Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.
Overview
IP and LAN addresses The Internet is based on 32bit IP addresses Applications only deal with IP addresses But all Internet devices connect to a physical link via hardware Network Interface Card (NIC) that has an address. Data link protocols (Ethernet, Frame Relay) have different addresses
Nature of MAC addresses Hardare address allocation administered by IEEE Manufacturer buys portion of hardware address space (to assure uniqueness) Analogy of Internet Addresses: Hardware address: like Social Security Number IP address: like postal address Hardware: flat address ➜ portable assigned once, un-chageable, goes with you, move from one physical location to another it doesn’t change IP: hierarchical address -> not portable address assigned based on physical location, i.e., IP subnet to which device is attached, changes when you move from one network to another
IP and MAC Addresses LAN adapter 1A-2F-BB-76-09-AD 58-23-D7-FA-20-B0 0C-C4-11-6F-E3-98 LAN 137.196.7.23 137.196.7.78 137.196.7.14 137.196.7.88 71-65-F7-2B-08-53 IP addresses are “generally” known – i.e., application can find it in DNS database. How do we find a device’s hardware address? Use a ”dynamic binding” procedure - an address resolution process that finds hardware address for an IP address.
Address Resolution Protocol - ARP Standard for dynamic address resolution in the Internet The ARP protocol performs the translation between 32 bit IP addresses and link layer addresses to reach the physical location of a device on the same “single segment” network (i.e., all devices that have same IP network prefix) Physical address burned in NIC ROM, sometimes software settable or firmware. Example of an address on an Ethernet link (48bits): 1A-2F-BB-76-09-AD hexadecimal (base 16) notation (each “number” represents 4 bits) Isolates hardware address at low level Allows application programs to use IP addresses
ARP Description Allows device A to find device B’s hardware address Technique: broadcast query and obtain unicast response Query: sent as a “hardware” broadcast (link layer broadcast) limited broadcast: ARP only used to map addresses within a single physical/segment network, never across multiple (IP) networks Query contains A’s hardware address and B’s IP address Response: sent as a unicast to A’s hardware address contains B’s hardware address
ARP Operation A wants to send datagram to B A starts with B’s IP address A knows B is on the local network (resolved by A using network prefix) A broadcasts ARP query packet, containing B's IP address dest address in Ethernet frame = FF-FF-FF-FF-FF-FF source address in Ethernet frame = A’s hardware address all nodes on data link/single segment network, receive ARP query Query (ARP packet) contains A’s hardware address and B’s IP address B receives A’s ARP query packet, recognizes its IP address, replies to A with its (B's) hardware address frame sent to A’s hardware address (unicast) containing B’s hardware address
ARP Packet Format 18
ARP Packet Format General: can be used with Arbitrary hardware address (not just Ethernet) Arbitrary protocol address (not just IP) Variable length address fields (depends on type of datalink protocol)
Address Translation with ARP ARP Request: Argon broadcasts an ARP request to all stations on the network: “What is the hardware address of 128.143.137.1?” 128.143.137.1?
Address Translation with ARP ARP Reply: Router 137 responds with an ARP Reply which contains the hardware address 128.143.137.1?
Example ARP Request from Argon: Source hardware address: 00:a0:24:71:e4:44 Source protocol address: 128.143.137.144 Target hardware address: 00:00:00:00:00:00 Target protocol address: 128.143.137.1 ARP Reply from Router137: Source hardware address: 00:e0:f9:23:a8:20 Source protocol address: 128.143.137.1 Target hardware address: 00:a0:24:71:e4:44 Target protocol address: 128.143.137.144
Retention of Bindings Sending an ARP request/reply for each IP datagram (to same IP address) is inefficient. Solution -> maintain a table of bindings devices maintain a cache of currently used IP addresses and their corresponding hardware addresses. A device caches IP-to-hardware address pairs in a table until information becomes old (times out) Soft state: information times out (goes away) unless refreshed (i.e., everytime an IP address is looked up in the table) The entries expire after X minutes. Initially X=20, but because of mobility, it is now very short, sometimes just 30secs. Effect Use ARP one time, place results in table, then quick lookup many times (every packet sent to that same IP address)
Note on Bindings If A ARPs B, B keeps A’s information B will probably send a packet to A soon If A ARPs B, A keeps B’s information A will probably send more packets to B Other machines do not keep A’s information (if though they all see the boradcast with A’s information) Avoids clogging ARP caches needlessly
ARP Cache (table) Contents of the ARP Cache: ARP is “plug-and-play”: (128.143.71.37) at 00:10:4B:C5:D1:15 [ether] on eth0 (128.143.71.36) at 00:B0:D0:E1:17:D5 [ether] on eth0 (128.143.71.35) at 00:B0:D0:DE:70:E6 [ether] on eth0 (128.143.136.90) at 00:05:3C:06:27:35 [ether] on eth1 (128.143.71.34) at 00:B0:D0:E1:17:DB [ether] on eth0 (128.143.71.33) at 00:B0:D0:E1:17:DF [ether] on eth0 ARP is “plug-and-play”: nodes create their ARP tables without intervention from net administrator
Things to know about ARP What happens if an ARP Request is made for a non-existing host? Several ARP requests are made with increasing time intervals between requests. Eventually, ARP gives up. What if a host sends an ARP request for its own IP address? Know as gratuitous ARP No response hopefully This is useful for detecting if an IP address has already been assigned (via DHCP).
ARP in our Example Router IP Address Router MAC address ARP: Router responds to ARP Request from host Argon that arrives on one of its connected networks for the MAC address corresponding to the IP address of its interface on that connected network. Argon realizes that it needs to use router to reach Neon as the two hosts are on different IP networks. Router responds with its MAC address and then transfers the datagram to the next segment. 128.143.137.1/24 128.143.137.144/24 128.143.71.21/24 128.143.137.0/24 128.143.137.1? Router IP Address 128.143.137.1 is Router MAC address
Proxy Arp Allow devices on two different IP subnetworks to share a single IP network prefix Source believes destination is on same IP network Setup router to respond to the ARP broadcast requests for destinations on different subnet router masquerades as destination for ARP request sent by source on a subnet the two devices are unaware that they are on different subnets, subnet mask indicates that they have the same network prefix. Masquerades: router responds to broadcast ARP Request from source host that arrives on one of its connected networks for a destination host that is on one of its other connected networks.
Proxy ARP Operation in Our Example with Argon having /16 as its network prefix Router responds to broadcast ARP Request from host Argon that arrives on one of its connected networks for host Neon that is on one of its other connected networks. Host Argon believes Neon is on the same IP network because of its ”prefix” /16. Argon sees it is on IP network 128.143.0.0. When applying prefix /16 to Neon’s IP address 128.143.71.21 --> 128.143.0.0, which is the same as its own. so it sends a broadcast ARP request for Neon. Router responds with its MAC address and then transfers the datagram to the next segment. 128.143.137.1/24 128.143.71.21/24 128.143.137.0/24 Neon IP Address Router MAC address
ARP Cache in two Examples Non Proxy ARP: A’s ARP cache (128.143.137.1) at 00:e0:f9:23:a8:20 [ether] on eth0 Proxy ARP: (128.143.71.21) at 00:e0:f9:23:a8:20 [ether] on eth0
ARP Transport ARP message travels in data portion of data link layer frame We say ARP message is encapsulated Data area padded with zeroes if ARP message is shorter than minimum data link layer frame For Ethernet: frame type field 0x0806 used for ARP