BAI513 - PROTOCOLS ARP BAIST – Network Management
Objectives At the end of this presentation, the student will be able to: Describe the history of ARP Describe the ARP Address Resolution Process Describe the fields contained in the ARP header.
History of ARP ARP is not your typical protocol Non-routable No network layer component Used for resolution of MAC-layer address with a known L3 address Also used to test for duplicate IP addresses on a network segment DHCP test
Types of ARP Packets Two types Both use the same format ARP request ARP reply Both use the same format Differentiated by the ‘Opcode’ field
How ARP Works Machines using ARP maintain a local cache of addresses already resolved Cuts down on broadcasts on the network Use command ‘arp –a’ from the command prompt of your PC to view Entry is removed if not used within a certain period of time Machine looks to local cache first before sending ARP request on network
Sample Network
How ARP Works Host-1 needs to talk to host-4 Therefore No local cache entry Therefore Host-1 broadcasts an ARP request to all devices on subnet 1 A query asking what is the MAC address of the host using IP address of 172.16.1.12/24
How ARP Works All devices on subnet 1 compare their IP address with the enclosed IP address sent by host-1 Address not theirs, they ignore it
How ARP Works The router will also receive the packet Knows that the IP address for Host-4 is on a different subnet Knows that it is connected to the subnet on which Host-4 resides
How ARP Works Router will check its ARP cache Two possibilities Router knows information Router will respond to host-1 with an ARP reply which contains its own (the routers) MAC address Host-1 will then always send packets destined for Host-4 to the router, which will then send the packet on
How ARP Works Router will check its ARP cache Two possibilities Router doesn’t know information Router will send its own ARP request out on host-4’s subnet asking for host-4’s MAC address If host-4 is up and responding, it will reply back to the router with an ARP reply If host-4 is not up, no reply, and we won’t get there But that is fairly obvious, wasn’t it?
How ARP Works Router will update its ARP cache to include an entry from host-4 Router will then respond to host-1’s ARP request with an ARP reply, as described above.
ARP Frame
ARP Header Fields
ARP Example
ARP Header Fields Hardware type field (16 bits) This field (the last 2 bytes on the first line) indicates the hardware type used in the physical layer of the network In the chart below (taken from RFC 1700) the hex code of 00 01 identifies this hardware type as Ethernet
ARP Header Fields ARP protocol type This field shows the type of network protocol address that is used in the network (0x0800 = IPv4) Uses same chart as Ethernet Protocol Type ARP has only been implemented for IP so far
ARP Header Fields ARP Hardware Length Identifies the number of bytes used in the hardware address by both the source and target hosts this field will remain constant for Ethernet 48 bits = 12 hex digits = 6 bytes
ARP Header Fields ARP Protocol Length Sets the number of bytes that the two protocols address (source and target) will contain in the ARP Since the Protocol Type field has been set to 08 00 for IP and the current length of IP addresses is 4 bytes, this field must contain a value of 04 hex which is also 4 in decimal value.
ARP Header Fields ARP Operation (Opcode) Identifies the operation ARP is attempting ARP Request will be identified with an Operation Code of 0001 ARP Reply will be identified with and Operation Code of 0002 Other codes also possible – check book Page 56
ARP Header Fields ARP Source Hardware Address Identical to the source hardware address field in the Ethernet Header repeated because the Ethernet Header is stripped from the packet before it is sent to the Network Layer for processing ARP Source Protocol Address contains the IP address of the station sending the message represents the 4-byte IP address and is sent as 8 hex characters
ARP Header Fields ARP Target Hardware Address Filled with ones to display a 6-byte field of ff ff ff ff ff ff Some vendors will use all zeros as filler It is up to the receiver to provide the proper hardware address ARP Target Protocol Address Field that will be used by all stations that receive this packet to check against their own assigned IP address If they match, the station will then update its ARP cache and provide an ARP reply
ARP Options Field Data (Variable) On Ethernet networks using TCP/IP this field is most often used for padding Due to the size of the Ethernet MAC and IP addresses, this field is used for about 18 bytes of padding Other network address schemes such as IPv6 do not require this field.
Summary This presentation covered information that allowed the student to: Describe the history of ARP Describe the ARP address resolution process Describe the fields contained in the ARP header.