Address Resolution Protocol (ARP) is a fundamental protocol used in IPv4 networks. Its primary function is to resolve a device’s IP address to its physical MAC address. Gratuitous ARP, or GARP, is a special kind of ARP message that’s used for specific purposes.
In this article, we’ll take a closer look at GARP, examine how it works, how it differs from regular ARP, and how it is used in a TCP/IP network.
What is ARP?
GARP is not a separate protocol from ARP, but it can be thought of as a special case of how ARP operates.
Thus, in order to fully understand GARP and its implications, it is necessary to first comprehend the operation of ARP.
ARP is used in IP networks to discover or resolve the Layer 2 address that corresponds to the IP address of the host you wish to reach.
For Ethernet networks in which ARP is primarily used, that Layer 2 address is the MAC address. When one host prepares data to send to another, it follows the encapsulation process, passing data down the protocol stack of the OSI model.
ARP in Action
The following is a diagram of a frame with the encapsulated IP packet as the Payload of the Ethernet frame.
When it comes time to add that Ethernet frame header during encapsulation, the host must populate the Destination MAC field with the MAC address of the destination host.
The IP address of that destination is known and is found within the IP header. ARP is used to discover that MAC address.
How ARP Operates
Take a look at the following simple network diagram:
When Host A wants to communicate with Host B, and it knows Host B’s IP address but not its MAC address, Host A broadcasts an ARP request on the network. This request is essentially asking, “Who has IP address X, and what is your MAC address?”
Because this is a broadcast, all devices on the local network segment receive the ARP request, but only Host B, which owns the IP address X, responds with an ARP reply. This reply contains Host B’s MAC address.
Host A receives the ARP reply and can now populate the Destination MAC address field in the Ethernet frame with Host B’s MAC address. Device A also stores this information in its ARP cache to minimize future ARP requests for the same IP address.
Devices maintain this, known as the ARP cache, which stores the IP-to-MAC address mappings of devices on the local network.
This cache has a timeout period, after which the entries are removed or refreshed to ensure up-to-date information. For most Windows-based PCs, the default ARP cache timeout is 20 minutes.
It’s important to note that ARP operates only within a single network segment, or within a single broadcast domain.
For communication between different network segments or VLANs, routing is required. If you need your ARP requests to be forwarded by any routers that may exist on your subnet, then you must configure what is known as proxy ARP, where the router will respond to ARP requests on behalf of devices that exist in other subnets. But this is beyond the scope of this article.
What is Gratuitous ARP?
Normal ARP operation is characterized by the fact that an ARP request is sent by the host requesting the information, and it is responded to with an ARP reply, containing the IP to MAC address mapping that was requested.
Gratuitous ARP takes place when a host sends an ARP reply when no request is sent. In other words, a host will announce to the whole network segment its IP to MAC address mapping. That’s why it is called “gratuitous” ARP. The word “gratuitous” here has the meaning of unwarranted, or unprovoked.
How is Gratuitous ARP useful?
One may wonder why Gratuitous ARP should even exist. If a host doesn’t know the required MAC address, it will ask for it and receive the information.
Even so, Gratuitous ARP is useful because a host that uses it can ensure that all of the network hosts connected to its own network segment have up-to-date ARP caches for its own IP. This means fewer delays for ARP requests and more immediate delivery of data.
But that’s not all. There are some particular scenarios where Gratuitous ARP is of utmost importance. These include:
- IP Conflict Detection: A device will typically use GARP to announce its IP address when it receives such an assignment from a DHCP server. If another device responds by indicating it has the same IP address, an IP conflict is detected. This is particularly useful in environments where static IP configurations might accidentally overlap or in DHCP environments to prevent the assignment of already-used IP addresses.
- Updating ARP Tables after a MAC Address Change: When a device’s MAC address changes (due to hardware replacement or other reasons), it can send a GARP to proactively inform other devices on the network about the change. This helps in updating the ARP caches on other devices, ensuring uninterrupted communication.
- Failover and High Availability Systems: In high-availability environments where two or more systems are set up for failover purposes (e.g., redundant servers or first hop redundancy protocols like HSRP), GARP is used to update network devices about the new MAC address to use for the IP address that was previously associated with a failed device. This ensures seamless traffic redirection to the backup device without manual intervention.
- Virtual Machine (VM) Migration: During live VM migrations between physical hosts in a virtualized environment, GARP messages are used to inform the network about the new location (i.e., the new physical host’s MAC address) of the migrated VMs. This ensures that network traffic reaches the VM at its new location without disruption.
- Software-Defined Networking (SDN): In SDN environments, GARP can be used by controllers to dynamically update the network fabric, allowing for more flexible and dynamic network configurations.
Gratuitous ARP plays a crucial role in ensuring network reliability, flexibility, and efficiency by automating the update of network information and aiding in conflict resolution. Its utility in modern networks, especially those with dynamic and high-availability requirements, is significant.
Additional Considerations
ARP and IPv6
ARP (including GARP) is a protocol that functions within the framework of IPv4. In IPv6, ARP’s role has been taken over by the Neighbor Discovery Protocol (NDP), which is part of the ICMPv6 (Internet Control Message Protocol for IPv6) suite.
NDP performs several functions that ARP does in IPv4 networks, along with additional features that are necessary for the operation of IPv6 networks.
Security
Although crucial for network communication, GARP, like ARP, has no built-in mechanisms for authentication, making it susceptible to attacks such as ARP spoofing or poisoning.
In such attacks, a malicious actor will use GARP to send false unsolicited ARP responses to link an attacker’s MAC address with the IP address of another device, usually to intercept or manipulate traffic. Several security features can and should be used to protect a network from such attacks.
Conclusion
ARP is a protocol that is largely invisible to most end users. Even so, it plays a critical role in ensuring that data packets find their way to the correct devices on a local network.
GARP takes a proactive approach in sending out ARP responses ensuring that the ARP tables of all hosts on the segment are up to date, to ensure uninterrupted communication between hosts.