ARP
Based on Computer Networks and
Internets (Comer)
CSIT 220 (Blum)
1
Hidden but still present
Just when you thought it was safe to forget about
the Data Link Layer …
The IP Layer may hide the information of the
Network Interface Layer (equivalent of Data Link
Layer in OSI) from the above lying layers, but that
information while hidden is still there and is
necessary.
The software is useless unless it is acting on the
hardware underneath.
CSIT 220 (Blum)
2
The final header
One should not forget that as a packet passes
through a protocol stack, each layer adds a header
to the packet.
The header added by Layer 2 includes a physical
address.
Somehow a packet must obtain the hardware
address of its destination
All communications require Layer 2 to Layer 2 to
Layer 2, etc. (each Layer 2 hop has a unique hardware
address)
CSIT 220 (Blum)
3
CSIT 220 (Blum)
4
Translation
So eventually there must be a translation
from the IP (software) address to the
physical address.
The physical address is also known as
The hardware address
The MAC (Media Access Control) address
The DLC (Data Link Control) address
The DLC identifier
CSIT 220 (Blum)
5
The problem
The problem: given an IP address, what is the
corresponding MAC address?
Finding the address is known as “resolving” or
“resolution.”
One gives the packet a hardware address, so that it
will be taken in by the right computer.
If the target computer is not on the same network,
then it is the router’s NIC (gateway’s NIC) that
takes in the packet and so that is the hardware
address assigned.
A hardware address is never resolved beyond the
network it is on.
CSIT 220 (Blum)
6
Solutions to finding MAC
addresses
Look it up in a table.
Calculate it.
Send out a request packet (exchange
messages).
CSIT 220 (Blum)
7
Table
Computers can have a table containing pairs
of associated IP addresses and MAC
addresses.
Tables can be dynamic (determined on the
fly) or static (hand-coded).
CSIT 220 (Blum)
8
Fig. 19.2
CSIT 220 (Blum)
9
Closed Form Calculation
In general IP addresses are logically
assigned and hardware addresses are not.
However, if the hardware addresses are
configurable, then the hardware address and
IP address can be simply related.
For instance, the hardware address and node
portion of the IP address could be made the
same.
CSIT 220 (Blum)
10
Exchanging messages
The previous two approaches were local (at
least once the table is made).
In the third approach, the computer sends
out a message requesting the MAC address
that corresponds to a particular IP address.
But to whom is the request made?
CSIT 220 (Blum)
11
AR Server or broadcast
Some networks have an AR (address
resolution) server, a machine dedicated (at
least in part) to answering these address
resolution questions.
If there is no AR server, the request is
broadcast to all computers on the network
and the one with a matching IP address
replies with a packet containing its MAC
address.
CSIT 220 (Blum)
12
Address Resolution Protocol
Address Resolution Protocol (ARP) is a set
of rules governing the translation of IP
addresses into physical addresses.
ARP is part of the TCP/IP suite
The protocol specifies a packet allowing for
A request: has known IP, seeks MAC
A response: fills in MAC
Not to be confused with AARP
CSIT 220 (Blum)
13
ARP Cache
Before issuing an ARP request packet, the
computer will see if it has the information locally.
A table, known as the ARP cache, holds IP/MAC
address pairs that the computer has recently used.
The table is refreshed roughly every 20 minutes
(??) in case an IP address is reassigned
CSIT 220 (Blum)
14
How ARP Works
A computer has a message to send, it knows the IP
but not the MAC address.
That computer may be the original source of the
message.
Or that computer may be the local network’s router if
the message originated on another network.
The computer first checks the ARP cache. If there
is a “cache hit,” the Network Interface Layer
(Data Link Layer) will add the appropriate header
with the physical address found. Now the
message is “complete” – ready to be placed on the
physical network.
CSIT 220 (Blum)
15
An ARP Request
If there is a “cache miss,” ARP broadcasts a
special request packet (containing the IP address
to be resolved) to all nodes on the local network.
If a host recognizes the IP address as its own, then
it returns a reply which supplies the physical
address (which is then cached).
If the destination is not on the local network, a
gateway will respond instead.
The message can not be sent until the address is
resolved.
CSIT 220 (Blum)
16
Request is broadcast
Response is unicast
CSIT 220 (Blum)
17
Flexibility of the protocol
ARP was designed to be flexible.
It has parameters determining the length of the IP
address, so it can accommodate IP(v4) and IP(v6).
It has parameters determining the length of the
physical address.
The protocol varies from LAN protocol to LAN
protocol.
There are separate ARP Requests for Comments
(RFC) for Ethernet, ATM, Fiber Distributed-Data
Interface, etc.
CSIT 220 (Blum)
18
When a request arrives
Upon receiving an ARP request a computer
Caches the MAC/IP address pair into its ARP
table
• Adding it if it is new
• Updating it if it is old
Compares the target IP address to its own
• If it does not match, do nothing more
• If it does match, prepare a response packet
CSIT 220 (Blum)
19
Fig. 19.6
CSIT 220 (Blum)
20
Example with IP(v4) and Ethernet
Determines the type of LAN: 1 for Ethernet
CSIT 220 (Blum)
21
Example with IP(v4) and Ethernet
Determines software protocol: usually IP
CSIT 220 (Blum)
22
Example with IP(v4) and Ethernet
Determines length of hardware address: 6 octets for
Ethernet
CSIT 220 (Blum)
23
Example with IP(v4) and Ethernet
Determines length of protocol address: 4 octets for
IP(v4)
CSIT 220 (Blum)
24
Example with IP(v4) and Ethernet
Determines operation: request, response, etc.
CSIT 220 (Blum)
25
Example with IP(v4) and Ethernet
Hardware address of source
CSIT 220 (Blum)
26
Example with IP(v4) and Ethernet
Protocol (IP) address of source
CSIT 220 (Blum)
27
Example with IP(v4) and Ethernet
Hardware address of destination (not known in a request)
CSIT 220 (Blum)
28
Example with IP(v4) and Ethernet
Protocol (IP) address of destination
CSIT 220 (Blum)
29
RARP
Reverse Address Resolution Protocol (RARP) is
when the physical address is known but the IP
address is not known.
When booting “diskless workstations” know only
their MAC address and not their IP addresses.
They must discover their IP addresses from an
external source, usually a RARP server.
The network administrator creates a table of
MAC/IP address pairs.
CSIT 220 (Blum)
30
Diskless workstation
A workstation or PC on a LAN that does not have
its own hard drive.
Instead, it puts files on a network file server. They
can reduce the cost of a LAN since one largecapacity disk drive is usually cheaper than several
low-capacity drives.
Also they can simplify backups and security
because all files are on the file server.
A disadvantage is that they are useless if the
network fails.
CSIT 220 (Blum)
31
What’s my address?
When a diskless workstation is booted, its
RARP client program requests that the
RARP server send it its IP address.
Provided the entry is in the RARP server’s
table, it sends it to the diskless workstation
in a RARP response.
CSIT 220 (Blum)
32
arp (at home, not a network)
options
CSIT 220 (Blum)
33
arp (at work in one of the labs, after
pinging a few other computers)
CSIT 220 (Blum)
34
Inverse ARP
Recall that in connection-oriented schemes
one works not with the destination address
but with the virtual circuit (channel)
identifier (VCI).
Inverse ARP (InARP) translates an IP
address into a VCI.
CSIT 220 (Blum)
35
Other References
http://www.webopedia.com
http://www.whatis.com
http://www.hill.com/library/publications/tcp
ip.shtml
CSIT 220 (Blum)
36