Ethernet Addresses & Resolution • A data link such as Ethernet or a token ring has its own addressing scheme • When an Ethernet frame is sent from one host to another, it is the 48-bit Ethernet address that determines the destination • The first 28-bits are the organization that made the Ethernet card, the second 28-bits are randomly assigned by the manufacturer • The device driver software never looks at the destination IP address in the IP datagram 9/17/2002 ICSS420 - ARP - RARP 1 ARP • Address resolution provides a mapping between two different forms of addresses – 32-bit IP addresses and whatever the data link uses • ARP (address resolution protocol) is a protocol used to do address resolution in the TCP/IP protocol suite (RFC826) • ARP provides a dynamic mapping from an IP address to the corresponding hardware address 9/17/2002 ICSS420 - ARP - RARP 2 Basic Idea • ARP is required on multi-access channels and relies on the ability to broadcast • The protocol is simple: – broadcast a packet containing the IP address of the destination machine – the machine with that address, or possibly a server, sends a reply containing the hardware address – upon receipt the hardware address is used to send the original packet 9/17/2002 ICSS420 - ARP - RARP 3 ARP Cache • Essential to the efficient operation of ARP is the maintenance of a cache on each host • The cache maintains the recent IP to physical address mappings • Each entry is aged (usually the lifetime is 20 minutes) forcing periodic updates of the cache • ARP replies are often broadcast so that all hosts can update their caches 9/17/2002 ICSS420 - ARP - RARP 4 arp Commnd • The arp(8) command on a Unix system can be used to see the contents of the ARP cache kiev> arp -a Net to Media Table Device IP Address ------ -------------------hme0 redshirt hme0 tiger hme0 thunderbolt hme0 starfury hme0 cs3-router hme0 epsilon3-38 hme0 mordor-38 hme0 itlabman hme0 joanne hme0 laurie hme0 kiev 9/17/2002 Mask Flags Phys Addr --------------- ----- --------------255.255.255.255 00:60:08:8b:e9:aa 255.255.255.255 08:00:20:85:f6:8d 255.255.255.255 08:00:20:9a:af:60 255.255.255.255 08:00:20:9a:af:79 255.255.255.255 00:10:11:09:f0:28 255.255.255.255 08:00:20:86:71:c0 255.255.255.255 08:00:20:96:01:ad 255.255.255.255 00:00:c0:65:d7:b9 255.255.255.255 00:05:02:59:51:52 255.255.255.255 00:05:02:79:c4:20 255.255.255.255 SP 08:00:20:9e:f2:99 ICSS420 - ARP - RARP 5 ARP Packet Format 8 16 31 Protocol Type Hardware Type Hardware Size Protocol Size Operation Sender’s Hardware Address (for Ethernet 6 bytes) Sender’s Protocol Address (for IP 4 bytes) Target Hardware Address Target Protocol Address Destination IP Address 9/17/2002 ICSS420 - ARP - RARP 6 Proxy ARP • Proxy ARP lets a router answer ARP requests on one of its networks for a host on another of its networks • This fools the sender of the ARP request into thinking that the router is the destination • The router is acting as a proxy agent for the destination, relaying packets to it from other hosts 9/17/2002 ICSS420 - ARP - RARP 7 Proxy ARP • Proxy ARP is also known as promiscuous ARP or the ARP hack • The names come from the other use of proxy ARP: to hide two physical networks from each other, with a router between the two • This has been used to separate hosts running two different versions of TCP/IP 9/17/2002 ICSS420 - ARP - RARP 8 Gratuitous ARP • Gratuitous ARP occurs when a host sends an ARP request looking for its own IP address • This can happen at bootstrap time • Gratuitous ARP provides two features – it lets a host determine if another host is already configured with the same IP address – if the host sending the gratuitous ARP has just changed its hardware address, the packet causes other hosts on the net to update their ARP cache entries 9/17/2002 ICSS420 - ARP - RARP 9 Issues • Many people ARP to be a dangerous protocol – a bogus host can issue a gratuitous ARP and change cache entries – a bogus host can send replies giving its own hardware address (instead of the target) • Broadcasting can be expensive – excessive use of bandwidth – CPU costs 9/17/2002 ICSS420 - ARP - RARP 10 Reverse Address Resolution Protocol • When a system boots, it typically gets its IP address from a file • How does a system, without a disk, get its IP address? • Since each system has a unique hardware address, that hardware address can be used to lookup the corresponding IP address • RARP (RFC903) does exactly that 9/17/2002 ICSS420 - ARP - RARP 11 RARP Packet Format • The format is exactly the same as ARP except some of the numbers change • The RARP request is broadcast and the reply is sent to the requester • Unlike ARP, designated RARP server(s) that handles RARP requests 9/17/2002 ICSS420 - ARP - RARP 12