Arp; Overview; Arp In Netdefendos; Arp Cache - D-Link NetDefend DFL-210 User Manual

3.4. ARP

3.4. ARP

3.4.1. Overview

Address Resolution Protocol (ARP) is a protocol, which maps a network layer protocol address to a
data link layer hardware address and it is used to resolve an IP address into its corresponding
Ethernet address. It works at the OSI Data Link Layer (Layer 2 - see Appendix D, The OSI
Framework) and is encapsulated by Ethernet headers for transmission.
A host in an Ethernet network can communicate with another host only if it knows the Ethernet
address (MAC address) of that host. Higher level protocols such as IP make use of IP addresses
which are fundamentally different from a lower level hardware addressing scheme like the MAC
address. ARP is used to retrieve the Ethernet MAC address of a host by using its IP address.
When a host needs to resolve an IP address to the corresponding Ethernet address, it broadcasts an
ARP request packet. The ARP request packet contains the source MAC address and the source IP
address and the destination IP address. Each host in the local network receives this packet. The host
with the specified destination IP address, sends an ARP reply packet to the originating host with its
MAC address.

3.4.2. ARP in NetDefendOS

NetDefendOS provides not only standard support for ARP, but also adds a number of security
checks on top of the protocol implementation. As an example, NetDefendOS will by default not
accept ARP replies for which the system has not sent out a corresponding ARP query for. Without
this type of protection, the system would be vulnerable to "connection hijacking".
NetDefendOS supports both dynamic ARP as well as static ARP, and the latter is available in two
modes; Publish and XPublish.
Dynamic ARP is the main mode of operation for ARP, where NetDefendOS sends out ARP requests
whenever it needs to resolve an IP address to an Ethernet address. The ARP replies are stored in the
ARP cache of the system.
Static ARP is used for manually lock an IP address to a specific Ethernet address. This is explained
in more detail in the sections below.

3.4.3. ARP Cache

The ARP Cache is the temporary table in NetDefendOS for storing the mapping between IP and
Ethernet addresses. The ARP cache is empty at system startup and will be populated with entries as
needed.
The contents of a typical (minimal) ARP Cache looks similar to the following table:
Type
Dynamic
Dynamic
Publish
The first item in this ARP Cache is a dynamic ARP entry which tells us that IP address 192.168.0.10
is mapped to an Ethernet address of 08:00:10:0f:bc:a5. The second item dynamically maps the IP
address 193.13.66.77 to Ethernet address 0a:46:42:4f:ac:65. Finally, the third item is a static ARP
entry binding the IP address 10.5.16.3 to Ethernet address 4a:32:12:6c:89:a4.
The third column in the table, Expire, is used to indicate for how much longer the ARP entry will be
valid. The first item, for instance, has an expiry value of 45, which means that this entry will be
rendered invalid and removed from the ARP Cache in 45 seconds. If traffic is going to be sent to the
192.168.0.10 IP address after the expiration, NetDefendOS will issue a new ARP request.
IP Address
192.168.0.10
193.13.66.77
10.5.16.3
68
Ethernet Address
08:00:10:0f:bc:a5
0a:46:42:4f:ac:65
4a:32:12:6c:89:a4
Chapter 3. Fundamentals
Expire
45
136
-