1

Address Resolution Protocol(ARP)

Relates to Lab 2.

This module is about the address resolution protocol.

2

NetworkLayer

Link Layer

IP

ARP NetworkAccess RARP

Media

ICMP IGMP

TransportLayer

TCP UDP

Overview

3

IP and LAN addresses

• The Internet is based on 32bit IP addresses • Applications only deal with IP addresses• But all Internet devices connect to a physical link via hardware

Network Interface Card (NIC) that has an address.• Data link protocols (Ethernet, Frame Relay) have different

addresses

Nature of MAC addresses

• Hardare address allocation administered by IEEE• Manufacturer buys portion of hardware address space (to

assure uniqueness)• Analogy of Internet Addresses:

Hardware address: like Social Security Number IP address: like postal address

Hardware: flat address ➜ portable assigned once, un-chageable, goes with you, move from

one physical location to another it doesn’t change• IP: hierarchical address -> not portable

address assigned based on physical location, i.e., IP subnet to which device is attached, changes when you move from one network to another 4

IP and MAC Addresses

5

adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

LAN

137.196.7.23

137.196.7.78

137.196.7.14

137.196.7.88

71-65-F7-2B-08-53

• IP addresses are “generally” known – i.e., application can find it in DNS database.

• How do we find a device’s hardware address?• Use a ”dynamic binding” procedure - an address resolution

process that finds hardware address for an IP address.

Address Resolution Protocol - ARP

• Standard for dynamic address resolution in the Internet• The ARP protocol performs the translation between 32 bit IP

addresses and link layer addresses to reach the physical location of a device on the same “single segment” network (i.e., all devices that have same IP network prefix)

– Physical address burned in NIC ROM, sometimes software settable or firmware.

– Example of an address on an Ethernet link (48bits): 1A-2F-BB-76-09-AD• hexadecimal (base 16) notation (each “number” represents 4 bits)

• Isolates hardware address at low level• Allows application programs to use IP addresses

6

ARP Description

• Allows device A to find device B’s hardware address• Technique: broadcast query and obtain unicast response• Query: sent as a “hardware” broadcast (link layer broadcast)

– limited broadcast: ARP only used to map addresses within a single physical/segment network, never across multiple (IP) networks

– Query contains A’s hardware address and B’s IP address

• Response: sent as a unicast to A’s hardware address– contains B’s hardware address

7

ARP Operation

• A wants to send datagram to B– A starts with B’s IP address– A knows B is on the local network (resolved by A using network prefix)

• A broadcasts ARP query packet, containing B's IP address – dest address in Ethernet frame = FF-FF-FF-FF-FF-FF– source address in Ethernet frame = A’s hardware address– all nodes on data link/single segment network, receive ARP query – Query (ARP packet) contains A’s hardware address and B’s IP

address

• B receives A’s ARP query packet, recognizes its IP address, replies to A with its (B's) hardware address– frame sent to A’s hardware address (unicast) containing B’s hardware

address

8

9

ARP Packet Format

Destinationaddress

6

ARP Request or ARP Reply

28

Sourceaddress

6 2

CRC

4

Type0x8060

Padding

10

Ethernet II header

Hardware type (2 bytes)

Hardware addresslength (1 byte)

Protocol addresslength (1 byte)

Operation code (2 bytes)

Target hardware address*

Protocol type (2 bytes)

Source hardware address*

Source protocol address*

Target protocol address*

* Note: The length of the address fields is determined by the corresponding address length fields

18

ARP Packet Format

• General: can be used with– Arbitrary hardware address (not just Ethernet)– Arbitrary protocol address (not just IP)

• Variable length address fields (depends on type of datalink protocol)

10

11

Address Translation with ARP

ARP Request: Argon broadcasts an ARP request to all stations on the network: “What is the hardware address of 128.143.137.1?”

Argon128.143.137.144

00:a0:24:71:e4:44

Router137128.143.137.1

00:e0:f9:23:a8:20

ARP Request:What is the MAC addressof 128.143.71.1?128.143.137.1?

12

Address Translation with ARP

ARP Reply: Router 137 responds with an ARP Reply which contains the hardware address

Argon128.143.137.144

00:a0:24:71:e4:44

Router137128.143.137.1

00:e0:f9:23:a8:20

ARP Reply:The MAC address of 128.143.71.1is 00:e0:f9:23:a8:20

128.143.137.1?

13

Example

• ARP Request from Argon:

Source hardware address: 00:a0:24:71:e4:44Source protocol address: 128.143.137.144Target hardware address: 00:00:00:00:00:00Target protocol address: 128.143.137.1

• ARP Reply from Router137:

Source hardware address: 00:e0:f9:23:a8:20 Source protocol address: 128.143.137.1 Target hardware address: 00:a0:24:71:e4:44Target protocol address: 128.143.137.144

Retention of Bindings

• Sending an ARP request/reply for each IP datagram (to same IP address) is inefficient.

• Solution -> maintain a table of bindings– devices maintain a cache of currently used IP addresses and their

corresponding hardware addresses.

• A device caches IP-to-hardware address pairs in a table until information becomes old (times out) – Soft state: information times out (goes away) unless refreshed (i.e.,

everytime an IP address is looked up in the table)– The entries expire after X minutes. Initially X=20, but because of

mobility, it is now very short, sometimes just 30secs.

• Effect– Use ARP one time, place results in table, then quick lookup many

times (every packet sent to that same IP address)14

Note on Bindings

• If A ARPs B, B keeps A’s information– B will probably send a packet to A soon

• If A ARPs B, A keeps B’s information– A will probably send more packets to B

• Other machines do not keep A’s information (if though they all see the boradcast with A’s information)– Avoids clogging ARP caches needlessly

15

16

ARP Cache (table)

• Contents of the ARP Cache:(128.143.71.37) at 00:10:4B:C5:D1:15 [ether] on eth0

(128.143.71.36) at 00:B0:D0:E1:17:D5 [ether] on eth0

(128.143.71.35) at 00:B0:D0:DE:70:E6 [ether] on eth0

(128.143.136.90) at 00:05:3C:06:27:35 [ether] on eth1

(128.143.71.34) at 00:B0:D0:E1:17:DB [ether] on eth0

(128.143.71.33) at 00:B0:D0:E1:17:DF [ether] on eth0

• ARP is “plug-and-play”:– nodes create their ARP tables without intervention from net

administrator

17

Things to know about ARP

• What happens if an ARP Request is made for a non-existing host?

Several ARP requests are made with increasing time intervals between requests. Eventually, ARP gives

up.• What if a host sends an ARP request for its own IP address?

Know as gratuitous ARP

No response hopefully

This is useful for detecting if an IP address has already been assigned (via DHCP).

18

ARP in our Example

• ARP: Router responds to ARP Request from host Argon that arrives on one of its connected networks for the MAC address corresponding to the IP address of its interface on that connected network. Argon realizes that it needs to use router to reach Neon as the two hosts are on different IP networks.

• Router responds with its MAC address and then transfers the datagram to the next segment.

128.143.137.1/1600:e0:f9:23:a8:20

128.143.71.1/24

128.143.0.0/16Subnet

128.143.71.0/24Subnet

Router137

ARP Request:What is the MAC addressof 128.143.71.21?

128.143.137.144/16128.143.171.21/2400:20:af:03:98:28

Argon Neon

ARP Reply:The MAC address of128.143.71.21 is00:e0:f9:23:a8:20

Router IP Address

Router MAC address

128.143.137.1?

128.143.137.1 is

128.143.137.0/24

128.143.71.21/24128.143.137.144/24 128.143.137.1/24

Proxy Arp

• Allow devices on two different IP subnetworks to share a single IP network prefix– Source believes destination is on same IP network

• Setup router to respond to the ARP broadcast requests for destinations on different subnet – router masquerades as destination for ARP request sent by source on

a subnet– the two devices are unaware that they are on different subnets, subnet

mask indicates that they have the same network prefix.

• Masquerades: router responds to broadcast ARP Request from source host that arrives on one of its connected networks for a destination host that is on one of its other connected networks.

19

20

Proxy ARP Operation in Our Example with Argon having /16 as its network prefix

• Router responds to broadcast ARP Request from host Argon that arrives on one of its connected networks for host Neon that is on one of its other connected networks.

• Host Argon believes Neon is on the same IP network because of its ”prefix” /16. – Argon sees it is on IP network 128.143.0.0. When applying prefix /16 to Neon’s IP

address 128.143.71.21 --> 128.143.0.0, which is the same as its own. so it sends a broadcast ARP request for Neon.

• Router responds with its MAC address and then transfers the datagram to the next segment.

128.143.137.1/1600:e0:f9:23:a8:20

128.143.71.1/24

128.143.0.0/16Subnet

128.143.71.0/24Subnet

Router137

ARP Request:What is the MAC addressof 128.143.71.21?

128.143.137.144/16128.143.171.21/2400:20:af:03:98:28

Argon Neon

ARP Reply:The MAC address of128.143.71.21 is00:e0:f9:23:a8:20

Neon IP Address

Router MAC address

128.143.71.21/24

128.143.137.0/24

128.143.137.1/24

ARP Cache in two Examples

• Non Proxy ARP:– A’s ARP cache

(128.143.137.1) at 00:e0:f9:23:a8:20 [ether] on eth0• Proxy ARP:

– A’s ARP cache

(128.143.71.21) at 00:e0:f9:23:a8:20 [ether] on eth0

21

ARP Transport

• ARP message travels in data portion of data link layer frame• We say ARP message is encapsulated• Data area padded with zeroes if ARP message is shorter than

minimum data link layer frame• For Ethernet: frame type field 0x0806 used for ARP

22