ARP and RARP

Applications use a logical address (IP address) to identify the destination host. The IP
packets are encapsulated into frames. The delivery of frames across links (source
source, or source router, router router, , router destination) is based on local
addresses called physical or MAC addresses. The mapping of IP addresses into
physical addresses is done through the Address Resolution Protocol (ARP).
Position of ARP and RARP
in the TCP/IP Protocol Suite
Helper
Protocols assist
in the delivery of
IP datagrams.
ARP Operation
(case: destination is on the same physical network)
Link
IP = 141.23.56.23
The MAC address of
destination is broadcast
address: 0xFF:FF:FF:FF:FF:FF
ARP Packet
4 bytes
(Ethernet = 1) IPv4 = 0x0800
(Ethernet = 6)
IPv4 = 4
Opcode (1 = request, 2 = reply)
18 byte padding (to make frame payload equal to 46 bytes ARP packet is 28 bytes)
Encapsulation of an ARP Packet
Start Field Delimiter
(10101011 = 0xAB)
46 bytes
Q: Why are ARP packets not encapsulated
into IP datagrams?
A: Because ARP packets never leave the
LAN segment
Four cases using ARP
Case 1: Host to Host
The IP address of destination host is taken from the IP datagram.
Four cases using ARP (cont.)
Case 2: Host to Router
The IP address of the destination (router) is not taken from the IP datagram.
Instead it is taken from the next-hop column of the routing table of the source host.
(next hop)
Four cases using ARP (cont.)
Case 3: Router to Router
The IP address of destination (router) is not taken from the IP datagram.
Instead it is taken from the next-hop column of the sending routers routing table
Four cases using ARP (cont.)
Case 4: Router to Host
Now, the IP address of destination host is taken from the IP datagram.
Example 1
A host with IP address 130.23.43.20 and physical
address 0xB23455102210 has a packet to send to
another host with IP address 130.23.43.25 and
physical address 0xA46EF45983AB. The two hosts
are on the same Ethernet network. Show the ARP
request and reply packets encapsulated in Ethernet
frames.

Example 1: ARP Request
130.23.43.20
Dont know the destination MAC address
130.23.43.25
ARP request
(46 bytes with padding)
Broadcast address
Notice packet orientation!
Example 1: ARP reply
ARP reply
Notice packet orientation!
ARP Cache Table
It would be very inefficient to use ARP to deliver each IP datagram.
Therefore the most recent mappings are kept in a cache table.
In order to be consistent with network dynamics, entries in the
ARP cache have a timeout value which is used to remove aged
entries.
IP Address Physical Address Timeout
P
A
MAC
A
TO
A
P
B
MAC
B
TO
B
. . . . . . . . . . . .
ARP Cache Table (cont.)
The ARP cache of a host can be displayed with the command:
arp a
(the command is the same on Windows and UNIX)
State Queue Attempt
Time
Out
Protocol
Address
Hardware
Address
R 5 900 180.3.6.1 ACAE32457342
F
P 14 5 201.11.56.7
ARP Cache Table (cont.)
R = resolved, P = pending, F = free (time to leave has expired)
Number of the queue
where packets are waiting
for address resolution
Life time of the
entry (sec)
Number of
ARP requests
sent
The implementation of an ARP cache table requires more than the
essential information shown on the previous two slides
ARP Implementation
All modules use threads
Timer
(5 sec)
IP datagram
MAC address
of immediate
destination
(next hop or
direct)
2
1
3
Case: Sending a packet, destination IP has MAC in Cache Table (state = R)
Each destination is
given a queue (all
packets with the
same destination
are in the same
queue)
2
1
Case: Sending a packet, destination IP does not have an associated MAC
address in the cache but an entry with state = P:
Put packet in
existing queue
3
2
1
Case: Sending a packet, no entry in cache corresponding to the
destination IP address:
3
4
Create a new queue
2
Case: An ARP reply arrives, corresponding IP address is in the cache
4
Dequeue all packets
3
1
2
Case: An ARP reply arrives, corresponding IP address is not in the cache
1
Create a new
entry in cache
Do you see any
security
vulnerabilities with
this practice?
Previous case in which an ARP reply arrives and the
corresponding IP address is not in the cache:
Q: When can this happen?

A: The pending entry has been deleted because:
(a) time-out expired
(b) number of attempts exceeded
and the reply finally arrives late.
Case: An ARP request arrives
1
2
We know our
own hardware
address
for (every entry in the cache table){
switch (State){
case PENDING:
increment Attempt;
if (Attempt > max){
State = FREE;
Destroy corresponding queue;}
else
Send an ARP request;
break;
case RESOLVED:
Decrement Time-Out;
if (Time-Out <= 0){
State = FREE;
Destroy corresponding queue;}
break;
case FREE: }
}
Cache-Control Module
Invoked by a periodic timer
(5 seconds)
If P-state within a timer
period (5 seconds), then send
the request again
Example 2
The ARP output module receives an IP datagram (from
the IP layer) with the destination address 114.5.7.89. It
checks the cache table and finds that an entry exists for
this destination with the RESOLVED state (R in the
table). It extracts the hardware address, which is
457342ACAE32, and sends the packet and the address to
the data link layer for transmission. The cache table
remains the same.
Original Cache Table (Example 2)
State Queue Attempt
Time
Out
Protocol
Address
Hardware
Address
R 5 900 180.3.6.1 ACAE32457342
P 2 2 129.34.4.8
P 14 5 201.11.56.7
R 8 450 114.5.7.89 457342ACAE32
P 12 1 220.55.5.7
F
R 9 60 19.1.7.82 4573E3242ACA
P 18 3 188.11.8.71
Example 3
Twenty seconds later, the ARP output module receives an
IP datagram (from the IP layer) with the destination
address 116.1.7.22. It checks the cache table and does not
find this destination in the table. The module adds an
entry to the table with the state PENDING and the
Attempt value 1. It creates a new queue for this
destination and enqueues the packet. It then sends an ARP
request to the data link layer for this destination.

Updated CT (Example 3)
State Queue Attempt
Time
Out
Protocol
Address
Hardware
Address
R 5 900 180.3.6.1 ACAE32457342
P 2 2 129.34.4.8
P 14 5 201.11.56.7
R 8 450 114.5.7.89 457342ACAE32
P 12 1 220.55.5.7
P 23 1 116.1.7.22
R 9 60 19.1.7.82 4573E3242ACA
P 18 3 188.11.8.71
Example 4
Fifteen seconds later, the ARP input module receives an
ARP packet with target protocol address 188.11.8.71. The
module checks the table and finds this address. It changes
the state of the entry to RESOLVED and sets the time-
out value to 900. The module then adds the target
hardware address (E34573242ACA) to the entry. Now it
accesses queue 18 and sends all the packets in this queue,
one by one, to the data link layer.
State Queue Attempt
Time
Out
Protocol
Address
Hardware
Address
R 5 900 180.3.6.1 ACAE32457342
P 2 2 129.34.4.8
P 14 5 201.11.56.7
R 8 450 114.5.7.89 457342ACAE32
P 12 1 220.55.5.7
P 23 1 116.1.7.22
R 9 60 19.1.7.82 4573E3242ACA
R 18 900 188.11.8.71 E34573242ACA
Updated Cache Table (Example 4)
Example 5
Twenty-five seconds later, the cache-control module
updates every entry. The time-out values for the first three
resolved entries are decremented by 60. The time-out
value for the last resolved entry is decremented by 25.
The state of the next-to-the last entry is changed to FREE
because the time-out is now zero. For each of the four
pending entries, the value of the attempts field is
incremented by one. After incrementing, the attempts
value for the entry with IP protocol address 201.11.56.7 is
more than the maximum of 5 and so the state is changed
to FREE and the queue deleted.
State Queue Attempt
Time
Out
Protocol
Address
Hardware
Address
R 5 840 180.3.6.1 ACAE32457342
P 2 3 129.34.4.8
P F 14 6 201.11.56.7
R 8 390 114.5.7.89 457342ACAE32
P 12 2 220.55.5.7
P 23 2 116.1.7.22
R F 60 0
R 18 900 188.11.8.71 E34573242ACA
Cache Table Updated by the Cache Control Module (Example 5)
Time-Out is decremented by 60 sec (20 + 15 + 25)
Broadcast
Unicast
RARP
Used when a network configuration file is
not available (e.g. on a diskless machine)
RARP Packet Format
Encapsulation of RARP Packet
Alternative Solutions to the RARP Protocol
When a diskless computer is booted, it needs
network configuration information in addition to its
IP address. For example, a system needs to know
its subnet mask, the IP address of a router on the
LAN (the gateway address), and the IP address of
a name server for hostname to IP address
translation. RARP cannot provide this extra
information. However, protocols such as DHCP
and BOOTP have been developed to provide this
information. We will discuss both the DHCP and
BOOTP protocols later in the course.
Question 1:
A router with IP address 125.45.23.12 and
Ethernet physical address 23:45:AB:4F:67:CD
has received a packet for a host destination
with IP address 125.11.78.10 and Ethernet
physical address AA:BB:A2:4F:67:CD. Draw
a diagram showing the ARP packet sent by the
router. Assume no subnetting. Also draw a
diagram showing the ARP packet sent in
response to the first packet.
Question 2
Draw a diagram showing the RARP packet
sent by a diskless host with Ethernet physical
address 98:45:23:4F:67:CD. Also draw a
diagram showing the RARP packet sent in
response. Assume the IP address of the host
booting up is 200.67.89.33. Assume no
subnetting and choose valid physical and
logical (protocol or IP) addresses for the
RARP (bootstrap) server.