Monday, September 7, 2009

ARP-Address Resolution Protocol

ARP is a protocol broadcasting locally, meaning works only on local LAN or local subnet.
PC1 send ping to PC2.

1. PC1 looks in its ARP cache for default gateway IP address. If does not have it, it sends ARP request (hey, you with IP, what is your MAC?)
2. Switch1 gets it, frame is ARP broadcast, so Switch1 processes the frame. Adds MAC source address and interface # it came in.
3. ARP request's target IP address does not match the receiving port's IP address on Switch1 's VLAN 1, so Switch 1 sends out the frame to all ports in the same VLAN except the receiving port. (Frame is not move to upper layers in OSI, instead Data link takes care of it)
4. Broadcast ARP reaches your Router.Router accepts frame since target IP address matches the receiving port's IP address.
5. Router updates its ARP table with received information and replies to the request with the receiving port's MAC address. (I am, my MAC is 00-11-22-33-44-55)
6. Frame ARP replay now is going back to PC1.
7. Switch1 has MAC of PC1, but adds MAC of Router and sends frame ONLY to PC1.
8. PC1 receives APR replay and puts info into his ARP cache. (5 minutes on Windows)
9. Now, whatever you were trying do in the first place, PC1 takes MAC of d.g stored in cache and builds packet with upper layer (ICMP, HTTP, FTP) protocols.
10. PC1 sends packet to PC2. Source IP is PC1, Dest IP is PC2, source MAC is PC1, Dest. MAC is Router's D.G.
11. Switch receives packet and forwards out of port connected to Router. It does not do anything special now.
12. Router looks at MAC Dest. It is for him, process the frame to look at IP Dest. IP dest. is directly connected, so it will process the packet (knows about network that PC2 is connected).
13. If router does not have MAC address of PC2 in his cache, it will send ARP broadcast on the interface connected to PC2. Router waits for ARP replay from PC2, not from switch 2, although ARP frame will pass through the Switch2 on the way to PC2 and back.
14. With PC2's MAC in cache, Router will process packet by adding PC2's MAC address as dest. and his outgoing interface MAC as a source. The IPs in the packet are the same.
15. Switch 2 receives frame, adds MAC address (if not already in the table).
16. Switch 2 (and switch 1 for that matter) will process frames if ports are access ports and are on the same VLAN. Two conditions are often omitted in our discussions.
17. Assuming router and PC2 are on the same VLAN, Switch 2 will forward frame to PC2.
18. PC2 receives frame, reads dest. MAC, strips Ethernet header and trailer, and looks at dest. IP. OK, it is for me and processes.
19. If, for example, packet is an ICMP packet. The ICMP process processes it by sending Echo Replay message.
20. IP addresses are reversed. Source IP (PC1) becomes destination; destination IP (PC2) becomes source. Data link layer takes packet and encapsulates it with PC2's MAC as source and MAC of default gateway on Router (destination IP is on different network).