: See the attached topology diagram.
Network Topology
A has a packet to send to B

1) A determines that B is on a differnet IP network
2) A checks it's ARP cache for an entry for it's default gateway (192.168.1.1)
3) If it does not have a entry, then it ARPs 192.168.1.1.  Once it receives a response, it adds an entry in the ARP cache.
4) It takes the packet to 10.1.1.2 and builds an ethernet frame around it with 00.00.0C.00.00.01 as the destination MAC address and sends the frame out it's ethernet interface.
5) Frame arrives at R1 on E0.
6) R1 recognizes it's MAC address and decapsulates the packet.
7) R1 sees 10.1.1.2 as the destination IP address. Because the packet is not destined for R1, the router looks at it's IP routing table for an entry for the 10.0.0.0 network.
8) The entry for the 10.0.0.0 network shows a next hop address of 172.16.1.1 using interface E1.
9) R1 checks it's ARP cache for and entry for 172.16.1.1 (if there is no entry, it will send an ARP request for that address).
10) R1 takes the packet it received on E0 from A and builds a new ethernet frame around it with 00.00.0C.00.91.01 as the destination MAC address and sends the frame out the E1 interface.
11) Frame arrives at R2 on E0.
12) R2 recognizes it's MAC address and decapsulates the packet.
13) R2 sees 10.1.1.2 as the destination IP address. Because the packet is not destined for R2, the router looks at it's IP routing table for an entry for the 10.0.0.0 network.
14) The entry for the 10.0.0.0 network shows a next hop address of 172.17.1.2 using interface E1.
15) R2 checks it's ARP cache for and entry for 172.17.1.2 (if there is no entry, it will send an ARP request for that address).
16) R2 takes the packet it received on E0 and builds a new ethernet frame around it with 00.00.0C.05.1E.01 as the destination MAC address and sends the frame out the E1 interface.
17) Frame arrives at R3 on E0.
18) R3 recognizes it's MAC address and decapsulates the packet.
19) R3 sees 10.1.1.2 as the destination IP address. Because the packet is not destined for R3, the router looks at it's IP routing table for an entry for the 10.0.0.0 network.
20) The entry for the 10.0.0.0 network shows it is "directly connected to it's E1 interface.
21) R3 checks it's ARP cache for and entry for 10.1.1.2 (if there is no entry, it will send an ARP request for that address).
22) R3 takes the packet it received on E0 and builds a new ethernet frame around it with 00.00.3C.FF.12.34 as the destination MAC address and sends the frame out the E1 interface.
23) Host B receives the frame.
0
 
LVL 26

Assisted Solution

by:skullnobrains
skullnobrains earned 250 total points
ID: 40003381
i agree with don, (nice doc !)

i'll just add a note on that specific point (which is the part you don't get)

So if I understand the Router will still query the next Router asking him " Do you have the MAC address of this IP address ?

no : if a router/host has a packet that it needs to forward/send to another host, and it determines that the host is not on his network, the ARP query that it will send will be to query the next-hop's mac, not the final destination's

the host or router that emits the packet can determine who he will need to send the packet to BEFORE it sends anything on the network by using the ip/mask of his attached networks and it's routing table. are you familiar with ip/mask concept ?

it does not know if the other router is actually connected to that host, or will forward it to yet another router or even drop the packet. each host is only responsible for either
- sending directly to the destination ( if the destination is on one of the attached networks)
- sending to the next hop ( if the above is false and the host/router knows the route)
- dropping the packet (if neither of the above apply)

in the second case, the ARP query that is performed is related to the next-hop, not the final destination
0
 

Author Comment

by:jskfan
ID: 40003532
Thank you…
I do not mean to make this thread too long….but I want to understand the trip back to Host A, once all those requests are made up all the way to the destination host B…how does the response travel back…will  the routers  on the way to host A do the decapsulate/encapsulate of the packets and ARP the next hop ?
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40003578
The return packet goes through the exact same process. Only the addresses are different.
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 40003818
yes :

for example
A - RT1 - RT2 - B

A has a route telling it that it can reach B through RT1
RT1 has a route telling it that it can reach B through RT2

likewise
B has a route telling it that it can reach A through RT2
RT2 has a route telling it that it can reach A through RT1

A does not even know that RT2 exists, likewise B does not know about RT1

each host only does ARP with it's neighbors (A with RT1, RT1 with RT2, and RT2 with B)

in normally configured networks, the forward and reverse paths follow the same chain of hosts but there is no formal requirement
0
 

Author Closing Comment

by:jskfan
ID: 40004370
Thank you Guys!
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now