Thank you everyone for your help. I've tried to incorporate people's comments, let's see if I got it right now... A host compares the IP address and subnet mask of the desired destination with its own IP address and subnet mask to determine if it the traffic is local, or if it is to be sent to the default gateway. Remember that if the MAC address of the default gateway is not known, it will follow the ARP process to obtain it. If the traffic is local the host looks at the ARP cache, an index of recently acquired IP-to-MAC address combinations. If the appropriate address is there, communication is established. If the IP address is not in the local ARP table, the source host will send an ARP request packet containing the Network-layer address, seeking to be resolve it to a MAC address for the desired destination. All hosts on the network receive this request, but only the host with the specified network address will respond. If present and functioning, the host with the specified address responds with an ARP Reply packet containing its MAC address. The originating device receives the ARP Reply packet, stores the local data link address in its ARP cache for future use, and begins exchanging packets with the host. If the host is not on the local network, AND the originating device doesn't realize that to be the case, AND the router on the local network is configured to perform Proxy ARP (Cisco default), the router will look up the network address in its route table and if it finds it, return the MAC address of its local interface to the ARP-ing source station. While unusual, that can happen, depending on the host's OS version, if the user forgets to configure a default gateway, or configures the device with its own address as the default gateway. This can cause a station to ARP for every unknown address, local or not. Let me know any thoughts, and thank you in advance for your assistance... --- Dennis -----Original Message----- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 5:16 PM To: [EMAIL PROTECTED] Subject: Re: ARPing - is this right? [7:19489] At 06:42 PM 9/11/01, John Neiberger wrote: >I think that's basically it, but I'd add two modifications. > >At the beginning of the process, I always find it helpful to mention >why a station would initiate an ARP request in the first place. By >comparing the IP address of the destination with its own IP address and >subnet mask, it will know whether it needs to initiate an ARP request or >send the packet to the default gateway. Great addition and one more minor one. The station may have to ARP for the default gateway if it doesn't already have the MAC address for the default gateway. >I know that you know that, I >just like to make it clear when I'm explaining it to someone else. > >As for that last step about the router returning its own MAC address >for destinations not on the local subnet, this is true only if proxy ARP Yes, I'm glad you added that. It's important to mention that proxy ARP is an extension to the normal behavior of ARP. Proxy ARP is sometimes called the ARP hack. ;-) It's become accepted as normal because Cisco routers have done it by default for so many years, but it's really kind of weird. >is turned on AND if the originating device doesn't realize that the end >station is not on the same local network. We've had this discussion before!? ;-) Depending on the OS and the version of the OS, forgetting to configure a default gateway causes a station to ARP for everything. Also, in some versions of OSs, configuring the gateway with your own address causes the station to ARP for everything. Nice job, Dennis. Priscilla > If the originating device >knows that the destination device is not on the local subnet, it wil not >send a broadcast ARP. It will send a unicast packet to the default >gateway. > >Regards, >John > > >>> "Dennis Laganiere" 9/11/01 4:17:50 PM > >>> >I'm trying to describe the ARPing process. It something I've always >taken >for granted, but now I'm trying to actually write it down. Let me know >your >thoughts... > >When a workstation attempts to communicate with an IP address it >follows >this process: > >IP devices maintain an ARP cache that store any recently acquired >IP-to-MAC >address combinations. If the appropriate address is there, >communication is >established. > >If the IP address is not in the local ARP table, the source host will >send >an ARP request packet containing the Network-layer address, seeking to >be >resolve it to a MAC-layer address for the desired destination. > >All hosts on the network receive this request, but only the host with >the >specified network address will respond. If present and functioning, >the >host with the specified address responds with an ARP Reply packet >containing >its MAC-layer address. The originating device receives the ARP Reply >packet, stores the MAC/IP address combination its ARP cache for future >use, >and begins exchanging packets with the host. > >If the host is not on the local network, the router on the local >network >will look up the network address in its route table and if it finds a >match, >it will return the MAC address of its local interface to the ARP-ing >source >station. ________________________ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19636&t=19636 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
