Unit 4 Address Resolution Overview Description IP addresses are assigned to hosts and are logically independent of their physical address. The network-layer software must depend on the data link layer to deliver data to a host on the same physical network. Therefore, the IP address must be mapped to the physical (MAC) address of the host. The Address Resolution Protocol (ARP) is used to associate known IP addresses to unknown physical hardware, MAC, addresses. A node uses ARP with another node when it determines that the destination address is on a directly attached network. The node can determine if the host is local by comparing the network portion (including the subnet) of its own address with the destination address. Reverse Address Resolution Protocol (RARP) is used to associate a known MAC address to an unknown IP address. As its name indicates, it is simply the reverse of ARP. Unit Table of Contents This unit contains the following lesson: Lesson Pages Length Lesson 4-1: Address Resolution Protocol 162-182 5 hours ST0025804A 161
Unit 4: Address Resolution Lesson 4-1: Address Resolution Protocol At a Glance ARP, the Address Resolution Protocol, is a member of the TCP/IP protocol suite that is used to translate between logical IP addresses, and physical MAC addresses. It accomplishes this task by building a correspondence table of IP and MAC addresses, using specialized packets, broadcast on the local network. What You Will Learn After completing this lesson, you will be able to do the following: Diagram how the ARP mechanism is used in address resolution. Describe Gratuitous ARP. Describe Proxy ARP. Interpret an ARP Cache. 162 ST0025804A Routing
Lesson 4-1: Address Resolution Protocol Tech Talk ARP Cache Another term for ARP Table. A storage mechanism that associates all the IP addresses of the hosts on a network with their MAC addresses. ARP Cache Timeout The time period during which a proxy must rebind or link its addresses. The proxy s hosts are unavailable until the hosts using it as a proxy re-request their addresses. ARP Reply Contains both the IP and MAC addresses for the destination host. Issued in response to the ARP request. ARP Request Contains the IP address of the host computer attempting to send a packet across the network. ARP Table A table that associates all the IP addresses of the hosts on a network with their MAC Addresses. Gratuitous ARP A method for a host to request its own address. Proxy ARP A method that allows hosts on different LANs to successfully transmit packets across an internetworking environment. Hosts may act as a representative for other hosts on different LANs. ST0025804A 163
Unit 4: Address Resolution The ARP Mechanism ARP, the Address Resolution Protocol, is different than other protocols in the TCP/IP suite. Instead of being a peer-to-peer protocol, it is the interface between IP, a Layer 3 protocol, and an underlying Layer 2 protocol, which it depends upon for transport. To understand the need for ARP, consider the network illustrated below. Suppose that host A s IP layer has a packet destined for address 168.192.10.12. It transmits this packet across the network. Host A Transmits a Packet to Host C A 168.192.10.254 08.00.20.92.b1.7f 168.192.10.5 08.00.20.92.b1.04 B C 168.192.10.12 08.00.20.92.b1.52 168.192.10.12 Packet 164 ST0025804A Routing
Lesson 4-1: Address Resolution Protocol The Ethernet layer encapsulates the IP packet for transport. The IP Packet is Encapsulated in an Ethernet Frame A 163.192.10.254 168.192.10.254 08.00.20.92.b1.7f 163.192.10.5 168.192.10.5 08.00.20.92.b1.04 B C 163.192.10.12 168.192.10.12 08.00.20.92.b1.52 2 168.192.10.12 Packet Ethernet IP Header? 03.00.20.92.b1.7f...... 168.192.10.254 168.192.10.12 Data Preamble Source MAC Address Destination MAC Address IP Source Address IP Destination Address In order for the host to be able to transport the IP packet, it must be able to determine the destination MAC address corresponding to the destination IP address in a packet it is to transport. To do this, it must refer to an ARP table, also known as an ARP cache, that associates the IP addresses and MAC addresses of all the hosts on a network. The ARP Table or Cache IP Address 168.192.10.254 168.192.10.5 168.192.10.12 MAC Address 08.00.20.92.b1.7f 08.00.20.92.b1.04 08.00.20.92.b1.52 ST0025804A 165
Unit 4: Address Resolution This table relates IP addresses to the corresponding MAC addresses. If the destination IP address is in this table, the host only needs to look up the destination IP address and insert the corresponding MAC address in the Ethernet frame. It can then transmit the packet to the destination. Building The ARP Table In the previous example, the Host A is attempting to transport a packet addressed to 192.168.10.12, Host C. To do so, it first looks in the ARP table to see if it can find a corresponding MAC address. If the MAC address is not in the table, it constructs an ARP Request. The ARP request contains the IP address of the host computer attempting to send a packet across the network. Ethernet Header ARP Request Ff.ff.ff.ff.ff.ff 03.00.20.92.b1.7f...... 08.00.20.92.b1.7f 168.192.10.254 00.00.00.00.00.00 168.192.10.12 Preamble Source MAC Address Source MAC Address Destination MAC Address Destination MAC Address Source IP Address Destination IP Address The ARP Request Format This packet is sent to the Ethernet broadcast address, so all connected hosts receive it. Since the sending host has put its source MAC and IP addresses into the packet, all receiving hosts add an entry for the source to their own ARP tables. 166 ST0025804A Routing
Lesson 4-1: Address Resolution Protocol Only one of the hosts (host C in the example) is using the destination IP address. That host constructs an ARP reply and returns it to the requester. The ARP Reply Format Ethernet Header ARP Reply Ff.ff.ff.ff.ff.ff 03.00.20.92.b1.7f...... 08.00.20.92.b1.7f 168.192.10.254 08.00.20.92.b1.52 168.192.10.12 Preamble Source MAC Address Source MAC Address Destination MAC Address Destination MAC Address Source IP Address Destination IP Address This ARP reply contains both the IP and MAC addresses for host C. Host A, when it receives the frame, can make the appropriate entries in its ARP table. Host A can now send its original packet to C. Because C created an ARP entry for A, when A made its ARP request, it can reply. Check Your Understanding Briefly describe how an ARP table is built. ST0025804A 167
Unit 4: Address Resolution ARP Packet Format ARP is defined to be a universal mechanism for relating addresses between two protocols. The ARP packet illustrated can be encapsulated in a datalink protocol as a broadcast message. ARP Packet Format for IP Over Ethernet Source Destination Hardware Type Protocol Type H S 1 Z P S 1 Z Hardware Address Protocol Address Hardware Address Protocol Address 2 octets 2 octets HS1Z octets 1 octet 1 octet PS1Z octets HS1Z octets PS1Z octets The fields in an ARP packet are: Hardware type: 2 octets This field identifies the specific data-link protocol being used. For Ethernet, the value of this field is 1. Protocol type: 2 octets As the hardware type identified the data-link protocol, this field identifies the network protocol. For IP, the value of this field is 2048. Hardware address size: 1 octet This field specifies the length, in octets, of a MAC address in fields 5 and 7 of the ARP packet. For Ethernet, the value of this field is 6 Protocol address size: 1 octet Analogous to the hardware address size, this field specifies the length, in octets, of the protocol addresses in fields 6 and 8 of the ARP packet. Addresses: varying The next four fields are the source hardware, and protocol addresses, and the destination hardware and protocol addresses, respectively. The two hardware addresses are the length specified in the Hardware address size field, and the protocol addresses are the length specified in the Protocol address field. In the case of IP over Ethernet, this corresponds to two 6-octet fields, and two 4-octet fields, for a total of 20 octets. 168 ST0025804A Routing
Lesson 4-1: Address Resolution Protocol Gratuitous ARP Gratuitous ARP is used as a method for a host to request its own address. It is usually done when the host first boots up to inform the other hosts on the network of its address, often a new MAC address, and to verify it does not have a duplicate MAC address. In the previous example, Hosts A and C created entries for each other in their respective ARP tables. Suppose, however, that for some reason Host C s addressing information changes. One way this could happen is when a NIC fails and must be replaced. When the NIC is replaced, the new NIC will have a new MAC hardware address. Because Host A still has Host C s old MAC address in its ARP table, it will continue to attempt to send any packet addressed to C using the old MAC address. It will continue to do this until Host A is no longer connected to the network. In order to correct this problem whenever a host changes either its MAC or its logical address, it performs a gratuitous ARP request for its own logical address. This accomplishes two things: If any other host replies, there is a logical address conflict. This usually generates a system warning. Since all hosts update their ARP tables in response to an ARP request, any old MAC addresses for a new host are eliminated. ST0025804A 169
Unit 4: Address Resolution Proxy ARP Proxy ARP is a method that allows hosts on different LANs to successfully transmit packets across an internetworking environment. Suppose that Host A has an IP packet addressed to Host D. According to the normal ARP process, it might send a request to all other hosts physically connected to its network, in an attempt to discover a MAC address for Host D. Since Host D is not physically connected to Host A s network, A will receive no reply. Eventually it will conclude that Host D is unreachable, and report an error. Host A Sends an ARP Request A B ARP Request D s address? D E Router C F 170 ST0025804A Routing
Lesson 4-1: Address Resolution Protocol Suppose however, that the router has Proxy ARP enabled and it recognizes ARP requests for Host D, located on the other side. Host D can not reply to the ARP request. However, the router, when it sees the ARP request from Host A to Host D, replies with its own MAC address. The Router Replies A D B ARP Reply with Router address Router E C F ST0025804A 171
Unit 4: Address Resolution Host A, assuming that it now has Host D s MAC address, makes the corresponding entry in its ARP table, and sends the packet to the router. It is up to the router to recognize that the packet is intended for Host D, and to arrange its delivery. The router is serving as a proxy for Host D. The Router Becomes Host D s Proxy A Packet D B E Router C F Proxy ARP is occasionally used by routers to forward packets between hosts when a router is inserted to subnet a network. The hosts on the network that have not yet been converted (ARP Table has not been updated) to the new subnet would expect to transmit packets directly to all other hosts, even those newly located behind the inserted router. The router must act as a proxy for those hosts newly subnetted. Check Your Understanding Diagram the differences between gratuitous ARP and proxy ARP. 172 ST0025804A Routing
Lesson 4-1: Address Resolution Protocol Proxy ARP Versus Bridging A bridge delivers a packet based on its destination MAC address. The source host puts the destination host s MAC address into the frame. Bridges forward the packet to the destination based on that address. Proxy ARP is based, instead, on the binding between a MAC address, and a logical address. Because the two are separate, an intermediate router can proxy for any host to which it knows a path. The proxy can make distant hosts appear to be on the local network. Like transparent bridging, proxy ARP is invisible to the source host. Unlike bridging, however, the source never needs to know a MAC address for the destination. Instead it discovers, dynamically, a proxy that will forward the packet. Proxy ARP has its shortcomings, too. There is no mechanism through which a proxy can perform gratuitous ARP for all hosts for which it is a proxy. If the proxy must re-bind its addresses, the hosts for which it is a proxy will be unavailable until the hosts using it as a proxy re-request their addresses. Commonly this period, the ARP cache timeout, is approximately 20 minutes. Proxy ARP also means that each source host must have a separate entry for each destination to which it sends. It is not uncommon for a large server for the World Wide Web to interact with hundreds of different hosts per minute. Such a server might have to have thousands of different ARP entries. ST0025804A 173
Unit 4: Address Resolution Try It Out Examine Your ARP Cache To do this experiment, you will need to refer to the diagram of your classroom network. This should be located in your portfolio. If not, or if your class network has changed, you should diagram the network before beginning this activity. Materials Needed: Classroom Network Diagram Classroom Network Windows 95 PC Any Word Processor (e.g., MS Word) Pen/Pencil and Paper Student Portfolio Record your experiences, results, specifications, and conclusions in your portfolio. Write summary of the lab. It is quite simple to examine the ARP cache on our workstation. 1. Open the MS-DOS Prompt from the Start/Programs menu. 2. At the prompt, type arp a. 3. When the ARP Table appears, answer the following questions: a. Where are the IP addresses? b. Which column contains MAC addresses? 4. Refer to a diagram of your network and decide whether or not there are entries in the table that surprise you. Are there any that you would expect to be there that are not? If so, speculate as to why? 5. If there is an address that you think is missing from the ARP cache, try pinging it, and then look in the table again. Is it there now? What do you think happened? a. To ping, type in the command prompt ping and the IP address of the station you wish to ping. 174 ST0025804A Routing
Lesson 4-1: Address Resolution Protocol 6. Are there some IP addresses that you can ping successfully, but that you cannot get to appear in the ARP cache? Can you explain why? 7. Leave your workstation untouched for 30 minutes, and examine the ARP cache again. Can you explain what has happened, and why? Rubric: Suggested Evaluation Criteria and Weightings Criteria % Your Score Individual Summary (on-time delivery) 25 Analysis and synthesis of information 50 Summary organized and in format suitable for reproduction 25 TOTAL 100 ST0025804A 175
Unit 4: Address Resolution Stretch Yourself The ARP Game Materials Needed: Windows 95 PC (optional) Any Word Processor (e.g., MS Word) (optional) Pen/Pencil and Paper Devise a team action game for 6-8 students based on the Address Resolution Protocol. Document a simple set of rules and describe their relationship to ARP. Rubric: Suggested Evaluation Criteria and Weightings Criteria % Your Score Simple, but clear set of rules. 25 Creative and enticing game. 50 Accurate relationship to ARP concepts. 25 TOTAL 100 176 ST0025804A Routing
Lesson 4-1: Address Resolution Protocol Network Wizards Hubs and Switches Materials Needed: 2 BayStack 152 Hubs 2 BayStack 153 Hubs 2 Nortel Networks 350T Switches 2 Straight Through Ethernet Cables (Cat. 5 w/ RJ-45 connectors) 2 Windows 95 PCs Any Word Processor (e.g., MS Word) Pen/Pencil and Paper Student Portfolio For this experiment you will need a network configured as shown below: BayStack Hub WS1 WS2 Be sure to use the BayStack 152 Hub for this first experiment. Work in groups of three. Record your experiences, results, speculations, and conclusions in your portfolio. Write a summary of the lab. ST0025804A 177
Unit 4: Address Resolution Part One 1. Open the MS-DOS Prompt from the Start/Programs menu on WS1. 2. Ping WS2 using the command ping -t and WS2 s IP address. 3. The -t flag tells ping to keep pinging WS2 until you explicitly stop it, using a Control-C. 4. Start ping running, and verify that there is connectivity between WS1 and WS2. 5. As you watch the ping responses scroll by, speculate about what you think will happen if you unplug WS1's cable from its socket on the hub, and then quickly plug it back in. 6. Try it. Did it do what you expected? 7. Experiment with disconnecting and reconnecting cables in several other places. Is there any place in which unplugging the cable will cause ping to fail irretrievably? Is there a maximum amount of time, after which ping will not restart? 178 ST0025804A Routing
Lesson 4-1: Address Resolution Protocol Part Two Now try another scenario. 1. Start ping and quickly reverse the cables from the two different WS1 WS1 BayStack 152 Hub BayStack 152 Hub WS2 Before WS2 After workstations in their hubs, as shown below. 2. Record your observations. 3. Is this behavior what you expected? Part Three Repeat this entire experiment using the BayStack 153 Hub, and then the 350-T Switch. Are the results the same? Explain. Rubric: Suggested Evaluation Criteria and Weightings Criteria % Your Score Group cooperative participation 25 Analysis and synthesis of information 50 Summary organized and documented for portfolio 25 TOTAL 100 ST0025804A 179
Unit 4: Address Resolution Summary In this lesson, you learned the following: How the ARP mechanism is used in address resolution. The description of Gratuitous ARP. Description of Proxy ARP. How to interpret an ARP Cache. Review Questions Name Lesson 4-1: Address Resolution Protocol Part A Diagram how ARP creates an ARP Table. Summarize the steps. Part B Describe Gratuitous ARP and the primary reason this form of ARP is so important. Include an example in your description. Part C Describe Proxy ARP and the primary reason this form of ARP is so important. Include an example in your description. 180 ST0025804A Routing
Lesson 4-1: Address Resolution Protocol Scoring Rubric: Suggested Evaluation Criteria and Weightings Criteria % Your Score Part A: Diagram how the ARP mechanism is used in address resolution 50 Part B: Describe Gratuitous ARP 25 Part C: Describe Proxy ARP 25 TOTAL 100 Try It Out: Interpret an ARP Cache 100 Stretch Yourself 100 Network Wizards 100 FINAL TOTAL 400 ST0025804A 181
Unit 4: Address Resolution Resources Comer, D. E. (1995). Internetworking With TCP/IP: Principles, Protocols, and Architecture 3rd edition, Prentice Hall, Upper Saddle River, New Jersey. Free Soft. (2000). Connected: An Internet Encyclopedia ARP Protocol Overview. Available Online: http://www.freesoft.org/cie/topics/61.htm. Perlman, R. (1992). Interconnections: Bridges and Routers, Addison- Wesley Publishing Co.,Reading, MA. Stevens, W. R.(1994). TCP/IP Illustrated, Volume 1: The Protocols, Addison-Wesley Publishing Co., Reading, MA. 182 ST0025804A Routing