Address resolution protocol (ARP) is used
to map IP addresses to the corresponding MAC addresses so that packets can be
delivered to their destinations correctly.
1.1.1 Necessity
of the Address Resolution
After a packet is forwarded to the
destination network, MAC address is necessary for the packet to reach the very
device. So the destination IP address carried in a packet need to be translated
into the corresponding MAC address.
1.1.2 ARP Packet Structure
ARP packets are classified as ARP request
packets and ARP reply packets. Figure 1-1 illustrates
the structure of these two types of ARP packets.
l
As for an ARP request packet, all the fields
except the hardware address of the receiver field are set. The hardware address
of the receiver is what the sender request for.
l
As for an ARP reply packets, all the fields are
set.
Figure 1-1
Structure of an ARP request/reply packet
Table 1-1
describes the fields of an ARP packet.
Table 1-1 Description on the fields of an ARP packet
|
Field
|
Description
|
|
Hardware
Type
|
Identifies
the type of the hardware interface. Refer to Table
1-2 for the information about the field values.
|
|
Protocol type
|
Protocol type specifies the type of protocol
address being mapped. Its value is 0x0800 for IP addresses.
|
|
Length of the hardware address
|
Hardware address length (in bytes)
|
|
Length of protocol address
|
Protocol address length (in bytes)
|
|
Operator
|
Indicates the type of a data packets,
which can be:
l
1: ARP request packets
l
2: ARP reply packets
l
3: RARP request packets
l
4: RARP reply packets
|
|
Hardware address of the sender
|
Hardware address of the sender
|
|
IP address of the sender
|
IP address of the sender
|
|
Hardware address of the receiver
|
l
For an ARP request packet, this field is null.
l
For an ARP reply packet, this field carries
the hardware address of the receiver.
|
|
IP address of the receiver
|
IP address of the receiver
|
Table 1-2 Description on the values of the hardware type field
|
Value
|
Description
|
|
1
|
Ethernet
|
|
2
|
Experimental Ethernet
|
|
3
|
X.25
|
|
4
|
Proteon ProNET
|
|
5
|
Chaos
|
|
6
|
IEEE802.X
|
|
7
|
ARC network
|
1.1.3 ARP Table
In an Ethernet, the MAC addresses of two
hosts must be available for the two hosts to communicate with each other. Each
host in an Ethernet maintains an ARP mapping table, where the latest used IP
address-to-MAC address mapping entries are stored. Note that this manual only
introduces the basic implementation of the mapping table. Different products of
different manufactures may provide more information about the mapping table.
S7500 series Ethernet switches provide the display arp command to
display the information about ARP mapping entries for which you can refer to ARP
Command Manual. Figure 1-2 shows the structure
of an ARP mapping table.
Figure 1-2
An ARP mapping table
Table 1-3
describes the APR mapping table fields.
Table 1-3 Description on the fields of an ARP table
|
Field
|
Description
|
|
IF index
|
Index of the physical interface/port on
the device owning the physical address and IP address contained in the entry
|
|
Physical address
|
Physical address of the device, that is,
the MAC address
|
|
IP address
|
IP address of the device
|
|
Type
|
Entry type, which can be:
l
1: An entry falling out of the following three
cases
l
2: Invalid entry
l
3: Dynamic entry
l
4: Static entry
|
1.1.4 ARP
Implementation Procedure
The ARP mapping table of a host is empty
when the host is just started up. And when a dynamic ARP mapping entry is not
in use for a specified period of time, it is removed from the ARP mapping table
so as to save the memory space and shorten the interval for the switch to look
up entries in the ARP mapping table. For details, refer to Figure 1-3.
l
Suppose there are two hosts on the same network
segment: Host A and Host B. The IP address of Host A is IP_A and that of Host B
is IP_B. To send a packet to Host B, Host A checks its own ARP mapping table
first to see if the ARP entry corresponding to IP_B exists. If yes, Host A
encapsulates the IP packet into a frame with the MAC address of Host B inserted
to it and sends it to Host B.
l
If the corresponding MAC address is not found in
the ARP mapping table, Host A adds the packet in the transmission queue,
creates an ARP request packet and broadcasts it throughout the Ethernet. As
mentioned earlier, the ARP request packet contains the IP address of Host B,
the IP address of Host A, and the MAC address of Host A. Since the ARP request
packet is broadcasted, all hosts on the network segment can receive it.
However, only the requested host (namely, Host B) processes the request.
l
Host B saves the IP address and the MAC address
carried in the request packet (that is, the IP address and the MAC address of
the sender, Host A) to its ARP mapping table and then sends back an ARP reply
packet to the sender (Host A), with its MAC address carried in the packet. Note
that the ARP reply packet is a unicast packet instead of a broadcasted packet.
l
Upon receiving the ARP reply packet, Host A
extracts the IP address and the corresponding MAC address of Host B from the
packet, adds them to its ARP mapping table, and then transmits all the packets
in the queue with their destination being Host B.
Figure 1-3 ARP work flow
Once ARP is deployed, the ARP work flow is
automatically processed.
1.1.5 Introduction to Gratuitous ARP
The following are the
characteristics of gratuitous ARP packets:
l
Both source and destination IP addresses carried
in a gratuitous ARP packet are the local addresses, and the source MAC address
carried in it is the local MAC addresses.
l
If a device finds that the IP addresses carried
in a received gratuitous packet conflict with those of its own, it returns an
ARP response to the sending device to notify of the IP address conflict.
By sending gratuitous ARP packets, a
network device can:
l
Determine whether or not IP address conflicts
exist between it and other network devices.
l
Trigger other network devices to update its
hardware address stored in their caches.
When the gratuitous ARP packet learning
function is enabled on a switch and the switch receives a gratuitous ARP
packet, the switch updates the existing ARP entry (contained in the cache of
the switch) that matches the received gratuitous ARP packet using the hardware
address of the sender carried in the gratuitous ARP packet. A switch operates
like this whenever it receives a gratuitous ARP packet.
1.1.6 Introduction to ARP Proxy
ARP proxy: A host in a network sends an ARP
request to an isolated port in the same network or to a host in another
network. Devices enabled with the ARP proxy function forward the ARP request,
so as to realize the Layer 3 connectivity among the Lay 2 isolated ports.
In order to realize Lay 3 connectivity
among ports in one of the following conditions, you need to enable the ARP
proxy function (Proxy ARP).
l
Super VLAN function is enabled on S7500
switches.
l
The isolate-user-vlan function is enabled on
Layer 2 switches connecting with the S7500.
l After ARP proxy is enabled, ports in the same VLAN are
interconnected by default, so that the ARP proxy only processes the ARP
requests from different VLANs and does not deal with the ARP requests from the
same VLAN.
l When isolate-user-vlan function is enabled on the Layer 2 switches
connected with the S7500, ports in the same VLAN cannot communicate with each
other. To realize Layer 3 connectivity among Layer 2
isolated ports in the same VLAN, you need to enable the VLAN ARP proxy function
on the S7500 to make the ARP proxy process the ARP request from the same VLAN.
1.1.7 Introduction to ARP Source
Suppression
ARP source suppression function is that a
switch classifies the received ARP packets first, and then limits the maximum
number of ARP packets with the same type that can be sent to the CPU at a time
to protect CPU from being attacked by the illegal ARP packets generated when
the host scans ARP in the whole network.
An S7500 series switch classifies the
received ARP packets to the following types:
l
Arbitrary ARP packets, whose source IP address
and destination IP address are not distinguished.
l
ARP pass-by packets with the same source IP
address. (their destination IP addresses are not the IP address of the current
switch )
l
ARP packets that with the same source IP address
and their destination addresses are the IP address of the current switch.
According to these types, you can set the
maximum number of ARP packets of each type that can be sent to the CPU at a
time on the switch.When the number of ARP packets received at a time exceeds
the corresponding setting, the switch will regard the exceeding part of ARP
packets as illegal ARP packets and discard them.
1.2 ARP Configuration
ARP entries in an S7500 series Ethernet
switch can either be static entries or dynamic entries, as described in Table 1-4.
Table 1-4 ARP entries
|
ARP entry
|
Generation Method
|
Maintenance Mode
|
|
Static ARP entry
|
Manually configured
|
Manual maintenance
|
|
Dynamic ARP entry
|
Dynamically generated
|
ARP entries of this type age with time.
The aging period is set by the ARP aging timer.
|
1.2.1 Introduction
to ARP Configuration Tasks
Table 1-5
Introduction to ARP configuration tasks
1.2.2 Adding a Static ARP Mapping
Entry Manually
Table 1-6 Add
a static ARP mapping entry manually
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Add a static ARP mapping entry manually
|
arp static ip-address mac-address [ vlan-id
interface-type interface-number ]
|
Required
The ARP mapping table is empty when a
switch is just started. And the address mapping entries are created by ARP.
|
Caution:
l
Static ARP mapping entries are valid as long as
the Ethernet switch operates. But the following operations result in ARP
entries being removed: changing/removing a VLAN interface, removing a VLAN, or
removing a port from a VLAN.
l
As for the arp static command, the value
of the vlan-id argument must be the ID of an existing VLAN, and the port
identified by the interface-type and interface-number arguments
must belong to the VLAN.
1.2.3 Configuring Maximum Number of ARP Entries to Be Learnt
Use the following commands to configure the
maximum number of ARP entries that can be learnt.
Table 1-7
Configure the maximum number of ARP entries to be
learnt
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Configure the limit number of ARP entries
|
arp max-entry number
|
Optional
8192 by default.
|
|
Enter corresponding interface view
|
interface interface-type interface-number
|
—
|
|
Configure the maximum number of dynamic
ARP entries that can be learnt by an interface
|
arp max-dynamic-entry number
|
Optional
2048 by default
|
1.2.4 Configuring
the ARP Aging Timer for Dynamic ARP Entries
The ARP aging timer applies to all dynamic
ARP mapping entries.
Table 1-8 Configure
the ARP aging timer for dynamic ARP entries
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Configure the ARP aging timer
|
arp timer aging aging-time
|
Optional
By default, the ARP aging timer is set to
20 minutes.
|
1.2.5 Enabling
the ARP Entry Checking Function
When multiple hosts share one multicast MAC
address, you can specify whether or not to create multicast MAC address ARP
entries for MAC addresses learned by performing the operations listed in Table 1-9.
Table 1-9 Enable the ARP entry checking function
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enable the ARP entry checking function
(that is, disable the switch from creating multicast MAC address ARP entries
for MAC addresses learned)
|
arp check enable
|
Optional
By default, the ARP entry checking
function is enabled.
|
1.2.6 Configuring Sending of Gratuitous ARP Packets
Sending of gratuitous ARP packets is
enabled as long as an S7500 series switch operates. And no command is for this
function.
1.2.7 Configuring
the Gratuitous ARP packet Learning Function
Table 1-10
lists the operations to configure the gratuitous ARP packet learning function.
Table 1-10 Configure the gratuitous ARP packet learning function
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enable the gratuitous ARP packet learning
function
|
gratuitous-arp-learning enable
|
Required
By default, the gratuitous ARP packet
learning function is disabled.
|
1.2.8 Configuring ARP proxy
Table
1-11 Configure ARP proxy
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
VLAN interface view
|
interface Vlan-interface vlan-id
|
—
|
|
Enable ARP proxy
|
arp proxy enable
|
Required
|
|
Enable incoming VLAN ARP proxy
|
arp proxy source-vlan enable
|
Optional
By default, ARP proxy only processes the ARP request
between different VLANs. The incoming VLAN ARP function is disabled.
|
1.2.9 Configuring ARP Source
Suppression
Prevent illegal ARP packets from attacking the
CPU by setting maximum numbers of ARP packets of different types that can be
sent to the CPU at a time.
Table
1-12 Configure ARP source suppression
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Configure the maximum number of ARP
packets of a type sent to the CPU at a time
|
arp source-suppression limit { total | local | through }
limit-value
|
Optional
The default value is related with the
type of ARP packets
l When total is adopted, the default value is 100.
l When local is adopted, the default value is 3.
l When through is adopted, the default value is 3.
|
After the above configuration, you can
execute the display command in any view to display the running of the
ARP configuration, and to verify the effect of the configuration.
You can execute the reset command in
user view to clear ARP mapping entries.
Table 1-13 Display and debug ARP
|
Operation
|
Command
|
Description
|
|
Display specific ARP mapping table
entries
|
display arp [ static | dynamic | ip-address ]
|
These commands can be executed in any
view.
|
|
Display the ARP mapping entries related
to a specified string in a specified way
|
display arp [ dynamic | static | ip-address ] |
{ begin | include | exclude } text
|
|
Display the number limit of the ARP
entries
|
display arp entry-limit [ interface interface-type interface-number ]
|
|
Display the ARP mapping table of all
ports on a specified slot
|
display arp slot slot-id
|
|
Display the ARP mapping table of all
ports in a specified VLAN
|
display arp vlan vlan-id
|
|
Display the ARP mapping table of a
specified interface
|
display arp interface interface-type interface-number
|
|
Display the setting of the ARP aging
timer
|
display arp timer aging
|
|
Display ARP proxy state
|
display arp proxy [ interface interface-type interface-number ]
|
|
Display ARP source suppression
configuration information
|
display arp source-suppression
|
|
Clear specific ARP mapping entries
|
reset arp
[ dynamic | static | interface interface-type
interface-number ]
|
Execute this command in user view.
|
