ARP and RARP
Logical Addresses
The hosts and routers are recognized at the network level by
their logical addresses
A logical address is an internet address
The logical addresses in the TCP/IP are called IP address and are 32
bits long
Physical Address
However, hosts/routers are recognized at the physical layer by their
physical address
A physical address is an local address
Called a physical address because it is usually implemented in hardware
Examples
48-bit MAC addresses in Ethernet
Translation
We need both the physical address and the
logical address for packet delivery
Thus, we need to be able to map a logical address
to its corresponding physical address and vice
versa
Solutions
Static mapping
Dynamic mapping
Static Mapping
Create a table that associates a logical address with a physical
address and store in each machine
However, physical addresses may change
A machine could change its NIC resulting in a new physical address
In some LANs, such as LocalTalk, the physical address changes every
time the computer is turned on
A mobile station can move from one physical network to another,
resulting in a change in its physical address
Dynamic Mapping
Use a protocol to find another address
ARP: Address Resolution Protocol
Map a logical address to a physical address
RARP: Reverse Address Resolution Protocol
Map a physical address to a logical address
ARP and RARP
ARP Operation
To find the physical address of another host or router on its
network
Send an ARP request message
ARP request message
The physical address of the sender
The IP address of the sender
The physical address of the receiver is 0s
The IP address of the receiver
Then, ARP request message is broadcast by the physical layer
For example: in Ethernet, MAC header’s destination address is all 1s
(broadcast address)
Received by every station on the physical network
The intended recipient send back an ARP reply message
ARP reply message packet is unicast
ARP Operation
An ARP request is broadcast; an ARP reply is unicast.
ARP Packet
Packet Format
HTYPE (Hardware type)
16-bit field defining the underlying type of the network
PTYPE (Protocol type)
16-bit field defining the protocol
HLEN (Hardware length) 8-bit field defining the length of the physical address in bytes
Ethernet has the value of 6
PLEN (Protocol length) 8-bit field defining the length of the logical address in bytes
OPER (Operation)
16-bit field defining the type of packet (1) = ARP request, (2) = ARP reply
SHA (Sender hardware address) A variable-length field defining the physical address of the
sender
SPA (Sender protocol address) A variable-length field defining the logical address of the
sender
THA (Target hardware address) A variable-length field defining the physical address of the
target
Encapsulation of ARP Packet
An ARP packet is encapsulated directly into a data link
frame
Type field indicates that the data carried by the
frame is an ARP packet
Operations
The sender knows the target’s IP address
IP asks ARP to create an ARP request message
The sender physical address and IP address
The target physical address field is filled with 0s and IP address
The message is passed to the data link layer to encapsulate in a data link
frame
Physical destination address is broadcast address
Every host or routers receives the frame and since the destination address is
broadcast, pass it to the ARP
All machines’ ARP except the one targeted drop the packet
The target reply with an ARP reply message that contains its physical
address and is unicast
The sender receives the reply message and knows the target’s physical
address
Four Cases Using ARP
Proxy ARP
Used to create a subnetting effect
A router running a proxy ARP
Its ARP acts on behalf of a set of hosts
If it receives an ARP request message looking for the address of one of
these host
The router sends an ARP reply announcing its own hardware (physical) address
After the router receives the actual IP packet
It sends the packet to the appropriate host or router
Reverse Address Resolution Protocol
A diskless machine is usually booted from ROM
It cannot include the IP address
IP address are assigned by the network administrator
Obtain its logical address by the physical address using the
RARP protocol
Alternative Solutions to RARP
When a diskless computer is booted, it needs more
information in addition to its IP address
The subnet mask
The IP address of a router
The IP address of a name server
RARP cannot provide this extra information
Two protocols, BOOTP and DHCP, can be used
instead of RARP
DHCP (Dynamic Host Configuration Protocol). DHCP allows both manual IP address
assignment and automatic assignment.In most systems, it has largely replaced RARP and
BOOTP.
DHCP is based on the idea of a special server that assigns IP addresses to hosts asking for
one. This server need not be on the same LAN as the requesting host. Since the DHCP
server may not be reachable by broadcasting, a DHCP relay agent is needed on each LAN,
as shown in fig.
To find its IP address, a newly-booted machine broadcasts a DHCP DISCOVER packet.
The DHCP relay agent on its LAN intercepts all DHCP broadcasts. When it finds a DHCP
DISCOVER packet, it sends the packet as a unicast packet to the DHCP server, possibly on
a distant network. The only piece of information the relay agent needs is the IP address of
the DHCP server.
An issue that arises with automatic assignment of IP addresses from a pool
is how long an IP address should be allocated. If a host leaves the network
and does not return its IP address to the DHCP server, that address will be
permanently lost. After a period of time, many addresses may be lost.
To prevent that from happening, IP address assignment may be for a fixed
period of time, a technique called leasing. Just before the lease expires, the
host must ask the DHCP for a renewal. If it fails to make a request or the
request is denied, the host may no longer use the IP address it was given
earlier.
ICMP
• Internet Control Message Protocol (ICMP)defined in RFC 792
• Used to communicate IP status and error messages between host and
routers
• Uses IP to route its messages between hosts
• Must be implemented with IP
• remember, IP is just a packet delivery system
• transmits and routes datagrams from sources to destinations
through a series of interconnected networks
• it has a checksum in the IP header to detect lost bits
• no error detection on the datagram payload though
• but has no native mechanism for source host notification
• This is where ICMP comes in
• its used to report IP errors to the source host
• ICMP data is carried as the payload of an IP datagram
• specifies additional message formats within this area
Basic ICMP Header
• Headers are 32 bits in length; all contain same three fields
• type - 8 bit message type code
• thirteen message type are defined
• code - 8 bit; indicating why message is being sent
• checksum - standard internet checksum
• 16 bit 1’s complement sum of the payload and header
• for purpose of calculation the checksum field is set to zero
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| Type | Code | Checksum |
|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| |
| Message Body |
| |
| +-------------------------------------------------------------+
ICMP Message types
• 0 - Echo Reply
• 3 - Destination Unreachable
• 4 - Source Quench
• 5 - Redirect
• 8 - Echo
• 11 - Time Exceeded
• 12 - Parameter Problem
• 13 - Timestamp
• 14 - Timestamp Reply
• 15 - Information Request
• 16 - Information Reply
• 17 - Address Mask Request
• 18 - Address Mask Reply
ICMP Messages
Echo Request (8) is used to detect if another host is active on the
network, it is used by the Ping command. The sender initializes the
identifier, sequence number, and data field.
The datagram is then sent to the destination host. The recipient
changes the type to Echo Reply (0) and returns the datagram to the
sender.
If the destination unreachable (3) message is received from an
intermediate router, it means that the router regards the destination IP
address as unreachable.
If this message is received from the destination host, it means that
either the protocol specified in the protocol number field of the
original datagram is not active or the specified port is inactive.
If the redirect (5) message is received from an intermediate router,
it means that the host should send future datagrams for the
network to the router whose IP address is specified in the ICMP
message.
This preferred router will always be on the same subnet as the host
that sent the datagram and the router that returned the IP datagram.
If the time exceed (7) message is received from an intermediate
router, the TTL (time to live) field of an IP datagram has expired.
If this message is received from the destination host, the IP
fragment reassembly time to live timer has expired while the
host is waiting for a fragment of the datagram.
ICMP applications
Ping uses the ICMP Echo Request and Echo Reply messages to
determine whether a host is reachable.
Traceroute sends IP datagrams with low TTL values so that they
expire enroute to a destination. It uses the resulting ICMP Time
Exceeded messages to determine where in the Internet the datagrams
expired and pieces together a view of the route to a host.