Docstoc

ARP…

Document Sample
ARP… Powered By Docstoc
					      ARP….or

What’s your MAC address?
       Packet Transmission
• NICs transmit packets from




                               Destination
     Source



                                             2
• Each host on the network checks
  packet to see if
  – the MAC address matches its own
  – it’s a broadcast to all hosts




                                      3
Where does MAC address checking
  occur?
• TCP/IP - network interface layer
• OSI - Data Link Layer
• MAC address uniquely identifies a
  specific device on the network.
• IP address identifies a specific host on a
  specific network
• Both MAC and IP addresses are
  required                                     4
          Routed Protocols
On TCP/IP networks
• Packets of routed protocols
     • Contain Internetwork layer addressing info
        – Allows user traffic to be directed from one network to
          another
     • Define structure and use of fields within packet
• Types of routed protocols:
  – ARP
  – RARP

                                                                   5
                         ARP
• Address Resolution Protocol
  – Maps IP addresses to MAC addresses
  – ARP tables
    •   are maintained in networking devices (I.e. routers)
    •   Also called ARP cache
    •   Maintained in RAM
    •   May be modified by network administrators – but
        not typical – usually maintained by device.



                                                              6
             ARP request
• If computer cannot locate IP to MAC
  address mapping in its ARP table
  – Must obtain correct mapping
  – Initiates an ARP request
  – Source computer broadcasts ARP request to all
    hosts on local segment
  – Each device checks if packet is destined for its
    own IP address –
     • if not – ignores
     • If yes - responds


                                                       7
                        ARP frame
• Logical configuration
• Frame header

                   Frame Header
    MAC header               IP Header   ARP Request Message
   Destination           Destination     What is your MAC
   Ff-ff-ff-ff-ff-ff     192.168.1.100   address?
   Source                Source
   00-00-BC-12-34-56     192.168.1.205


                                                               8
Real packets:
• 28 octets
  – Hardware types
  – Protocol types
  – Message lengths




                      9
• Source host does not know the MAC
  address of the destination.
• ARP request frame is a broadcast to all
  MAC addresses

             MAC header
        Destination

        Ff-ff-ff-ff-ff-ff
        Source
        00-00-BC-12-34-56



                                            10
• All devices on the local segment will
  investigate the frame to check if their
  own IP address matches the destination
  IP address.

          IP Header
    Destination
    192.168.1.100     ME?
    Source
    192.168.1.205




                                            11
• If no – discard the packet
• If yes:
    – Reads rest of packet
    – Returns ARP reply
• ARP reply
    – Supplies MAC address of the host.


                      no       no


                                       Hey –my IP matches
Source: Arp Request
                      My MAC address
                                                            12
           ARP Cache Life
• Source checks its local ARP cache before
  sending request
  Must contain current information – else data
   packets could be routed to the wrong host.
• ARP table directs data packets to a
  specific network card based on mapping
  Mapping must be correct


                                                  13
  – Host addresses can change … so old ARP table
    mappings can cause misrouted packets.
• To avoid problems
  – Networking devices place a TTL (time-to-live) on
    ARP entries.
     • Ex. Microsoft operating systems use a two-to ten-minute
       TTL.
     • Using TTLs the operating system ensures that ARP
       cache is never outdated for more than 10 min
• Process of removing ARP entries from an
  ARP table is called aging out.
• In addition, devices on network replace ARP
  entries whenever they receive new
  information.
  – Ex. If computer receives packet from host with               14
    new info, old info is replaced.
                  RARP
Reverse Address Resolution Protocol
• Similar to ARP (used to bind MAC
  addresses to IP addresses)
• Used primarily by diskless workstations.
  – NIC with MAC address
  – No IP addresses



                                             15
• Diskless Workstations
  – Don’t have hard drives that hold IP
    configurations
  – Must obtain IP address each time they boot
    up.
  – Client’s IP config must be stored on a RARP
    server.
  – RARP server maintains table of IP address
    to MAC address mappings for RARP
    clients.
  – During boot-up RARP clients call RARP
    server to obtain their IP config information.
                                                16
RARP Frame vs. ARP Frame
                     Frame Header

   MAC header                 IP Header    ARP Request Message
Destination             Destination
Ff-ff-ff-ff-ff-ff
                        255.255.255.255    What is my IP
Source
00-00-8C-12-34-56
                        Source             address?
                        0.0.0.0



                     Frame Header
                                           ARP Request Message
    MAC header                 IP Header
 Destination             Destination
 Ff-ff-ff-ff-ff-ff                         What is your MAC
 Source                  192.168.1.100     address?
 00-00-8C-12-34-56
                         Source
                         192.168.1.205
                                                                 17
                More info….
• Note: IP header does not have specific
  destination or source IP
  – Source does not know which device is RARP
    server
     • must broadcast to all devices on the segment




                                                      18
              RARP Client
• RARP client receives RARP reply:
  – Configures its IP networking
  – Copies its IP address config info into local
    RAM
  – After settings have been received, client can
    use MAC and IP address to send packets on
    the network



                                                    19
• When diskless workstation reboots, or is
  shut down
  – IP config is lost
  – Each time workstation reboots it must
    obtain IP config from RARP server.




                                             20
      Compare ARP & RARP
Similarities
• Both are concerned with mapping IP to
  MAC addresses
• Both use same packet format
• Both use broadcast addresses for their
  task.



                                           21
Differences
• ARP - obtains MAC address of other clients
  by using an IP address
• RARP – obtains its own (local host) IP
  address by using its own (local host’s) MAC
  address
• ARP packets are broadcast on local network
  by using broadcast MAC address (ff-ff-ff-ff-ff-
  ff)
• RARP uses broadcast IP address
  (255.255.255.255) as well as broadcast MAC
  address (ff-ff-ff-ff-ff-ff)
                                                    22
• ARP table maintained by local host
• RARP table maintained by RARP
  server
• ARP reply is used by local host to
  update its ARP table and to send
  packets to destination.
• RARP reply is used to configure the IP
  protocol of a local host.


                                           23

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:8
posted:4/19/2011
language:English
pages:23