ARP: Address Resolution Protocol

Author:Sun Xiaoming, a lecturer at Huaqing vision embedded College.

Although in general, IP packets are sent based on IP addresses, data must be transmitted at the network link layer using hardware addresses (except for point-to-point links, the destination address is sometimes hidden ). Arp, The Address Resolution Protocol, can discover hardware addresses related to specific IP addresses. It can be used on all networks that support broadcast, but the most common is to introduce it in Ethernet mode.

If host a wants to send a packet to host B on the same Ethernet, it uses ARP to discover the hardware address of host B. When B and A are not on the same network, host a uses ARP to find the hardware address of the next hop router to which the package with the target address B should be sent. Because ARP uses broadcast packets, this packet cannot span the network (routers can often be configured to flood a large number of broadcast packets into other networks. Do not do this as much as possible ), therefore, it can only be used to find the hardware address of the computer directly connected to the local network where the sending host is located.

Each computer maintains a table named ARP cache in their memory, which stores the results of recent ARP queries. Under normal circumstances, the host will soon be able to find many addresses it needs after it is started, so ARP will not cause a large amount of network traffic.

ARP packets in the form of broadcast (ARP uses the broadcast convention at the underlying link layer instead of the IP broadcast Convention) "Does anyone know the hardware address of 128.138.116.4 ?" . The searched computer will identify this as its own IP address, and then return a response: "Yes, this is the IP address of a network interface assigned to me, and the corresponding ethernet address is 8: 0: 20: 0: FB: 6a."
The initial query includes the requester's IP address and ethernet address, so that the computer being searched can respond without sending its own ARP query. In this way, the two computers only need one packet exchange to know their ARP ing. Other computers that listen to the requester's initial broadcast can also record its address ing. This passive ARP traffic detection is sometimes called snooping ).
ARP commands can check and process the kernel's ARP cache. ARP is generally used to add or delete a cache entry. It can also refresh the cache table or display it. ARP-A displays the content cached by ARP. For example:

Generally, ARP commands are only useful when debugging and involving special hardware. Some devices are not smart enough to use ARP protocols (such as network printers or graphic displays for special purposes ). To support such a device, you may need to configure other computers as the proxy ARP Server for hardware that lacks such functionality ). Generally, ARP commands can be used for implementation (using the-s flag ). For example:

Linux Kernel 2.4 and later versions do not support the proxy ARP service for the entire subnet, but when there is a route and the interface is configured with the packet forwarding function, it automatically acts as the proxy ARP Server.
If two hosts on a network use the same IP address, one of the ARP table items is correct, and the other is incorrect. You can use the ARP command to find the computer with an error.

Sometimes you need to convert a hardware address to an IP address. Many hardware with insufficient functionality (such as diskless workstations, network computers, printers, etc.) need to perform this conversion at startup. A computer can query the central server to find its own address, rather than directly writing an IP address in a configuration file.