ARP and RARP

Applications use a logical address (IP address) to identify the destination host. The IP

packets are encapsulated into frames. The delivery of frames across links (source –

source, or source – router, router – router, …, router – destination) is based on local

addresses called physical or MAC addresses. The mapping of IP addresses into

physical addresses is done through the Address Resolution Protocol (ARP).

Position of ARP and RARP

in the TCP/IP Protocol Suite

“Helper

Protocols” assist

in the delivery of

IP datagrams.

ARP Operation (case: destination is on the same physical network)

Link

IP = 141.23.56.23

The MAC address of

destination is broadcast

address: 0xFF:FF:FF:FF:FF:FF

ARP Packet

4 bytes (Ethernet = 1) IPv4 = 0x0800

(Ethernet = 6)

IPv4 = 4

Opcode (1 = request, 2 = reply)

18 byte padding (to make frame payload equal to 46 bytes – ARP packet is 28 bytes)

Encapsulation of an ARP Packet

Start Field Delimiter

(10101011 = 0xAB)

46 bytes

Q: Why are ARP packets not encapsulated

into IP datagrams?

A: Because ARP packets never leave the

LAN segment

Four cases using ARP Case 1: Host to Host

The IP address of destination host is taken from the IP datagram.

Four cases using ARP (cont.) Case 2: Host to Router

The IP address of the destination (router) is not taken from the IP datagram.

Instead it is taken from the next-hop column of the routing table of the source host.

(next hop)

Four cases using ARP (cont.) Case 3: Router to Router

The IP address of destination (router) is not taken from the IP datagram.

Instead it is taken from the next-hop column of the sending router’s routing table

Four cases using ARP (cont.) Case 4: Router to Host

Now, the IP address of destination host is taken from the IP datagram.

Example 1

A host with IP address 130.23.43.20 and physical

address 0xB23455102210 has a packet to send to

another host with IP address 130.23.43.25 and

physical address 0xA46EF45983AB. The two hosts

are on the same Ethernet network. Show the ARP

request and reply packets encapsulated in Ethernet

frames.

Example 1: ARP Request

130.23.43.20

Don’t know the destination MAC address

130.23.43.25

ARP request

(46 bytes with padding) Broadcast address

Notice packet orientation!

Example 1: ARP reply

ARP reply

Notice packet orientation!

ARP Cache Table

It would be very inefficient to use ARP to deliver each IP datagram.

Therefore the most recent mappings are kept in a cache table.

In order to be consistent with network dynamics, entries in the

ARP cache have a timeout value which is used to remove aged

entries.

IP Address Physical Address Timeout

PA MACA TOA

PB MACB TOB

. . . . . . . . . . . .

ARP Cache Table (cont.)

The ARP cache of a host can be displayed with the command:

arp –a

(the command is the same on Windows and UNIX)

State Queue Attempt Time Out

Protocol Address

Hardware Address

R 5 900 180.3.6.1 ACAE32457342

F

P 14 5 201.11.56.7

ARP Cache Table (cont.)

R = resolved, P = pending, F = free (time to leave has expired)

Number of the queue

where packets are waiting

for address resolution

Life time of the

entry (sec)

Number of

ARP requests

sent

The implementation of an ARP cache table requires more than the

essential information shown on the previous two slides

ARP Implementation

All modules use threads

Timer (5 sec)

IP datagram

MAC address

of immediate

destination

(next hop or

direct)

2

1

3

Case: Sending a packet, destination IP has MAC in Cache Table (state = R)

Each destination is

given a queue (all

packets with the

same destination

are in the same

queue)

2

1

Case: Sending a packet, destination IP does not have an associated MAC

address in the cache but an entry with state = P:

Put packet in existing queue

3

2

1

Case: Sending a packet, no entry in cache corresponding to the

destination IP address:

3

4

Create a new queue

2

Case: An ARP reply arrives, corresponding IP address is in the cache

4

Dequeue all packets 3

1

2

Case: An ARP reply arrives, corresponding IP address is not in the cache

1

Create a new

entry in cache

Do you see any

security

vulnerabilities with

this practice?

Previous case in which an ARP reply arrives and the

corresponding IP address is not in the cache:

Q: When can this happen?

A: The pending entry has been deleted because:

(a) time-out expired

(b) number of attempts exceeded

and the reply finally arrives late.

Case: An ARP request arrives

1

2

We know our

own hardware

address

for (every entry in the cache table){ switch (State){ case PENDING: increment Attempt; if (Attempt > max){ State = FREE; Destroy corresponding queue;} else Send an ARP request; break; case RESOLVED: Decrement Time-Out; if (Time-Out <= 0){ State = FREE; Destroy corresponding queue;} break; case FREE: } }

Cache-Control Module Invoked by a periodic timer

(5 seconds)

If P-state within a timer

period (5 seconds), then send

the request again

Example 2

The ARP output module receives an IP datagram (from

the IP layer) with the destination address 114.5.7.89. It

checks the cache table and finds that an entry exists for

this destination with the RESOLVED state (R in the

table). It extracts the hardware address, which is

457342ACAE32, and sends the packet and the address to

the data link layer for transmission. The cache table

remains the same.

Original Cache Table (Example 2)

State Queue Attempt Time Out

Protocol Address

Hardware Address

R 5 900 180.3.6.1 ACAE32457342

P 2 2 129.34.4.8

P 14 5 201.11.56.7

R 8 450 114.5.7.89 457342ACAE32

P 12 1 220.55.5.7

F

R 9 60 19.1.7.82 4573E3242ACA

P 18 3 188.11.8.71

Example 3

Twenty seconds later, the ARP output module receives an

IP datagram (from the IP layer) with the destination

address 116.1.7.22. It checks the cache table and does not

find this destination in the table. The module adds an

entry to the table with the state PENDING and the

Attempt value 1. It creates a new queue for this

destination and enqueues the packet. It then sends an ARP

request to the data link layer for this destination.

Updated CT (Example 3)

State Queue Attempt Time Out

Protocol Address

Hardware Address

R 5 900 180.3.6.1 ACAE32457342

P 2 2 129.34.4.8

P 14 5 201.11.56.7

R 8 450 114.5.7.89 457342ACAE32

P 12 1 220.55.5.7

P 23 1 116.1.7.22

R 9 60 19.1.7.82 4573E3242ACA

P 18 3 188.11.8.71

Example 4

Fifteen seconds later, the ARP input module receives an

ARP packet with target protocol address 188.11.8.71. The

module checks the table and finds this address. It changes

the state of the entry to RESOLVED and sets the time-

out value to 900. The module then adds the target

hardware address (E34573242ACA) to the entry. Now it

accesses queue 18 and sends all the packets in this queue,

one by one, to the data link layer.

State Queue Attempt Time Out

Protocol Address

Hardware Address

R 5 900 180.3.6.1 ACAE32457342

P 2 2 129.34.4.8

P 14 5 201.11.56.7

R 8 450 114.5.7.89 457342ACAE32

P 12 1 220.55.5.7

P 23 1 116.1.7.22

R 9 60 19.1.7.82 4573E3242ACA

R 18 900 188.11.8.71 E34573242ACA

Updated Cache Table (Example 4)

Example 5

Twenty-five seconds later, the cache-control module

updates every entry. The time-out values for the first three

resolved entries are decremented by 60. The time-out

value for the last resolved entry is decremented by 25.

The state of the next-to-the last entry is changed to FREE

because the time-out is now zero. For each of the four

pending entries, the value of the attempts field is

incremented by one. After incrementing, the attempts

value for the entry with IP protocol address 201.11.56.7 is

more than the maximum of 5 and so the state is changed

to FREE and the queue deleted.

State Queue Attempt Time Out

Protocol Address

Hardware Address

R 5 840 180.3.6.1 ACAE32457342

P 2 3 129.34.4.8

P F 14 6 201.11.56.7

R 8 390 114.5.7.89 457342ACAE32

P 12 2 220.55.5.7

P 23 2 116.1.7.22

R F 60 0

R 18 900 188.11.8.71 E34573242ACA

Cache Table Updated by the Cache Control Module (Example 5)

Time-Out is decremented by 60 sec (20 + 15 + 25)

Broadcast

Unicast

RARP Used when a network configuration file is not available (e.g. on a diskless machine)

RARP Packet Format

Encapsulation of RARP Packet

Alternative Solutions to the RARP Protocol

When a diskless computer is booted, it needs

network configuration information in addition to its

IP address. For example, a system needs to know

its subnet mask, the IP address of a router on the

LAN (the gateway address), and the IP address of

a name server for hostname to IP address

translation. RARP cannot provide this extra

information. However, protocols such as DHCP

and BOOTP have been developed to provide this

information. We will discuss both the DHCP and

BOOTP protocols later in the course.

Question 1:

• A router with IP address 125.45.23.12 and

Ethernet physical address 23:45:AB:4F:67:CD

has received a packet for a host destination

with IP address 125.11.78.10 and Ethernet

physical address AA:BB:A2:4F:67:CD. Draw

a diagram showing the ARP packet sent by the

router. Assume no subnetting. Also draw a

diagram showing the ARP packet sent in

response to the first packet.

Question 2

• Draw a diagram showing the RARP packet

sent by a diskless host with Ethernet physical

address 98:45:23:4F:67:CD. Also draw a

diagram showing the RARP packet sent in

response. Assume the IP address of the host

booting up is 200.67.89.33. Assume no

subnetting and choose valid physical and

logical (protocol or IP) addresses for the

RARP (bootstrap) server.