Ethernet Addresses & Resolution

advertisement
Ethernet Addresses & Resolution
• A data link such as Ethernet or a token ring has its own
addressing scheme
• When an Ethernet frame is sent from one host to another, it
is the 48-bit Ethernet address that determines the
destination
• The first 28-bits are the organization that made the
Ethernet card, the second 28-bits are randomly assigned by
the manufacturer
• The device driver software never looks at the destination
IP address in the IP datagram
9/17/2002
ICSS420 - ARP - RARP
1
ARP
• Address resolution provides a mapping between
two different forms of addresses
– 32-bit IP addresses and whatever the data link uses
• ARP (address resolution protocol) is a protocol
used to do address resolution in the TCP/IP
protocol suite (RFC826)
• ARP provides a dynamic mapping from an IP
address to the corresponding hardware address
9/17/2002
ICSS420 - ARP - RARP
2
Basic Idea
• ARP is required on multi-access channels and
relies on the ability to broadcast
• The protocol is simple:
– broadcast a packet containing the IP address of the
destination machine
– the machine with that address, or possibly a server,
sends a reply containing the hardware address
– upon receipt the hardware address is used to send the
original packet
9/17/2002
ICSS420 - ARP - RARP
3
ARP Cache
• Essential to the efficient operation of ARP is the
maintenance of a cache on each host
• The cache maintains the recent IP to physical
address mappings
• Each entry is aged (usually the lifetime is 20
minutes) forcing periodic updates of the cache
• ARP replies are often broadcast so that all hosts
can update their caches
9/17/2002
ICSS420 - ARP - RARP
4
arp Commnd
• The arp(8) command on a Unix system can be
used to see the contents of the ARP cache
kiev> arp -a
Net to Media Table
Device
IP Address
------ -------------------hme0
redshirt
hme0
tiger
hme0
thunderbolt
hme0
starfury
hme0
cs3-router
hme0
epsilon3-38
hme0
mordor-38
hme0
itlabman
hme0
joanne
hme0
laurie
hme0
kiev
9/17/2002
Mask
Flags
Phys Addr
--------------- ----- --------------255.255.255.255
00:60:08:8b:e9:aa
255.255.255.255
08:00:20:85:f6:8d
255.255.255.255
08:00:20:9a:af:60
255.255.255.255
08:00:20:9a:af:79
255.255.255.255
00:10:11:09:f0:28
255.255.255.255
08:00:20:86:71:c0
255.255.255.255
08:00:20:96:01:ad
255.255.255.255
00:00:c0:65:d7:b9
255.255.255.255
00:05:02:59:51:52
255.255.255.255
00:05:02:79:c4:20
255.255.255.255 SP
08:00:20:9e:f2:99
ICSS420 - ARP - RARP
5
ARP Packet Format
8
16
31
Protocol Type
Hardware Type
Hardware Size
Protocol Size
Operation
Sender’s Hardware Address (for Ethernet 6 bytes)
Sender’s Protocol Address
(for IP 4 bytes)
Target Hardware Address
Target Protocol Address
Destination IP Address
9/17/2002
ICSS420 - ARP - RARP
6
Proxy ARP
• Proxy ARP lets a router answer ARP requests on
one of its networks for a host on another of its
networks
• This fools the sender of the ARP request into
thinking that the router is the destination
• The router is acting as a proxy agent for the
destination, relaying packets to it from other hosts
9/17/2002
ICSS420 - ARP - RARP
7
Proxy ARP
• Proxy ARP is also known as promiscuous ARP or
the ARP hack
• The names come from the other use of proxy
ARP: to hide two physical networks from each
other, with a router between the two
• This has been used to separate hosts running two
different versions of TCP/IP
9/17/2002
ICSS420 - ARP - RARP
8
Gratuitous ARP
• Gratuitous ARP occurs when a host sends an ARP
request looking for its own IP address
• This can happen at bootstrap time
• Gratuitous ARP provides two features
– it lets a host determine if another host is already
configured with the same IP address
– if the host sending the gratuitous ARP has just changed
its hardware address, the packet causes other hosts on
the net to update their ARP cache entries
9/17/2002
ICSS420 - ARP - RARP
9
Issues
• Many people ARP to be a dangerous protocol
– a bogus host can issue a gratuitous ARP and change
cache entries
– a bogus host can send replies giving its own hardware
address (instead of the target)
• Broadcasting can be expensive
– excessive use of bandwidth
– CPU costs
9/17/2002
ICSS420 - ARP - RARP
10
Reverse Address Resolution Protocol
• When a system boots, it typically gets its IP
address from a file
• How does a system, without a disk, get its IP
address?
• Since each system has a unique hardware address,
that hardware address can be used to lookup the
corresponding IP address
• RARP (RFC903) does exactly that
9/17/2002
ICSS420 - ARP - RARP
11
RARP Packet Format
• The format is exactly the same as ARP except
some of the numbers change
• The RARP request is broadcast and the reply is
sent to the requester
• Unlike ARP, designated RARP server(s) that
handles RARP requests
9/17/2002
ICSS420 - ARP - RARP
12
Download