ARP – Can ARP Replies Be Broadcast?

arpbroadcastethernetprotocol-theory

I have been informed by certain networking professionals that ARP replies can and sometimes actually are broadcast packets instead of unicast. If and when would you use a broadcast ARP reply?

Best Answer

According to the RFC826 (An Ethernet Address Resolution Protocol) the sender has to:

put the local hardware and protocol addresses in the sender fields

But as you pointed out why an host would use the broadcast address in an ARP reply? Maybe because this could seem clever: using the L2 broadcast address all the hosts in the LAN would immediately know a new (IP,MAC) pair saving time. Actually this method is not desired by the RFC (even if they refer to periodic broadcasting):

Periodic broadcasting is definitely not desired. Imagine 100 workstations on a single Ethernet, each broadcasting address resolution information once per 10 minutes (as one possible set of parameters). This is one packet every 6 seconds. This is almost reasonable, but what use is it? The workstations aren't generally going to be talking to each other (and therefore have 100 useless entries in a table);

It also depends on the host's OS to add in the ARP table a tuple learned by a broadcasted message.

EDIT: As stated in the comments the RFC 5227 updates the RFC 826 and it says

In some applications of IPv4 Address Conflict Detection (ACD), it may be advantageous to deliver ARP Replies using broadcast instead of unicast because this allows address conflicts to be detected sooner than might otherwise happen

Related Solutions

Switch – How to troubleshoot reason why ARP replies from ISP are not forwarded through our switch

What does the switch port configuration look like? Access, trunk, something else? Have you asked your ISP what their port configuration (not on the Radwin, but on their router/switchport facing you) looks like? Is spanning-tree forwarding facing the Radwin link in both directions? It kind of sounds like a VLAN mismatch or something along those lines.

Does it work if you plug that laptop into the switch? That would likely rule out the router config.

ARP Protocol – Understanding Packet Types, Ethernet, Cache, and Gratuitous ARP

When in doubt, go to the source, RFC 826, An Ethernet Address Resolution Protocol

There are two type of ARP messages: REQUEST and REPLY.
The RFC specifies the ethernet header. An ARP request involves determining the ethernet address of the destination, so it uses the broadcast address since it doesn't know the unicast address. An ARP reply will know the ethernet address, so it will be a unicast.
```
Ethernet transmission layer (not necessarily accessible to the user):  
    48.bit: Ethernet address of destination  
    48.bit: Ethernet address of sender  
    16.bit: Protocol type = ether_type$ADDRESS_RESOLUTION
```
It then causes this packet to be broadcast to all stations on the Ethernet cable originally determined by the routing mechanism.
The way the ARP cache works is OS-dependent, and there is nothing requiring a host to maintain an ARP cache.
The use of gratuitous ARP is not officially documented, but some hosts and OSes use it to do things like resolve address conflicts; Wireshark has a pretty good explanation (with examples): Gratuitous ARP

Gratuitous ARP could mean both gratuitous ARP request or gratuitous ARP reply. Gratuitous in this case means a request/reply that is not normally needed according to the ARP specification (RFC 826) but could be used in some cases. A gratuitous ARP request is an AddressResolutionProtocol request packet where the source and destination IP are both set to the IP of the machine issuing the packet and the destination MAC is the broadcast address ff:ff:ff:ff:ff:ff. Ordinarily, no reply packet will occur. A gratuitous ARP reply is a reply to which no request has been made.

Best Answer

Related Solutions

Switch – How to troubleshoot reason why ARP replies from ISP are not forwarded through our switch

ARP Protocol – Understanding Packet Types, Ethernet, Cache, and Gratuitous ARP

Related Topic