MAC Addresses

MAC Addresses

Because there are both network-layer addresses (for instance, Internet IP addresses) and link-layer addresses (that is, MAC addresses), there is a need to translate between them. For the Internet, this is the job of the Address Resolution Protocol (ARP).

To understand the need for a protocol such as ARP, consider the network shown in Figure 1. In this simple example, each node has a single IP address, and each node's adapter has a single MAC address. As usual, IP addresses are shown in dotted-decimal notation and MAC addresses are shown in hexadecimal notation. Now assume that the node with IP address wants to send an IP datagram to node In this example, both the source and destination nodes are in the same network (LAN), in the addressing sense of IPv4 Addressing. To send a datagram, the source node must give its adapter not only the IP datagram but also the MAC address for destination node The sending node's adapter will then construct a link-layer frame containing the destination node's MAC address and send the frame into the LAN.

The important question addressed in this section is, How does the sending node determine the MAC address for the destination node with IP address As you might have guessed, it uses ARP. An ARP module in the

Each node on a LAN has an IP address

sending node takes any IP address on the same LAN as input, and returns the corresponding MAC address. In the example at hand, sending node provides its ARP module the IP address, and the ARP module returns the corresponding MAC address 49-BD-D2-C7-56-2A.

So we see that ARP resolves an IP address to a MAC address. In many ways it is analogous to DNS (studied in DNS -The Internets Directory Service), which resolves host names to IP addresses. However, one important difference between the two resolvers is that DNS resolves host names for hosts anywhere in the Internet, whereas ARP resolves IP addresses only for nodes on the same subnet. If a node in California were to try to use ARP to resolve the IP address for a node in Mississippi. ARP would return with an error.

Now that we have explained what ARP does, let's look at how it works. Each node (host or router) has an ARP table in its memory, which contains mappings of IP addresses to MAC addresses. Figure 2 shows what an ARP table in node might look like. The ARP table also contains a time-to-live (TTL) value, which indicates when each mapping will be deleted from the table. Note that the table does not necessarily contain an entry for every node on the subnet; some nodes may have had entries that have expired, whereas other nodes may never have been entered into the table. A typical expiration time for an entry is 20 minutes from when an entry is placed in an ARP table.

Now assume that node wants to send a datagram that is IP-addressed to another node on that subnet. The sending node needs to obtain the MAC address of the destination node, given the IP address of that node. This task

A possible ARP table in node

is easy if the sending nodes ARP table has an entry for the destination node. But what if the ARP table doesnt currently have an entry for the destination node ? In particular, suppose node wants to send a datagram to node In this case, the sending node uses the ARP protocol to resolve the address. First, the sending node constructs a special packet called an ARP packet. An ARP packet has numerous fields, including the sending and receiving IP and MAC addresses. Both ARP query and response packets have the same format. The purpose of the ARP query packet is to query all the other nodes on the subnet to determine the MAC address corresponding to the IP address that is being resolved.

Returning to our example, node passes an ARP query packet to the adapter along with an indication that the adapter should send the packet to the MAC broadcast address, namely, FF-FF-FF-FF-FF-FF. The adapter encapsulates the ARP packet in a link-layer frame, uses the broadcast address for the frames destination address, and transmits the frame into the subnet. Recalling our social security number/postal address analogy, an ARP query is equivalent to a person shouting out in a crowded room of cubicles in some company (say, AnyCorp): What is the social security number of the person whose postal address is Cubicle 13, Room 112, AnyCorp, Palo Alto, California ? The frame containing the ARP query is received by all the other adapters on the subnet, and (because of the broadcast address) each adapter passes the ARP packet within the frame up to an ARP module in that node. Each node checks to see if its IP address matches the destination IP address in the ARP packet. The (at most) one node with a match sends back to the querying node a response ARP packet with the desired mapping. The querying node can then update its ARP table and send its IP datagram, encapsulated in a link-layer frame whose destination MAC is that of the node responding to the earlier ARP query.

There are a couple of interesting things to note about the ARP protocol. First, the query ARP message is sent within a broadcast frame, whereas the response ARP message is sent within a standard frame. Before reading on you should think about why this is so. Second, ARP is plug-and-play; that is, a nodes ARP table gets built automatically - it doesnt have to be configured by a system administrator. And if a node becomes disconnected from the subnet, its entry is finally deleted from the tables of the nodes remaining in the subnet.

Students often wonder if ARP is a link-layer protocol or a network-layer protocol. As weve seen, an ARP packet is encapsulated within a link-layer frame and thus lies architecturally above the link layer. On the other hand, an ARP packet has fields containing link-layer addresses and thus is arguably a link-layer protocol, but it also contains network-layer addresses and thus is also arguably a network-layer protocol. In the end, ARP is probably best considered a protocol that straddles the boundary between the link and network layers - not fitting neatly into the simple layered protocol stack we studied in Computer Networks and the Internet. Such are the complexities of real-world protocols.

Sending a Datagram to a Node off the Subnet

It should now be clear how ARP operates when a node wants to send a datagram to another node on the same subnet. But now lets look at the more complicated situation when a node on a subnet wants to send a network-layer datagram to a node off the subnet (that is, across a router onto another subnet). Lets discuss this issue in the context of Figure 3, which shows a simple network consisting of two subnets interconnected by a router.

There are many interesting things to note about Figure 3. First, there are two types of nodes: hosts and routers. Each host has exactly one IP address and one adapter. But, as discussed in "The Network Layer", a router has an IP address for each of its interfaces. For each router interface there is also an ARP module (in the router) and an adapter. Because the router in Figure 3 has two interfaces, it has two IP addresses, two ARP modules, and two adapters. Of course, each adapter in the network has its own MAC address.

Also note that Subnet 1 has the network address 111.111.111/24 and that Subnet 2 has the network address 222.222.222/24. Thus all of the interfaces connected to Subnet 1 have addresses of the form and all of the interfaces connected to Subnet 2 have addresses of the form

Now lets examine how a host on Subnet 1 would send a datagram to a host on Subnet 2. Specifically, suppose that host wants to send an IP datagram

Two subnets interconnected by a router

to a host The sending host passes the datagram to its adapter, as usual. But the sending host must also indicate to its adapter an appropriate destination MAC address. What MAC address should the adapter use? One might be tempted to guess that the appropriate MAC address is that of the adapter for host, namely, 49-BD-D2-C7-56-2A. This guess, however, would be wrong. If the sending adapter were to use that MAC address, then none of the adapters on Subnet 1 would bother to pass the IP datagram up to its network layer, since the frames destination address would not match the MAC address of any adapter on Subnet 1. The datagram would just die and go to datagram heaven.

If we look carefully at Figure 3, we see that in order for a datagram to go from to a node on Subnet 2, the datagram must first be sent to the router interface, which is the IP address of the first-hop router on the path to the final destination. Thus, the appropriate MAC address for the frame is the address of the adapter for router interface, namely, E6-E9-00-17-BB-4B. How does the sending host acquire the MAC address for By using ARP, of course. Once the sending adapter has this MAC address, it creates a frame (containing the datagram addressed to and sends the frame into Subnet 1. The router adapter on Subnet 1 sees that the link-layer frame is addressed to it, and therefore passes the frame to the network layer of the router. Hooray - the IP datagram has successfully been moved from source host to the router. But we are not finished. We still have to move the datagram from the router to the destination. The router now has to determine the correct interface on which the datagram is to be forwarded. As discussed in "The Network Layer", this is done by consulting a forwarding table in the router. The forwarding table tells the router that the datagram is to be forwarded via router interface This interface then passes the datagram to its adapter, which encapsulates the datagram in a new frame and sends the frame into Subnet 2. This time, the destination MAC address of the frame is indeed the MAC address of the ultimate destination.


network layer, nodes, router, ip address, datagram

Copy Right

The contents available on this website are copyrighted by TechPlus unless otherwise indicated. All rights are reserved by TechPlus, and content may not be reproduced, published, or transferred in any form or by any means, except with the prior written permission of TechPlus.