ARP (Address Resolution Protocol)

advertisement

As defined in RFC 826
ARP consists of the
following messages
■ ARP Request
■ ARP Reply

The ARP or Neighbor Cache
A 2-byte field that indicates the type of
hardware being used at the Network
Interface Layer.
Hardware Type
Value
1 (0x00-01)
6 (0x00-06)
15 (0x00-0F)
16 (0x00-10)
Data Link Layer
Technology
Ethernet
Token Ring
Frame Relay
Transfer Mode (ATM)
A 2-byte field that indicates the protocol
for which ARP is providing
address resolution. ARP Protocol Type is
set to 0x0800.
A 1-byte field that indicates the length in
bytes of the hardware address in the
Sender Hardware Address and Target
Hardware Address fields.
A 1-byte field that indicates the length in
bytes of the protocol address in the
Sender Protocol Address and Target
Protocol Address fields.
A 2-byte field that indicates the type of
ARP frame.
Operation Value
Type Of ARP Frame
1 (0x00-01)
ARP Request
2 (0x00-02)
ARP Reply
8 (0x00-08)
Inverse ARP Request
9 (0x00-09)
Inverse ARP Reply
A field that is the length of the value of the
Hardware Address Length field and
contains the hardware or Data Link Layer
address of the ARP frame’s sender.
A field that is the length of the value of the
Protocol Address Length field and
contains the protocol address of the ARP
frame’s sender.
A field that is the length of the value of the
Hardware Address Length field and
contains the hardware or Data Link Layer
address of the ARP frame’s target
(destination).
A field that is the length of the value of the
Protocol Address Length field and
contains the protocol address of the ARP
frame’s target (destination).
The Neighbor Cache
ARP also is used to perform duplicate address detection by
sending an ARP Request in which the TPA is set to the IP
address for which duplication is being detected.
ARP in previous versions of Windows added entries to the
ARP cache and refreshed their lifetime when they were used
without regard to whether the neighboring node was actually
reachable, was receiving the packets sent to it, and was able
to respond. Neighbor unreachability detection in Windows
Server 2008 and Windows Vista is the process by which a
node determines that the IP layer of a neighbor is no longer
receiving packets.
By default, TCP/IP for Windows Server 2008 and Windows Vista
use the Ethernet II encapsulation when sending both IP and ARP
frames. The TCP/IP protocol for Windows Server 2008 and
Windows Vista receives both Ethernet II and IEEE 802.3 SubNetwork Access Protocol (SNAP)–encapsulated frames, but, by
default, they respond only with Ethernet II–encapsulated frames.
To send IEEE 802.3 SNAP-encapsulated IP and ARP frames, use
the ArpUseEtherSNAP registry value.
InARP is used to resolve the IP address on the other end of a virtual
circuit based on a known Frame Relay DLCI. As RFC 2390 describes,
InARP was designed specifically for frame relay virtual circuits. Frame
relay link management protocols such as Local Management Interface
(LMI) determine which virtual circuits are in use over the physical
connection to the frame relay service provider. Once the DLCIs are
determined, InARP is used to query each virtual circuit to determine
the IP address of the interface on the other end. The responses are
used to build a table of entries consisting of [DLCI, next-hop IP
address].
Proxy ARP is the answering of ARP Requests on behalf of another
node. As RFC 925 describes, Proxy ARP is used in situations in
which a subnet is divided without the use of a router. A proxy ARP
device is placed between nodes on the same subnet. The proxy
ARP device is aware of which nodes are available on which
segment. The proxy ARP device also answers ARP Requests and
facilitates the forwarding of unicast IP packets for communication
between nodes on separate segments.
ARP is used as a translation layer between Internet Layer
addresses and Network Interface Layer addresses. ARP on
LAN links is used to resolve the next-hop IP address of a
node to its corresponding MAC address, to detect IP address
conflicts, and to determine neighbor reachability. InARP on
Frame Relay links is used to map a DLCI value to the IP
address of the node on the other end of the virtual circuit.
Proxy ARP is used to subdivide an IP subnet and provide
transparent communication without using an IP router.
Download