Answer: Predicting ARP Messages 1
This latest #CCNA / #CCENT question uses a specific scenario: a working ping, a clearing of a switch MAC address table, and a repeat of the ping. The scenario hopes to make stretch a bit and think outside the box. Take a look at the original question before checking the answers and explanations listed below the fold!
Answer
G: 0 ARP Requests are sent
Explanation
Honestly, this question features the distractors, rather than the typical operations of how ARP and MAC tables work. As a result, the correct answer shows that no devices needed to send new ARP Requests. To see why first consider the IP forwarding logic used on hosts and routers (but not on layer 2 switches).
To deliver packets from the source host (A) to destination host B, the hosts and routers work together. They think about forwarding the IP packets, encapsulating those packets, and having appropriate ARP tables so that they can build the correct new data link headers when encapsulating the packets.
The layer 2 switches do not perform any encapsulation on the messages – that is true of all layer 2 switching. Instead, layer 2 switches receive an Ethernet frame and forward the Ethernet frame, without stripping the Ethernet header/trailer (de-encapsulation) or adding a new Ethernet header/trailer (re-encapsulation). As a result, they do not need an ARP table for that purpose, because an ARP table supplies some of the information used when encapsulating an IP packet into an Ethernet frame.
In short, the hosts and routers need ARP table entries to support forwarding the packets holding the ICMP messages for the ping commands, but the switches do not.
Figure 1: Devices and Their Need for ARP Tables in this Question
Sifting Through the Distractor Technology
The question forces you to think about a couple of major distractors. First, what about that clearing of switch SW2’s MAC table? Even if you agreed about the ARP table entries required on the hosts and routers, does the process of clearing SW2’s MAC table cause issues for the ARP tables on the hosts or routers? It sure creates a little heartburn if you have never thought about it, that’s for sure. But no: The hosts and routers do not change their behavior at all based on changes to the neighboring switches’ MAC tables.
The other distractor – probably the more likely mistake people make – is to think that switches also need ARP table entries when forwarding packets. Let me put the critical ideas in bullets:
- Layer 2 switches do NOT use an ARP cache during the process of receiving and forwarding Ethernet frames.
- Layer 2 switches do NOT use an ARP cache when learning new entries for their MAC address tables.
- Layer 2 switches DO use an ARP cache for IP Packets to/from the switch’s management IP address.
Remember switch forwarding logic? A frame arrives. The switch determines the incoming frame’s VLAN, compares the frame’s destination MAC address to its MAC address table, and makes a forwarding decision. No encapsulation, no use of ARP. Also, the switch learns MAC addresses based on the source MAC address of the frames – a process independent from ARP, and for a different purpose than ARP.
Finally, the last distractor might be wrapped up in the whole idea of who needs to ARP for whom. If you start thinking about the beginning, what ARP table entries do each device need to discover? Which ARP table entries would not be needed? You may have been thinking about those details first, given the context of the question, especially if you thought that the clearing of the MAC address table caused a clearing of all or some of the ARP caches. For this post, I will leave that discussion for a later question – one that uses a scenario which requires at least one ARP Request.
Live Courses from Wendell, and Common Mistakes
I will be teaching Live courses this year, free to anyone with a SafariBooksOnline subscription. The first one, “Acing the CCNA Exam: Top 10 Tactics and Other Insights”, is a 3-4 hour course that focuses on picking up enough points to pass the CCNA Exam. At least half the class discusses scenarios like the one in this question, with challenging distractors – distractors that can be the most common mistakes people make on the exam. Come join in the fun! The next class is Feb 8th, 2018, with another one scheduled for March 21st.
I’ve been summarizing the most common mistakes people make in these kinds of questions at the end of the question explanations in posts this year as an extra help to those people taking the “Acing” courses. Here’s a summary of facts you need to know which then let you avoid those common mistakes:
- Hosts and routers need ARP tables, because they encapsulate IP packets into Ethernet frames.
- Layer 2 switches do not need ARP tables for the purpose of forwarding frames.
- Layer 2 switches do need and use ARP tables to support the sending of IP packets for their management IP address.
- Both the MAC address table of a switch, and an ARP table on any device, includes MAC addresses. However, the processes that use them are independent from each other.
- The clearing (or timing out of entries) of a MAC address table on a switch does not cause the ARP tables of connected devices to change.
- The clearing (or timing out of entries) of an ARP table on a host or router does not cause a neighboring switch’s MAC table to change.
You mentioned in Part II of the ICND1 book to assume that the test will be referring to switches as Layer 2 unless specifically mentioned as Multilayer. This seems like a good example of keeping that in mind, thanks.
you’re welcome!
Hi Mr. Wendall,
Your topics are precise and to the point. It’s a wonderful explanation given in this example. Could u please replicate the scenario with multilayer switch. Appreciate your help.
Another way to think about the ARP process is that routers and PC maps the IP addresses with mac addresses. Switches doesn’t do that. Mostly the switch only used like what Wendell says about switches for “IP Packets to/from the switch’s management IP address.”
Thanks for the sparking my mind!
Thank you.
This question was very helpful!
Thanks Mr. Wendall. In the scenario presented in this question, what would SW2 do with the frame that it recieves? (Let’s assume there’re more hosts connected to SW2)
Would it broadcast the frame it recieved since it doesn’t have the MAC address of server(B)? Or something else?
Hi Hossein,
First, think about the message as it flows left to right. To answer your question, focus on R2, and what it sends into SW2. R2 forwards the original IP packet by first encapsulating it inside an Ethernet frame. With a destination of host B, and with host B on the same subnet as R2, R2 places host B’s MAC as the destination Ethernet address of the frame. So, the frame that arrives into SW2 has a destination MAC of host B’s MAC address. (We know that R2 already has a good ARP table entry for host B per all the detail in the post above.)
Anyway, switch SW2 forwards that unicast Ethernet frame based on its current MAC address table. So, if you had cleared the MAC table as suggested in this post, then SW2 would flood the frame. If instead the MAC table listed host B’s MAC along with the associated interface, SW2 would forward the frame out only that interface.
Hope that helps…
Hi author, can you please add more questions on this part of the book ? thanks in advance.
Hi Rob,
Wendell here. I’ll consider it when I next turn my attention to more questions. That’s not on the near-term work plan – just being honest. Feel free to ask specific questions, like the one you asked below.
Thanks Mr Odom, we appreciate your efforts.
You’re quite welcome!
can you elaborate more on the following point:
Hi Rob,
Sure. Think about any endpoint device, say a PC. If you understand how it uses ARP, then you understand how a layer 2 switch uses ARP. Both the PC and the Switch:
So, to support sending and receiving IP packets for management – like SSH or Telnet to/from the switch, or SNMP to manage the switch – the switch acts as a host. ARP is no different for the switch than it is for a host.
I think the case for the switch not using ARP when forwarding Layer 2 frames is pretty well covered in the post text… but it’s an area where people sometimes think “there must be some ARP in there”, but there’s not.
Hope this helps,
Wendell