The Address Resolution ProtocolResolving IP Addresses to Hardware Addresses


The Address Resolution Protocol”Resolving IP Addresses to Hardware Addresses

As just discussed, IP provides a logical hierarchical address space that makes routing data from one network to another a simple task. When the datagram arrives at the local subnet, however, another protocol comes into play. The Address Resolution Protocol (ARP) is used to resolve the IP address to the hardware, to the address of the workstation, or to another network device that is the target destination of the datagram. Whereas IP addresses are used to allow for routing between networks or network segments, ARP is used at the end of the road for the final delivery.

It is important to understand that when devices communicate directly on the local network segment (on the wire, so to speak), the actual address used to communicate between two devices, whether they are computers, routers, or whatever, is the built-in Media Access Control (MAC) address. In the case of two hosts on the same subnet, ARP can quickly resolve the correct address translations, and communications take place quickly and efficiently . When a router stands between two computers, the actual hardware address that the computer communicates with is the MAC address of the router, not of the computer that lies at the end of the connection. Using Ethernet as an example, when a datagram needs to be routed to another network or subnet, the computer sends the datagram to the default route, sometimes called the default gateway, which is the router that connects the network segment to the rest of the world (or the rest of the corporate network).

Note

In the context of a default route or default gateway, it is not always the case that the address sends the data to a dedicated "hardware" router. Many operating systems, from Unix to Windows 2000/Sever 2003, are quite capable of acting as routers as well as application platforms. A typical scenario is running firewall software on these computers. Even hardware routers implement part of their functionality in an operating system that is routinely updated.

The router then consults its routing tables and decides on the next device that the packet needs to get to on its way to its destination. Sometimes this is simply a computer that is connected on another segment that is also connected to the router. Sometimes it is several more routers that the packet must pass through. However, when the packet finally reaches the network segment on which the target computer is located, ARP is used by the router to find out the MAC address of the computer that is configured with the IP address found inside the packet.

To get this MAC address, a computer or router will first send out a broadcast message that every computer on the local segment can see. This ARP message contains the sending computer's own MAC address and also the IP address of the computer to which it wants to talk. When a computer recognizes its IP address in this broadcast packet, it sends a packet that contains its own MAC address back to the computer that originated the ARP message. After that, both computers know the MAC address of the other, and further transmissions take place using these hardware addresses.

The actual fields in the ARP broadcast frame are listed here:

  • Hardware Type ” This is a 2-byte field that identifies the kind of hardware used at the data-link layer of the sending computer. For diagnostic purposes, Table 25.8 contains a list of the most common hardware types.

  • Protocol Type ” This is a 2-byte field that specifies the protocol type of the address that the computer wants to translate to a hardware address.

  • Hardware Address Length ” This is a 1-byte field that specifies the length of the source and destination hardware address fields that will follow.

  • Protocol Address Length ” Similarly, this 1-byte field specifies the length of the source and destination protocol address fields that will follow in this packet.

  • Opcode ” This 1-byte field is used to determine the type of ARP frame. Frame types are listed in Table 25.9.

  • Sender Hardware Address ” This variable-length field (as defined by the Hardware Address Length field) contains the sending computer's hardware (MAC) address.

  • Sender Protocol Address ” This variable-length field (as defined by the Protocol Address Length field) contains the sender's protocol address”an IP address, for example.

  • Target Hardware Address ” This variable-length field (as defined by the Hardware Address Length field) contains the destination computer's hardware (MAC) address.

  • Target Protocol Address ” This variable-length field (as defined by the Protocol Address Length field) contains the protocol address that the sender wants to resolve to a hardware address.

Table 25.8. Hardware Type Field Values

Type Field Value

Data Link Layer Type

1

Ethernet (10MB)

2

Experimental Ethernet (3MB)

3

Amateur Radio AX.25

4

Proteon ProNET Token Ring

5

Chaos

6

IEEE 802 Networks

7

ARCnet

8

Hyperchannel

9

Lanstar

10

Autonet Short Address

11

LocalTalk

12

LocalNet (IBM PCNet or SYTEK LocalNET)

13

Ultra Link

14

SMDS

15

Frame Relay

16

Asynchronous Transmission Mode (ATM)

17

HDLC

18

Fibre Channel

19

Asynchronous Transmission Mode (ATM)

20

Serial Line

21

Asynchronous Transmission Mode (ATM)

22

MIL-STD-188-220

23

Metricom

24

IEEE 1394.1995

25

MAPOS

26

Twinaxial

27

EUI-64

28

HIPARP

29

IP and ARP over ISO 7816-3

30

ARPSec

31

IPsec Tunnel

32

Infiniband

As you can see from this table, the Address Resolution Protocol is not limited to just resolving IP addresses on a standard Ethernet network. It has been extended over time to accommodate many kinds of networking technologies. Some of the entries in Table 25.8 are dinosaurs”extinct protocols that no longer are being marketed. This list will probably continue to grow, however, as newer technologies are developed.

Table 25.9 shows that the Opcode field also has a large number of values, some of which might at first appear quite strange. For example, the MARS entries are not used for resolving addresses for strange spacecraft that appear in the sky now and then. They are used for address resolution on ATM networks where multicasting is being used.

For more information about ATM, see Chapter 16, "Dedicated Connections." For more information about MARS, see RFC 2022, "Support for Multicast Over UNI 3.0/3.1 Based ATM Networks."


The InARP entries in Table 25.9 are used for Inverse ARP. This form of ARP is used when the underlying network technology is a nonbroadcast multiple access (NBMA) type, such as an X.25, ATM, or Frame Relay network. In these types of networks, a virtual circuit identifier is used instead of a hardware address. RFC 2390 contains the details about InARP and how it is used in a Frame Relay network to find out the IP address when only the virtual circuit identifier is known. Finally, you will also see entries in the table that correspond to Reverse ARP, which is discussed in the next section.

Table 25.9. Opcodes for ARP Frames

Opcode Value

Description

1

ARP Request

2

ARP Reply

3

Reverse ARP Request

4

Reverse ARP Reply

5

DRARP Request

6

DRARP Reply

7

DRARP Error

8

InARP Request

9

InARP Reply

10

ARP NAK

11

MARS Request

12

MARS Multi

13

MARS Mserv

14

MARS Join

15

MARS Leave

16

MARS NAK

17

MARS Unserv

18

MARS SJoin

19

MARS SLeave

20

MARS Grouplist Request

21

MARS Grouplist Reply

22

MARS Redirect Map

23

MAPOS UNARP

To prevent a storm of broadcast messages that would result if this were done for each packet that needed to be delivered on the local network segment, each host keeps a table, or cache, of MAC addresses in memory for a short time. When it becomes necessary to communicate with another computer, this ARP cache is first checked. If the destination address is not found in the ARP cache, the ARP broadcast method is used.

Note

Host and domain names (such as www.microsoft.com and www.twoinc.com) and IP addresses are used for the convenience of humans to make it easier to configure and manage a network in an orderly manner. At the lowest level, though, it is the hardware address that network cards use when they talk to each other. Imagine what the Internet would be like if we all had to memorize hardware addresses instead. Because the MAC address is simply a series of numbers that are "burned into" the network adapter when it is manufactured, it bears no relation to the actual location of a computer or other device in the network. Thus, to route messages throughout the Internet using only these hard-coded MAC addresses, it would be necessary for a router to keep an enormous table in memory that contained the MAC address for every other computer that exists on the Internet. An impossible task, of course!

Figure 25.5 demonstrates how IP addresses are used during the routing process, while hardware addresses are used for the actual device-to-device communications.

Figure 25.5. The IP address routes the datagram through the network, while the hardware addresses are used between individual workstations and devices on the network.

graphics/25fig05.gif

If the server in this figure wants to send a packet to the workstation with the IP address 140.176.123.231, it will quickly realize that this address is not on the local subnet and will send the IP packet, perhaps encapsulated in an Ethernet frame, to its default gateway. The gateway, which is connected to the Internet, uses the IP address to route the packet to the local router for the workstation. When the router receives the packet, it consults its routing tables and finds the switch (or hub) that is connected to the network segment by comparing the network portion of the IP address to entries in the routing table. When the packet finally arrives at the switch, the switch consults a table of MAC hardware addresses to look up the hardware address of the destination computer. From then on, communications between the workstation and the switch use these hardware addresses for actual communication.

In fact, every device, from the server shown later in Figure 25.6 to the router to the switch, and all the devices that lie in between on the Internet, uses the MAC address for communications. The IP address information is used by routers to deliver the packet to the next hop the packet must take to get to the final destination local segment. The MAC addresses are used for device-to-device communication. The ARP protocol is used to find out the hardware address at each hop, unless it's already stored in the ARP cache.

Figure 25.6. The TCP protocol header fields also can be used for filtering packets.

graphics/25fig06.gif

The arp command (which is found in both Unix and Windows NT, 2000, XP, and Server 2003 operating systems) lets you view the ARP table. It also can be used to add or delete entries in the table. Although the syntax varies between different systems, the following should work for most:

  • arp -a ” Displays the current contents of the arp table.

  • arp -d IP_address ” Deletes the entry for the specified host.

  • arp -s IP_address ethernet _ address ” Adds an entry to the table.

Note

If you are using Unix or Linux, use the command man arp to find out the syntax for your machine. If using a Windows operating system, simply type arp at the command prompt with no command-line parameters and you'll see the syntax for that particular version of Windows.

For example, to add an entry use the following syntax:

 arp -s 192.113.121.88   08-00-2b-34-c1-01 

Using the few commands in this list will help you become more familiar with how ARP works. Examine the contents of your local table. Then, try pinging several other systems and examine the table again to see whether entries for those systems have been added to the table. Wait a few minutes and check the table again to see whether the entries have timed out.

Proxy ARP

Sometimes, different network segments both use the same network ID and are connected by a router or another device. Because ARP uses broadcast packets to resolve IP addresses to hardware addresses, it would appear that computers on different network segments that use the same network ID would never be able to communicate.

Proxy ARP allows for just such a situation. The router or other device that connects the physical network segments is configured to provide the proxy ARP service. When a host broadcasts an ARP packet to learn the hardware address of a device that is on a different physical segment, the ARP proxy device recognizes this situation and acts as a go-between. The proxy device responds to the ARP broadcast and sends the originating computer a datagram that contains the proxy device's IP address instead of the actual target computer's IP address. From that point on, the host that originated the ARP request will communicate with the host on the other segment by sending packets to the proxy device, which will know to forward them to the computer on the other subnet.

Another use of proxy ARP comes into play for remote access servers. For example, when users dial into a computer that is acting as a remote access server, they are communicating with software on the remote access server and are not actually physically connected to the subnet. The remote access server recognizes this and will intercept any ARP broadcast packets that are trying to resolve the dial-in computer's IP address. Communications then take place between the host on the local subnet and the remote computer through the remote access server. The host on the local subnet sends unicast packets to the remote access server, which forwards them to the remote client.

Yet another use for proxy ARP is to support older systems that use a TCP/IP stack that doesn't understand subnetting or those that use the older method for broadcast packets”a host address of all zeros instead of the current standard of all ones. Although this is not really much of a problem today, you might still find older legacy systems that cannot be abandoned , yet they cannot properly interact with newer systems when you subnet your network. The solution for this is to place the older systems on a separate network segment and let the proxy ARP device take care of resolving protocol addresses.

RARP”The Reverse Address Resolution Protocol

The Reverse Address Resolution Protocol (RARP) does just what it sounds like it would do. It performs the opposite function of ARP. It is most commonly used by diskless workstations that need to discover what their IP address is when they boot. Because the diskless workstation already knows its hardware address (because the address is burned into the network card), the workstation uses RARP to send a broadcast packet requesting that a server respond to its request by sending it an ARP frame containing an IP address it can use.

Note that the same packet format is used for ARP and RARP. The Opcode field is used to indicate what kind of operation is being performed.



Upgrading and Repairing Networks
Upgrading and Repairing Networks (5th Edition)
ISBN: 078973530X
EAN: 2147483647
Year: 2003
Pages: 434

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net