The introduction
Address Resolution Protocol (ARP) provides dynamic mapping between IP addresses and hardware addresses.
A case in point
% ftp bsdi
Copy the code
- The application FTP client calls the function gethostbyName (3) to convert the host name(BSDI) to a 32-bit IP address. This function is called a parser in DNS, and we’ll cover it in Chapter 14. This conversion process either uses DNS or a static host file (/etc/hosts) on a smaller network
- The FTP client requests TCP to establish a connection using the obtained IP address
- TCP sends a connection request to the remote host in segments, that is, an IP datagram at the above IP address
- If the destination host is on a local network (such as Ethernet, token ring, or the other end of a peer-to-peer link), then IP datagrams can be delivered directly to the destination host. If the destination host is on a remote network, the IP routing function determines the address of the next router on the local network and has it forward IP datagrams. In both cases, IP datagrams are sent to a host or router located on the local network.
- Assuming an Ethernet network, the sending host must convert a 32-bit IP address to a 48-bit Ethernet address. Translation from the logical Internet address to the corresponding physical hardware address is required. That’s what ARP does. ARP is suitable for broadcast networks where many hosts or routers are connected to a single network.
- ARP sends an Ethernet data frame called an ARP request to each host on the Ethernet. This process is called broadcasting, as shown by the dotted line in Figure 4-2. The ARP request data frame contains the IP address of the destination host (hostname BSDI), which means “If you are the owner of this IP address, please answer your hardware address.”
- After receiving the broadcast packet, the ARP layer of the destination host identifies that the sender is asking for its IP address and sends an ARP reply. The ARP reply contains the IP address and the corresponding hardware address.
- After receiving an ARP reply, the IP datagram that causes ARP to do request-reply exchange can now be transmitted.
- Sends IP data to the destination host
- The network interface has a hardware address (a 48-bit value)
- The kernel (such as an Ethernet driver) must know the destination host hardware address in order to send a frame of data
- ARP provides dynamic mapping between 32-bit IP addresses and hardware addresses using different network technologies
- Point-to-point links do not use ARP
ARP cache
- The cache holds records of recent mapping between Internet addresses and hardware addresses
- The lifetime of each item in the cache is generally 20 minutes
- You can view the cache using the arp command
Bsdi % ARP -A SUN (140.252.13.33) at 8:0:20:3: F6:42 SVR4 (140.252.13.34) at 0:0:C0: C2:9b :26Copy the code
ARP packet format
- The first two fields in the Ethernet header are the source and destination addresses of the Ethernet. A special address whose destination addresses are all ones is a broadcast address. All Ethernet interfaces on the cable receive broadcast data frames
- The two-byte Ethernet frame type indicates the type of subsequent data. For A R P request or reply, the value of this field is 0x0806.
The adjectives Hardware and protocol are used to describe the fields in ARP groups. For example, an ARP request group asks for the hardware address (Ethernet address) corresponding to the protocol address (IP address in this case)
- The hardware type field indicates the type of the hardware address. Its value of 1 indicates the Ethernet address. The protocol type field indicates the protocol address type to be mapped. It has a value of 0x0800 which is the I P address. It has the same value as the type field in the Ethernet data frame that contains the IP datagram, which is by design
- The next two 1-byte fields, hardware address length and protocol address length, indicate the length of the hardware address and protocol address, respectively, in bytes. For ARP requests or replies to Ethernet IP addresses, the values are 6 and 4, respectively.
- The action field indicates four types of action, which are
- ARP request (value 1)
- ARP reply (value 2)
- RARP request (value 3)
- RARP reply (value 4)
- The next four fields are the hardware address of the sender (in this case, the Ethernet address), the protocol address of the sender (IP address), the hardware address of the destination, and the protocol address of the destination.
For an ARP request, all fields except the destination hardware address have fill-in values. When the system receives an ARP request packet from the local host, it fills in the hardware address, replaces the two sender addresses with the two destination addresses, sets the action field to 2, and sends the packet back.
ARP, for example,
General example
In order to see the ARP operation process clearly, we run the Telnet command to connect to the server
Bsdi % arp -a //verify ARP cache is empty bsdi % Telnet sVR4 discard Trying 140.252.13.34... //Connected to svr4. Escape character is '^]'. connect to the discard server ^] telnet> quit Connection closed. //type Control, right bracket to get Telnet client prompt and terminateCopy the code
When you run the tcpdump command with the -e option on another system (Sun), the hardware address is displayed
-
In line 1, the hardware address of the source host (BSDI) is 0:0: C0:6f: 2d: 40. The hardware address of the destination host is ff: ff: ff: ff: ff: ff, which is an Ethernet broadcast address. Each Ethernet interface on the cable receives this data frame and processes it
- The next output field in line 1 is ARP, indicating that the frame type field has a value of 0x0806, indicating that the data frame is an ARP request or reply. In each line, the value 60 after the word ARP or IP refers to the length of the Ethernet data frame. Since the data frame length of ARP request or reply is 42 bytes (28 bytes of ARP data, 14 bytes of Ethernet frame header), padding characters must be added to each frame to meet the Minimum Ethernet length requirement of 60 bytes.
- The next output field arp who-has in line 1 indicates that the destination IP address of the data frame requested by ARP is sVR4 and the sender IP address is BSDI. Tcpdump displays the default IP address corresponding to the host name.
-
As you can see from line 2, although the ARP request is broadcast, the destination address for the ARP reply is BSDI (0:0: C0:6f: 2d: 40). ARP replies are sent directly to the requesting host, not broadcast.
- Tcpdump displays ARP reply and the host name and hardware address of the responder.
-
Line 3 is the T, C, P segment that first requests the connection. Its destination hardware address is the destination host (SVR4)
In each line, the number after the line number indicates the time (in seconds) when the packet was received by tcpdump
ARP requests to non-existent hosts
The network corresponding to the network number and subnet number does exist, but the specified host number does not exist
bsdi % date ; Telnet 140.252.13.36; Date // Telnet to an address Sat Jan 30 06:46:33 MST 1993 // This time, not a Trying 140.252.13.36... //hostname telnet: Unable to connect to remote host: Connection timed out //76 seconds after Sat Jan 30 06:47:49 MST 1993 //previous date output bsdi % arp -a ? (140.252.13.36) at (incomplete) // Check the ARP cacheCopy the code
- The timeout limit of the tcpdump command output is 29.5 seconds
- The Telnet client connection request appears to be about 75 seconds later
- Most BSD implementations set the time limit for completing TCP connection requests to 75 seconds
ARP cache timeout setting
- Generally, the timeout value is set to 20 minutes for complete entries and 3 minutes for incomplete entries (we have seen an incomplete entry sending an ARP request to a non-existent host on the Ethernet in the previous example). When these entries are used again, these implementations typically reset the timeout value to 20 minutes.
Proxy ARP
If an ARP request is sent from a host on one network to a host on another network, the routers connected to the two networks can answer the request. This process is called Proxy ARP or ARP Proxy ARP.
In the following example, NETB acts as the arp agent of Sun:
If you run the ARP command on Gemini and communicate with Sun, it is found that the IP address mapping of netB and SUN on the same subnet 140.252.1 is the same hardware address. It is usually a cue to use delegate ARP.
Gemini % ARP -A netB (140.252.1.183) at 0:80: AD :3:6a:80 Sun (140.252.1.29) at 0:80: AD :3:6a:80Copy the code
Another detail that needs to be explained in Figure 4-6 is the apparent absence of an IP address under the router NETB (SLIP link). Why is there only one IP address at both ends of the dial-up SLIP link, but one IP address at both ends of the BSDI and SLIP link?
You can run the ifconfig command to display the destination address of the SLIP link, 140.252.1.183. NetBlazer does not need to know the IP address of each end of the dial-up SLIP link (doing so would use more IP addresses). Instead, it identifies the dial-up host that sends the packet through the serial line interface that the packet arrives at, so there is no need for a unique IP address for each dial-up host connected to the router. All dial-up hosts use the same IP address 140.252.1.183 as the destination address of the SLIP link.
ARP proxy is also known as promiscuous ARP or ARP hack. These names come from another use of ARP proxies: the ability to hide physical networks from each other through routers between two physical networks. In this case, two physical networks can use the same network number as long as the intermediate router is set up as an ARP proxy to respond to ARP requests from one network to another network host. This technique was used in the past to hide a group of hosts running older versions of TCP/IP on different physical cables. There are two common reasons to separate these old mainframes,
- One is that they can’t handle subnets,
- The second is that they use the old broadcast address (all bits of the host number are 0, not the current use of all bits of the host number is 1).
Gratuitous ARP
A host sends ARP packets to search for its OWN IP address. Typically, this occurs during interface configuration during system boot. If we boot host BSDI and run tcpdump on host SUN:
It can have two functions:
- A host can use it to determine whether another host has the same IP address
- If the host that sent gratuitous ARP happens to change its hardware address (probably because the host shut down, replaced its interface card, and then restarted), this grouping can update the old hardware address in the cache of other hosts accordingly.
Ar command
- -A to display all the contents of the a R P cache
- The superuser can delete an item from the ARP cache with the -d option
- The -s option increases the contents of the cache
- The pub keyword at the end of the command line, together with the -s option, enables the system to act as a host ARP proxy. The system answers ARP requests from the IP address corresponding to the host name and replies with the specified Ethernet address. If the broadcast address is the system itself, the system acts as a proxy for the specified host name.
summary
4.1 What can I do if the local ARP cache is empty after I run the bsdi % RSH svr4 ARP -a command to generate output similar to Figure 4-4? (This command will run arp-a on the SVR4 host.)
You can run the RSH command to establish TCP connections with other hosts. Doing so causes IP datagrams to be exchanged between the two hosts. This requires that the ARP cache on another host have entries for our host. Therefore, even if the ARP cache is empty before we execute the RSH command, when the RSH server executes the ARP command, there is guaranteed to be an entry for our host.
Please describe how to determine whether a given host can correctly handle the non-essential ARP requests it receives
- Make sure your host has no entries for other hosts on its Ethernet, such as Foo, in its ARP cache.
- Make sure foo sends a free ARP request when foo boots, and maybe run tcpdump on another host when Foo boots.
- Then shut down host Foo and use the arp command and make sure to specify the temp option to enter the incorrect entries into the ARP cache on Foo’s system.
- Boot Foo and, once started, look at the host’s ARP cache entry to see if the incorrect entry has been corrected.
Since ARP waits for a response after sending a packet, step 7 described in Section 4.2 May last for some time. How do you think ARP will handle multiple packets sent from the same destination IP address during this period?
Reference:
The book section 19.2
Tools.ietf.org/html/rfc112…
2.3.2.2 ARP Packet Queue
The link layer SHOULD save (rather than discard) at least
one (the latest) packet of each set of packets destined to
the same unresolved IP address, and transmit the saved
packet when the address has been resolved.
DISCUSSION:
Failure to follow this recommendation causes the first
packet of every exchange to be lost. Although higher-
layer protocols can generally cope with packet loss by
retransmission, packet loss does impact performance.
For example, loss of a TCP open request causes the
initial round-trip time estimate to be inflated. UDP-
based applications such as the Domain Name System are
more seriously affected.
Copy the code
At the end of Section 4.5, we pointed out that the Host Requirements RFC and The Berkeley derived system handle timeouts for active ARP tables differently. So what happens if, on a berkeley-derived system client, we try to contact a server host that is in a shutdown state while replacing an Ethernet card? Does this change if the server broadcasts a gratis ARP during boot?
The Berkeley derived system keeps trying to contact the server, has the server entry in the ARP cache, sends data to the address in the entry, resets the timeout for 20 minutes, and so on. In the meantime, if the server is restarted,
- The Berkeley derived system is still trying to contact the server, so the communication will not succeed.
- Manually delete arp error entries. The communication succeeds
- 20 minutes after you stop trying to communicate, you can communicate
If the server broadcasts a gratuitous ARP during boot, the Berkeley derived system updates the server entry, enabling communication