Communication on a network requires both physical and logical addresses.
- Physical Address – MAC Address
- Logical Address – IP Address
The physical address facilitates communication on a single network segment for devices that are connected through a layer 2 device such as a switch.
Let’s look at a scenario where you want to SSH in to PC B from PC A using PC B’s IPv4 address. Let’s also assume these hosts are Linux hosts in the same network segment connected through a switch. So, at the terminal you enter the command ssh firstname.lastname@example.org.
At this point the only missing information is the layer 2 Data Link data containing the MAC address of PC B.
Ok why do we need a MAC address?
We need a MAC address because switches that interconnect devices use MAC addresses to make forwarding decisions not IP addresses. Switch maintains a list of MAC addresses it learns in a table called the Content Addressable Memory (CAM). When a packet arrives on the ingress interface, it examines the destination MAC address and looks up the CAM table to determine the egress interface.
If the destination MAC address is unknown to a transmitting device, it will first check its local cache for the MAC address. If it is not there, then the target IP must be resolved to the corresponding MAC address through additional communication.
In our scenario, PC A will first look at its local ARP cache to see whether it has the corresponding MAC address for PC B’s IPv4 address 192.168.10.2. Initially, PC A will not have this information.
This is where address resolution protocol (ARP) comes to the rescue. The address resolution protocol is used to dynamically map a logical IP address (Network Layer Address) to a physical MAC Address (Data Link Layer Address). ARP is defined in RFC 826.
The ARP resolution process is as follows
- The transmitting computer sends out an ARP request saying my IP address is xx.xx.xx.xx and my MAC address is xx:xx:xx:xx:xx:xx. I need to send something to whoever has the IP address yy.yy.yy.yy but I don’t know it’s hardware address. Whoever has this IP address please reply back with your MAC address?
- This request is broadcasted to everyone on the network segment.
- Each TCP/IP host that receives this broadcast processes it and the packet is discarded by each host that does not own this IP address.
- However, the TCP/IP host that owns the IP address yy.yy.yy.yy responds back saying hey you with IP address xx.xx.xx.xx and MAC address xx:xx:xx:xx:xx:xx, I am the person you are looking for. Here is my MAC address yy:yy:yy:yy:yy:yy.
- Once this transmission is complete the transmitting device updates it’s ARP cache with MAC-to-IP address association and begin sending data.
The ARP Request
Figure The ARP Request
Let’s examine the packet capture of this process.
- ff:ff:ff:ff:ff:ff this is the Ethernet Broadcast address. Anything sent to this destination address will be sent to all TCP/IP hosts on that segment.
- This is the Source MAC address of this Ethernet frame, which is set to PC A’s MAC address.
- The packet’s opcode is set to 1 which indicates an ARP request.
- Inside the ARP request the Sender MAC address is set to PC A’s MAC address.
- Inside the ARP request the Sender IP address is set to PC A’s IPv4 address.
- Inside the ARP request the Target MAC address is unknown.
- Inside the ARP request the Target IP address is set to PC B’s IPv4 address.
The ARP Response
Let’s examine the packet capture of the ARP response process.
- The Ethernet Destination MAC address is now set to PC A’s MAC Address.
- The Ethernet Source MAC Address is now set to PC B’s MAC Address.
- The packet’s opcode is now set to 2 indicating this is an ARP reply.
- The ARP Reply Sender MAC address is now set to PC B’s MAC Address.
- The ARP Reply Sender IP address is now set to PC B’s IP Address.
- The ARP Reply Target MAC address is now set to PC A’s MAC Address.
- The ARP Reply Target IP address is now set to PC A’s IP Address.