Thread: Quick question about ARP

  1. #1
    Dr Dipshi++ mike_g's Avatar
    Join Date
    Oct 2006
    Location
    On me hyperplane
    Posts
    1,218

    Quick question about ARP

    If you have a lan with several switches on it and you send a datagram destined for a host on the same LAN segment but connected to a switch several hops away how does the the first switch know where to send it? Does it have information about all hosts connected to all switches on its ARP table, does it do a broadcast, or something else?

    Cheers.

  2. #2
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by mike_g View Post
    If you have a lan with several switches on it and you send a datagram destined for a host on the same LAN segment but connected to a switch several hops away how does the the first switch know where to send it? Does it have information about all hosts connected to all switches on its ARP table, does it do a broadcast, or something else?
    If the switch has no ARP entry for the address, it will query all its non-uplink ports. If one of these ports leads to another switch (slave switch) then that switch will in turn query all of it's slaves, etc. If none of them respond, the top switch creates an entry directing traffic for that address to the uplink port.

    The switch may or may not snoop on ARP packets which pass through it, and add them to its own ARP table.

  3. #3
    Dr Dipshi++ mike_g's Avatar
    Join Date
    Oct 2006
    Location
    On me hyperplane
    Posts
    1,218
    Thanks for the explanation.

  4. #4
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by mike_g View Post
    Thanks for the explanation.
    Also, since ARP has no TTL field it is possible to produce an infinite packet loop by plugging switches into each other the wrong way. I've seen a commercial data center brought to its knees by somebody plugging a cable into the wrong port, followed by a "ping" of a non-existent address.

  5. #5
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    Hmm... not sure, brewbuck, of what I'm about to say. But I seem to believe that can only happen on level 1 switches.

    I didn't even know that could happen to be frank, but I seem to remember that level 2 switches not only update their ARP tables every 30 seconds or so, but every ARP reply following one of those requests that results in a circular reference is not mapped and the port is put on error state.

    They have many other safeguards in place, like not allowing multiple mac addresses to be mapped to the same port (a packet sniffing technique). But maybe some level 1 switches also carry this feature, since multiple mapping protection is present also on some level 1 switches.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  6. #6
    Dr Dipshi++ mike_g's Avatar
    Join Date
    Oct 2006
    Location
    On me hyperplane
    Posts
    1,218
    Mario, I think you may be confusing ARP with routing protocols. If I remember correctly, by default RIP sends updates every thirty seconds other protocols vary. AFAIK arp tables dont send updates, but I may be wrong.

  7. #7
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    It's possible. I'm not truly confident since it's been a long, long, time since I last studied these subjects. However, RIP was so rarely used even back then that I find it hard to be that the source of my confusion.

    I know for a fact however that some switches have the ability to update their ARP tables. Many Cisco switches for instance can be configured to send ARP requests in a predefined interval to all of their active ports. The rest... I'm just working from memory.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  8. #8
    Dr Dipshi++ mike_g's Avatar
    Join Date
    Oct 2006
    Location
    On me hyperplane
    Posts
    1,218
    Sure, the switches do update their routing tables but I have just been reading about ARP on wikipedia entry and a couple of other sites and they dont seem to mention regular update intervals between switches, and I can't remember that either.

    Edit: I'm not sure if this is how it would work, but logically it would make sense for a switch to be able to identify if a packet is on its subnet and if not send it to the default router. This would mean that the ARP tables would only have to query a limited range of addresses.
    Last edited by mike_g; 05-09-2008 at 06:43 PM.

  9. #9
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    Hmm... AFAIK, ARP tables only store IP-MAC mappings for their own active ports. They don't know about any other MAC address. Any packet circulation is done through the routing tables, until it reaches the final hop (switch or router). This hop is final because the routing tables say so.

    Ok, now... this is where I'm sketchy...

    This final hop will either contain or not an ARP record with the final IP-MAC mapping. If it does not, the hop will broadcast an ARP request to all of its slaves - I call them active ports. Probably shouldn't - and update its ARP table. If it still can't find the MAC address, it will drop the packet.

    This process actually happens on any intermediate hop mind you. But the point being that a) a switch only contains records on its ARP table for its slaves and b) ARP does no routing. Ultimately, ARP is meant to translate IP to MAC addresses. Basically do what it name implies.

    EDIT: What I am questioning instead is the quality of a router or switch that allows a circular reference to be built in its ARP table, such as the one brewbuck witnessed. I'm almost sure level 2 switches wouldn't allow this to happen. And many level 1 routers apply safeguards typical of level 2 ones. For instance, I used to have a level 1 D-Link (don't ask me the model) that didn't allow an IP address to be mapped to more than one MAC address - a feature that is usually only present on level 2 switches, from what I remember.
    Last edited by Mario F.; 05-09-2008 at 08:55 PM.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Very quick math question
    By jverkoey in forum A Brief History of Cprogramming.com
    Replies: 8
    Last Post: 10-26-2005, 11:05 PM
  2. very quick question.
    By Unregistered in forum C++ Programming
    Replies: 7
    Last Post: 07-24-2002, 03:48 AM
  3. quick question
    By Unregistered in forum C++ Programming
    Replies: 5
    Last Post: 07-22-2002, 04:44 AM
  4. Quick Question Regarding Pointers
    By charash in forum C++ Programming
    Replies: 4
    Last Post: 05-04-2002, 11:04 AM
  5. Quick question: exit();
    By Cheeze-It in forum C Programming
    Replies: 6
    Last Post: 08-15-2001, 05:46 PM

Tags for this Thread