Tuesday, January 26, 2016

ARP messages: Request, Reply, Probe, Announcement

ARP, as originally specified in RFC 826, had two message types: request and reply. The protocol can be "abused" in the sense that a host can send a reply message not in response to any preceding request; this has been formalized in RFC 5227. The two "new" messages are probe and announcement, the latter also called "gratuitous ARP". They can be used for detecting duplicate IP addresses on the same LAN.

The following questions may not be immediately clear:
  • The "new" messages do not extend the protocol - they do not introduce new ARP message types. How can one speak about "new messages"?
  • Source and destination MAC addresses are naturally present in the MAC headers of the ARP message. But there are also "Source Hardware Address" (SHA) and "Target Hardware Address" (THA) fields in the ARP message body, which are also MAC addresses. How are the former and the latter related, and why seemingly the same information is duplicated?
The table below shows the MAC headers and (relevant) ARP protocol fields for each of the four messages. The differences help to understand how each field is used.
Message Sent when the host... MAC headers ARP body
src MAC dst MAC message type SHA (MAC) SPA (IP) THA (MAC) TPA (IP)
request wants to send an IP packet, but does not know the MAC address of the destination own broadcast REQUEST own own 0 destination's
reply receives an ARP request to an IP address this host owns own destination's, or broadcast1 REPLY own own requestor's requestor's
probe (RFC 5227, 2.1) configures a new IP address for an interface own broadcast REQUEST2 own 03 0 probed
announcement (RFC 5227, 2.3) after a probe, concludes that it will use the probed address own broadcast REQUEST2 own new own 0 new own

Notes to the table:

  1. RFC 5227, section 5.6 explains why "Broadcast replies are not universally recommended, but may be appropriate in some cases".
  2. RFC 5227, section 3 notes that the type here could be REPLY as well, then continues to give reasons why REQUEST is recommended.
  3. Zero is specified here in order not to pollute ARP caches of other hosts in case when the probed address is already used in this LAN and the probing host will not take it.