ARP Cache

Address Resolution Protocol (ARP) is a telecommunications protocol used for resolution of network layer addresses into link layer addresses, a critical function in multiple-access networks.
ARP has been implemented in many combinations of network and overlaying internetwork technologies, such as IPv4, Chaosnet, DECnet and Xerox PARC Universal Packet (PUP) using IEEE 802 standards, FDDI, X.25, Frame Relay and Asynchronous Transfer Mode (ATM), IPv4 over IEEE 802.3 and IEEE 802.11 being the most common cases.In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP).

An ARP – Address Resolution Protocol is used to translate an IP address into MAC address. There are two type of ARP messages – ARP request that is broadcast to all the systems in a LAN segment and the ARP reply that is unicast to the requesting station alone. ARP messages contain source and destination IP addresses & MAC addresses (if available), among other information.

The Address Resolution Protocol is used within a single LAN segment and cannot be routed across a different network. An Gratuitous ARP message is broadcast to all the systems of a LAN segment when a system is just starting up or when the IP address/ MAC address of system has changed. This enables the computers in a LAN to update their ARP cache tables appropriately. This message does not solicit a response. In IPv6, there is a protocol called Neighbor Discovery Protocol (NDP) that does the same function as the ARP in IPv4.

The process behind one computer (C1) wants to communicate with another computer (C2) in a LAN segment:

When it comes to the Layer 2 communications between networked systems, IP address is not used. So, within a LAN segment computers identify each other and communicate with each other using the MAC Address. So, when Computer (C1) gets the target IP address of the Computer (C2) it wants to communicate with,

•     It first looks at its own ARP cache (which is a table that contains the IP addresses and their corresponding MAC addresses for computers/ systems within a network) to see if it already has the MAC address for the computer (C2), it wants to communicate with.
•     If the MAC address of C2 is present in its ARP cache table, it can then append the message with the corresponding MAC address and send it over the network (cable, switch).
•     If the MAC address of C2 is not present in its ARP cache table, C1 will broadcast an ARP request message to all the computers / systems in the network indicating that it wants the MAC address for the IP address in its possession.
•     This ARP request is received by all the systems in the network, but only the computer with the target IP address (C2) responds to C1 with an ARP reply message, indicating its MAC address.
•     Now since C1 has both IP address and MAC address of C2, it will communicate with C2 using this information. In the process, both C1 and C2 update their ARP cache tables with the newly acquired information so that the next time the ARP broadcast message can be avoided.

ARP Cache/Cache Table

Since computers cannot send broadcast messages every time they need to connect with another network device, they store the IP addresses and the corresponding MAC addresses of systems they frequently communicate with, in a table called ARP Cache table. All the systems in the LAN maintain this table. The entries in the ARP cache table are generally short lived and are updated every 15-20 minutes.

Since a LAN segment consists of a number of computing devices, some individual ARP table entries are removed if the system doesn’t communicate with certain devices for considerable amount of time. This is done mainly to limit the size of ARP cache.