Number of subnets in CIDR.

imagoon · Mar 10, 2015

So I am going to try to respond to this because your questions are not really clear....

Proxy ARP is a technique where a router keeps track of the ARP tables on multiple network segments and acts as a proxy for those devices. This common in Enterprise wireless, Enterprise VPN, DOCSIS networks, certain xDSL networks and some security devices for layer 2 filtering.

1) The destination MAC address will be owned by the router. It will be either the interface MAC or from a pool of virtual MAC addresses. The router then handles moving the requests to the proper networks (IE acting as a proxy for those devices.)

2) ARP is a layer 2 protocol. There is no Layer 3 (IP) broadcast for ARP. Proxy ARP lives entirely in the ARP tables at layer 2. Proxy ARP is entirely for joining multiple Layer 2 broadcast domains together, most often used for spanning an IP segment across a set of datacenters or allowing a cable modem to belong to any number of subnets on a single DOCSIS connection without requiring connectivity to other hosts. The only Layer 3 broadcasting I am aware of with this technique is having proxy ARP handle the layer 3 broadcasts by proxying traffic directed at the subnet broadcast IP. This is optional and proxy arp was often used to isolate the layer 3 hosts from each other. Layer 3 isolation has been mostly replaced by specialized VLANs.

3) Without Proxy ARP, the router will ignore any packets without a MAC address addressed to it. By default ARP is layer 2 only. Proxy ARP is a technique to pull the layer 2 protocol up and over Layer 3.

imagoon · Mar 10, 2015

dedriven said:
Why would this class C address be able to borrow bits into a class B, why not class A. That question is a good question. Why because the router bases it's routing decisions on longest subnet mask. EIGRP would autosummarize it based on network add like 192/24.

"Class A, Class B, Class C, Class D, Class E" are deprecated and should not be used except to maybe reference the old IP ranges. In the classful nomenclature, 192.0.0.0 is defined as 24 bit network address with a 0 bit subnetwork.

Classless redefines that network as network address with a 24 bit network mask. Without the network mask, the network is undefined and means nothing.

Example: (network base address and broadcasts assumed)
Classful:

Address is assumed to be Class C.
192.168.10.0 -> 192.168.10.0 to 192.168.10.255

Classless:

192.168.10.0 -> gibberish, not enough information.

Subnetwork info:

Classful:
Address is assumed to be Class C.
192.168.10.0, 1 subnetwork bit -> 192.168.10.0 -> 192.168.10.127
192.168.10.128, 1 subnetwork bit -> 192.168.10.128 -> 192.168.10.255

Classless:
Routing is handled entirely by network and host bit as defined by the subnetwork mask.
192.168.10.0/25, 25 network bits -> 192.168.10.0 -> 192.168.10.127
192.168.10.128/25 25 network bits -> 192.168.10.128 -> 192.168.10.255

So to answer your question, Class C cannot borrow from Class A because in a classful system, that concept is undefined. You can supernet the Class C range but that would defined as 192.0.0.0, 16 supernet bits.

In classless you also cannot borrow from the top 8 bits because those have special meanings as defined by the the TCP/IP standards. The math (sort of) allows for 0.0.0.0/4 but the Standards do not allow this and as such most devices will not allow you to do this because it is invalid. In this case, 1.0.0.0/4 would be invalid because the Network portion would be all zeros [0000]0001.00000000.00000000.00000000. A /7 eliminates any IP below 128.0.0.0 for this reason. ARIN, IANA etc will only recognize /8 and down.

dedriven · Mar 10, 2015

1)Cisco says Proxy arp works when two ethernet ports on a router are in the same IP network ie 192.172.1.2/25 &192.172.1.134/25 when a host on one ethernet wants a host MAC that is on the other side of the router it ARP's and the router replies with it's int mac. . My question regarding proxy arp is the destination MAC the routers & the router sends a reply to the host with it's MAC as the MAC to reach the destination host

2)ARP With host on different subnets cisco says the router sends a L-3 broadcast for the target and the target replies & the router forwards the arp reply to the sender so it can update. My question regarding ARP on different subnets. Does this mean the router opens the ARP packet and sees that the destination add needs to send a mac so it L-3 broadcast.
The above info came from http://www.cisco.com/c/en/us/td/doc...tion/15-mt/arp-15-mt-book/arp-config-arp.html

My personal thoughts are this 1)When a host wants to send data to a remote device & it knows the destination add but not the MAC it doesn't care what the MAC is it just sends to it's default gateway

imagoon · Mar 10, 2015

dedriven said:
1)Cisco says Proxy arp works when two ethernet ports on a router are in the same IP network ie 192.172.1.2/25 &192.172.1.134/25 when a host on one ethernet wants a host MAC that is on the other side of the router it ARP's and the router replies with it's int mac. . My question regarding proxy arp is the destination MAC the routers & the router sends a reply to the host with it's MAC as the MAC to reach the destination host

2)ARP With host on different subnets cisco says the router sends a L-3 broadcast for the target and the target replies & the router forwards the arp reply to the sender so it can update. My question regarding ARP on different subnets. Does this mean the router opens the ARP packet and sees that the destination add needs to send a mac so it L-3 broadcast.
The above info came from http://www.cisco.com/c/en/us/td/doc...tion/15-mt/arp-15-mt-book/arp-config-arp.html

My personal thoughts are this 1)When a host wants to send data to a remote device & it knows the destination add but not the MAC it doesn't care what the MAC is it just sends to it's default gateway

1) I believe it uses the devices MAC address as a proxy. Fire up GNS3 and test it.
2) I am not seeing proxy arp using L3 in that document at first glance. Please quote what you are talking about.

---

ARP and MAC have no concept of default gateway so that isn't the answer. Default gateway is an IP concept at layer 3.

dedriven · Mar 11, 2015

Ok first, I am not referring to just Proxy ARP. I am referring to both Proxy ARP and ARP as indicated by the numbers 1 refers to using Proxy ARP, when it's used and how it's used & 2 just plain old ARP with of course it's use when the host are on different subnets.
Secondly, I am referring to the addressing scheme, In this document, http://www.cisco.com/c/en/us/td/docs...onfig-arp.html Cisco explains when different types of ARP come into play. They further state int the section titled Proxy ARP that Proxy ARP is used "when devices are not in the same data link layer network but are in the same IP network" they transmit to each other like their on the same physical segment.
At http://www.cisco.com/c/en/us/td/docs...onfig-arp.html Cisco refers to how just plain old ARP is used when host are on different subnets. Cisco leads the reader into thinking that ARP uses L-3 broadcast to identify host in the section titled Overview of the Address Resolution Protocol

imagoon · Mar 11, 2015

Ok the thing to understand here is the entire ARP protocol is a Layer 3 to Layer 2 bridge protocol. It straddles the layers. The actual ARP request is running up at Layer 3 and uses the layer 3 broadcast to query the other devices and reply. However ARP protocol itself is not (routeable) network aware and is only valid on the layer 2 segment it is on and is specific to Ethernet. The ARP protocol isn't valid for other physical layers like serial, token ring, MPLS etc.

Not sure if that makes sense... Basically it runs at the [ethernet] link-local layer, translates between [ethernet] link local and network layers and uses the network layer to communicate with other nodes. It is a great example of a glue protocol.

Gryz · Mar 11, 2015

dedriven said:
1)Cisco says Proxy arp works when two ethernet ports on a router are in the same IP network ie 192.172.1.2/25 &192.172.1.134/25

I don't think so. I don't think you can even configure a cisco router to do that. Interfaces must have ip-addresses in different ranges.

I think proxy-arp is meant to work when the hosts have a different idea about what the subnet-mask is. In other words: when the hosts have a bug, or have very old software.

In your example, it would mean that the cisco has 130.1.1.1/24 and 130.1.2.1/24. A hosts on 130.1.1.0/24 has the wrong idea about the subnet mask. E.g. because it thinks 130.1/16 is a class B address. And thus it thinks that its 130.1.1.100 address has a subnet mask of 130.1.1.100/16.

Now suppose 130.1.1.100 wants to send a packet to 130.1.2.200. Because it thinks the subnetmask is /16, it thinks 130.1.2.200 is on the same network. Therefor it will do an arp-request for 130.1.2.200. The router sees that the arp-request is for an ip-address that is not even inside the prefix of the network. Then proxy-arp will come to play. The router will reply to the arp-request with a reply to indicate that its own MAC address is the MAC address of 130.1.2.200. 130.1.1.100 will now happily send packets to the router's MAC-address. The router can forward the packets to the real destination.

Proxy-arp is a kludge. It was meant to make scenarios work where hosts were misconfigured. Or couldn't deal with subnets properly. Or didn't understand classless routing. I would have hoped that in 2015 there was no proxy-arp necessary anywhere in the world.

My question regarding proxy arp is the destination MAC the routers & the router sends a reply to the host with it's MAC as the MAC to reach the destination host

Not sure I understand the question again. ("the routers and router" ?).
Anyway, the reply will be: "the router's MAC address is the MAC address for 130.1.2.200" (the target).
The real MAC address of 130.1.2.200 is not mentioned ever. In fact, the router might not even know the real MAC address. The destination might be several hops away. Proxy-arp does not only work on two directly connected subnets.

2)ARP With host on different subnets cisco says the router sends a L-3 broadcast for the target and the target replies & the router forwards the arp reply to the sender so it can update.

It can't be a layer-3 broadcast. Because ARP is not inside an IP packet. ARP is encapsulated directly inside an Ethernet frame. Check out the ARP RFC to see exactly what ARP-packets look like. And how ARP works.
https://tools.ietf.org/html/rfc826

Could you post the URL for the page of the cisco manual that says the above. I can't believe that's true for proxy-arp. Maybe in some bridging scenario. But ARP packets are never forwarded outside their original subnet.

BTW, you need to try to be more precise in the words and abbreviations you use. When in doubt, write out the full word. "add" for address makes my brain stop for 3 seconds. Either you say "address" or "addr". And even then, address is a meaningless word in network. MAC-address or IP-address ? There are more examples. L2 and L3, never seen L-3. Best to just use the full word for such short words.

My question regarding ARP on different subnets. Does this mean the router opens the ARP packet and sees that the destination add needs to send a mac so it L-3 broadcast.

All ARPs are sent to the Ethernet Broadcast address. Always. Requests and Replies. The requests are broadcast, because all hosts must receive them, so they can see if someone is looking for them. The replies are also all broadcast, because then everybody is updated with the latest information. (This is necessary if hardware is replaced, and a host gets a new ethernet address. Or IP-addresses are configured differently. And to refresh ARP-cache entries).

So all ARP-requests are broadcast.
So all routers will receive them.
A router can do 3 things when it receives an ARP-request.
1) Is the requested IP-address my IP-address ?
If yes, send a ARP-reply.
2) Is the requested IP-address in the subnet of this network-segment ?
If yes, do nothing. We are done.
3) If the requested IP-address is not in the subnet of this network segment, then do we have proxy-arp configured ? If not, do nothing. If proxy-arp is configured, then reply with an ARP-reply that the router's MAC-address belongs to the target IP-address.

That's all.

The above info came from http://www.cisco.com/c/en/us/td/doc...tion/15-mt/arp-15-mt-book/arp-config-arp.html

Thanks, but that's huge.

My personal thoughts are this 1)When a host wants to send data to a remote device & it knows the destination add but not the MAC it doesn't care what the MAC is it just sends to it's default gateway

This is how it works.
All hosts have an IP address. And a network-mask (or a prefix-length, which is basically the same thing). With the network mask and its own IP address, a host can calculate what the network part is.

When a host wants to send a packet, it checks the destination IP-address against its own network-address. If the destination belongs to the same network as the host is in, then the host can send the packet directly.

To send a packet directly, it needs to know the MAC-address, to build an ethernet-frame. The host will request the destination's MAC address with an ARP-request. When it receives the reply, it puts the MAC-address/IP-address pair in the ARP cache. From now on, it can send packets to the destination directly to it.

If the host sees that the destination is not inside it own subnet, then it knows it has to send the packet via a router. If the host has no default-gateway, it drops the packet. If it does have a default-gateway (which it should), then the host will ARP-request for the default-gateway's IP-address. It then will put an ARP-entry for the gateway's IP-address/MAC-address pair in the ARP cache.

Clear ?

Gryz · Mar 11, 2015

imagoon said:
Ok the thing to understand here is the entire ARP protocol is a Layer 3 to Layer 2 bridge protocol.

No idea what you mean by this. But ARP itself has nothing to do with bridging. In case you mean "bridging as layer-2 switching".
If you mean bridging as in "ARP connects IP (layer 3) with Ethernet (layer 2)", yes, then you are 100% correct.

It straddles the layers. The actual ARP request is running up at Layer 3

An ARP-packet is encapsulated inside a layer-2 frame (e.g. an Ethernet frame). You could say the ARP requests and replies are in layer-3. Agreed.

and uses the layer 3 broadcast to query the other devices and reply.

ARP doesn't use layer-3 broadcasts. Because ARP is not inside an IP packet. ARP uses layer-2 broadcasts. And you are correct that both ARP requests and also replies are inside an Ethernet-frame with the Ethernet-destination address set to the Ethernet broadcast-address (ffff:ffff:ffff).

However ARP protocol itself is not (routeable) network aware and is only valid on the layer 2 segment it is on and is specific to Ethernet. The ARP protocol isn't valid for other physical layers like serial, token ring, MPLS etc.

ARP was designed to work on top of different layer-2 technologies.
E.g. see the packet-format.
https://tools.ietf.org/html/rfc826

Code:

The format of the packet follows.

    Ethernet transmission layer (not necessarily accessible to
         the user):
        48.bit: Ethernet address of destination
        48.bit: Ethernet address of sender
        16.bit: Protocol type = ether_type$ADDRESS_RESOLUTION
    Ethernet packet data:
        16.bit: (ar$hrd) Hardware address space (e.g., Ethernet,
                         Packet Radio Net.)
        16.bit: (ar$pro) Protocol address space.  For Ethernet
                         hardware, this is from the set of type
                         fields ether_typ$<protocol>.
         8.bit: (ar$hln) byte length of each hardware address
         8.bit: (ar$pln) byte length of each protocol address
        16.bit: (ar$op)  opcode (ares_op$REQUEST | ares_op$REPLY)
        nbytes: (ar$sha) Hardware address of sender of this
                         packet, n from the ar$hln field.
        mbytes: (ar$spa) Protocol address of sender of this
                         packet, m from the ar$pln field.
        nbytes: (ar$tha) Hardware address of target of this
                         packet (if known).
        mbytes: (ar$tpa) Protocol address of target.

Any layer-2 technology that uses IEEE802 frames, has some form of layer-2 MAC-address. E.g. 802.2 is Ethernet. 802.5 is Token-Ring. And Token-Ring also has a MAC-layer with MAC-addresses. IEEE 802.11 is Wireless. We often think as WiFi as just another "ethernet without cables". That's because IEEE 802.11 also has a MAC-layer with MAC-addresses. So ARP is not specific to Ethernet.

Not sure if that makes sense... Basically it runs at the [ethernet] link-local layer, translates between [ethernet] link local and network layers and uses the network layer to communicate with other nodes. It is a great example of a glue protocol.

Agreed. To be precise, MAC-addresses live at the MAC-layer of layer-2 of the OSI model. (There is more that lives in layer-2, like LLC. LLC is not so important for IP over Ethernet. But it is at other layer-2 technologies). "Link local" is a term from the IPv6 world, and should not be used in this context. The correct name for layer-2 is "data link layer". ARP does not really use the network-layer in this context, as ARP does not use IP-at all. ARP's own packets can be seen as layer-3, just because they are encapsulated inside a layer-2 frame.

I might sound like a dick. But I believe that correct use of terminology is important to prevent confusion.

Anyway, this thread is a necro of 18 months ago. I should never have replied.

dedriven · Mar 11, 2015

Hey look I appreciate the feedback, I know the cicso article http://www.cisco.com/c/en/us/td/docs...onfig-arp.html is long but for the sake of me passing my exam would both imagoon"diamond member" & Gryz"senior member please take a look at it ? look specifically at Overview of the Address Resolution Protocol section & Proxy ARP section . Thanks

Gryz · Mar 11, 2015

dedriven said:
please take a look at it ? look specifically at Overview of the Address Resolution Protocol section & Proxy ARP section . Thanks

Don't believe everything you read in cisco manuals.
Lots of it is very old. And despite it being old, nobody ever looks at it to improve it. Also, manuals are written by other people than the ones who write the code or design the protocols. I can imagine ARP being so old, nobody has looked at it for ages.

From: Overview of the Address Resolution Protocol

After the address is resolved and the default gateway receives the packet, the default gateway broadcasts the destination IP address over the networks connected to it. The Layer 3 device on the destination device network uses ARP to obtain the MAC address of the destination device and delivers the packet.

This is all bullshit.
I'm not gonna write here all the details how routing works.
But the basics is this:
1) you get a packet, you look at its destination address
2) you lookup the destination address in your routing table
3) if the destination network is directly connected, you arp (or look in the arp-cache) and send the packet directly to the destination
4) if the destination network is not directly connected, you lookup the next-hop gateway in the routing table entry.
5) you find the mac-address of the next-hop (in your arp-cache, or you arp for it). and then you send the packet directly to the next-hop-gateway
6) when the next-hop gateway receives the packet, it does exactly the same things again, starting at step 1 in this list.

That sentence in the cisco documentation suggests that routers forward packets by doing ARP. They don't. Routers look in routing tables. They also look in ARP-tables, but that's less important in the grand scheme of things.

From: Proxy ARP

When devices are not in the same data link layer network but are in the same IP network, they try to transmit data to each other as if they were on the local network.

This is correct. Another way to say this is:
When hosts are not on the same layer-2 network, but they believe they are in the same layer-3 subnet, they try to transmit data to each other as if they were on the same layer-2 network.

Note, this is not how IP is supposed to work. In IP, each layer-2 network must have its own layer-3 subnet. And all hosts must be aware in which exact subnet they are. It can be made to work, via a kludge like Proxy-ARP. But again, this is a hack, and not how things are supposed to work.

However, the router that separates the devices will not send a broadcast message because routers do not pass hardware-layer broadcasts. Therefore, the addresses cannot be resolved.

This could be translated as:
However, the router that separates the devices will not forward the ARP packet as if it was an IP packet. Because routers do not forward broadcasts (layer-2 nor layer-3 (unless you configure ugly kludges)). Therefor, the ARP request will never reach the target. And the target can never respond. And even if the target could respond, the response would be useless, because the original host can never reach the target directly.

Proxy ARP is enabled by default

Really ? I forgot that. Man, that is messy. But then again, cisco will never change the default behaviour of any feature. Never ever. Because it might break an existing network somewhere in the world. And therefor all new networks will run into the weirdest things.

The rest of the "Proxy ARP" section is correct.

Again, I still don't understand what your question exactlly is.
You have the cisco manual. You have all of that said in different words by imagoon and me. And most important, you have the RFC.
ARP is simple. Proxy-ARP is ugly. But if you understand ARP, it should be easy to understand how proxy-ARP works. What is not clear to you ?

dedriven · Mar 11, 2015

yes I think ARP is simple in regards to local arp. To me what is weird, including the fact that there are far to many misleading websites including cisco's. See Im getting ready for my CCNA exam. I have access to a cite that allows its members to ask questions about the material covered in their CCNA 200-120 exam books & access to Networking Professional that has a CCNA 200-120 online course. The problem is most of the time my questions go unanswered & I end up with cisco because I have read countless errors by visiting other cites. In fact I stumbled by this cite & for the first time in over a year my questions are getting responses so thank you for that. The deal with ARP is this, The protocol has the Source MAC, Source IP, Destination MAC & Destination IP built in and then we have a data-link addresses along with IP address. I am a determined kind of guy & I really can't swallow that a router would see a Destination data link broadcast in the data link header or the destination IP broadcast & say O ok let me process this and this is what I keep seeing about ARP but im not fooled I know better. I don't understand why a host would need ARP for remote host in the first place. Ex. I am at work & want to send my wife an email, let's assume I don't know the MAC of my wifes computer but I know her IP address. I think my computer would respond like this. First It realizes it can't reach the destination locally. Second It now know to send to it's default gateway Third If it does not know the default gateway's MAC address It would proceed to ARP for it. If it has the default gateways MAC it sends the "email to my wife" with My computers IP & MAC set to source the destination MAC of the gateway & the destination IP is my wifes. In summary I can't see a host knowing an IP of a remote host in the first place and the MAC of a remote host is not even needed to send to it because the local host uses the routers MAC as the destination MAC.

dedriven · Mar 11, 2015

dedriven said:
yes I think ARP is simple in regards to local arp. To me what is weird, including the fact that there are far to many misleading websites including cisco's. See Im getting ready for my CCNA exam. I have access to a cite that allows its members to ask questions about the material covered in their CCNA 200-120 exam books & access to Networking Professional that has a CCNA 200-120 online course. The problem is most of the time my questions go unanswered & I end up with cisco because I have read countless errors by visiting other cites. In fact I stumbled by this cite & for the first time in over a year my questions are getting responses so thank you for that. The deal with ARP is this, The protocol has the Source MAC, Source IP, Destination MAC & Destination IP built in and then we have a data-link addresses along with IP address. I am a determined kind of guy & I really can't swallow that a router would see a Destination data link broadcast in the data link header or the destination IP broadcast & say O ok let me process this and this is what I keep seeing about ARP but im not fooled I know better. I don't understand why a host would need ARP for remote host in the first place. Ex. I am at work & want to send my wife an email, let's assume I don't know the MAC of my wifes computer but I know her IP address. I think my computer would respond like this. First It realizes it can't reach the destination locally. Second It now know to send to it's default gateway Third If it does not know the default gateway's MAC address It would proceed to ARP for it. If it has the default gateways MAC it sends the "email to my wife" with My computers IP & MAC set to source the destination MAC of the gateway & the destination IP is my wifes. In summary I can't see a host knowing an IP of a remote host in the first place and the MAC of a remote host is not even needed to send to it because the local host uses the routers MAC as the destination MAC.

I guess the knowing how a router proceeds when it recieves a packet is the problem. If a host sent an ARP with its source mac & source IP and the targets IP but no targets MAC and that ARP was encapsulated then the datalink would be it's Source MaC & It's Source IP with the destination IP being the remote host & destination MAC being the default gateway interfaces MAC. I guess a router might open the msg because it is addressed to him. Can you explain

imagoon · Mar 11, 2015

You are confusing the layers again. ARP would have a source IP and destination IP. The destination IP would be the network broadcast. All devices listed to this and the one that has the that IP would respond. The source MAC would be the device that sent the broadcast, the destination MAC would be FF:FF:FF:FF:FF:FF which is a datalink broadcast. ARP itself is aware of and does the caching of the MAC to IP information, however it is still subject to the rules of layers 2 and 3. Remember packets go up and down the stack in order. The ARP request would be generated by datalink (layer 2) the protocol send the request up to layer 3, broadcasts it, the reply comes back from layer 3 for handling at layer 2. Due to that the ARP request would have layer 1, 2 and 3 data in the packet.

Should the router hold that MAC and IP it would reply like any other device. Otherwise it will receive and process the broadcast but not reply with anything.

MAC address link local, it doesn't operate outside of a local ethernet segement. It only exists in ethernet so you would not find a MAC address field on a TCPIP packet on a serial link etc.

So for your email to your wife it would go like this:

"send"
Application stack -> layer 3 (lots goes on here but not relevant, but DNS look up is at this level)
DNS loop up -> reply IP out at google or whatever.
PC will immediate ARP the default gateway.
default gateway replies, packet is build and sent to the router.
Frame is built on the ethernet side and sent to the default gateway.
Gateway router will pull apart the packet, strip off layer 1 and layer 2, process it, put on layer 1, and layer 2 stuff for the internet connection which may not have MAC etc and send it.

Computers should not be ARPing for addresses outside of the assigned network range as layer 3 knows it can't reach them.

Gryz · Mar 11, 2015

When you write (or edit) a post, in the editor window there is a button at the right top, which changes editor-mode. The default sucks, it takes the newlines and spaces out of your post. Change the editor-mode, and format your posts. They are unreadable now.

Remember, if people can't be bothered to put some effort in asking (and formatting) their question, others can't be bothered to put effort in answering.

dedriven · Mar 11, 2015

What editor button should I use or better yet which one do you use ?

Gryz · Mar 11, 2015

I don't think they have names. The yellow tooltip just says "Switch Editor Mode". I think there are 2. I use the non-default one. Also, use the "go advanced" button. Then you can "preview" what you have written, and see how it will be presented to others.

dedriven · Mar 11, 2015

imagoon said:
2) ARP is a layer 2 protocol. There is no Layer 3 (IP) broadcast for ARP. Proxy ARP lives entirely in the ARP tables at layer 2.

imagoon said:
You are confusing the layers again. ARP would have a source IP and destination IP. The destination IP would be the network broadcast.

@ imagoon they both cant be right

dedriven · Mar 11, 2015

are you talking about the wrapping quote tags

Gryz · Mar 11, 2015

imagoon said:
ARP would have a source IP and destination IP. The destination IP would be the network broadcast.

And ARP-packet is directly encapsulated in the Ethernet-frame. There is no IP-header in an ARP-packet. Where would those source and destination addresses go, if there's no IP-header ?

however it is still subject to the rules of layers 2 and 3. Remember packets go up and down the stack in order.

I would not cling too much to the 7-layer OSI stack, when talking about TCP/IP. TCP/IP is older than the concept of the 7-layer OSI stack. And thus TCP/IP does not completely follow that concept. E.g. there are no real layers 5 and 6. (You could discuss that newer stuff like XDR is layer 6, or SCTP is layer 5. But in general, TCP/IP skips layer 5 and 6).
Imho ARP should be considered something between layer 2 and 3, almost layer-2.5.

Due to that the ARP request would have layer 1, 2 and 3 data in the packet.

I am curious what you consider layer-1 ?
The OSI stack considers things like cables, connectors, and electrical signals as part of layer-1. As far as layer-1 is considered, a network connection is just a stream of bits. As soon as you start to bring order in that stream of bits, we talk about layer-2.

Computers should not be ARPing for addresses outside of the assigned network range as layer 3 knows it can't reach them.

Exactly. And that brings us back to proxy-ARP. When a host does ARP for an address that is not directly connected, then a router can recognize this, fake the ARP-reply, and tell the host to send the packets to him. This is the whole concept of proxy-ARP.

Gryz · Mar 11, 2015

dedriven said:
are you talking about the wrapping quote tags

No. Look at your posts. They are one long blob of text. No spaces, no alineas, no nothing. Very hard to read. See how imagoon and me format our posts. Try to do that too.

There is another benefit.
If you try to formulate exact questions, and try to write them down as precise and compact as you can, that forces you to think more about the problem. And sometimes that makes you realize things you have not realized before. And it might give you your answer. Chaos-writing only enhances chaos-thinking in a chaos-brain.

Gryz · Mar 11, 2015

I got another suggestion for you.

Download WireShark.
WireShark is a packet-sniffer.
https://www.wireshark.org/
It is free.
https://www.wireshark.org/download.html

Install WireShark. Start the applicaiton. Then start a capture.
I'm sure you will be confused at first. So many options.
But keep trying. Try to configure WireShark to only capture ARP packets.
Then start a capture.
You can look at your arp-cache with the dos-command "arp -a"
You can clear your arp-cache with the dos-command "arp -d *".
You can make your PC do an ARP-request by pinging something (on your local network).
Just play with it. Keep looking at WireShark, and see what packets go over the wire.

This might take an hour. Or two hours. But it is not wasted time. Learning to use a packet-sniffer is a valuable skill, if you ever wanna do stuff in professional networking.

imagoon · Mar 11, 2015

dedriven said:
@ imagoon they both cant be right

You are right, I misread what you were looking at. ARP does only live in the L2 broadcast domain. It can be encapsulated in to L3 for other uses.

imagoon · Mar 11, 2015

Gryz said:
And ARP-packet is directly encapsulated in the Ethernet-frame. There is no IP-header in an ARP-packet. Where would those source and destination addresses go, if there's no IP-header ?

I would not cling too much to the 7-layer OSI stack, when talking about TCP/IP. TCP/IP is older than the concept of the 7-layer OSI stack. And thus TCP/IP does not completely follow that concept. E.g. there are no real layers 5 and 6. (You could discuss that newer stuff like XDR is layer 6, or SCTP is layer 5. But in general, TCP/IP skips layer 5 and 6).
Imho ARP should be considered something between layer 2 and 3, almost layer-2.5.

I am curious what you consider layer-1 ?
The OSI stack considers things like cables, connectors, and electrical signals as part of layer-1. As far as layer-1 is considered, a network connection is just a stream of bits. As soon as you start to bring order in that stream of bits, we talk about layer-2.

Exactly. And that brings us back to proxy-ARP. When a host does ARP for an address that is not directly connected, then a router can recognize this, fake the ARP-reply, and tell the host to send the packets to him. This is the whole concept of proxy-ARP.

Layer-1 meaning the raw electricals like the embedded timing etc. Its there but not often important.

Number of subnets in CIDR.

Diamond Member

Diamond Member

Junior Member

Diamond Member

Junior Member

Diamond Member

Golden Member

Golden Member

Junior Member

Golden Member

Junior Member

Junior Member

Diamond Member

Golden Member

Junior Member

Golden Member

Junior Member

Junior Member

Golden Member

Golden Member

Golden Member

Diamond Member

Diamond Member