cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3001
Views
4
Helpful
5
Replies

Does ARP works at layer 3 or layer2 of the OSI model

mmozaffa
Level 1
Level 1

The ARP packet contains L2 header and ARP header only and does not have IP header so this makes it a layer 2 protcol but on the other hand the IP address lookup(camparision) has to take place when a ARP Request packet is sent out which is a layer 3 behaviour.

so what will be right answer for this ? correct me if I am wrong.

thanks in advance

5 Replies 5

ariela
Level 4
Level 4

Hi,

well, essentially the ARP protocol works at L2:

"ARP sends an Ethernet frame called an ARP request to every host on the network. This is called a broadcast ... The ARP request contains the IP address on the destination host ... and is the request 'if you are the owner of this IP address, please respond to me with your hardware address'. The destination host's ARP layer receives this broadcast, recognizes that the sender is asking for its hardware address, and replies with an ARP reply. This reply contains the IP address and the corresponding hardware address. The ARP reply is received and the IP datagram that forced the ARP request-reply to be exchanged can now be sent"

(Stevens, TCP/IP Illustrated vol I, 54-55)

The L3 lookup is only a normal operation of IP protocol stack (de-encapsulation).

HTH

Andrea

Hi,

Thanks for the reply. If you take an example of "Proxy ARP", it allows the router to respond to an ARP request (if a valid route is present)for a host that is not on the connected network where the ARP broadcast is heard.

Here "valid route is present" refer to a IP table lookup, isn't it.

e.g

Suppose there are two routers R1 and R2.

R1 interface is config. with nwA and nwB networks, similarly R2 interface is config. with nwB and nwC network where,

nwA -----Class A network

nwB -----Class B network

nwC -----Class C network

-nwA---[R1]----nwB----[R2]---nwC---

now suppose if a host on nwA ARP request for a host on nwC, will it succeed ? suppose we have full connectivity, RIP is running and these are cisco routers so PROXY ARP is enable by default.

What I think is that when the ARP request packet reaches R1, R1 will perform a IP table lookup to see if it can reach nwC(in this case yes) and it will PROXY ARP.

So we can say that ARP is a L2 protocol but it do perform IP table lookup which is a functionality of network layer.

scottmac
Level 10
Level 10

ARP is part of the TCP/IP suuite of protocols. It sits above L2 (which would usually be Ethernet these days) between L3 & L4 (like ICMP) ... it doesn't really use TCP, its function is to get a MAC address for a given IP address.

ARP is its own type (an ARP packet in an Ethernet frame versus a TCP packet). ARP goes into an IP packet, which goes (usually) into an (for example) Ethernet frame with IP source and destination address(destination is a broadcast and is sent at L2 as an Ethernet broadcast).

A good way to see this is to load up a free packet analyzer ("sniffer") like Ethereal and capture a minute of traffic.

Ethereal will show you that inside this L2 frame is an IP packet, and that packet is of type ARP (and show you the source IP address).

You can compare that to a capture of a TCP (like FTP) session start (SYN/ACK sequence) and a UDP stream (like TFTP or VoIP).

The actual mechanism for ARP happens at L2 (local broadcast), but its function is above L3 but not quite at L4 ..since it is generated from the IP protocol stack but doesn't need any of the TCP functions.

Hope this helps

Good Luck

Scott

Hi Naveed,

When a machine from nwa wants to reach nwc, it will send the packet to the default gateway as the subnets would be different.

The ARP will be sent to get the mac-address of the DG if it does not have it in its arp table.

Even if you disable proxy-arp on the router, the packets will be sent across.

Scott has given a very good explanation of the association of layer 2 and layer 3 functions of the ARP packet.

Narayan

sir.vegaskid
Level 1
Level 1

I have to disagree with some of the comments above.

ARP is a function of layer 2. It has a frame format that contains IP addresses as data but not an IP header (layer 3) and no TCP\UDP header (layer 4). ARP frames can not therefore be routed, which is what you would expect of an exclusively layer 2 frame.

Scott has stated that there is an IP packet inside an ARP frame. This is incorrect. If you open up Wireshark, start a capture, then ping an IP address on your local LAN, stop the capture and filter for 'arp', you will see that there is an ARP frame inside an Ethernet frame and no IP packet whatsoever.

Review Cisco Networking for a $25 gift card