12.1 IP addresses, MAC addresses and the ARP process
In this section you will briefly recap MAC and IP addresses, look at where they fit into the TCP/IP network model, and how the addresses interact with each other. You will use a small network set up in Packet Tracer running in simulation mode, which will show you what the packets and frames of data are doing at each stage of the process.
Watch the video below, which is about 6 minutes long.
The principles of routing and switching
In this session we are going to take a look at how a router makes its routing decisions, and then how a network switch makes its switching decisions. This will expand upon your knowledge gained in Sessions 3 and 4 where these devices were covered in the context of a home network.
Before we do this we need to think about the addressing systems that are in use with each of these types of devices.
Switches operate using MAC addresses which are also referred to as Ethernet addresses or hardware addresses. These addresses are assigned to the hardware by its manufacturer and cannot be changed. These addresses sit at the Network Access layer of the TCP/IP network model.
Routers operate using IP addresses. These are logically assigned and are allocated to each device by the network programmer. These addresses operate at the Internet layer of the TCP/IP network model.
When a source device wishes to send a piece of information to a destination device, this information must be broken down into smaller pieces to be sent out. At each layer of the TCP/IP model the information is broken down into a different data unit which we call protocol data units (or PDUs), and it is encapsulated with some information which identifies it to that layer of the network model. This encapsulation normally adds headers at the beginning of the unit and a trailer at the end to mark the end of the unit.
We have built a small network in Packet Tracer to help us demonstrate this session. We will use this network for each of the following demonstrations. We will use a simple ping from one PC to another and look at how the router makes its routing decision, and how the switch makes its switching decision. While we are doing this, we are going to come across a problem in the process.
OK, so we are going to make PC2 ping Router0, which is its default gateway. When we type ping 172.16.0.1 into the command prompt of PC2, an ICMP echo packet will arrive at the Internet layer of the TCP/IP process running in the machine, which is also called the TCP/IP stack. The Internet layer then adds the source and destination IP addresses to the header of the packet. The source IP address is the address of PC2 where the packet comes from, and the destination address has been typed into the ping command by the user – so it is known too. The block of data is now called an IP packet and is passed down the stack to the Network layer below. This layer now needs to add in the MAC addresses to make up the header for the network frame – which is the protocol data unit of the Networklayer of the TCP/IP network model.
Again, we know the source MAC address (it is the MAC address of the network adapter in the PC, which was set by the manufacturer of the network card when it was made). The destination MAC address is the MAC address of Router0 – the destination of the ping. Now we have discovered our problem: how do we get the MAC address for Router0, which is elsewhere on the network?
This is where a process called Address Resolution Protocol comes to our aid. Also called ARP, this process is crucial to the operation of all networks and is the way of finding a network address or hardware address from a known IP address.
Whilste we run through the rest of the demonstration, keep an eye open for the simulation panel on the right-hand side. This is a useful feature of Packet Tracer and allows you to see the order and content of the packets and frames, whilst at the same time watching them move around the network. The packets are represented with little envelopes as they travel down the wires and through the devices.
OK, back to PC2. Because the destination MAC address in unknown, the PC will send out an ARP request on the network. This request is sent out to the broadcast MAC address, asking for the device with the IP address of 172.16.0.1 to identify itself. The switch will receive this frame of data and, because it is a broadcast, it will forward the frame out of all ports except the one it came in from. Both Router0 and PC3 will receive this ARP broadcast request. PC3 will ignore or drop the frame because its IP address does not match the request. The router does have this IP address, so it will generate an ARP reply frame which will contain its own MAC address as the source MAC address, and the destination MAC address of PC2 (which the router knows from the incoming ARP request).
This reply will be sent to the switch, which in turn will forward it on directly to PC2. We will be looking at how switches work later on in this session, so don’t worry about what the switch is doing for now.
When the ARP reply reaches PC2, it will store the MAC address to IP address mapping in its ARP cache. By storing the MAC to IP mappings in an ARP cache, the device will not have to do this ARP process every time a packet needs to be sent to this destination. This will speed up the network process, but a time limit of a few minutes is applied to this mapping, so that changes in the network can still take place.
This means that we now have the source and destination IP addresses and the source and destination MAC addresses. So we have all of the information the PC needs to communicate with the router.
With this information the ping now completes the ICMP echo request which can now be sent to the destination device – in this case the router. The frame will now arrive at the switch where it will be forwarded to Router0. When Router0 receives this echo-request, it will respond with an ICMP echo-reply. This echo-reply will arrive back at the switch, and will be forwarded on to PC2. When the echo-reply is received back at PC2 it will display a message on the screen confirming the reply, with some other information such as the round-trip delay. This round-trip delay is usually measured in milliseconds and is an indication of how long the echo has taken to travel back to the PC.
Activity 1 Test yourself
1. What is the Network Access layer protocol data unit (PDU) called?
The correct answer is b.
2. What is the purpose of the ARP cache?
(a) The ARP cache records the number of ICMP packets sent.
(b) It is an address table.
(c) The ARP cache stores the IP address to MAC address mappings temporarily to minimise ARP lookups.
(d) The ARP cache stores a history of destination IP addresses the machine has communicated with.
The correct answer is c.