The ARP is responsible for converting
the higher level protocol addresses (IP addresses) to physical network addresses.
It is described in RFC 826.
On a single physical network, individual hosts are known on the network by their
physical hardware address. Higher level protocols address destination hosts
in the form of a symbolic address (IP address in this case). When such a protocol
wants
to send a datagram to destination an IP address, the device driver does not
understand this address.
Therefore, a module (ARP) is invoked that will translate the IP address to the
physical address of the destination host. It uses a lookup table (sometimes
referred to as the ARP cache) to perform this translation. When the address
is not found in the ARP cache, a broadcast(on Ethernet to the destination address
of ff:ff:ff:ff:ff:ff) is sent out on the network, with a special format
called the ARP request. If one of the machines on the network recognizes its
own IP address in the request, it will send an ARP reply
back to the requesting host. The reply will contain the physical hardware address
of the host and source route information (if the packet has crossed bridges
on its path). Both this address and the source route information are stored
in the ARP cache of the requesting host. All subsequent datagrams to this destination
IP address can now be translated to a physical address, which is used by the
device driver to send out the datagram on the network.
ARP was designed to be used on networks that support hardware broadcast. This
means, for example, that ARP will not work on an X.25 network.
-IP addresses only make sense to TCP/IP protocols(IP, TCP, UDP, FTP, TELNET, DNS, HTTP,...)
-A Data Link Layer(Ethernet, Token Ring, ...) does not understand IP addresses
-Data Link layers have their own addressing mechanism--48-bit hardware addresses e.g. 00-10-4B-2E-82-B1
-The device driver(of network card) never uses IP address
-The device driver has to know the destination's hardware address
-Initially, the destination's hardware address is not known
-ARP let's the Data Link Layer find the hardware address--mapping between IP & Hardware address
Arp uses Ethernet broadcast address for destination address -- ff:ff:ff:ff:ff:ff which will be received by all Ethernet interfaces!
ARP Cache
-A host keeps the recent mappings
-Normal expiration time is few minutes(2 minutes is default on Windows systems)
-"arp -a" will display all entries in the cache--which may look like:
Intenet address Physical address
----------------------------------------------------
132.241.4.10 08:00:20:03:f6:42
132.241.4.11 08:00:09:bc:ff:3f
…….
Arp -d 132.241.4.10 ---deletes an entry
ARP Demo using a protocol analyzer--Sniffer
There is a homework associated with it--Homework #4 on WebCT
Proxy ARP
When ARP Request with IP address outside of the subnet, a router can be configured
to intercept and act as a proxy agent for the destination host--relaying packets
to proper station
This feature is used to create a subnetting effect without changing entire setup(of
hosts and routers) to recognize subnetted addresses.
Gratuitous ARP
-A host sends(at boot time) an ARP Request with its own IP address--asking "Who
is 132.241.4.12?"
-Why?
1)To avoid IP address conflict(duplicate
IP address problem) with another computer in the subnet
2)To let other hosts(and routers) to update their ARP cache in case a host's
hardware(NIC) is changed--the host is shut down and a new NIC installed and
booted up again
RARP(Reverse Address Resolution Protocol)
When a system with local disk is bootstrapped, it obtains its IP address from a configuration file, but how about a system without a disk(diskless workstation)?
A diskless workstation can get its hardware address from the NIC and sends an RARP Request (broadcasted) to a server which contains the mapping of Hardware address and IP address
RARP Requests are hardware-level broadcasts and they are not forwarded by routers
So, to allow a diskless workstations to boot up reliably, usually multiple RARP servers are provided on a single network evnen though this set up results into--->all servers reply --> network traffic increases
Normally, the 1st RARP Reply received
will be used
