ARP (Address Resolution Protocol)

The Address Resolution Protocol (ARP) is a network protocol that allows IP addresses to be mapped onto corresponding physical MAC addresses. In local area networks (LANs), ARP helps translate IP addresses into the MAC addresses of devices, such as computers or routers, so that data packets can be sent to the correct hardware. 

How does ARP work?

Address Resolution Protocol essentially works by using request-reply mechanisms to convert the IP address of a target device into a physical MAC address.  

1. Sending an ARP request

When a device (for example, computer A) wants to send a data packet to another device on a local network and only knows the IP address of that device but not its MAC address, it starts an ARP request. 

Computer A sends an ARP request as a broadcast, which means that the packet is sent to all devices on the network. The request is something like: “Who has the IP address XYZ? Please send me your MAC address.” 

2. Receiving the ARP request

Every device on the network receives this broadcast and checks whether the IP address in question matches its own IP address. Only the device that is associated with the requested IP address (e.g., computer B) will respond to the ARP request. All others ignore the request. 

3. Sending the ARP response

Computer B, the device with the requested IP address, sends an ARP response directly to computer A. The ARP response contains the MAC address of computer B and is sent specifically to computer A (unicast). 

4. Saving in the ARP cache

After receiving the ARP response, computer A stores the IP address-to-MAC address assignment in the ARP cache. This enables faster communication because future requests to the same IP address can be processed directly without sending a new ARP request. 

5. Transfer of data

Now computer A can send the actual data packets directly to computer B’s MAC address, making communication within the network efficient. 

What is the significance of ARP in a network?

ARP enables communication within a network and ensures that data packets reach the correct devices. Without ARP, data transmission in IP-based networks would not be possible because there would be no connection between the logical IP addresses and the physical hardware addresses. 

What types of ARP are there?

There are several variants of the Address Resolution Protocol (ARP), each designed for specific use cases in networks.  

ARP (Standard ARP) 

The standard version of ARP, also known as Request and Reply ARP, is used to determine the MAC address of a device on the network based on its IP address. A device broadcasts an ARP request, and the device with the matching IP address responds with its MAC address. 

Proxy ARP 

In a proxy ARP, a device (such as a router) responds to an ARP request for an IP address that actually belongs to a different network segment. The router “pretends” that it has the requested IP address, thereby allowing devices on different subnets to communicate without additional routing configuration. 

Proxy ARP is often used in networks that are not fully routed or in situations where devices from different networks need to communicate as if they were on the same subnet. 

Gratuitous ARP (GARP) 

Gratuitous ARP is when a device announces its own IP and MAC address without waiting for a specific response. This is usually done to update the ARP cache of other devices on the network or to check whether another instance with the same IP address already exists. 

GARP is used to avoid IP address conflicts or to update its own ARP entries when network changes occur. It is also used in failover mechanisms and virtual IP addresses to notify network participants that the MAC address of an IP address has been changed. 

Inverse ARP (InARP) 

Inverse ARP is the opposite of standard ARP. It is used to determine the IP address of a device when only the MAC address is known. InARP is particularly common in frame relay networks. 

Reverse ARP (RARP) 

RARP allows a device that only knows its MAC address to determine its own IP address. The device sends a RARP request, and a RARP server responds with the appropriate IP address. 

RARP was often used by boot routers and diskless workstations to obtain an IP address. However, it has now been largely replaced by the Dynamic Host Configuration Protocol (DHCP). 

What problems can occur?

When using ARP, various problems and security risks can arise that can affect network performance and security. One of the biggest risks is so-called spoofing (or ARP poisoning). This is when an attacker sends fake responses to devices on the network to manipulate the mapping of IP to MAC addresses. It allows them to redirect or intercept traffic between devices, which can give them access to sensitive data.  

This attack can have significant consequences because the attacker can use ARP spoofing to intercept, manipulate, or even deliberately block data. Countermeasures such as Dynamic ARP Inspection (DAI) and the use of secure VPN connections can help to reduce the risk of such attacks. 

Another problem that can occur is ARP cache overflow. The cache stores the assignments of IP to MAC addresses for a certain period of time, but with a large number of devices or a high frequency of ARP requests, the cache can overflow. In such cases, the devices often have to send new requests, which puts additional strain on the network and can lead to a slowdown in communication. One approach to solving this is to adjust the lifetime of ARP entries and regularly clean the cache to avoid overflows. 

In addition, so-called ARP broadcast storms can occur in large networks. Since ARP requests are sent via broadcast, every device in the network receives these requests. A high number of ARP broadcasts can overload the network and severely restrict the available bandwidth. In the worst case, a broadcast storm can even bring the entire network to a standstill. Segmenting the network with VLANs can help to limit the broadcast domains and thus reduce the effects of broadcast storms. 

Inconsistent ARP caches are also a potential problem. Since Address Resolution Protocol entries only have a limited lifespan, devices with outdated or inconsistent ARP assignments can operate when the MAC address of a particular device has changed. This means that data packets may be sent to incorrect or no longer existing MAC addresses, which can lead to communication errors and timeouts. Frequent updates and shorter lifespans for ARP entries can help to avoid such problems. 

Finally, a fundamental problem with ARP is the lack of authentication. Since it was originally developed without security mechanisms, there is no way to verify the authenticity of ARP responses. This makes ARP particularly vulnerable to manipulation and attacks. However, security protocols such as IPsec or the use of VLANs with restricted access can help to minimize the risks of this vulnerability. 

Share this post