Ethernet Addresses & Resolution

• A data link such as Ethernet or a token ring has its own addressing scheme • When an Ethernet frame is sent from one host to another, it is the 48-bit Ethernet address that determines the destination • The first 28-bits are the organization that made the Ethernet card, the second 28-bits are randomly assigned by the manufacturer • The device driver software never looks at the destination IP address in the IP datagram 4/28/2020 ICSS420 - ARP - RARP 1

ARP

• Address resolution provides a mapping between two different forms of addresses – 32-bit IP addresses and whatever the data link uses • ARP (address resolution protocol) is a protocol used to do address resolution in the TCP/IP protocol suite (RFC826) • ARP provides a dynamic mapping from an IP address to the corresponding hardware address 4/28/2020 ICSS420 - ARP - RARP 2

Basic Idea

• ARP is required on multi-access channels and relies on the ability to broadcast • The protocol is simple: – broadcast a packet containing the IP address of the destination machine – the machine with that address, or possibly a server, sends a reply containing the hardware address – upon receipt the hardware address is used to send the original packet 4/28/2020 ICSS420 - ARP - RARP 3

ARP Cache

• Essential to the efficient operation of ARP is the maintenance of a cache on each host • The cache maintains the recent IP to physical address mappings • Each entry is aged (usually the lifetime is 20 minutes) forcing periodic updates of the cache • ARP replies are often broadcast so that all hosts can update their caches 4/28/2020 ICSS420 - ARP - RARP 4

arp

Commnd

• The arp (8) command on a Unix system can be used to see the contents of the ARP cache kiev> arp -a Net to Media Table Device IP Address Mask Flags Phys Addr ------ -------------------- --------------- ----- -------------- hme0 redshirt 255.255.255.255 00:60:08:8b:e9:aa hme0 tiger 255.255.255.255 08:00:20:85:f6:8d hme0 thunderbolt 255.255.255.255 08:00:20:9a:af:60 hme0 starfury 255.255.255.255 08:00:20:9a:af:79 hme0 cs3-router 255.255.255.255 00:10:11:09:f0:28 hme0 epsilon3-38 255.255.255.255 08:00:20:86:71:c0 hme0 mordor-38 255.255.255.255 08:00:20:96:01:ad hme0 itlabman 255.255.255.255 00:00:c0:65:d7:b9 hme0 joanne 255.255.255.255 00:05:02:59:51:52 hme0 laurie 255.255.255.255 00:05:02:79:c4:20 hme0 kiev 255.255.255.255 SP 08:00:20:9e:f2:99 4/28/2020 ICSS420 - ARP - RARP 5

4/28/2020

ARP Packet Format

8 16 Hardware Type (for IP 4 bytes) Protocol Type Hardware Size Protocol Size Operation Sender’s Hardware Address (for Ethernet 6 bytes) Sender’s Protocol Address Target Hardware Address 31 Target Protocol Address Destination IP Address ICSS420 - ARP - RARP 6

Proxy ARP

• Proxy ARP lets a router answer ARP requests on one of its networks for a host on another of its networks • This fools the sender of the ARP request into thinking that the router is the destination • The router is acting as a proxy agent for the destination, relaying packets to it from other hosts 4/28/2020 ICSS420 - ARP - RARP 7

Proxy ARP

• Proxy ARP is also known as

promiscuous ARP

or the

ARP hack

• The names come from the other use of proxy ARP: to hide two physical networks from each other, with a router between the two • This has been used to separate hosts running two different versions of TCP/IP 4/28/2020 ICSS420 - ARP - RARP 8

Gratuitous ARP

• Gratuitous ARP occurs when a host sends an ARP request looking for its own IP address • This can happen at bootstrap time • Gratuitous ARP provides two features – it lets a host determine if another host is already configured with the same IP address – if the host sending the gratuitous ARP has just changed its hardware address, the packet causes other hosts on the net to update their ARP cache entries 4/28/2020 ICSS420 - ARP - RARP 9

Issues

• Many people ARP to be a dangerous protocol – a bogus host can issue a gratuitous ARP and change cache entries – a bogus host can send replies giving its own hardware address (instead of the target) • Broadcasting can be expensive – excessive use of bandwidth – CPU costs 4/28/2020 ICSS420 - ARP - RARP 10

Reverse Address Resolution Protocol

• When a system boots, it typically gets its IP address from a file • How does a system, without a disk, get its IP address?

• Since each system has a unique hardware address, that hardware address can be used to lookup the corresponding IP address • RARP (RFC903) does exactly that 4/28/2020 ICSS420 - ARP - RARP 11

RARP Packet Format

• The format is exactly the same as ARP except some of the numbers change • The RARP request is broadcast and the reply is sent to the requester • Unlike ARP, designated RARP server(s) that handles RARP requests 4/28/2020 ICSS420 - ARP - RARP 12