ARP and RARP

Logical Addresses
 The hosts and routers are recognized at the network level by
their logical addresses
 A logical address is an internet address
 The logical addresses in the TCP/IP are called IP address and are 32
bits long

Physical Address
 However, hosts/routers are recognized at the physical layer by their
physical address
 A physical address is an local address
 Called a physical address because it is usually implemented in hardware
 Examples
 48-bit MAC addresses in Ethernet
Translation
 We need both the physical address and the
logical address for packet delivery
 Thus, we need to be able to map a logical address
to its corresponding physical address and vice
versa
 Solutions
 Static mapping
 Dynamic mapping
 Static Mapping
 Create a table that associates a logical address with a physical
address and store in each machine
 However, physical addresses may change
 A machine could change its NIC resulting in a new physical address
 In some LANs, such as LocalTalk, the physical address changes every
time the computer is turned on
 A mobile station can move from one physical network to another,
resulting in a change in its physical address
Dynamic Mapping
 Use a protocol to find another address
 ARP: Address Resolution Protocol
 Map a logical address to a physical address
 RARP: Reverse Address Resolution Protocol
 Map a physical address to a logical address
ARP and RARP
 ARP Operation
 To find the physical address of another host or router on its
network
 Send an ARP request message
 ARP request message
 The physical address of the sender
 The IP address of the sender
 The physical address of the receiver is 0s
 The IP address of the receiver
 Then, ARP request message is broadcast by the physical layer
 For example: in Ethernet, MAC header’s destination address is all 1s
(broadcast address)
 Received by every station on the physical network
 The intended recipient send back an ARP reply message
 ARP reply message packet is unicast
 ARP Operation

An ARP request is broadcast; an ARP reply is unicast.

ARP Packet
 Packet Format
 HTYPE (Hardware type)
 16-bit field defining the underlying type of the network

 PTYPE (Protocol type)

 16-bit field defining the protocol

 HLEN (Hardware length) 8-bit field defining the length of the physical address in bytes
 Ethernet has the value of 6
 PLEN (Protocol length) 8-bit field defining the length of the logical address in bytes

 OPER (Operation)
 16-bit field defining the type of packet (1) = ARP request, (2) = ARP reply

 SHA (Sender hardware address) A variable-length field defining the physical address of the
sender
 SPA (Sender protocol address) A variable-length field defining the logical address of the
sender
 THA (Target hardware address) A variable-length field defining the physical address of the
target
 Encapsulation of ARP Packet

 An ARP packet is encapsulated directly into a data link

frame
 Type field indicates that the data carried by the
frame is an ARP packet
 Operations
 The sender knows the target’s IP address
 IP asks ARP to create an ARP request message
 The sender physical address and IP address
 The target physical address field is filled with 0s and IP address
 The message is passed to the data link layer to encapsulate in a data link
frame
 Physical destination address is broadcast address
 Every host or routers receives the frame and since the destination address is
broadcast, pass it to the ARP
 All machines’ ARP except the one targeted drop the packet
 The target reply with an ARP reply message that contains its physical
address and is unicast
 The sender receives the reply message and knows the target’s physical
address
Four Cases Using ARP
 Proxy ARP
 Used to create a subnetting effect
 A router running a proxy ARP
 Its ARP acts on behalf of a set of hosts
 If it receives an ARP request message looking for the address of one of
these host
 The router sends an ARP reply announcing its own hardware (physical) address
 After the router receives the actual IP packet
 It sends the packet to the appropriate host or router
 Reverse Address Resolution Protocol
 A diskless machine is usually booted from ROM
 It cannot include the IP address
 IP address are assigned by the network administrator
 Obtain its logical address by the physical address using the
RARP protocol
 Alternative Solutions to RARP
 When a diskless computer is booted, it needs more
information in addition to its IP address
 The subnet mask
 The IP address of a router
 The IP address of a name server
 RARP cannot provide this extra information
 Two protocols, BOOTP and DHCP, can be used
instead of RARP
DHCP (Dynamic Host Configuration Protocol). DHCP allows both manual IP address
assignment and automatic assignment.In most systems, it has largely replaced RARP and
BOOTP.
DHCP is based on the idea of a special server that assigns IP addresses to hosts asking for
one. This server need not be on the same LAN as the requesting host. Since the DHCP
server may not be reachable by broadcasting, a DHCP relay agent is needed on each LAN,
as shown in fig.
To find its IP address, a newly-booted machine broadcasts a DHCP DISCOVER packet.
The DHCP relay agent on its LAN intercepts all DHCP broadcasts. When it finds a DHCP
DISCOVER packet, it sends the packet as a unicast packet to the DHCP server, possibly on
a distant network. The only piece of information the relay agent needs is the IP address of
the DHCP server.
An issue that arises with automatic assignment of IP addresses from a pool
is how long an IP address should be allocated. If a host leaves the network
and does not return its IP address to the DHCP server, that address will be
permanently lost. After a period of time, many addresses may be lost.

To prevent that from happening, IP address assignment may be for a fixed

period of time, a technique called leasing. Just before the lease expires, the
host must ask the DHCP for a renewal. If it fails to make a request or the
request is denied, the host may no longer use the IP address it was given
earlier.
 ICMP
• Internet Control Message Protocol (ICMP)defined in RFC 792
• Used to communicate IP status and error messages between host and
routers
• Uses IP to route its messages between hosts
• Must be implemented with IP
• remember, IP is just a packet delivery system
• transmits and routes datagrams from sources to destinations
through a series of interconnected networks
• it has a checksum in the IP header to detect lost bits
• no error detection on the datagram payload though
• but has no native mechanism for source host notification
• This is where ICMP comes in
• its used to report IP errors to the source host
• ICMP data is carried as the payload of an IP datagram
• specifies additional message formats within this area
 Basic ICMP Header
• Headers are 32 bits in length; all contain same three fields
• type - 8 bit message type code
• thirteen message type are defined
• code - 8 bit; indicating why message is being sent
• checksum - standard internet checksum
• 16 bit 1’s complement sum of the payload and header
• for purpose of calculation the checksum field is set to zero
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| Type | Code | Checksum |
|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| |
| Message Body |
| |
| +-------------------------------------------------------------+
 ICMP Message types
• 0 - Echo Reply
• 3 - Destination Unreachable
• 4 - Source Quench
• 5 - Redirect
• 8 - Echo
• 11 - Time Exceeded
• 12 - Parameter Problem
• 13 - Timestamp
• 14 - Timestamp Reply
• 15 - Information Request
• 16 - Information Reply
• 17 - Address Mask Request
• 18 - Address Mask Reply
 ICMP Messages
Echo Request (8) is used to detect if another host is active on the
network, it is used by the Ping command. The sender initializes the
identifier, sequence number, and data field.

The datagram is then sent to the destination host. The recipient

changes the type to Echo Reply (0) and returns the datagram to the
sender.

If the destination unreachable (3) message is received from an

intermediate router, it means that the router regards the destination IP
address as unreachable.

If this message is received from the destination host, it means that

either the protocol specified in the protocol number field of the
original datagram is not active or the specified port is inactive.
If the redirect (5) message is received from an intermediate router,
it means that the host should send future datagrams for the
network to the router whose IP address is specified in the ICMP
message.

This preferred router will always be on the same subnet as the host
that sent the datagram and the router that returned the IP datagram.

If the time exceed (7) message is received from an intermediate

router, the TTL (time to live) field of an IP datagram has expired.

If this message is received from the destination host, the IP

fragment reassembly time to live timer has expired while the
host is waiting for a fragment of the datagram.
 ICMP applications

Ping uses the ICMP Echo Request and Echo Reply messages to
determine whether a host is reachable.

Traceroute sends IP datagrams with low TTL values so that they

expire enroute to a destination. It uses the resulting ICMP Time
Exceeded messages to determine where in the Internet the datagrams
expired and pieces together a view of the route to a host.