Cmpt 471 ARP

Address Resolution Protocol

@ In order to send an IP packet from one host to another, we need to know the IP address. But often that’s not enough. More than likely, we have to deliver this packet over a LAN, and that means we have to know how to address the frame that will transport the packet over the LAN. @ An example will make this clear. If you go to the Network Lab and look at the host summer, you’ll see that it has only one interface, connected to the net16 segment. If you examine summer’s routing table, you’ll find an entry similar to this: Destination Gateway Genmask Metric Iface

172.18.0.0 172.16.1.254 255.255.0.0 1 eth0

The entry says that when summer wants to send an IP packet to a destination address that matches 172.18.0.0/16, the packet should be sent to the net16 interface on the Cisco router, which has IP address 172.16.1.254. Suppose that summer wants to send an IP packet to the workstation july, using the IP address 172.18.1.7 (the eth1 interface on july). Summer con- structs in IP packet with source address 172.16.1.13 and destination ad- dress 172.18.1.7 (hex ac.12.01.07). Applying the IP routing algorithm, ac.12.01.07 ∧ ff.ff.00.00 = ac.12.00.00 = 172.18.0.0 so summer should use its eth0 interface and send this packet to the gateway at IP address 172.16.1.254. But . . . the IP packet is addressed to the final destination, and we can’t change that. The assumption is that the gateway’s interface is connected to the same link as the interface that summer is using to transmit the packet. In this particular case, both interfaces are connected to the same Ethernet. Summer will transmit the packet to the gateway interface by encapsulating the IP packet in an Ethernet frame. The Ethernet destination address will be the address of the gateway interface. When the frame arrives at the Cisco router, the whole process will be re- peated. The IP packet will be removed from the Ethernet frame. The router will examine the IP destination address, apply the IP routing algorithm, and choose an interface. It will encapsulate the IP packet in a new Ethernet frame, with the appropriate Ethernet destination address, and send it on its way.

1 June 5, 2006 Cmpt 471 ARP

@ One question remains. How do we find the Ethernet address of an interface, knowing only its IP address? The protocol for discovering the link level address (also called the hardware or physical address) associated with an IP address is the address resolution protocol (ARP).

@ We’ll discuss ARP in terms of mapping IP addresses to Ethernet addresses, but you should realise that the protocol definition is more general. It can be applied to map IP addresses to hardware addresses using other link tech- nologies, and it can be used with protocols other than IP. The only require- ment is that there be some mechanism to broadcast the ARP query to all interfaces connected to the link.

A This is one way to define the extent of a ‘link’: it’s the set of interfaces that can be reached by an ARP request. For an Ethernet, it’s the interfaces that can be reached using the Ether- net broadcast address. For technologies without a native broadcast ability (an ATM network, for example), more effort is required, but the principle remains the same. For all intents and purposes, the link consists of the set of interfaces that can be reached by the ARP request.

@ The format of an ARP packet is as shown below.

hardware type protocol type

hdw. addr. len. protocol addr. len operation

sender hardware address (octets 0 - 3)

sender hardware address (octets 4 - 5) sender protocol address (octets 0 - 1)

sender protocol address (octets 2 - 3) target hardware address (octets 0 - 1)

target hardware address (octets 2 - 5)

target protocol address (octets 0 - 3)

(The figure matches Ethernet and IP; it shows 32 bit words and shows the hardware address as 6 octets and the protocol address as 4 octets.)

2 June 5, 2006 Cmpt 471 ARP

A The fields labelled with ‘hardware’ refer to the hardware and protocol. The fields labelled with ‘protocol’ refer to the protocol. A The hardware type specifies the data link layer hardware and proto- col. The code for Ethernet is 1, for IEEE 802 it’s 6. There are around 30 other hardware types defined in the IANA database (e.g., ARCNET, Frame Relay, several flavors of ATM, HDLC, and serial line). A The protocol type specifies the type of network layer protocol, coded with the same numbers that are used in the Ethernet type field or the IEEE SNAP header. For IP, it’s 0x800. The IANA database shows around 100 protocol types. A Because ARP can support numerous data link and network protocols, we need to have fields to specify the length of the addresses. A The operation field specifies the type of ARP packet, coded as 1 for an ARP request and 2 for an ARP reply. (Note that this packet format also supports RARP and several other address resolution protocols, each with their own set of operation codes.) A The various addresses are self-explanatory. Again, the figure here as- sumes 6 octet Ethernet hardware addresses and 4 octet IP protocol ad- dresses.

@ An underlying assumption (for efificiency) is that hosts will maintain a cache of network to hardware address translations. When a host is ready to send an IP packet, it first checks this cache to see if it already knows the associ- ated hardware address.

@ If the hardware address isn’t known, the host will queue the IP packet and compose an ARP request. The request contains the sender’s hardware and protocol address, and the target’s protocol address. The ARP request be- comes the payload in an Ethernet frame and is sent out using the Ethernet broadcast address.

@ All hosts on the local network receive the ARP request frame and examine it. One host will recognise the target protocol address, compose an ARP reply which contains the address of the interface that received the ARP request, and transmit the reply back to the interface that sent the ARP request.

A The host that replies will also add the sender’s protocol address and hardware address to its own ARP cache. While all hosts will see the ARP request, and could add this information to their own cache, only the target will do it, because it can reasonably anticipate that it’ll use this translation very shortly.

3 June 5, 2006 Cmpt 471 ARP

For all the other (non-target) hosts, the translation would just be occu- pying space in the cache. If there’s an existing entry (indicating com- munication in the recent past) then that entry is updated.

@ When the ARP reply arrives back at the host that sent the ARP request, it makes an entry in its ARP cache, then goes to the IP queue and sends off any packets that were queued up waiting for this mapping.

@ If you use the arp command to look at the ARP cache on hosts down in the Network Lab, you can see this process in action.

A The ARP cache will usually be fairly empty when you first log on to a host. As you begin to experiment and send off IP packets to other hosts, you’ll see the ARP cache fill up. A If you use tcpdump or ethereal, you can see the ARP requests and replies go by on the net.

@ As the text notes, there are subtleties when it comes to the actual imple- mentation, to make sure that only IP packets needing a specific mapping are held pending the resolution of an ARP request, and to avoid redundant ARP requests.

@ As a final point, it’s worth noting that hosts are sometimes configured to perform something called a ‘gratuitous ARP’ as they boot.

A This ARP request contains the host’s own IP address. A If any other host replies, there’s trouble — it means that some other host believes it has the same IP address as the host that’s booting. A Gratuitous ARP is also used to refer to an ARP reply that’s sent out gratuitously (i.e., not in response to a request). This can be useful when an interface has just changed its Ethernet or IP address and wants to update any lingering ARP cache entries held by other hosts on the link.

@ The arping program will test connectivity to another host on the same Eth- ernet segment by sending ARP request messages.

4 June 5, 2006