Filter
Top Products
3.4. ARP
3.4.1. Overview
Address Resolution Protocol (ARP) allows the mapping of a network layer protocol (OSI layer 3)
address to a data link layer hardware address (OSI layer 2). In data networks it is used to resolve an
IP address into its corresponding Ethernet address. ARP operates at the OSI layer 2, data link layer,
and is encapsulated by Ethernet headers for transmission.
Tip: OSI Layers
See Appendix D, The OSI Framework for an overview of the different OSI layers.
IP Addressing Over Ethernet
A host in an Ethernet network can communicate with another host only if it knows the Ethernet
address (MAC address) of that host. Higher level protocols such as IP make use of IP addresses
which are fundamentally different from a lower level hardware addressing scheme like the MAC
address. ARP is used to retrieve the Ethernet MAC address of a host by using its IP address.
When a host needs to resolve an IP address to the corresponding Ethernet address, it broadcasts an
ARP request packet. The ARP request packet contains the source MAC address, the source IP
address and the destination IP address. Each host in the local network receives this packet. The host
with the specified destination IP address, sends an ARP reply packet to the originating host with its
MAC address.
3.4.2. The NetDefendOS ARP Cache
The ARP Cache in network equipment, such as switches and firewalls, is an important component in
the implementation of ARP. It consists of a dynamic table that stores the mappings between IP
addresses and Ethernet MAC addresses.
NetDefendOS uses an ARP cache in exactly the same way as other network equipment. Initially, the
cache is empty at NetDefendOS startup and becomes populated with entries as traffic flows.
The typical contents of a minimal ARP Cache table might look similar to the following:
Type IP Address Ethernet Address Expires
Dynamic 192.168.0.10 08:00:10:0f:bc:a5 45
Dynamic 193.13.66.77 0a:46:42:4f:ac:65 136
Publish 10.5.16.3 4a:32:12:6c:89:a4 -
The explanation for the table contents are as follows:
• The first entry in this ARP Cache is a dynamic ARP entry which tells us that IP address
192.168.0.10 is mapped to an Ethernet address of 08:00:10:0f:bc:a5.
• The second entry in the table dynamically maps the IP address 193.13.66.77 to Ethernet address
0a:46:42:4f:ac:65.
• The third entry is a static ARP entry binding the IP address 10.5.16.3 to Ethernet address
4a:32:12:6c:89:a4.
The Expires Column
The third column in the table, Expires, is used to indicate how much longer the ARP entry will be
3.4. ARP Chapter 3. Fundamentals
108