Address Resolution Protocol (ARP) Tables
The Address Resolution Protocol (ARP), as you might guess, is designed for resolving addresses. To tie together the data link (Layer 2) layer and the network (Layer 3) layer, a mechanism must exist that maps data-link layer addressing to network layer addressing; this mechanism is ARP. In the earlier example, PC1 just “knew” the MAC address for the server, but how is that possible? This is where ARP enters the picture. Typically a user who wants to connect to a server must already have the name of the server. (There are mechanisms to get around this need as well, but they are outside the scope of this article.) The server name is typically in the shape of a hostname and/or domain combination (for example, mail.testing.com). When the user presses Enter to send the request to connect to the server, a higher-level lookup is performed by the Domain Name System (DNS), resulting in the form of an IP address. Assuming that the server is on the local subnet, a second lookup is performed to search for the MAC address of the server, using ARP.
What ARP does is provide a lookup mechanism and table to store the information found in these lookups. Using the previous example as a guide, let's assume again that PC1 wants to send traffic to the server. The only piece of information that PC1 has is the IP address (network layer address) of the server (which was looked up from DNS), but to send traffic to the server it must also learn the server's MAC address. To find this information, PC1 must form an ARP request that includes the IP address of the intended destination. The ARP request is then sent to the MAC broadcast address (ff.ff.ff.ff.ff.ff), so that all local devices will receive it. If the server is listening on the network (and wants to answer), it responds with an ARP reply. In this reply, the server includes its MAC address; PC1 then uses that MAC address to send its Ethernet traffic destined for the server, starting the MAC address table process detailed earlier. Listing 2 shows an example of how the ARP table might look in this situation.
Listing 2—ARP table example.
C:\Windows\system32\arp -a Interface: 192.168.1.100 --- 0x11 Internet Address Physical Address Type 192.168.1.200 00-0c-29-92-81-3e dynamic C:\
Unlike the MAC address table timeout, which is short, the ARP table timeout is typically much longer. (Cisco's default timeout is four hours.)