Chapter 8

Address
Resolution
Protocol
(ARP)

*
 OBJECTIVES:
To make a distinction between logical address (IP address) and
physical address (MAC address).
To describe how the mapping of a logical address to a physical
address can be static or dynamic.
To show how the address resolution protocol (ARP) is used to
dynamically map a logical address to a physical address.
To show that the proxy ARP can be used to create a subnetting
effect.
To discuss ATMARP, which maps the IP addresses when the
underlying network is an ATM WAN.
To show that an ARP software package can be made of five
components.
To show the pseudocode for each module used in the ARP
software package.

*
 8-1 ADDRESS MAPPING

Internet is made of a combination of physical networks connected via

routers.
A packet starting from a source host may pass through several physical
networks.
The hosts and routers are recognized at the network level by their
logical address(implemented in software).
IP address is 32 bits long.
The packet pass through physical networks to reach hosts and routers.
Host and routers are recognized by physical addresses.
A physical address is a local address(implemented in hardware).
Physical address is 48-bit MAC addresses in Ethernet protocol, which
is imprinted on the NIC installed in the host or router.

TCP/IP Protocol Suite *

 8-1 ADDRESS MAPPING

The physical address and logical address are two identifiers.

physical network such as Ethernet (LAN Technology) have two
different protocols at network layer such as IP and IPX(Novell)at the
same time.
Network layer such as IP may pass through different physical networks
such as Ethernet and Local Talk.

To deliver a packet to host or router needs two levels of addressing:

Logical and Physical.
So map a logical address to its corresponding physical address and vice
versa.

These can be done using either static or dynamic mapping.

TCP/IP Protocol Suite *

 8-1 ADDRESS MAPPING

Static Mapping:
Create a table that associates a logical address with physical address.
This table is stored in each machine on the network. Each machine can
know the IP address of other machine but dont know the physical
address.
This has some limitations because physical address may change in the
following ways:
1.A machine could change its NIC, resulting in a new physical address.
2.In some LANs, such as LocalTalk, the physical address every time
changed when the computer turned on.
3.A mobile computer can move from one physical network to another,
resulting in a change in its physical address.
To implement these changes, a static mapping table must be updated
periodically.
TCP/IP Protocol Suite *
 8-1 ADDRESS MAPPING

Dynamic Mapping:
Each time a machine knows the logical address of another machine, it
can use a protocol to find the physical address.

Two protocols designed to perform dynamic mapping:

1.Address Resolution Protocol(ARP)
2.Reverse Address Resolution Protocol(RARP)

TCP/IP Protocol Suite *

 8-1 ADDRESS MAPPING

Anytime a host or a router has an IP datagram to send to another host or

router, it has the logical (IP) address of the receiver. But the IP datagram
must be encapsulated in a frame to be able to pass through the physical
network. This means that the sender needs the physical address of the
receiver. A mapping corresponds a logical address to a physical address.
ARP accepts a logical address from the IP protocol, maps the address to
the corresponding physical address and pass it to the data link layer.

TCP/IP Protocol Suite *

 8-1 ADDRESS MAPPING

A packet to sent through router or host, it has logical (IP) address of the
receiver. But the IP datagram must be encapsulated in a frame to be able
to pass through the physical address.
The sender needs a physical address of the receiver. A mapping of
logical address to physical address shown in figure 8.1.

TCP/IP Protocol Suite *

 Topics Discussed in the Section

Packet Format
Encapsulation
Operation
Proxy ARP

TCP/IP Protocol Suite *

 Figure 8.1 Position of ARP in TCP/IP protocol suite

TCP/IP Protocol Suite *

 Figure 8.2 ARP operation

A Send ARP query packet

TCP/IP Protocol Suite *

 Note

An ARP request is broadcast;

an ARP reply is unicast.

TCP/IP Protocol Suite *

 Figure 8.3 ARP packet

TCP/IP Protocol Suite *

 ARP Packet Format Ethernet Frame
6B 6B 2B 4B
dest. src.
type data CRC
addr. addr.

16 bits 0806(ARP) 16 bits

8 bits

Hardware type Protocol type

(Ethernet =1)
Hardware (IPv4 = 080016)
Protocol
Length Operation
Length
(Ethernet = (Request=1, Reply=2)
(IPv4 = 4)
6) Sender Hardware Address
(Ethernet = 6 bytes)
Sender Protocol (IP) Address
(IPv4 = 4 bytes)
Target Hardware Address
(Ethernet = 6 bytes) (?? Not filled in a request)
Target Protocol (IP) Address
(IPv4 = 4 bytes)

http://network.hanbat.ac.kr ARP and RARP

*
 Figure 8.3 ARP packet

Hardware Type:
16-bit field.
Define the network type on which ARP is running.
LAN Assigned an integer based on its type.
Foe Ethernet (0x0001)16

TCP/IP Protocol Suite *

 Figure 8.3 ARP packet

Protocol Type:
- 16-bit field.
- Define the protocol
- For IPv4 (0x0800). Because its corresponds to Ether type
code for Internet protocol.
Hardware length:
- 8-bit field.
- define length of physical address.
- Ethernet value=6.
Protocol length:
- 8-bit field.
- define length of logical address.
- IPv4 protocol value=4
Operation:
- 16-bit field.
- ARP request (1), ARP reply (2).
TCP/IP Protocol Suite *
 Figure 8.3 ARP packet

Sender Hardware Address:

- define the physical address of the sender.
- Ethernet this field is 6 byte long.
Sender Protocol Address:
- define the logical(IP) address of the sender.
- IP protocol this field value is 4 byte long.
Target Hardware Address:
- define the physical address of the target.
- Ethernet this field is 6 byte long.
- ( not filled in ARP request)
Target Protocol Address:
- define the logical address of the target.

TCP/IP Protocol Suite *

 Figure 8.4 Encapsulation of ARP packet

ARP Packet is encapsulated directly into a frame. in figure 8.4 it is

encapsulated in Ethernet frame.

Example:
A data packetA data packet on an Ethernet link is called an
Ethernet frame.

TCP/IP Protocol Suite *

 Figure 8.4 Encapsulation of ARP packet

Ethernet the maximum frame size 1526 bytes (maximum 1500 byte payload + 8 byte
preamble + 14 byte header + 4 Byte trailer).

Preamble :
- 8-byte field, (7-byte of preamble and 1-byte of SFD)
- pattern1 and 0 bits
- value - 10101010 10101010 10101010 10101010 10101010
10101010 10101010
- For time synchronization ,
- locate the first bit of the packet,
- allows devices on the network to easily detect a new incoming frame.

SFD : Start Frame Delimiter CRC: Cyclical Redundancy check

- value- 10101011 - Provides error checking
- break the pattern of Preamble
and signal start of the actual frame.
*
TCP/IP Protocol Suite
 Example

that ARP is not an IP protocol. That is, the ARP packets do not have IP
headers. Suppose you are on system 128.6.4.194 and you want to connect to
system 128.6.4.7. Your system will first verify that 128.6.4.7 is on the same
network, so it can talk directly via Ethernet. Then it will look up 128.6.4.7 in
its ARP table, to see if it already knows the Ethernet address. If so, it will stick
on an Ethernet header, and send the packet. But suppose this system is not in
the ARP table. There is no way to send the packet, because you need the
Ethernet address. So it uses the ARP protocol to send an ARP request.
Essentially an ARP request says I need the Ethernet address for 128.6.4.7.
Every system listens to ARP requests. When a system sees an ARP request for
itself, it is required to respond. So 128.6.4.7 will see the request, and will
respond with an ARP reply saying in effect 128.6.4.7 is 8:0:20:1:56:34.
(Recall that Ethernet addresses are 48 bits. This is 6 octets. Ethernet addresses
are conventionally shown in hex, using the punctuation shown.) Your system
will save this information in its ARP table, so future packets will go directly.
Most systems treat the ARP table as a cache, and clear entries in it if they have
not been used in a certain period of time.
TCP/IP Protocol Suite *
 Figure 8.5 Four cases using ARP

TCP/IP Protocol Suite *

Example 8.1
A host with IP address 130.23.43.20 and physical address
B2:34:55:10:22:10 has a packet to send to another host
with IP address 130.23.43.25 and physical address
A4:6E:F4:59:83:AB. The two hosts are on the same
Ethernet network. Show the ARP request and reply packets
encapsulated in Ethernet frames.

Solution
Figure 8.6 shows the ARP request and reply packets. Note
that the ARP data field in this case is 28 bytes, and that the
individual addresses do not fit in the 4-byte boundary. That
is why we do not show the regular 4-byte boundaries for
these addresses. Also note that the IP addresses are
shown in hexadecimal.

TCP/IP Protocol Suite *

 Figure 8.6 Example 8.1

TCP/IP Protocol Suite *

 Proxy ARP

Proxy ARP (Address Resolution Protocol) is a technique by which a device on a given network
answers the ARPis a technique by which a device on a given network answers the ARP queries for
a network addressis a technique by which a device on a given network answers the ARP queries
for a network address that is not on that network. The ARP Proxy is aware of the location of the
traffic's destination, and offers its own MAC address in reply, effectively saying, "send it to me,
and I'll get it to where it needs to go." Serving as an ARP Proxy for another host effectively directs
LAN traffic to the Proxy. The "captured" traffic is then typically routed by the Proxy to the
intended destination via another interface or via a tunnel. The process which results in the node
responding with its own MAC address to an ARP request for a different IP address for proxying
purposes is sometimes referred to as 'publishing'.

Proxy ARP is a way to make a machine physically located on one network appear to be logically
part of a different physical network connected to the same router/firewall. Typically it allows us to
hide a machine with a public IP address on a private network behind a router.

Uses:
1) Joining a broadcast LAN with serial links

TCP/IP Protocol Suite *

 Figure 8.7 Proxy ARP

TCP/IP Protocol Suite *

 RARP
Reverse Address Resolution Protocol
Some hosts, such as diskless workstations, do not know their own
IP address when they are booted.
They only knows the MAC address saved in ROM
To determine their own IP address, they use a mechanism
similar to ARP, but now the hardware address of the host is the
known parameter, and the IP address the queried parameter.
A RARP server exist on the network that maintains that a database
of mappings from hardware address to network address must be
pre-configured.
Packet format
The format of the ARAP packet is exactly the same as the ARP
packet except that the operation field is either 3 (RARP request)
or 4 (RARP response)

http://network.hanbat.ac.kr ARP and RARP

*
 RARP Example Operation
? 202.30.46.2 202.30.46.
3

E0:3:FE:13:F0:1 E0:3:FE:13:F0:1
1 3
FF:FF:FF:FF:FF:
dst.
FF
E0:3:FE:13:F0:11 src. 1
0x8035 type (rarp) E0:3:FE:13:F0:11
0x01 0x0800 E0:3:FE:13:F0:13
0x 0x 0x03(re
RARP 0x8035
06 04 q)
Req E0:3:FE:13:F0:11 0x01 0x0800
0x 0x 0x04(rs
0x0
0x0
2 06 04 p)
E0:3:FE:13:F0:13
0x0 202.30.46.3
CRC E0:3:FE:13:F0:11
202.30.46.2

http://network.hanbat.ac.kr ARP and RARP

*
 1) A _______ address is an internetwork address with universal
jurisdiction.
A) physical
B) logical
C) port
D) None of the choices are correct
2) The logical addresses in the TCP/IP protocol suite are called _______
addresses.
A) port
B) IP
C) Email
D) None of the choices are correct
3) A ________ is a local address. Its jurisdiction is over a local network.
A) physical
B) logical
C) port
D) None of the choices are correct

TCP/IP Protocol Suite *

 4) In _______, a table associating a logical address with a physical
address is updated manually.
A) static mapping
B) dynamic mapping
C) physical mapping
D) None of the choices are correct

5) A _______ is an ARP that acts on behalf of a set of hosts.

A) ARP
B) RARP
C) proxy ARP
D) None of the choices are correct

TCP/IP Protocol Suite *

 6) The target hardware address on an Ethernet is _______ in an ARP
request.
A) 0x000000000000
B) 0.0.0.0
C) variable
D) class dependent
7) An ARP reply is normally _______.
A) broadcast
B) multicast
C) unicast
D) None of the choices are correct
8) An ARP request is normally _______.
A) broadcast
B) multicast
C) unicast
D) None of the choices are correct

TCP/IP Protocol Suite *