Quick question about ARP

[mike_g]

If you have a lan with several switches on it and you send a datagram destined for a host on the same LAN segment but connected to a switch several hops away how does the the first switch know where to send it? Does it have information about all hosts connected to all switches on its ARP table, does it do a broadcast, or something else?

Cheers.

[brewbuck]

Quote:

Originally Posted by mike_g

If you have a lan with several switches on it and you send a datagram destined for a host on the same LAN segment but connected to a switch several hops away how does the the first switch know where to send it? Does it have information about all hosts connected to all switches on its ARP table, does it do a broadcast, or something else?

If the switch has no ARP entry for the address, it will query all its non-uplink ports. If one of these ports leads to another switch (slave switch) then that switch will in turn query all of it's slaves, etc. If none of them respond, the top switch creates an entry directing traffic for that address to the uplink port.

The switch may or may not snoop on ARP packets which pass through it, and add them to its own ARP table.

[mike_g]

Thanks for the explanation.

[brewbuck]

Quote:

Originally Posted by mike_g

Thanks for the explanation.

Also, since ARP has no TTL field it is possible to produce an infinite packet loop by plugging switches into each other the wrong way. I've seen a commercial data center brought to its knees by somebody plugging a cable into the wrong port, followed by a "ping" of a non-existent address.

[Mario F.]

Hmm... not sure, brewbuck, of what I'm about to say. But I seem to believe that can only happen on level 1 switches.

I didn't even know that could happen to be frank, but I seem to remember that level 2 switches not only update their ARP tables every 30 seconds or so, but every ARP reply following one of those requests that results in a circular reference is not mapped and the port is put on error state.

They have many other safeguards in place, like not allowing multiple mac addresses to be mapped to the same port (a packet sniffing technique). But maybe some level 1 switches also carry this feature, since multiple mapping protection is present also on some level 1 switches.

[mike_g]

Mario, I think you may be confusing ARP with routing protocols. If I remember correctly, by default RIP sends updates every thirty seconds other protocols vary. AFAIK arp tables dont send updates, but I may be wrong.

[Mario F.]

It's possible. I'm not truly confident since it's been a long, long, time since I last studied these subjects. However, RIP was so rarely used even back then that I find it hard to be that the source of my confusion.

I know for a fact however that some switches have the ability to update their ARP tables. Many Cisco switches for instance can be configured to send ARP requests in a predefined interval to all of their active ports. The rest... I'm just working from memory.

[mike_g]

Sure, the switches do update their routing tables but I have just been reading about ARP on wikipedia entry and a couple of other sites and they dont seem to mention regular update intervals between switches, and I can't remember that either.

Edit: I'm not sure if this is how it would work, but logically it would make sense for a switch to be able to identify if a packet is on its subnet and if not send it to the default router. This would mean that the ARP tables would only have to query a limited range of addresses.

[Mario F.]

Hmm... AFAIK, ARP tables only store IP-MAC mappings for their own active ports. They don't know about any other MAC address. Any packet circulation is done through the routing tables, until it reaches the final hop (switch or router). This hop is final because the routing tables say so.

Ok, now... this is where I'm sketchy...

This final hop will either contain or not an ARP record with the final IP-MAC mapping. If it does not, the hop will broadcast an ARP request to all of its slaves - I call them active ports. Probably shouldn't - and update its ARP table. If it still can't find the MAC address, it will drop the packet.

This process actually happens on any intermediate hop mind you. But the point being that a) a switch only contains records on its ARP table for its slaves and b) ARP does no routing. Ultimately, ARP is meant to translate IP to MAC addresses. Basically do what it name implies.

EDIT: What I am questioning instead is the quality of a router or switch that allows a circular reference to be built in its ARP table, such as the one brewbuck witnessed. I'm almost sure level 2 switches wouldn't allow this to happen. And many level 1 routers apply safeguards typical of level 2 ones. For instance, I used to have a level 1 D-Link (don't ask me the model) that didn't allow an IP address to be mapped to more than one MAC address - a feature that is usually only present on level 2 switches, from what I remember.