Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
25515
Views
0
Helpful
0
Comments

Network Tables: MAC, Routing, ARP

CiscoNet Training Solutions
Spotlight
Spotlight

‎11-15-2020 09:41 AM - edited ‎11-23-2021 02:17 PM

Any network connection is a logical connection between two endpoints. There is a source endpoint and a destination endpoint with two separate unidirectional flows established. All network connectivity is based on constantly updating ARP tables, MAC address tables, routing tables and DNS tables. Network connectivity tables are comprised of addresses and associated interfaces. They are all required to enable packet forwarding between endpoints on different subnets.

The destination IP address is first resolved with a DNS request from source endpoint so that a destination IP address can be added to the destination field of IP header. Any network communication requires addressing that is comprised of the following fields for source and destination endpoint. The source IP address and destination IP address do not change. It is only the source MAC address and destination MAC address that are rewritten per router or Layer 3 hop.

  • Source MAC address
  • Destination MAC address
  • Source IP address
  • Destination IP address

MAC Address Table 

The MAC address is a unique 48-bit hardware identifier number assigned to the Ethernet interface of any host. That would include both wired and wireless interfaces. There is a unique MAC address assigned to Ethernet interfaces of network devices as well. It is used for Layer 2 frame forwarding and ARP tables. Network switches build MAC address tables with entries comprised of destination MAC address, port and VLAN membership. The MAC address is used to add a source and destination MAC address to each frame header.

frame switching.png

The MAC (physical) address is 48 bits of hexadecimal numbering on an Ethernet interface. The first 24 bits is a manufacturer OUI and the last 24 bits (bold) is a unique serial number (SN). The source MAC address is a host endpoint or Layer 3 interface, and destination MAC address is MAC address of next hop Layer 3 interface or host endpoint interface.

ARP Table

ARP request is sent from a host (desktop), to learn the MAC address of a destination server after DNS has already resolved destination server IP address. It is only Layer 3 network devices (routers, Layer 3 switches, firewalls) and hosts that create ARP tables. Layer 2 switches do not create an ARP table.

ARP table is a list of MAC address (Layer 2) to IP address (Layer 3) bindings. ARP requests are broadcast between all Layer 3 devices and sent on the shared local subnet. That is done to update (populate) each ARP table per hop between source and destination. Remember that each router must know the destination MAC address of the next hop router to rewrite each frame. The following is a standard ARP table with MAC address and IP address associations. Each router would have an entry for the server IP address and MAC address based on the initial ARP request.

*Serial interfaces are exempt from ARP broadcast since they do not use MAC addressing and routers are directly connected (point-to-point). Ethernet is a broadcast (shared) network where ARP must resolve MAC address.

arp table.png

Routing Table

Layer 3 network device rewrite each frame with a new source MAC address and destination MAC address per Layer 3 hop. That is done after performing a routing table lookup for next hop address, based on the destination IP address. The packet is then routed to the next hop upstream neighbor. ACL, QoS and NAT policies are also applied to packets as they ingress and egress network interface.

routing.png

The last router does an ARP table lookup, to rewrite outbound frame with the MAC address of the server to destination MAC address field. Layer 2 switches are never a MAC address destination. Switches only examine incoming frames and select a switch port for forwarding. 

Layer 3 Per Hop Frame Rewrite

There is a routing table lookup on the last router that is based on the server subnet address. The next hop to the server subnet is a directly connected router interface. That is the local router interface where a Layer 2 switch is connected. The switch examines destination MAC address of arriving frame and does a MAC address table lookup for switch port associated with server MAC address. The frame is forwarded out of the local switch port where the server is connected.

network table.png

Copyright CiscoNet Solutions All Rights Reserved

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents