Solved

How ARP works beyond the Router

Posted on 2014-04-11
20
1,237 Views
Last Modified: 2014-04-16
inside the LAN Switches build an ARP to IP address table for each host in the LAN.
However, I am not sure how ARP works , for instance when a Host with IP address 10.1.1.10 wants to reach another host 192.168.10.10, which is behind another Layer3 device, or sometimes 2 hops away.

Thank you
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
  • 5
20 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39994967
inside the LAN Switches build an ARP to IP address table for each host in the LAN.
If you're talking about layer-2 switches, this is not correct.  It is however true for layer-3 switches.
I am not sure how ARP works , for instance when a Host with IP address 10.1.1.10 wants to reach another host 192.168.10.10, which is behind another Layer3 device,
If the destination host is not local, the sending device will use the layer-2 address of it's default-gateway as the destination address for the layer-2 frame.
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 39995989
basically this is what happens when 10.xyz/8 whant to speak with 192.168.xy

- the IP stack notices the destination is not on the same network
- it performs a lookup in the routing table, and finds let's say 10.1.1.1
- it sends ARP WHO HAS 10.1.1.1 REPLYTO 10.xyz
- 10.1.1.1 answers with it's mac address
- the packet is sent to 10.1.1.1
- 10.1.1.1 receives the packet and notices it is not for him
- 10.1.1.1 decrements the TTL
- 10.1.1.1 looks if it has an interface in the same network as the destination
- we'll assume yes, otherwise go up to second line and repeat the cycle to reach the next hop
- 10..1.1.1 selects the interface, let's say 192.168.1.1/16
- 10.1.1.1 sends an ARP WHOHAS 192.168.xy REPLY TO 192.168.1.1 on that interface
- 192.168.xy answers to 192.168.1.1 with it's MAC address
- the router sends the packet using 10.xyz as the source address to the MAC it received

basically, arp traffic is used for communication in the same network only and does not traverse routers

when not on the same network, the routing table is used to determine the IP of the router on the same network and ARP is used to talk with the router

the router repeats the process
0
 

Author Comment

by:jskfan
ID: 39997175
The first step , I believe is :
Host with IP address 10.1.1.10  will send a broadcast " who has IP 192.168.10.10 " ?

The who will respond to Host with IP address 10.1.1.10 ? the router will respond?
if Router1 does not have 192.168.x.x address in its routing table, what protocol will it use to make a request to router2 about the 192.168.x.x network ?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 50

Expert Comment

by:Don Johnston
ID: 39997204
No.  If the host has a default gateway defined with a layer-3 device, it WILL not ARP an address on a different network.

If the host has itself as the default gateway, then it will ARP all addresses regardless of where they are. And if the router is configured for Proxy ARP. it will respond to those requests (assuming it has a route to the destination network).
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 39997223
The first step , I believe is :
Host with IP address 10.1.1.10  will send a broadcast " who has IP 192.168.10.10 " ?

like @don said, no. the above steps are the correct ones. ARP packets are only sent to the same network.

if Router1 does not have 192.168.x.x address in its routing table, what protocol will it use to make a request to router2 about the 192.168.x.x network ?

hosts and routers act the same way : if there is no specific route, there should be a gefault gateway. if there is no default gateway (aka catchall route to 0.0.0.0/0), then the packet is dropped, and an icmp no-route-to-host packet is sent back to the source address.

routing protocols create routes. they are not meant to be used dynamically when a packet arrives (but a non-routable packet may trigger something). they are not part of IP specification and there is hence no "normal" protocol.
0
 

Author Comment

by:jskfan
ID: 39997501
so when Host(computer) with IP address 10.1.1.10  want to talk to computer2 that has IP 192.168.10.10 " what would be the process ?

I know skullnobrains described the steps but not clear…I could not understand how steps are chained up...
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39997509
That's already been answered.

This comment.

I would just make one minor change to steps two and three (but the concept is unchanged):

- the IP stack notices the destination is not on the same network
- The host checks its ARP cache for an entry for the default-gateway.
- If there is no entry for the default gateway, it sends an ARP Request to the DG.
0
 

Author Comment

by:jskfan
ID: 39998030
Yes I was referring to Comment ID: 39995989

I wonder if it can be reshaped a little bit to make it clear ?

It sounds like the next hop(Router) does the same thing as the initial computer does, which is the broadcast to find the wanted MAC address. However,in most of articles they say Routers do not do the broadcast….
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39998049
I wonder if it can be reshaped a little bit to make it clear ?
I don't know how it could any clearer.  If you explain what you're not understanding, that would help.

It sounds like the next hop(Router) does the same thing as the initial computer does, which is the broadcast to find the wanted MAC address.
That is correct.
However,in most of articles they say Routers do not do the broadcast….
Hard to say without seeing the article, but I think you're confusing "forwarding of broadcast" with "generating broadcast".

If the outbound interface of the router is an ethernet interface and there is no entry in the ARP cache, then the router will have to ARP for the MAC address of the next router (or the destination if it's on that network).
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 39998330
thanks @don, indeed, i had skipped the possibility that the host has the arp in it's cache

--

as far as broadcast goes, ARP is essentially a broadcast protocol : arp queries are always sent to the whole network. this is precisely the reason why we use IP on top of ARP : to provide routing through the use of addressing

when you read "routers don't do broadcast", the article's author probably referred to IP broadcasts. btw, routers can perfectly route broadcasts but there are blocked on many of them to prevent smurf and smurf-like attacks

--

i'll try to shorten and clarify a bit

all hosts including routers use that same mechanism when they need to sent packets :
- if the host is on my network, choose to communicate directly with it, if not use the next hop found by interrogating the routing table (which is always on my network)
- use arp (or arp cache) to retrieve the mac address of the peer defined at above step
- send the packet to that peer using the mac address retrieved in the previous step

the only difference between a router and other hosts is that a router will accept to receive packets that are not for him and attempt to forward them. in the process, the ARP headers are replaced and the TTL is decremented
0
 

Author Comment

by:jskfan
ID: 40002896
<<Hard to say without seeing the article, but I think you're confusing "forwarding of broadcast" with "generating broadcast".>>>
That 's true donjohnson, I was confused about that point..


I was not sure Next hop router will generate a broadcast in order to request the MAC address of the wanted IP address…
So if I understand the Router will still query the next Router asking him " Do you have the MAC address of this IP address ?"  if that's the case the First router will update  MAC to IP address information in its own MAC Table….

Assuming after the Host(computer) has gone through the request of IP to MAC to find the destination host , and the Routers in the way have all updated their MAC to IP address table to include the destination host…
at this point the first router will send back the MAC address of the destination to the requesting Host ??
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40002945
It's a minor terminology issue, but the the term for the table that contains IP addresses and the MAC address which corresponds to that IP address, is the ARP cache or ARP table.  Layer-2 switches have a list of MAC addresses and the interface those MAC addresses are associated with. This is called a MAC Address Table. Also known as the MAC database, CAM table or switching database.

I was not sure Next hop router will generate a broadcast in order to request the MAC address of the wanted IP address…
So if I understand the Router will still query the next Router asking him " Do you have the MAC address of this IP address ?"  if that's the case the First router will update  MAC to IP address information in its own MAC Table….
A device will only send an ARP request if it does not know the MAC address for a particular IP address.  The ARP cache for a Cisco router four hours by default. So once a router ARPs a device once, it typically does not have to query it again.

Assuming after the Host(computer) has gone through the request of IP to MAC to find the destination host , and the Routers in the way have all updated their MAC to IP address table to include the destination host…
at this point the first router will send back the MAC address of the destination to the requesting Host ??
No. A host will NEVER know the MAC address of a device on a different network.  I doesn't need to know that information. Any destination not of the local network is simply forwarded to the default gateway. That router will then send the packet towards the destination.
0
 

Author Comment

by:jskfan
ID: 40003007
<<<Any destination not of the local network is simply forwarded to the default gateway. That router will then send the packet towards the destination.>>>

the router will act on behalf of the HOST.

I want to know how the information chain is lined up..this is why I asked for the steps that the request made by the host reaches the destination and how the response will get back to the originating host…
0
 

Author Comment

by:jskfan
ID: 40003009
it is described on the comment ID: 39995989.
however when  router1 asks Router2 about IP address 192.168.x.y , assuming Router2 knows about it…..then what information Router2 will deliver back to Router1 and what information will Router1 deliver back to the Host ?
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 250 total points
ID: 40003041
Let's try this: See the attached topology diagram.
Network Topology
A has a packet to send to B

1) A determines that B is on a differnet IP network
2) A checks it's ARP cache for an entry for it's default gateway (192.168.1.1)
3) If it does not have a entry, then it ARPs 192.168.1.1.  Once it receives a response, it adds an entry in the ARP cache.
4) It takes the packet to 10.1.1.2 and builds an ethernet frame around it with 00.00.0C.00.00.01 as the destination MAC address and sends the frame out it's ethernet interface.
5) Frame arrives at R1 on E0.
6) R1 recognizes it's MAC address and decapsulates the packet.
7) R1 sees 10.1.1.2 as the destination IP address. Because the packet is not destined for R1, the router looks at it's IP routing table for an entry for the 10.0.0.0 network.
8) The entry for the 10.0.0.0 network shows a next hop address of 172.16.1.1 using interface E1.
9) R1 checks it's ARP cache for and entry for 172.16.1.1 (if there is no entry, it will send an ARP request for that address).
10) R1 takes the packet it received on E0 from A and builds a new ethernet frame around it with 00.00.0C.00.91.01 as the destination MAC address and sends the frame out the E1 interface.
11) Frame arrives at R2 on E0.
12) R2 recognizes it's MAC address and decapsulates the packet.
13) R2 sees 10.1.1.2 as the destination IP address. Because the packet is not destined for R2, the router looks at it's IP routing table for an entry for the 10.0.0.0 network.
14) The entry for the 10.0.0.0 network shows a next hop address of 172.17.1.2 using interface E1.
15) R2 checks it's ARP cache for and entry for 172.17.1.2 (if there is no entry, it will send an ARP request for that address).
16) R2 takes the packet it received on E0 and builds a new ethernet frame around it with 00.00.0C.05.1E.01 as the destination MAC address and sends the frame out the E1 interface.
17) Frame arrives at R3 on E0.
18) R3 recognizes it's MAC address and decapsulates the packet.
19) R3 sees 10.1.1.2 as the destination IP address. Because the packet is not destined for R3, the router looks at it's IP routing table for an entry for the 10.0.0.0 network.
20) The entry for the 10.0.0.0 network shows it is "directly connected to it's E1 interface.
21) R3 checks it's ARP cache for and entry for 10.1.1.2 (if there is no entry, it will send an ARP request for that address).
22) R3 takes the packet it received on E0 and builds a new ethernet frame around it with 00.00.3C.FF.12.34 as the destination MAC address and sends the frame out the E1 interface.
23) Host B receives the frame.
0
 
LVL 27

Assisted Solution

by:skullnobrains
skullnobrains earned 250 total points
ID: 40003381
i agree with don, (nice doc !)

i'll just add a note on that specific point (which is the part you don't get)

So if I understand the Router will still query the next Router asking him " Do you have the MAC address of this IP address ?

no : if a router/host has a packet that it needs to forward/send to another host, and it determines that the host is not on his network, the ARP query that it will send will be to query the next-hop's mac, not the final destination's

the host or router that emits the packet can determine who he will need to send the packet to BEFORE it sends anything on the network by using the ip/mask of his attached networks and it's routing table. are you familiar with ip/mask concept ?

it does not know if the other router is actually connected to that host, or will forward it to yet another router or even drop the packet. each host is only responsible for either
- sending directly to the destination ( if the destination is on one of the attached networks)
- sending to the next hop ( if the above is false and the host/router knows the route)
- dropping the packet (if neither of the above apply)

in the second case, the ARP query that is performed is related to the next-hop, not the final destination
0
 

Author Comment

by:jskfan
ID: 40003532
Thank you…
I do not mean to make this thread too long….but I want to understand the trip back to Host A, once all those requests are made up all the way to the destination host B…how does the response travel back…will  the routers  on the way to host A do the decapsulate/encapsulate of the packets and ARP the next hop ?
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40003578
The return packet goes through the exact same process. Only the addresses are different.
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 40003818
yes :

for example
A - RT1 - RT2 - B

A has a route telling it that it can reach B through RT1
RT1 has a route telling it that it can reach B through RT2

likewise
B has a route telling it that it can reach A through RT2
RT2 has a route telling it that it can reach A through RT1

A does not even know that RT2 exists, likewise B does not know about RT1

each host only does ARP with it's neighbors (A with RT1, RT1 with RT2, and RT2 with B)

in normally configured networks, the forward and reverse paths follow the same chain of hosts but there is no formal requirement
0
 

Author Closing Comment

by:jskfan
ID: 40004370
Thank you Guys!
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question