ARP – Associating IP with MAC addresses

We have gone through how MAC addresses and Switching work, and other sections discuss the functionality of IP addresses and Routing. What hasn’t been discussed however is the glue that binds those together. How do the MAC and IP addresses interact?

There is another protocol called ARP which stands for Address Resolution Protocol. It is used to associate MAC addresses with IP addresses and is a way for a computer to look up an unknown MAC address for a device that it wants to communicate with.

Most commonly a computer knows what IP address that it is sending the traffic to. For example, if you are browsing to a web page on the Internet, you would enter an address in the browser. The computer would then use DNS to do a name resolution lookup to obtain the IP address of that web page. So the computer will easily find out what the IP address of the web server is, meaning that the destination IP address is known to the computer in one way or another.

But let’s go back to that DNS message. You have just instructed the computer to browse to a web page in a web browser. The computer must use DNS to find out the IP address of the web page.

After the computer has created the DNS query it will put the query inside an IP packet and send the packet to a DNS server. Let’s say the computer is configured to use the home router as its DNS server. So the computer creates a packet with a DNS query that it wants to send off to the home router’s IP address. But the computer must also enter the MAC address of the Router as the destination MAC address for the traffic. How will the computer know which MAC address that the router has?

ARP is required on computer networks

This is where the ARP protocol comes into play. ARP lets devices on the network ask each other which MAC addresses they have.

To find out what MAC address the router has got the computer will first put its DNS query on hold in a queue. Then it will create an ARP request.

The ARP request contains a simple question. In this case, the computer wants to find out which MAC address that the 192.168.1.1 device has got. So the request is basically as follows:

Device with IP address 192.168.1.1, reply back with your MAC address

ARP request is sent form a PC to the LAN

ARP requests are always sent as broadcasts because we don’t know what MAC address we want to send the message to. Since it is a broadcasted message, every other device on the LAN will receive the message. This is because the integrated switch in the Home Router handles the message as a broadcast and forwards it to all other ports including the integrated router. But all devices except one will notice when they read the contents of the ARP request that the message is intended for another device with IP address 192.168.1.1

The home router, which is configured with IP address 192.168.1.1, will read the message and will notice that the message is directed at itself. It will then construct an ARP reply:

“I have IP address 192.168.1.1 and my MAC address is 00:13:fe:19:c7:9e”

ARP reply

Every time a computer receives an ARP reply it will save the response for at least a few minutes in an ARP table (or ARP cache) in memory. This is so that the computer doesn’t have to do an ARP request for each packet it wants to send. From now on and for as long as it keeps communicating with the router it will remember the router’s MAC address. If however they stop communicating for a while then the computer will clear out the router’s MAC address from its ARP table.

Each time a computer is sending a packet to an IP address it will look in its ARP cache to see if it already knows what MAC address that is associated with that IP address.

  • If the address exists in the ARP cache then the MAC address in the table will be used.
  • If the address does not exist in the ARP cache, then an ARP request must be created and sent out.

Finally once the computer has gone through the ARP request it now has all the necessary information to send the DNS query to the router to find out what IP address that the web page has got.

With ARP completed the computer can send its traffic

Previous part:
Switches

Next part:
Wireless