If Host C has communicated with Host A and B what does the ARP table look like

Host to Host Communication

Table of Contents Show

• Host to Host Communication
• What is ARP? Address Resolution Protocol
• Gratuitous ARP
• What is RARP
• Diagram of an ARP Request

After discussing the makeup of the OSI Model and some of the Key Players involved in moving a packet from one host to another, we can finally discuss the specific functions which occur in allowing Host to Host communication.

At the very core of the Internet is this idea that two computers can communicate with each other. Although it is rare to find situations where two hosts are connected directly to each other, understanding what happens if they were is crucial to understanding everything else that happens when multiple hosts are communicating through a switch or router.

As such, this article will focus on host to host communication, and each individual step involved in the process.

Host to Host Communication

Since there are no Routers in this illustration, we know all the communication is happening within the same network — therefore, Host A and Host B are both configured with IP addresses that belong to the same network.

Each host has a unique IP address and MAC address. Since each host is also a L3 device, they each also have an ARP Table. At the moment, their ARP Tables are empty.

Host A starts by generating some Data for Host B. Host A knows the final destination for this data will be the IP address 10.10.10.20 (Host B). Host A also knows its own address (10.10.10.10), and as such is able to create a L3 header with the required Source and Destination IP Address.

But as we learned earlier, packet delivery is the job of Layer 2, so despite these hosts being directly connected to one another, a L2 header must be created.

The Source of the L2 header will be Host A’s MAC address (aaaa.aaaa.aaaa). The Destination of the L2 header should be Host B’s MAC address, but at the moment, Host A doesn’t have an entry in its ARP Table for Host B’s IP address, and therefore, does not know Host B’s MAC address.

As a result, Host A is unable to create the proper L2 header to deliver the packet to Host B’s NIC at this time. Host A will have to initiate an ARP Request in order to acquire the missing information:

The ARP Request is a single packet which essentially asks: “If there is someone out there with the IP 10.10.10.20, please send me your MAC address.“

Remember, at this point Host A does not know if Host B exists. In fact, Host A does not know that it is directly connected to Host B. Hence, the question is addressed to everyone on the link. The ARP Request is sent as a Broadcast, and had there been other hosts connected to this link, they too would have received the ARP Request.

Also note that Host A includes its own MAC address in the ARP Request itself. This allows Host B (if it exists) to easily respond directly back to Host A with the requested information.

Receiving the ARP Request allows Host B to learn something. Namely, that Host A’s IP address is 10.10.10.10 and the correlating MAC address is aaaa.aaaa.aaaa. Notice this entry is now added to Host B’s ARP Table.

Host B can use this new information to respond directly to Host A. The ARP Response is sent as a Unicast message, directly addressed to Host A. Had there been other hosts on this link, they would not have seen the ARP Response.

The ARP Response will include the information Host A requested: The IP Address 10.10.10.20 is being served by the NIC with the MAC address bbbb.bbbb.bbbb. Host A will use this information to populate its ARP Table:

With Host A’s ARP Table populated, Host A can now successfully put together the proper L2 header to get the packet to Host B.

When Host B gets the data, it will be able to respond without further ado, since it already has a mapping in its ARP Table for Host A.

Summary

Again, it is rare to find two hosts directly connected to each other. But understanding what it takes to get a packet from one Host to another Host is key to understanding how a Switch enables multi-host communication, or a Router enables multi-network communication. Both of these will be the subjects of the next articles in this series.

The key thing to note is a host doesn’t know whether it is connected to a switch or directly to another host. In either case, the host will follow the process outlined above when trying to communicate with another host.

Let's look at each question specifically and expand upon your questions to help you better understand the situations that can occur.

1. Is Host A updating its own ARP table, or a shared ARP table amongst the entire LAN?

No, an ARP table is not shared among the entire LAN. Each device has it's own ARP table. It is the devices responsibility to manage their own ARP tables, including the local interface associated with the entry.

2. If the ARP able is not shared amongst all the LAN, would other hosts on the same LAN be made aware of this new information that Host A just received, if those other hosts did not have it already?

The short answer for a switched environment is no. If you view the format of an ARP Packet you will see that the packet includes both the sender hardware MAC address and IP. When an ARP request packet is sent from the requesting device, the packet is sent to the broadcast address and is forwarded by the switch to all interfaces (devices) on the LAN. This allows the device that has the requested IP Address to reply and target the reply packet to the specific IP and MAC Address of device that requested it. It is the network switches responsibility to maintain a MAC address table to forward the packet only to the interface on the switch of the specific device in the packet. Here is an example of an outgoing ARP packet from 10.0.0.1 in search of 10.0.0.2.

That being said, it is possible for devices to send out a gratuitous ARP reply packet announcing that they have the specific IP Address. The gratuitous ARP reply packet will be sent to the broadcast address, again, being forwarded to all devices on the LAN. In that situation, each device that receives that packet has to choose what to do with the packet. If they do not have the address in their ARP table, they usually ignore it. However, if they do have that address in their ARP table they should update any information that changed. Here is an example packet from 10.0.0.2 announcing to the LAN:

All of the behavior detailed above prevents the devices from wasting processing cycles on packets that they do not need and memory on table entries that they do not need.

What is ARP? Address Resolution Protocol

Welcome to the ARP lesson where we get to discuss a nifty little protocol that helps us to discover what the MAC address is of different computers on the network. Like this diagram kind of entails, we can think of it like this. Hey, bro, what’s your Mac? Well, that does give you an idea of what it’s all about, but it’s not exactly how it works, and we’ll get into all those details. So, what exactly is ARP? ARP is Address Resolution Protocol, it is used to resolve IP addresses into MAC addresses, meaning the IP address is already known, but the Mac is not. The reason why we need ARP is because computers need to know both the IP address and the MAC address of a destination before they can start network communication. We’re going to find out now how we can actually make sure that we always have both of those things through the use of ARP. ARP is used, of course, to find out a MAC address when the IP address of the destination is known. 

Before we move on to the next subject, let’s go ahead and look at the actual ARP packet. The ARP packet is inside an Ethernet frame. You can tell we’re inside an Ethernet frame because we have an Ethernet header, source address, destination address, and we have that infamous CRC check at the end of it. Inside this particular Ethernet frame is the ARP request or the ARP reply and this is what it looks like. Now, that you guys are familiar with packets inside of frames and things like that, we can actually kind of understand that the frame is going to contain some cool information. In this case, we have ARP inside of our frames and the point of this particular diagram is to show you that included in an ARP request or an ARP reply are going to be these items, the source hardware address, source protocol address, target hardware address and target protocol address. The hardware ID, meaning the MAC address protocol, in our case, meaning the IP address, so these are the things included in an ARP request or an ARP reply.

ARP Cache

The ARP cache is a temporary table. That’s why it’s called a cache. It can have items be removed from it over time, but it’s a temporary kind of table of all known IP addresses to MAC address mappings. Anytime that we do an ARP request, and we get a response with a MAC address we put that, or the computer puts that rather in the ARP cache or the ARP table. In a Windows or a Mac or a Linux, all three of these use the same actual command to view the ARP table, it’s ARP -a. ARP -a on a Cisco router or switch, just shows ARP from the privileged exec mode. Or if you’re in global config, you can type show ARP. You can go ahead and pull up your command prompt on your Windows machine and type ARP -a and you’ll see that your computer has an ARP cache. It has an ARP table with listings of all the IP addresses and all the related MAC addresses that it knows about. ARP cache also includes both static and dynamic entries. If you do an ARP -a command on your Windows machine via your command prompt, you’re going to see something that says static on the right side and also dynamic on the right side. Static is going to be for things like the broadcast. Your specific network has a broadcast IP address and that’s going to relate directly to the broadcast frame and 255.255.255.255 is the all-inclusive broadcast IP address and that relates directly to the frame ff-ff-ff-ff-ff-ff. That is a static translation and it’s always going to be in there, it’s never going to change because that’s always the way it is. Dynamically ones are basically learned entries. If there’s anything that says dynamic, it’s because the device actually reached out via an ARP request and pulled the MAC address or got a response with the MAC address and put that in the table because of a response it got. Or it was updated some other way by the network about the IP address and MAC address and it learned it dynamically. This is a good way to start thinking about static things versus dynamic things because static and dynamic are two types of words that are used often in networking, not just with ARP stuff.

Here is the output of an ARP -a. You can see we have the dynamic and the static entries and at the bottom we have the 255.255.255.255 IP broadcast. The Mac relationship to that is all F’s because a MAC broadcast is all F’s. This is a static broadcast entry. Then we have some dynamic entries, the computer has learned that 192.168.1.1 has the MAC address c8-3a-35-20-c6-38 and it was learned dynamically. Next, we need to go ahead and say that before sending network communication, computers will first reference their ARP cache. That’s actually the first thing they do is they check to see if they already have the MAC address, then if they don’t, they will send an ARP request to determine the MAC. All right, and after the ARP is completed, then of course, they update the ARP cache.

Gratuitous ARP

Gratuitous ARP is an ARP announcement and it’s used whenever hosts come onto the network for the first time. If their operating systems configured with gratuitous ARP turned on, it will go ahead and send an ARP update out onto the network saying hey guys, here is my MAC address and my IP, and it does this without the need of an ARP request. That’s what’s special about gratuitous ARP. Now, some networks may not like gratuitous ARP to happen, and they can block these types of things, but in general, it’s a good thing to have. However, there are some kind of security risks involved with gratuitous ARP. It is sometimes performed during the computer startup process. So, whenever your computer operating system boots up, it might send out a gratuitous ARP. It would do this to make sure the network is updated. If you go into your computer and you change the IP address to a different static address and then you reboot the machine, it might come online and send out a gratuitous ARP.

What is RARP

RARP is the reverse address resolution protocol, and it is used to resolve MAC addresses into IP addresses. The thing is it requires servers on every single network in order to do this. BOOTP actually replaced RARP. and then Dynamic Host Configuration Protocol came along, and Dynamic Host Configuration Protocol still uses BOOTP and provides the same services as ARP, but much better, meaning that it doesn’t have to have a server on every single network. It also provides Dynamic Host Configuration services, meaning it hands out IP addresses.

Diagram of an ARP Request

Here is our awesome ARP diagram. In this diagram, we’ll get to see what happens whenever an ARP request gets sent out onto the network. We have the host here on the left, he wants to send data to 10.10.10.55, which is the host on the right. The host on the right, we know has the MAC address of all B’s. The computer on the left, 10.10.10.105 does not know the MAC address of the 10.10.10.55 host. Otherwise, he wouldn’t be trying to send an ARP. Because we need both the IP and the Mac. Let me check my ARP cache to see if I have an entry in there. Hmm, Nope. No MAC address in there. I guess I’ll have to go ahead and send out a broadcast ARP message. The host creates a frame, and, in that frame, he has the ARP request inside the payload of that frame and this ARP request is sent to ff-ff-ff-ff-ff. The MAC address is a broadcast MAC, but it also puts the source of where it’s coming from, the MAC address with all A’s because that’s the MAC address of this host. In the payload it’s saying who is 10.10.10.55 and creates a frame. Then sends the frame out to the network and it makes it to the switch. Then the switch says, oh, let me check that frame out. It’s got a destination MAC address of all F’s. I guess I need to go ahead and forward that out, then I guess I need to go ahead and copy that frame and send it down to both of these hosts that are connected to me. So, he sends it out. It’s a broadcast frame and this guy in the bottom here with all C’s and 10.10.10.200 IP address responds with, oh, well, that’s not me. I’m not 10.10.10.55. I’m going to discard this frame and the host on the right, who is 10.10.10.55 says that’s me. I’m going to go ahead and reply to this ARP request. So then, that’s exactly what happens. Host 10.10.10.55 creates a new frame with the ARP reply and it is sent directly to as a unicast frame to all A’s MAC address, which is our host on the left, and of course includes the source of all B’s and saying, Hey, I am 10.10.10.55 and sends that right over to the host that requested it. Then what happens? Well, the host says alright, I received that ARP reply. Now I need to update my ARP cache. It’ll go ahead and take the new IP address or it will go ahead and take the new MAC address which is all B’s, and put it in its ARP cache. It knows that 10.10.10.55 is BB-BB-BB-BB-BB-BB. So that’s how ARP works.

Conclusion

To recap, Address Resolution Protocol is a very useful protocol for building the ARP table. Why? Because that’s exactly what it was made for to build out the ARP table. Looking at our tables, again, on hosts in any networking equipment, like a router or switch is good for troubleshooting because you can check to see if the host router or switch knows the IP to MAC relationship and if it doesn’t, then you can understand that maybe that’s why communication isn’t happening. For some reason if a host or router or switch is not able to build its ARP cache properly and it’s alluding to another problem in the network so it can help you kind of identify what’s working and what’s not. ARP tables are good things to look at. Gratuitous ARP is helpful for updating the network automatically. Remember, if you change the IP address on your computer, and then reboot it, you might send out a gratuitous ARP if it’s allowed on your operating system.