ARP request/ARP response

ARP request/ARP response

This section describes how ARP requests and ARP responses work.

See the diagram below. I will explain the operation when communicating from computer A to computer E.

The IP addresses of computer A and computer E are as follows.

IP address of computer A: 192.168.1.1/24
IP address of computer E: 192.168.1.5/24

Computer A checks if it belongs to the same network as computer E.

 You can know the network to which computer A belongs by calculating the logical product of your own IP address and the subnet mask set for you.

192.168.1.1 ← IP address of computer A
AND 255.255.255. 0 ← Subnet mask set in computer A
-----------------------
192.168.1.0

 The network to which computer E belongs can be found by calculating the logical product of computer E's IP address and the subnet mask set to itself.

192.168.1.5 ← IP address of computer E
AND 255.255.255. 0 ← Subnet mask set in computer A
-----------------------
192.168.1.0

Then you can see that both computer A and computer E belong to "192.168.1.0".

Computer A then examines its ARP table.

The ARP table is a correspondence table between destination IP addresses and MAC addresses.

Each computer has an ARP table like below.

IP addressMAC address
192.168.1.200:17:42:5B:33:02
192.168.1.300:17:42:5B:33:02
192.168.1.400:17:42:5B:33:02
192.168.1.500:17:42:5B:33:02

The above ARP table is learned and built every time it communicates with the destination terminal, and is updated every time it communicates.

 If the MAC address of the destination IP address "192.168.1.5" has already been learned, computer A uses the MAC address "00:17:42:5B:33:05" in the ARP table to send the packet. Send to computer E.

 Let's continue, assuming we haven't learned the MAC address of computer E yet.

 If it cannot find computer E's MAC address in its ARP table, it will send a broadcast to find out computer E's MAC address.

That broadcast is an ARP request.

 If it does not find the MAC address corresponding to the destination IP address in its ARP table, it makes an ARP request to find out the MAC address of computer E.

 Computer A sends a broadcast to the network with the destination MAC address of "FF:FF:FF:FF:FF:FF" and the target IP address of "192.168.1.5".

 Broadcast addresses for network layer IP addresses include "255.255.255.255", but "FF:FF:FF:FF:FF:FF" is used for data link layer MAC addresses.

"FF:FF:FF:FF:FF:FF" means that it is addressed to all terminals in the data link layer.

Computer A sends the following ARP request packet through the network.

Destination MAC address ・・・ FF:FF:FF:FF:FF:FF ←Broadcast address Source
MAC address ・・・ 00:17:42:5B:33:01 ←MAC address of computer A
Target IP address ・・・192.168.1.5

Then, all terminals in the "192.168.1.0" network will receive this ARP request (broadcast).

◆ On the router

 Routers block broadcast addresses by default unless specifically configured to relay broadcasts.

As a result, this ARP request will not flow to the "192.168.2.0" network.

By doing so, unnecessary packets are prevented from flowing out to other networks.

◆ Computer B to Computer D

 For computer B, computer C, and computer D, this broadcast is addressed to themselves at the data link layer level, so they pass it to the network layer, but at the network layer level, they know that it is not addressed to themselves, so they discard it.

◆ Computer E

 Computer E passes this ARP request to the higher layer, the network layer, because it is addressed to itself at the data link layer level. Then, knowing that it was addressed to me, I started preparing to reply. This reply is called an ARP reply.

Computer E that receives the ARP request returns an ARP reply to inform it of its own MAC address.

 Computer E transmits a unicast with the destination MAC address of computer A as "00:17:42:5B:33:01" and the target IP address as "192.168.1.1" within the network.

Computer E sends the following ARP response packet through the network.

Destination MAC address ・・・ 00:17:42:5B:33:01 ← MAC address of computer A Source
MAC address ・・・ 00:17:42:5B:33:05 ← MAC address of computer E
Target IP address・・・ 192.168.1.1

The ARP reply is unicast to computer A.

Note that ARP requests are broadcast and ARP replies are unicast.

◆ Router, computer B to computer D

 ARP replies are unicast. The destination MAC address is Computer A's MAC address "00:17:42:5B:33:01".

 This ARP reply reaches the routers, computer B, computer C, and computer D on this network, but since it is known at the data link layer level that it is not addressed to itself, it is discarded at this point.

 In ARP requests, the destination MAC address is a broadcast address and could only be discarded at the network layer level, but with unicast, it is discarded at the data link layer level, so the load on each terminal is reduced.

*It was explained that ARP responses reach all terminals, but this is not the case if each terminal is connected by a device such as a switch.

◆ Computer A

Computer A receives this ARP reply and can learn Computer E's MAC address.

 Then, in preparation for the next communication, Computer A adds the correspondence information between Computer E's IP address and MAC address to its own ARP table.

 In the next communication with computer E, computer A can know the MAC address of computer E by referring to this ARP table, so it does not make an ARP request to computer E from the next communication.

*The ARP table is refreshed periodically, so if there is no communication for a while, an ARP request will be made.