ARP Protocol – Understanding Packet Types, Ethernet, Cache, and Gratuitous ARP

arpethernet

Lately I have been doing some research on the Address Resolution Protocol, and even though I know the idea behind it I still have some questions.

Q1: Are there more types of ARP messages that I am missing aside the following?:

ARP Request
ARP Reply
Gratuitous ARP Request (ARP.Protocol_Source = ARP.Protocol_Target)
Gratuitous ARP Reply (Reply without a Request)
ARP Probe (ARP.Protocol_Source = 0.0.0.0)

Q2: Does ARP actually care about the Ethernet Header?

For as far as I know ARP doesn't really care about the Ethernet Header at all. It doesn't matter if you Unicast or Broadcast the Ethernet Header because ARP will still respond, and I wouldn't be surprised if the Ethernet.Source can be different from ARP.Hardware_Source too.

Q3: Which packets fill the ARP cache?

I always thought that ARP Requests and ARP Gratuitous Requests filled the ARP cache with , are there more packets that do this (Gratuitous ARP Replies?), and is it implementation dependent in some cases?

Q4: When are Gratuitous Replies and when Gratuitous Requests used?

If any official documentation could be quoted that would be extra helpful!

Best Answer

When in doubt, go to the source, RFC 826, An Ethernet Address Resolution Protocol

There are two type of ARP messages: REQUEST and REPLY.
The RFC specifies the ethernet header. An ARP request involves determining the ethernet address of the destination, so it uses the broadcast address since it doesn't know the unicast address. An ARP reply will know the ethernet address, so it will be a unicast.
```
Ethernet transmission layer (not necessarily accessible to the user):  
    48.bit: Ethernet address of destination  
    48.bit: Ethernet address of sender  
    16.bit: Protocol type = ether_type$ADDRESS_RESOLUTION
```
It then causes this packet to be broadcast to all stations on the Ethernet cable originally determined by the routing mechanism.
The way the ARP cache works is OS-dependent, and there is nothing requiring a host to maintain an ARP cache.
The use of gratuitous ARP is not officially documented, but some hosts and OSes use it to do things like resolve address conflicts; Wireshark has a pretty good explanation (with examples): Gratuitous ARP

Gratuitous ARP could mean both gratuitous ARP request or gratuitous ARP reply. Gratuitous in this case means a request/reply that is not normally needed according to the ARP specification (RFC 826) but could be used in some cases. A gratuitous ARP request is an AddressResolutionProtocol request packet where the source and destination IP are both set to the IP of the machine issuing the packet and the destination MAC is the broadcast address ff:ff:ff:ff:ff:ff. Ordinarily, no reply packet will occur. A gratuitous ARP reply is a reply to which no request has been made.

Related Solutions

Gratuitous ARP – How Gratuitous ARP Works

Gratuitous ARP is a sort of "advance notification", it updates the ARP cache of other systems before they ask for it (no ARP request) or to update outdated information.

When talking about gratuitous ARP, the packets are actually special ARP request packets, not ARP reply packets as one would perhaps expect. Some reasons for this are explained in RFC 5227.

The gratuitous ARP packet has the following characteristics:

Both source and destination IP in the packet are the IP of the host issuing the gratuitous ARP
The destination MAC address is the broadcast MAC address (ff:ff:ff:ff:ff:ff)
- This means the packet will be flooded to all ports on a switch
No reply is expected

Gratuitous ARP is used for some reasons:

Update ARP tables after a MAC address for an IP changes (failover, new NIC, etc.)
Update MAC address tables on L2 devices (switches) that a MAC address is now on a different port
Send gratuitous ARP when interface goes up to notify other hosts about new MAC/IP bindings in advance so that they don't have to use ARP requests to find out
When a reply to a gratuitous ARP request is received you know that you have an IP address conflict in your network

As for the second part of your question, HSRP, VRRP etc. use gratuitous ARP to update the MAC address tables on L2 devices (switches). Also there is the option to use the burned-in MAC address for HSRP instead of the "virtual"one. In that case the gratuitous ARP would also update the ARP tables on L3 devices/hosts.

Ethernet – Identify gratuitous ARP

You can identify Gratuitous ARPs by looking at the ARP Sender Protocol Address and ARP Target Protocol Address, so as you mentioned when they are the same it's a gratuitous ARP. See RFC 2002, Section 4.6 for a reference (the emphasis - !!!!> and <!!!! is mine)...

      4.6. ARP, Proxy ARP, and Gratuitous ARP

      <...>

      A Gratuitous ARP [23] is an ARP packet sent by a node in order to
      spontaneously cause other nodes to update an entry in their ARP
      cache.  A gratuitous ARP MAY use either an ARP Request or an ARP
      Reply packet.  In either case, the (!!!!>) ARP Sender Protocol Address
      and ARP Target Protocol Address are both set to the IP address
      of the cache entry to be updated (<!!!!), and the ARP Sender Hardware
      Address is set to the link-layer address to which this cache
      entry should be updated.  When using an ARP Reply packet, the
      Target Hardware Address is also set to the link-layer address to
      which this cache entry should be updated (this field is not used
      in an ARP Request packet).

      In either case, for a gratuitous ARP, the ARP packet MUST be
      transmitted as a local broadcast packet on the local link.  As
      specified in [16], any node receiving any ARP packet (Request or
      Reply) MUST update its local ARP cache with the Sender Protocol
      and Hardware Addresses in the ARP packet, if the receiving node
      has an entry for that IP address already in its ARP cache.  This
      requirement in the ARP protocol applies even for ARP Request
      packets, and for ARP Reply packets that do not match any ARP
      Request transmitted by the receiving node [16].