IP Address Resolution

Previous page
Table of content
Next page


The process of address resolution involves asking a question and receiving an answer. In the case of IP address resolution, the question posed might be, “Which device is the owner of IP address 172.16.8.8?” The resolution, or answer, to that question would include the MAC address of the NIC, as encoded by the manufacturer. In essence, IP address resolution is the linking of an IP (or software address) to a hardware (or MAC) address.

Regardless of where the ultimate destination is located, ARP always uses a local broadcast to determine where data should be sent. If the destination happens to be on a remote network, the local default gateway’s hardware address will be used to hop over to it. Once the mystery address has been resolved, it’s recorded in a table called the ARP cache. If additional messages are sent to the same destination, the ARP cache will be checked first to prevent unnecessary network traffic generated by a broadcast.

You might also remember the discussion of RARP. Like inductive vs. deductive reasoning, RARP is the inverse operation of ARP; RARP is used to get an IP address from a MAC address. Serial Line Address Resolution Protocol (SLARP) can be used on serial links to resolve network addresses.

Local Resolution

Each subnet of the network can be thought of as an island that contains a city—say, Maui. So long as you never have to leave that island, you’ve remained local—or as is the case with computers, on the local network.

The process of resolving the IP address of a machine existing on the local network is shown in Figure 3.4 and described following the figure. While reading through these steps, notice how ARP works in a way that minimizes network overhead.

click to expand
Figure 3.4: Resolving a local IP address

  1. The destination machine’s IP address is checked to see if it is on the local network. If so, the host system then checks its ARP cache for the machine’s hardware address.

  2. Provided that the ARP address didn’t find 172.16.10.3 in the host system’s ARP cache, ARP attempts to enter it by sending a message requesting the IP address’s owner to send back its hardware address. Because the hardware address is still unknown, the ARP message is sent out as a broadcast that’s read by each and every system on the local network. Like a self-addressed envelope that’s sent inscribed with all the information necessary to get it back to its sender, both the IP address and the hardware address of the requesting system are included in the broadcast message.

  3. The reply message is sent directly to the hardware address of the requesting system. Only the owner of the requested IP address responds. All other systems disregard the request.

  4. Upon receiving the reply, the requesting machine appends the address into its ARP cache. Now you can begin to establish communication.

The ARP Cache

The ARP cache is a table used to store both IP addresses and their corresponding MAC addresses. Each time communication is initiated with another machine, it checks its ARP cache for a matching entry. If it doesn’t find one, an ARP request is broadcast, the address is resolved, and the resulting information is then entered into its ARP cache. The address is now handy for the next time communication with that device is necessary, much like an entry in your home address book would be. Additionally, the ARP cache maintains the hardware broadcast address (ffffffffffff) for the local subnet as a permanent entry. Though it doesn’t appear when the cache is viewed, this entry exists for the purpose of allowing a host to accept ARP broadcasts.

The ARP system is kind of like jail. Like all ARP entries (IP addresses have both a hardware address and a time stamp), every jail inmate has a number and exit date. In both cases, depending on the entry/inmate’s behavior, the time spent “inside” will vary. Though lifetimes aren’t definite for inmates, both ARP entries and inmates have them, along with maximum time periods for their duration. Old ARP entries are released early when the ARP cache becomes full, just as older inmates may be released early depending on the jail’s capacity. Occasionally, a judge assigns the death penalty or consecutive lifetime sentences to an individual inmate—like making a manual entry into the ARP table. The only time these special inmates are released is when they die (deleted from the ARP cache); a pardon is given, allowing the inmate to begin a new life (restarting the computer); or if the system discovers it has the wrong person (a broadcast notifying ARP of a new, corrected hardware address).

Remote Resolution

When it comes to computer operations, communications are usually much simpler if they involve devices within the local network. But there are exceptions to the rule, and they typically involve a remote location. Complex internetworks with subnets have bridges or routers set up between them that connect them together. These devices are filters that sort data according to its destination—they don’t allow all data to cross indiscriminately.

To distinguish which data gets to pass through, routers look at the IP address destination located in the packet’s header, whereas bridges look at a frame’s header for the destination hardware address. Going back to the subnet island of Maui, let’s say you find it necessary to contact someone or something that doesn’t reside there, but lives on another island—Molokai. Since those who populate Molokai aren’t Maui locals, by attempting to make contact with them, you are attempting remote communication. Let’s pretend that to reach them, you must cross a drawbridge. Unless you arrive at the drawbridge with a specific remote Molokai address, the bridge operator will keep the bridge drawn, and you won’t be allowed to cross.

Figure 3.5 and the steps immediately following it illustrate the process of resolving the IP address of a machine located on a remote network. These steps are repeated at every router the data encounters en route to its final destination.

click to expand
Figure 3.5: Resolving a remote IP address

  1. The destination IP address is checked to see if it is on the local network. Once determined otherwise, the system checks its local routing table for a path to the remote network. If a path is found, the ARP cache is checked for the hardware address of the default gateway specified in the routing path.

  2. When an entry for the default gateway is not found, an ARP request is generated to determine the hardware address of the default gateway or router. Since the only thing that is known about the destination is that it is on a remote network, the router is used as the medium to reach the remote destination.

  3. The router replies with its hardware address to the requesting host. The source host then uses Internet Control Message Protocol (ICMP) to issue an echo request back to the router but addressed to the destination host. The router then delivers the echo request to the remote network, which eventually reaches the destination host. The router then repeats step 1 (check if it’s local or remote), and then takes action accordingly. Generally, unless a routing path is found at the server, steps 1 through 3 are repeated until the client machine is on a local network. Note that the router can use either a broadcast or its cache in determining the hardware address of the destination host.

  4. The destination host also responds to the ARP request with an ARP reply. Since the requesting system is on a remote network, that reply is sent to the router. (It responds to a ping request with an ICMP echo reply sent to the source host.) As with previous resolutions, if the router (default gateway) is not in the ARP cache, a local IP address resolution scenario takes place to determine the router’s address.

start sidebar
Real World Scenario—How MAC and IP Addresses Change and Remain the Same

Think of the MAC address as the physical envelope and the IP address as the written text on the envelope. The MAC address or envelope changes hands or mailboxes many times from a source to a destination while the logical addressing or written text on the envelope remains the same except when the network is configured for NAT (Network Address Translation). The source MAC address is never the same when it reaches the destination (mail carrier or mailbox changes) if routing is involved, but the source and destination IP addresses (written text upon the envelope) remain the same. MAC addresses are 48 bits or 6 bytes in length, for example, 00-A0-C9-EE-1E-55. You can see that the MAC address is expressed as a hexadecimal number for display purposes.

Finding other network MAC addresses from your system is a simple process of displaying the ARP cache. For instance, when you type arp -a at the command line, a table appears that includes the columns Internet Address, Physical Address, and Type. The Internet Address column has the IP address (Layer 3 address) that corresponds to the physical address

(MAC address, Layer 2) for any other systems your system has recently networked with. The Type column usually indicates “dynamic,” which means the entry was added as a result of recent networking. You can also add static entries to the ARP cache that will speed up the process of Layer 3-to- Layer 2 resolution and that don’t expire after a few minutes.

end sidebar



Previous page
Table of content
Next page
CCDA. Cisco Certified Design Associate Study Guide
CCDA: Cisco Certified Design Associate Study Guide, 2nd Edition (640-861)
ISBN: 0782142001
EAN: 2147483647
Year: 2002
Pages: 201
Authors: Todd Lammle, Andy Barkl
BUY ON AMAZON
Snort Cookbook
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
Mapping Hacks: Tips & Tools for Electronic Cartography
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Sap Bw: a Step By Step Guide for Bw 2.0
DNS & BIND Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy