Network Tables: ARP, MAC, Routing, DNS

How is a data message sent from a source to its destination?

Any network connection is a logical connection between two endpoints. There is a source endpoint and a destination endpoint with two separate unidirectional flows established.

All network connectivity is based on constantly updating ARP tables, MAC address tables, routing tables and DNS tables. Network connectivity tables are comprised of addresses and associated interfaces. They are all required to enable packet forwarding between endpoints on different subnets. The destination IP address is first resolved with a DNS request from source endpoint so that a destination IP address can be added to the destination field of IP header.

Any network communication requires addressing that is comprised of the following fields for source endpoint and destination endpoint.

The source IP address and destination IP address do not change. It is only the source MAC address and destination MAC address that are rewritten per router hop.

  • Source MAC address
  • Destination MAC address
  • Source IP address
  • Destination IP address

ARP Table

There is an ARP done initially by your desktop for example, to resolve the MAC address of a destination server after DNS has resolved the server IP address. Each host maintains a local ARP table that is updated as well.

ARP is only required when the destination server is on a different subnet that the host client (desktop). It is only routers, Layer 3 switches, firewalls or any routing enabled device that create ARP tables. Layer 2 switches do not create an ARP table.

ARP table is a list of MAC address (Layer 2) to an IP address (Layer 3) bindings. ARP requests are broadcast between Layer 3 devices as well and sent on the shared local subnet. That is done to update each ARP table per hop between source and destination. Remember that each router must know the destination MAC address of the next hop router to rewrite each frame. The following is a standard ARP table with MAC address and IP address associations. Each router would have an entry for the server IP address and MAC address as well based on the initial ARP request.

ARP Table

MAC Address Table

The MAC address is a unique 48-bit hardware identifier number assigned to the network interface card (NIC) of a host. There is a unique MAC address assigned to switch and router Ethernet interfaces as well. It is used for Layer 2 Ethernet addressing and added to the MAC address table of a switch. The MAC address is used to add a source and destination MAC address to each frame header.

MAC Address Table

The MAC (physical) address is 48 bits of hexadecimal numbering. The first 24 bits is a manufacturer OUI and the last 24 bits (bold) is a unique serial number (SN). The source MAC address is an endpoint interface or router interface and destination MAC address is the MAC address of next hop router interface or an endpoint interface.

*Serial WAN interfaces do not support MAC addressing. Router-1 for example would assign the MAC address of Gi1/1 (0000.000c.cccc) as source MAC address for outbound traffic. That is the local Ethernet interface where the frame arrived.

Routing Table

Routers or any Layer 3 device rewrite each frame with a new source MAC address and destination MAC address per router hop. That is done after performing a routing table lookup that is based on the destination IP address. The packet is then routed to the next hop upstream neighbor.

Routing Table

The last router does an ARP table lookup, so that it can rewrite outbound frame with the MAC address of the server in destination MAC address field. Layer 2 switches are never a MAC address destination. They only examine incoming frames and select a switch port for forwarding.

There is a routing table lookup on the last router that is based on the server subnet address. The next hop to the server subnet is a directly connected router interface. That is the local router interface where a Layer 2 switch is connected. The switch examines destination MAC address of arriving frame and does a MAC address table lookup for switch port associated with server MAC address. The frame is forwarded out of the local switch port where the server is connected.

Please share on social media