MAC, Routing, DNS, and ARP Tables

Any network connection is a logical connection between two endpoints. There is a source endpoint and a destination endpoint with two separate unidirectional flows established.

All network connectivity is based on constantly updating ARP tables, MAC address tables, routing tables and DNS tables. Network connectivity tables are comprised of addresses and associated interfaces. They are all required to enable packet forwarding between endpoints on different subnets. The destination IP address is first resolved with a DNS request from source endpoint so that a destination IP address can be added to the destination field of IP header.

Any network communication requires addressing that is comprised of the following fields for source and destination endpoint. The source IP address and destination IP address do not change. It is only the source MAC address and destination MAC address that are rewritten per router hop.

    • Source MAC address
    • Destination MAC address
    • Source IP address
    • Destination IP address

MAC Address Table

The MAC address is a unique 48-bit hardware identifier number assigned to the network interface card (NIC) of a host. There is a unique MAC address assigned to switch and router Ethernet interfaces as well. It is used for Layer 2 Ethernet addressing and added to the MAC address table of a switch. The MAC address is used to add a source and destination MAC address to each frame header.

Switch: MAC Address Table

The MAC (physical) address is 48 bits of hexadecimal numbering. The first 24 bits is a manufacturer OUI and the last 24 bits (bold) is a unique serial number (SN). The source MAC address is an endpoint interface or router interface and destination MAC address is the MAC address of next hop router interface or an endpoint interface.

*Serial WAN interfaces do not support MAC addressing. Router-1 for example would assign MAC address of Gi1/1 (0000.000c.cccc) as source MAC address for outbound traffic. That is the local Ethernet interface where the frame arrived. All network devices have a base MAC address as well that is assignable for network addressing.

ARP Table

ARP request is sent from a host (desktop), to learn the MAC address of a destination server after DNS has already resolved destination server IP address. It is only Layer 3 network devices (routers, Layer 3 switches, firewalls) and hosts that create ARP tables. Layer 2 switches do not create an ARP table.

ARP table is a list of MAC address (Layer 2) to IP address (Layer 3) bindings. ARP requests are broadcast between all Layer 3 devices and sent on the shared local subnet. That is done to update (populate) each ARP table per hop between source and destination. Remember that each router must know the destination MAC address of the next hop router to rewrite each frame. The following is a standard ARP table with MAC address and IP address associations. Each router would have an entry for the server IP address and MAC address based on the initial ARP request.

Router: ARP Table

Routing Table

Layer 3 network device rewrite each frame with a new source MAC address and destination MAC address per router hop. That is done after performing a routing table lookup based on the destination IP address. The packet is then routed to the next hop upstream neighbor.

Router: Routing Table

The last router does an ARP table lookup, to rewrite outbound frame with the MAC address of the server to destination MAC address field. Layer 2 switches are never a MAC address destination. Switches only examine incoming frames and select a switch port for forwarding.

Layer 3 Per Hop Frame Rewrite

There is a routing table lookup on the last router that is based on the server subnet address. The next hop to the server subnet is a directly connected router interface. That is the local router interface where a Layer 2 switch is connected. The switch examines destination MAC address of arriving frame and does a MAC address table lookup for switch port associated with server MAC address. The frame is forwarded out of the local switch port where the server is connected.

Please share on social media