Understanding Frame-Relay Inverse-ARP
- By Joe Astorino
- June 15, 2011
- 15 Comments
Introduction
Ah, frame-relay inverse-ARP…one of those topics that makes most network engineers cringe, and one that can make CCIE candidates plain dizzy and frustrated. When I was studying for the CCIE lab exam, I found that the actual concept of inverse-ARP was simple, but the semantics of the what where and why is what confuses everybody. In this blog we are going to break down frame-relay inverse-ARP. We’ll start out with an introduction to the technology, and then dig into how it is used on each of our possible frame-relay interfaces: Physical, multipoint subinterfaces, and point-to-point subinterfaces.
Frame-Relay Basics
Frame-relay is a layer 2 WAN protocol that uses a concept of permanent virtual circuits (PVC) (and technically switched virtual circuits known as SVCs but we won’t be going there). A PVC is basically a predefined layer 2 path through a service provider network that sort of “emulates” a point-to-point leased line for the customer. Essentially, your router connects into a cloud of frame-relay switches at the ISP and the ISP switches your frames from one end of the cloud to the other where it pops out to a remote router. The fun part is that all the cloud stuff is invisible to the end routers for the most part. These PVCs, and their paths through the network are defined by data-link connection identifiers (DLCIs). The DLCI is stored in the frame-relay header. Basically what happens is this: When a router sends a frame into the frame-relay cloud it puts the DLCI into the frame-relay header and sends it to the frame switch. The frame switch switches the frame by doing a lookup on this DLCI and passes it to another frame switch. The same thing repeats in the cloud until the frame is switched all the way to the other side. In the sense that frames are switched by looking at something other than the IP header, it is similar to MPLS technology.
Inverse-ARP Basics
Most of our modern day networks use the IP protocol for layer 3 addressing and routing. Because frame-relay operates strictly at layer 2 of the OSI model using DLCIs, frame-relay routers need a way to resolve IP addresses to DLCI numbers. That way, when a frame-relay router wants to send an IP packet to say 100.100.100.4 it can encapsulate the packet into a frame-relay frame and send it out the proper circuit tagged with the proper DLCI. In short, we need layer 3 to layer 2 address resolution.
In frame-relay we can do this two ways — static or dynamic. The static method typically involves the frame-relay interface-dlci command or the frame-relay map command depending on exactly what is going on. The dynamic method is where inverse-ARP comes into play. Inverse-ARP is a way we can automate this layer 3 to layer 2 address resolution. Essentially what happens is that an inverse-ARP request is sent out a particular DLCI saying “I have IP address x”. Since the receiving router knows the incoming DLCI, it now knows that whoever sent the inverse-ARP request is reachable at IP address x out the DLCI the request was received on. The remote router than sends an inverse-ARP reply that contains his IP address. Now at the originating router we have a DLCI and an IP address pair. The inverse part of the term stems from the fact that in traditional ethernet ARP a host has a layer 3 IP address that it wants to resolve to a layer 2 MAC address. With inverse-ARP the opposite is true — a router has a layer 2 DLCI assigned to an interface and it needs to find which layer 3 IP addresses are reachable out that interface.
The biggest confusion with Inverse-ARP in the Cisco world has to do with the defaults on different interfaces. We will cover the rules of each type of interface as they relate to inverse-ARP now.
Physical Interfaces
Physical interfaces have inverse-arp enabled by default. Remember, every single DLCI the frame-relay router learns about via LMI from the frame-relay switch is going to be mapped to the physical frame-relay interface by default. You can see this with the show frame-relay pvc command.
- IF you have an IP address on the interface, the router will send an Inverse-ARP request out every single DLCI associated with the interface. If you have no other sub-interfaces with DLCIs assigned via frame-relay interface-dlci or frame-relay map commands this means ALL of them!
- Adding the command frame-relay interface-dlci does nothing because all the DLCIs learned from the frame switch are already associated with the interface. Therefore adding this command on a physical interface does not disable inverse-ARP in any way
- Adding the command frame-relay map for a manual IP/DLCI mapping will disable inverse-ARP for that particular DLCI on the interface. Note that inverse-ARP requests will still be sent on any other DLCIs associated with the physical interface
- You can disable inverse-ARP completely by issuing the no frame-relay inverse-arp interface command. However, if your router receives an inverse-arp request from another router, it will always respond to the request. You can validate this by looking at debug frame-relay packet as well as debug frame-relay events. Disabling inverse-ARP is usually the preferred thing to do, especially in the CCIE study world as rumor has had it for years that it is not allowed in the lab.
- You can disable inverse-ARP on a per-DLCI basis with the no frame-relay inverse-arp ip command
Multipoint Subinterfaces
Multipoint sub-interfaces have inverse-arp enabled by default…sort of, given the right conditions : )
- By default no inverse-ARP requests will be sent UNLESS you utilize the frame-relay interface-dlci command, and you have an IP address on the interface. If you put this command on your subinterface for one or more DLCIs, inverse ARPs will indeed be sent for those DLCIs. The somewhat confusing thing for people here is that typically the frame-relay interface-dlci command is not used on multipoint subinterfaces for this purpose. It’s only real purposes on this type of interface are for using inverse-ARP and for QoS (traffic shaping and such on a particular DLCI).
- frame-relay interface-dlci enables Inverse-ARP for that particular DLCI on the subinterface
- frame-relay interface-dlci mixed with frame-relay map will result in no inverse-ARP requests being sent on that DLCI. You might see this in the case where you are doing your L3/L2 address resolution with frame-relay map but you are also applying a DLCI specific QoS policy via frame-relay interface-dlci
- You can disable inverse-ARP completely by issuing the no frame-relay inverse-arp interface command. Same rules apply for replying to requests as on the physical — you always reply.
- You can disable inverse-ARP on a per-DLCI basis with the no frame-relay inverse-arp ip command
Point-To-Point Subinterfaces
The rules here are generally pretty simple. The frame-relay map command is not allowed on a point-to-point subinterface so it narrows down the confusion. The reason is because the link is by definition point-to-point so there is no need for a mapping of any kind. The router basically says “anything that gets routed out this subinterface is going out the DLCI assigned to the subinterface via the frame-relay interface-dlci command” because there is only one possible place the frame can go — to the other side of the point-to-point connection.
- frame-relay map command not allowed or useful
- frame-relay interface-dlci used on the subinterface to assign a DLCI to the subinterface
- No inverse-ARP is sent out regardless if it is enabled on the physical interface. Inverse-ARP requests are simply not sent on a point-to-point subinterface.
- Remember that inverse-ARP requests are ALWAYS answered. If your point-to-point sub-interface receives a request it WILL reply
Summary
Inverse-ARP is a way to automate layer 3 to layer 2 address resolution in a frame-relay network. It is enabled by default on physical interfaces. It can be used on multipoint subinterfaces given that the frame-relay interface-dlci command is used to tell the router what DLCI to send the requests out of. Requests are not sent out point-to-point subinterfaces. Inverse-ARP replies are always sent on all interface types.
If you are struggling with or studying this topic the best advice I can possibly give you is to lab this up. That is the key to understanding most things like this in my experience.
Hi Joe, I just watched the Frame portion of your IPX VoD lecture last night, so what a timely post. Should the second bullet under Multipoint sub-interfaces not read:
“frame-relay map disables Inverse-ARP for that particular DLCI on the subinterface”
frame-relay interface-dlciis exactly what enables InARP for multipoint sub-ints, isn’t it?Thanks for the great re-cap post!
Hey Bob,
Quite right, thanks for catching my typo! It is fixed.
Hi Joe,
Really thank you a lot for you very simple pretty post. I think you hit your goal successfully.
I don’t think that i need even to experience it in a Lab or so, it’s so simple so direct.
Br,
T. H.
You can also enable Router to answer inARP replay on multi-point subinterfase, because frame-relay map ip command associates subinterface with particular DLCI.
[…] Consider Frame Relay Switching from customer’s perspective For Frame Relay Access Router (DTE) who is connected to a Frame Relay Switch through a Virtual Channel identified by specific DLCI, it should know which IP addresses are reachable through that specific DLCI. Therefore, DTE routers need a mapping between reachable remote IP addresses and local DLCIs. And this can be done in two ways: Static and Dynamic. Static: The static method typically involves the frame-relay interface-dlci command or the frame-relay map command depending on exactly what is going on. Dynamic: The dynamic method is where inverse-ARP has a part to play. Essentially what happens is that an inverse-ARP request is sent out through a particular DLCI from the originating router saying “I have IP address x”. Since the receiving router will receive that request on its own local DLCI, it now knows which remote IP address is reachable through the DLCI the request was received on. The receiving router than sends an inverse-ARP reply that contains his IP address. Now at the originating router we also have a mapping between local DLCI and a reachable remote IP address. Reference URL: http://astorinonetworks.com/2011/06/15/understanding-frame-relay-inverse-arp/ […]
Your comment regarding replied to inverse arp requests when it is disabled is a direct contradiction to the Ciscopress CCIE Routing and Switching Certification Guide (Fourth Edition) (page 192). The book says “Interestingly, the no frame-relay inverse-arp command not only tells the router to stop sending InARP messages, but also tells the router to ignore received InARP messages” however you say that if you disable inverse arp your router will still reply to inverse arp messages.
What IOS did you use to produce this result?
I don’t recall but I encourage you to lab it up and see
I went ahead and labbed this up. The results I claimed are valid on a 3640 running 12.4(13a)
In this test, there are 2 routers R2 and R4. They both run frame-relay on a physical interface, and are both connected to a frame-relay switch.
R2
—-
interface Serial0/1/0
ip address 24.24.24.2 255.255.255.0
encapsulation frame-relay
end
R4
—-
interface Serial0/0
ip address 24.24.24.4 255.255.255.0
encapsulation frame-relay
frame-relay map ip 24.24.24.2 402 broadcast
no frame-relay inverse-arp
end
Note inverse-arp is disabled on R4 but enabled on R2. After bringing up the interfaces, the results of “debug frame-relay packet” and “debug frame-relay events” on R4 show that it replies to the inverse arp it received from R2
*Jul 10 04:41:48.839: Serial0/0(i): dlci 402(0x6421), pkt encaps 0x0300 0x8000 0x0000 0x806 (ARP), datagramsize 34
*Jul 10 04:41:48.839: Serial0/0: FR ARP input
*Jul 10 04:41:48.839: datagramstart = 0x6D0174E, datagramsize = 34
*Jul 10 04:41:48.839: FR encap = 0x64210300
*Jul 10 04:41:48.839: 80 00 00 00 08 06 00 0F 08 00 02 04 00 08 00 00
*Jul 10 04:41:48.843: 18 18 18 02 30 C1 00
*Jul 10 04:41:48.843: Serial0/0(i): dlci 412(0x64C1), pkt encaps 0x0300 0x8000 0x0000 0x806 (ARP), datagramsize 34
*Jul 10 04:41:48.843: Serial0/0: FR ARP input00 00 00 01 02 00 00
*Jul 10 04:41:48.843:
*Jul 10 04:41:48.843: Serial0/0: frame relay INARP received
*Jul 10 04:41:48.843: Serial0/0: inarp received on 402
*Jul 10 04:41:48.847: FR: Sending INARP Reply on interface Serial0/0 dlci 402 for link 7(IP)
*Jul 10 04:41:48.847: datagramstart = 0x6D019CE, datagramsize = 34
*Jul 10 04:41:48.847: FR encap = 0x64C1030
*Jul 10 04:41:48.847: 80 00 00 00 08 06 00 0F 08 00 02
Also note that R2 “show frame-relay map” output indicates it learned about R4 dynamically (through inverse-arp)
R2#sh frame map
Serial0/1/0 (up): ip 24.24.24.4 dlci 214(0xD6,0x3460), dynamic,
broadcast,
CISCO, status defined, active
Great post.. It cleared a lot of confusions.. thanks.
Thanks, your explanations clarified inv-ARP for my CCNA :-)
Great post, nice to read, nice to lab, all clear ;)
Thanks so much, it now makes perfect sense.
I struggled to figure out when to use frame-relay interface-dlci [local DLCI] command.
Now what I understand is by using frame-relay interface-dlci [local DLCI] you are technically telling the router that the specified DLCI goes here (to a subinterface), in other words you are mapping a local DLCI locally to a subinterface, then the inverse ARP request will get you the IP address configured on the remote router at other end of the PVC and router will create a dynamic frame-relay map to it.
You can use multiple frame-relay interface-dlci [local DLCI] commands for example if you have a point-to-multipoint setup and each DLCI connects to a point-to-point interface on the other end, the inverse-ARP requests then will be sent out on these DLCI and that should work as described above, of course you if the point-to-point interfaces are subinterfaces you need to use frame-relay interface-dlci [local DLCI] command on them, too (one each)
I hope that sounds alright :-)
[…] Astorino Networks – Understanding Frame-Relay Inverse-ARP – Introduction . Ah, frame-relay inverse-ARP…one of those topics that makes most network engineers cringe, and one that can make CCIE candidates plain dizzy and …… […]
[…] Astorino Networks – Understanding Frame-Relay Inverse-ARP – Introduction . Ah, frame-relay inverse-ARP…one of those topics that makes most network engineers cringe, and one that can make CCIE candidates plain dizzy and …… […]
[…] All of this stuff influences the behaviour of your OSPF neighborships so watch out for that. I used this article to brush up on some frame relay […]