The Adress Resolution Protocol
-
IP addresses are only meaningfull at the network layer.
-
Physical-layer protocols (like Ethernet and Token Ring) have their own
addressing schemes.
-
The TCP/IP suite uses a "dynamic discovery" protocol to figure out the
Ethernet address of a host.
-
It is called the Address Resolution Protocol (ARP).
So, the diagram for the TCP/IP suite using Ethernet is as follows:
TCP UDP
^ ^
\ /
\ /
v v
IP
/ ^
/ |
v |
ARP |
^ |
\ |
v v
ETHERNET
-
TCP sends and receives from IP
-
UDP sends and receives from IP
-
IP figures out where to send the packet, and gives the packet to ARP for
delivery
-
ARP figures out the ethernet address, and gives the packet to the Ethernet
driver
-
Etherenet gives incomming packets to ARP or to IP.
Example:
A B C D
E F G H
| | | / \
| | | |
-------------- ----------------
Machine A's IP address is 198.11.109.08, and machine B's IP address
is 198.11.109.09
-
An application on machine A wants to send a packet to an application on
machine B.
-
Application on A send packet to TCP. TCP send it to IP. IP realizes
the destination is on the same Ethernet wire. IP sends that packet to ARP,
saying "deliver this to 198.11.109.09".
-
ARP tells Ethernet to send a broadcast destined for the ARP protocols on
all other machines on the net (the Ethernet type field is 0806, which means
go to ARP instead of IP). The packet says "will the machine with
IP address 198.11.109.09 please tell me your Ethernet address?"
-
Because it is a broadcast, all machines on the wire get the packet. However,
only machine B responds. Machine B sends a packet containing its Ethernet
address to Machine A.
-
The ARP software on machine A caches the response, so it does not have
to send another broadcast. In most implementations, the cache is valid
for 20 minutes.
The ARP request protocol:
bytes: 2 2
1 1
2 6 4
6 4
----------------------------------------------------------------------------
Hardware| Protocol |Hardware |Protocol|
op |sender | sender |target | target
type | type
|address |address | |ether | IP
| ether | IP
| | size
| size | |addr | addr
| addr | addr
----------------------------------------------------------------------------
Hardware type: 0001 means Ethernet
Protocol type: 0800 means IP
Hardware address size: 06 (Ethernet address is 6 bytes)
Protocol address size: 04 (IP address is 4 bytes)
op: 0001 for request, 0002 for reply
Example:
-
Suppose 198.11.109.08 wants to send a packet to 198.11.109.10
-
Suppose 198.11.109.08 has Ethernet address 08:00:20:1A:1B:DE and 109.11.109.10
has Ethernet address 08:00:20:11:F1:A6
-
IP on 198.11.109.08 asks ARP to send the packet to 198.11.109.10.
-
ARP creates the following request:
0001 0800 06 04 0001 08 00 20 1A 1B DE C6 0B 6D 08
00 00 00 00 00 00 C6 0B 6D 0A
Notes:
-
C6 0B 6D 08 is 198.11.109.08 in hex.
-
C6 0B 6D 0A is 198.11.109.10 in hex
-
The sender's ethernet address is filled in.
-
The target ethernet addres is 00 00 00 00 00 00 (because we don't know
the ethernet address).
What goes onto the Ethernet wire?
If old Ethernet:
----------------------------------------------------------------
| Preamble | SOF | ff ff ff ff ff ff | 08 00 20 1A 1B DE | 0806
|
-----------------------------------------------------------------
| 0001 0800 06 04 0001 08 00 20 1A 1B DE C6 0B 6D 08
|
| 00 00 00 00 00 00 C6 0B 6D 0A
|
-----------------------------------------------------------------
| checksum |
------------
-
All machine on the wire get the packet (destination ethernet addres is
ff ff ff ff ff ff).
-
Every ethernet driver passes the packet to the ARP software (because the
type is 0806).
-
Only the machine with address of 198.11.109.10 responds.
If 802.3:
----------------------------------------------------------------
| Preamble | SOF | ff ff ff ff ff ff | 08 00 20 1A 1B DE | 002E
|
-----------------------------------------------------------------
| AA AA 03 00 0000 0806
|
| 0001 0800 06 04 0001 08 00 20 1A 1B DE C6 0B 6D 08
|
| 00 00 00 00 00 00 C6 0B 6D 0A
|
| (10 bytes of padding)
|
-----------------------------------------------------------------
| checksum |
-------------
check your notes on 802.3 and see why the data looks like that.
Also, you should know why there are 10 bytes of padding there.
The ARP reply:
0001 0800 06 04 0002 08 00 20 11 F1 A6 C6 0B 6D 0A
08 00 20 1A 1B DE C6 0B 6D 08
Notes:
-
The op field is 0002 (meaning it is a reply)
-
The sender ethernet address and the sender IP address is that of 198.11.109.10
(after all, 198.11.109.10 is sending the packet)
-
The target ethernet address adn target IP address are 198.11.109.08 (that's
who the response is for).
What goes onto the Ethernet wire?
If old Ethernet:
----------------------------------------------------------------
| Preamble | SOF | 08 00 20 1A 1B DE | 08 00 20 11 F1 A6 | 0806
|
-----------------------------------------------------------------
| 0001 0800 06 04 0002 08 00 20 11 F1 A6 C6 0B 6D 0A
|
| 08 00 20 1A 1B DE C6 0B 6D 08
|
-----------------------------------------------------------------
| checksum |
-------------
If 802.3:
----------------------------------------------------------------
| Preamble | SOF | 08 00 20 1A 1B DE | 08 00 20 11 F1 A6 | 002E
|
-----------------------------------------------------------------
| AA AA 03 00 0000 0806
|
| 0001 0800 06 04 0002 08 00 20 11 F1 A6 C6 0B 6D 0A
|
| 08 00 20 1A 1B DE C6 0B 6D 08
|
| (10 bytes of padding)
|
-----------------------------------------------------------------
| checksum |
-------------
Side question: does everyone see why the Ethernet address
is in the ARP data? Remember that the Ethernet driver will strip off
the Ethernet header before delivering the packet to the ARP layer. So,
in order for ARP to know the Ethernet address, the address must be in the
ARP data.
Important facts:
-
When machine A sends an ARP request asking for machine B's ethernet address,
it is a broadcast, so every machine on the LAN gets the request. The request
has A's ethernet address in it.
-
When machine B gets the request, it generates a response. But, it will
also add Machine A's ethernet address to its ARP cache! The thought is
that if A wants to talk to B, then eventually B will want to talk back.
So, B adds machine A's entry to the cache to aviod a broadcast later.
-
Even if you are not the machine being queried, you receive machine A's
query (it's a broadcast, remember). BUT, to save CPU cycles and memory
usage, all other machines (except B) will NOT cache A's ethernet address
in their ARP cache *unless* there is an entry for machine A in the ARP
cache already. In that case, the Ethernet address is updated. The thought
behind that is is machine A changes it's ethernet card, and reboots, all
ARP caches will be modified to reflect the new ethernet address as soon
as A does its first ARP request.
Other things to know:
-
ARP does not resend a request if it does not get a response.
-
It expects TCP to resend the request.
-
If UDP sent the packet, the packet is dropped.
-
HOWEVER, it keeps the IP address in the cache, and a blank ethernet address
is not response is received. That way,the entry will be completed if the
remote machine ever issues an ARP request.
Gratuitous ARP
-
Gratuitous ARP is simply a way to figure out if someone else is using your
IP address, or to inform all hosts that your ethernet address has changed.
-
Gratuitous ARP simply issues a standard ARP request for your own IP address
-
It is gratuitous is the sense that no reply is expected.
-
If you get a reply, then someone else is using your IP address!
-
Has the side effect of updating the ARP cache of all machines that have
your IP address in their ARP cache with your Ethernet address.
-
So, if you change your ethernet card, a gratuitous ARP will update all
ARP caches with your new ethernet address.