ARP

= Basics =


 * Address Resolution Protocol (ARP) is a protocol for mapping an IP address to a physical machine address(MAC).

=ARP Header=



= RARP =


 * Rendered obsolete by BOOTP & DHCP
 * Both support a much greater feature set than RARP
 * RARP was limited to serving only IP addresses

=Gratuitous ARP=




 * Sender IP Address and Target IP Address are both same as the Source IP address
 * Destination MAC in Ethernet frame is the broadcast address ff:ff:ff:ff:ff:ff.
 * Usually no reply packet will come.
 * A gratuitous ARP reply is a reply to which no request has been made.


 * GARP can be useful for following reasons:


 * It can help detect IP conflicts.
 * It assist in the updating of other machines' ARP tables.
 * It inform switches of the MAC address of the machine on a given switch port.
 * If a Link goes up, Driver for interface will send a gratuitous ARP to update ARP tables of all other local hosts.
 * If we see multiple GARPs from the same host frequently, it may point to bad Ethernet hardware/cabling.

=Proxy ARP=


 * ARP was designed to be used by devices that are directly connected on a local network.
 * ARP relies on broadcasts which are not propagated beyond a Router.
 * Therefore ARP cannot function between devices on different physical networks.
 * When such operation is required, a router, can be configured as an ARP proxy to respond to ARP requests on the behalf of a device on a different network.


 * Scenario:




 * Here SRX interface ge-0/0/0.0 has IP address 1.1.1.1/24.
 * The Router in ISP (not shown) needs to send a packet to the Destination IP address 1.1.1.2.
 * It will send an ARP Request for the IP address 1.1.1.2.
 * If Proxy ARP is not configured on the SRX, it will not reply to the ARP Request as it does not have the IP address configured on the interface ge-0/0/0.0.
 * The ARP request will timeout and the packet will be dropped at the router.
 * If Proxy ARP is configured on interface ge-0/0/0.0 for the IP 1.1.1.2, then when the router sends a ARP Request out for the IP address 1.1.1.2, the SRX will respond to the ARP Request.
 * Then the router will be able to send the packet to the Destination IP address 1.1.1.2 for the MAC address of the SRX.

Identify the address & IP address for which the Proxy ARP is needed: Address: 1.1.1.2 Interface: ge-0/0/0.0
 * Configuration:

Proxy ARP command for SRX is: set security nat proxy-arp interface ge-0/0/0.0 address 1.1.1.2/32


 * Disadvantages:
 * Complexity
 * If more than one router connects two physical networks using the same network ID, problems may arise.
 * Introduces potential security risks as router “impersonates” devices

For these reasons, it may be better to redesign the network so routing is done between physical networks separated by a router.

= Inverse ARP =


 * Used in Frame Relay.

=Packet Captures=
 * [[Media:grap.cap|Gratuitous ARP]]


 * [[Media:Gratuitous arp hsrp.cap|Gratuitous ARP HSRP]]


 * [[Media:Rarp request.cap|RARP Request]]


 * [[Media:Arp-storm.pcap|ARP Storm]]