How ARP Works

Figure 8 and Figure 9 show how ARP works where host 1 sends an IP packet to host 2 on a different subnet. To complete this transmission, host 1 needs the MAC address of router 1, to be used as the forwarding gateway.

A typical scenario is:

1. Host 1 broadcasts an ARP request to all devices on subnet 1, composed by a query with the IP address of router 1. The IP address of router 1 is needed because host 2 is on a different subnet.
2. All devices on subnet 1 compare their IP address with the enclosed IP address sent by host 1.
3. Having the matching IP address, router 1 sends an ARP response, which includes its MAC address, to host 1.

   Figure 8: Sample ARP Process—1 through 3

   

4. Host 1 transmits the IP packet to layer 3 DA (host 2) using router 1’s MAC address.
5. Router 1 forwards IP packet to host 2. Router 1 might send an ARP request to identify the MAC of host 2. (See Figure 9.)

   Figure 9: Sample ARP Process—4 and 5

   

ARP forces all receiving hosts to compare their IP addresses with the IP address of the ARP request. So if host 1 sends another IP packet to host 2, host 1 searches its ARP table for the router 1 MAC address.

If the default router/gateway becomes unavailable, then all the routing/packet forwarding to remote destinations ceases. Usually, manual intervention is required to restore connectivity, even though alternative paths may be available. Alternatively, Virtual Router Redundancy Protocol (VRRP) may be used to prevent loss of connectivity. See JUNOSe IP Services Configuration Guide.

arp

• Use to add a static (permanent) entry in the ARP cache.
• To add a static entry in the ARP cache, specify the ipAddress, interfaceType and interfaceSpecifier (as indicated in Interface Types and Specifiers in JUNOSe Command Reference Guide ), and an optional MAC address

• You can issue this command only for Fast Ethernet interfaces, Gigabit Ethernet interfaces, 10-Gigabit Ethernet interfaces, and bridged Ethernet interfaces configured over ATM 1483.
• Example

  host1(config)#arp 192.56.20.1 gig 2/0 0090.1a00.0170

• Use the no version to remove an entry from the ARP cache.
• See arp

arp spoof-check

• Use to configure the router to check for spoofed ARP packets received on an IP interface.
• By default, E-series routers check all received ARP packets for spoofing and process only those ARP packets whose source IP address is outside the range of the network mask. ARP packets with a source IP address of 0.0.0.0 and the router IP address as the destination address are dropped because the router identifies them as spoofed packets.
• In networks with digital subscriber line access multiplexers (DSLAMs), even if you configure the router to check for spoofed ARP packets, DSLAMs perform this task instead of the router. If you disable checking for spoofed ARP packets on the router in such networks, DSLAMs forward the received packets to the router for processing. You can, therefore, configure the router accordingly, depending on the way in which you want spoof-checking to be performed.
• You cannot configure ARP spoof-checking on interfaces that do do support ARP, such as loopback interfaces and ATM point-to-point PVCs.
• If you disable checking for spoofed ARP packets, all packets received by the router are processed.
• You can reenable checking for spoofed ARP packets on an interface at any time by using the arp spoof-check command after disabling it.
• Example—Shows how to disable spoof-checking for ARP packets received on a Gigabit Ethernet interface and then reenable it.

  host1(config-if)#interface gigabitEthernet 1/1

  host1(config-if)#no arp spoof-check

  host1(config-if)#arp spoof-check

• Use the no version to disable checking for spoofed ARP packets received on a major IP interface or an IP subinterface.
• See .

arp timeout

• Use to specify how long an entry remains in the ARP cache.

• You can issue this command only for Fast Ethernet interfaces, Gigabit Ethernet interfaces, 10-Gigabit Ethernet interfaces, and bridged Ethernet interfaces configured over ATM 1483.
• The default value is 21,600 seconds (6 hours). Use the show config command to display the current value.
• If you specify a timeout of 0 seconds, entries are never cleared from the ARP cache.
• Example

  host1(config-if)#arp timeout 8000

• Use the no version to restore the default value.
• See arp timeout

clear arp

• Use to clear dynamic entries from the ARP cache.
• To clear a particular entry, specify all of the following:
  • ipAddress—IP address in four-part dotted-decimal format corresponding to the local data link address
  • interfaceType—Interface type; see Interface Types and Specifiers in JUNOSe Command Reference Guide
  • interfaceSpecifier—Particular interface; format varies according to interface type; see Interface Types and Specifiers in JUNOSe Command Reference Guide
• To clear all dynamic ARP entries, specify an asterisk (*).
• Example

  host1#clear arp

• There is no no version.
• See clear arp

ip proxy-arp

• Use to enable proxy ARP on an Ethernet or bridge1483 interface.
• Proxy ARP is enabled by default.
• Example

  host1(config-if)#ip proxy-arp unrestricted

• Use the no version to disable proxy ARP on the interface.
• See ip proxy-arp

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.