One fundamental networking concept is ARP (Address Resolution Protocol) and how it empowers communication on a local network. When a host needs to send traffic, the destination IP is already known but the destination MAC is unknown which makes Ethernet delivery not possible because it needs both a source MAC and destination MAC address. Since the destination MAC is unknown, this is where ARP shines the most. ARP is used to discover the destination MAC address so the IP packet can later be properly encapsulated at the data link layer and delivered to the intended host on the local network.
ARP request is a broadcast message that is usually sent when the sending host wants to send a frame over to another host on the same Local Area Network but does not possess the exact destination MAC that is tied to that IP, if the sending host or device looks at the ARP cache there will be no IP to MAC mapping on the table to be seen.
Since the IP address is known, the sender device sends an Ethernet frame that includes the source MAC as the sender’s MAC address, the destination MAC as a broadcast address, and includes an ARP payload in the same ethernet frame. Inside the payload there is the ARP request that includes sender MAC, sender IP, target IP and a target MAC.
(I have put a picture right above this of an Ethernet Frame so that you can visualize whats going on. This is a standard ethernet frame(I left out preamble and SFD) just to pay attention to what matters right now. The Destination MAC leads and that address will be the broadcast frame written as FFFF.FFFF.FFFF. Then comes source MAC, then type and the most IMPORTANT thing right here is the ARP payload. This is where the receiving host will look to determine if the ARP request is meant for them. We will look inside this ARP payload a little more below. )
Not to be confused with Target and Destination, the destination MAC is the instruction to the switch so that it knows what to do with the frame. FFFF.FFFF.FFFF, in this case since the address is a broadcast address, the switch will flood the frame out to all ports in the same VLAN or broadcast domain except the incoming port. The target IP is contained in the ARP payload so the receiving device knows for certain that this ARP request packet was meant for them.
(Ignore everything above the sender MAC for the point I am trying to get at. Sender MAC gets repeated in the payload, sender IP is added, and the MOST important thing in this is the Target MAC and the Target IP. In an Ethernet frame it will not be able to put all 0s like you see for target MAC, and for certain will not be able to put an IP address since its a Layer 2 ethernet frame.)
The sender puts the same Target IP as the actual IP of the intended recipient but sets the target MAC in all 0s like this 00:00:00:00:00:00. Once the receiving host checks the target IP and realizes that its own IP matches the Target IP inside the payload, it responds with its own unicast ARP reply. The ARP reply is a unicast unlike the ARP request because the sender and destination MAC are known, there are no more missing pieces in the puzzle. When the original sender receives this ARP reply, the host sees the incoming frame, inspects the source MAC along with the IP address and stores it in its ARP cache for an allotted time. This is the process of sending a frame to a local host with only their IP address! Now one last thing to note here is that this is only for a local host, if they are in a different subnet a whole different packet flow will be done. It is called “the life of a packet” but that’s a blog for another day.
Leave a Reply