Category Archives: Ethernet

ARP, InARP, RARP, Proxy ARP & Gratuitous ARP?? Whats this all about!!

There are lots of Arp terms in Network field today i.e. ARP, RARP, InARP, Proxy ARP and Gratuitous ARP. This was really confusing for me atleast in my early networking days and I am sure people who are new to networking must be in same situation. So I thought of putting the details here in order to alleviate their confusion. So let’s start

 1) ARP (Address Resolution Protocol)

ARP or Address Resolution protocol is a protocol as its name states which works on TCP/IP Layer 2. Networking between devices can’t be done without using this protocol which basically helps in getting the mac-address of connected router or gateway from IP Address. So for example, host/computer is connected to Router over Ethernet and we have manually configured IP Addresses on both sides with Router acting as Gateway for Host computer. Before Host can send packet to Router, it needs to build Layer 2 Frame and this frame encapsulates Packet including Payload/Date. You know that Frame has Source MAC-Address and Destination MAC-Address fields apart from other fields. So host can take out source-mac address from value burned in its NIC (Network Interface card) however it won’t be knowing the destination mac-address and in order to get the value of destination mac address host uses ARP. So Host will send broadcast ARP request message (destination FF:FF:FF:FF:FF:FF MAC address), which is accepted by all computers, requesting an answer for router’s gateway mac-address which is returned by Router in form for Arp-reply as a unicast.

APR_Packet Format

54:1e:56:f7:7d:4a > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 602, p 0, ethertype ARP, arp who-has tell

00:00:00:5e:00:00 > 54:1e:56:f7:7d:4a, ethertype 802.1Q (0x8100), length 64: vlan 602, p 0, ethertype ARP, arp reply is-at 00:00:00:5e:00:00

2) InARP ( Inverse ARP)

Now what is Inverse Arp then? Inverse ARP as you might guess is the opposite of ARP.  Instead of using layer 3 IP address to find a layer 2 MAC address, Inverse ARP uses layer 2 MAC addresses to find a layer 3 IP address.

Inverse ARP was mostly used by Framerelay and ATM Networks to map the DLCI to IP Address. So router basically asks the IP Address of destination or other end of PVC by listing DLCI for that router.

3) RARP (Reverse ARP)

Reverse ARP is same as Inverse ARP however it was mainly used for device configuration. In InARP IP Address of remote end was being asked however RARP task is to get the IP Address for its own purpose.

A network administrator creates a table in a local area network’s gateway router that maps the physical machine (or Media Access Control – MAC address) addresses to corresponding IP Addresses. When a new machine is set up, its RARP client program requests it’s IP Address from the gateway router. Assuming that an entry has been set up in the router table, the RARP server will return the IP address to the machine which can store it for future use.

Reverse ARP has been deprecated and replaced by BOOTP which was then later replaced by DHCP.

4) Proxy ARP

As we mentioned above that the ARP is basically to find out Layer 2 address from Layer 3 IP Address. Now suppose host is connected to router over Ethernet and host has one address and router has

Host wants to resolve the ARP for and thinks that Router is also in same subnet so should be able to get the mac-address however as Routers by design limit broadcast domains so won’t be sending the arp reply back and request will be rejected. If on the other hand router has any other interface connected to network and proxy-arp is enabled, in that case Router will send the arp reply to host by listing its own mac-address basically acting as proxy for destination Network. In this case we don’t have to change the netmask of host and it will work fine.

On Cisco interfaces, when we configure “no ip proxy-arp”, we are disabling this behaviour.

5) Gratuitous ARP

Gratuitous ARP is by far the interesting version of ARP and lets see how gratuitous ARP works. We will go through 2 use cases here:

Firstly let’s discuss some of the properties of GARP

  • Both source and destination IP in the packet are the IP of the host issuing the gratuitous ARP
  • The destination MAC address is the broadcast MAC address (ff:ff:ff:ff:ff:ff) . This means the packet will be flooded to all ports on a switch
  • No reply is expected

1st use case of GARP is finding duplicate IP Address on LAN. Host which wakes up lets say after reboot sends GARP by putting the Sender IP address and Target IP Address as its own IP and broadcast the frame using Ethernet II destination address of all FFs.

It is not expecting any reply however if someone replies back with mac-address corresponding to Target IP Address then it means that IP address is being used somewhere else in LAN which is a problem. In this way host can detect duplicates.

2nd use case of GARP is case of redundancy protocols like VRRP/HSRP. VRRP (Virtual Redundancy Routing Protocol) or HSRP works by providing redundant physical gateways to host reachable over same Virtual address in order for Host to reach destination networks even though one physical router is down.


VRRP has VIP (Virtual IP) concept which is shared among 2 VRRP routers and one of them is Active at any one time and holds Virtual MAC-Address corresponding to this VIP. Whenever host requests for ARP for, Master router will reply back with Virtual MAC Address.

Now we know that Switch updates its MAC Address table by looking at Mac address being learned on which port. Assuming Router 1 is Master currently, Switch will have entry in its table for Virtual Mac address learnt via Eth1 interface.

Let’s suppose that Router 1 goes down and in that case Router 2 sends GARP forcing switch to update its MAC-address table in order for it to update new location of Virtual MAC address reachable over new port i.e Eth2.

In this way, Host never sees an issue and packets sent by it will always egress a correct port.

Format of Gratuitous ARP

GARP Format

So that’s all, I hope you enjoyed this blog and I was able to clear some of your confusion. Let me know if you still have any doubt.


Mohit Mittal


802.3 vs Ethernet II.. Which is what?

You must have heard about Layer 2 Ethernet Frames used on Telecom Networks which contains most importantly MAC address of destination along with other fields.

However I have seen there is one confusion people generally have regarding the type of frame we generally use because of 2 types of Framing standard exists in Market today.

One is 802.3 Frame and other is Ethernet (specifically Ethernet II) Frame. We will discuss the difference between both of these in this blog and which version is most likely to be used by Telecom service providers for their networks.

In 1980-81, the first Ethernet standard was developed by Digital (DEC-Digital Equipment Corporation), Intel, and Xerox, and combined the first letter of all of their names. This standard is called DIX 1.0, sometimes referred to as Ethernet I. The standard was superseded in 1982, by DIX 2.0, the current Ethernet standard, also known as Ethernet II (or Ethernet Version 2).

In 1983, the IEEE (Institute of Electrical and Electronics Engineers) introduced the 802.3 Ethernet standard to standardize the protocol across all networking equipment, regardless of the manufacturer.

Now in Ethernet II, the frame begins with an 8-byte preamble that is used to alert and synchronize the Ethernet Network Interface Card (NIC) to the incoming data.
The next two fields are the Destination MAC Address and the Source MAC Address. Each field is 6 bytes.
Following the address fields, Ethernet Version 2 uses a 2-byte “type” (or EtherType) field that identifies the unique network protocol type embedded within the data field.

Following are the examples of EtherTypes:

0x0800 Internet Protocol version 4 (IPv4)
0x0806 Address Resolution Protocol (ARP)
0x8100 VLAN-tagged frame (IEEE 802.1Q) & Shortest Path Bridging IEEE 802.1aq
0x86DD Internet Protocol Version 6 (IPv6)
0x8847 MPLS unicast

The data field follows the EtherType field. This field is 46 to 1500 bytes.
Finally, the frame ends with a 4-byte Frame Check Sequence (FCS) that uses a 32-bit cyclical redundancy check (CRC) for error detection.

A typical Ethernet Version 2 frame looks like this:


IEEE 802.3 Ethernet

This frame begins with a 1-byte preamble followed by a 7-byte start frame delimiter. Combining these fields produce field no different than the 8-byte preamble used by Ethernet Version 2.
The next two fields are the Destination MAC Address and the Source MAC Address. Each field is again 6 bytes.
Following the address fields, IEEE 802.3 Ethernet uses a 2-byte “length” field that includes the IEEE 802.2 Logical Link Control (LLC) bytes and the data bytes. The length field in IEEE 802.3 Ethernet frames is always less than hex ’05DC’. This corresponds to 1500 bytes which is the maximum frame size for Ethernet. NIC cards look at this field to determine which Ethernet standard is being used. If the field is less than ’05DC’, it represents a length field, and the frame is an IEEE 802.3 Ethernet frame. If the field is greater than ’05DC’, the frame is an EtherType field and is an Ethernet Version 2 frame.

IEEE 802.2 is not part of the definition of IEEE 802.3; however, it is always bound together with an IEEE 802.3 header.
The rest of the data unit follows the 802.2 LLC fields. This can be from 42 to 1496 bytes.
Finally, the frame ends with a 4-byte FCS field which is the same as that described in the Ethernet Version 2 standard.

A typical IEEE 802.3 Ethernet frame looks like:


So if you have read above, you can see major advantage with Ethernet II is less overhead and more space to send data through the frame. For Ethernet II, data field is 46 to 1500 bytes and for 802.3, data field is 42 to 1496 bytes.

I hope I was able to resolve some of your confusion and please let me know if you still have any 🙂


Mohit Mittal