ARP protocol-Route switching principle 5-"Hcna notes"

1. ARP Message format

The ARP protocol works at the data link layer, and the ARP packets that are transmitted over the network are shown below (because of the number of fields, the continuation field is wrapped in a newline):

Frame Header

Data (ARP packet)

Fcs

ARP packet:

TD valign= "Top" width= "Operation" (Code

Protocol TYP E	Hardware length	Protocol Length
16 bit	16 bit	8 bit	8 bit	16 bit

Source Hardware Address		Source Protocol Address
48 Guests		32 Guests

Destination Hardware Address	Destination Protocol Address
48 Guests	32 Guests

Hardware Type: hardware type, refers to the type of physical network, such as Ethernet (value 1)

Protocol Type: protocol type, which refers to the type of network protocol, such as IP protocol (value 0x0806)

Hardware Length: The size of the hardware address, which is the length of the MAC address, typically 6 bytes

Protocol Length: protocol address, length of the I-ticket address, usually 4 bytes

Operation Code: operation type, indicating ARP operation type, ARP request for 1;ARP response to 2;rarp request for 3,rarp response of 4

Source Hardware Address: Sender hardware Addresses

Source Protocol Address: Sender IP Addresses

Destination Hardware Address: Receiver hardware addresses

Destination Protocol Address: receiver IP addresses

2. ARP Operation process

When a device sends data to another device through the network, the IP message and the frame package must be filled in with the IP address and MAC address of the target device, and only the destination IP address is notified from the upper layer, and the MAC address needs to be acquired by the device via the ARP protocol.

When the source host needs to send data to the destination host, the source master will first see if there is a destination IP address and MAC address in the ARP cache table, and if so, use it directly, and if not, ask through the ARP protocol to the network. The inquiry process is that the source host broadcasts an ARP request message (that is, Operation Code=1) to the network, which contains the source IP, the source Mac, and the destination IP. All the devices that receive the broadcast are compared with their IP and destination IP, if the inconsistency does not ring should request, if the same is sent to the source host an ARP response message (that is, Operation Code=2), which contains the destination host MAC address. So the source host and destination host are aware of each other's IP and the corresponding MAC address, and update its ARP cache table for later use. If an entry in the ARP cache table is not used for a long time, the host will delete the entry for the next time it needs to be queried via ARP, and the default cache time for entries is typically 1200S. It is important to note that the ARP request message is a broadcast packet, which means that the message cannot traverse the router, cannot be forwarded to other broadcast domains, and can only be received by other hosts within the network segment of the host.

3. ARP Proxy

If the host is configured with a gateway (typically a router), the data destined for another segment is sent directly to the gateway without the need to get the MAC address through the ARP protocol. If the host does not have a gateway configured, data destined for another segment will be dropped directly, and the ARP protocol will not work at all. Only if the source host considers the target to be in the same network segment as the destination, but actually the destination host is in another segment, and they are connected through a router (which is explained in detail later). Because the source host believes that the target and oneself are in the same network segment, so the source host is still broadcast ARP request messages to the network segment, the router that enabled the ARP proxy will also receive the message, the router first to see whether the target host IP in its own routing table, if not present, discard the message, If present, the router returns an ARP reply message to the source host, and the MAC address of the destination IP in the reply message is the router's own MAC address. After the source host logs the MAC address, the data that is destined for the destination host is sent to the router and forwarded by the router.

4. Free ARP

The destination IP in the free ARP message is the source host itself, the message is still broadcast to the broadcast domain, the purpose is to detect whether there is a host in the broadcast domain and the source host IP conflicts, in addition to update the broadcast domain other hosts of the ARP cache table.

"The strange Scope of the ARP proxy" before the ARP proxy production conditions are very limited, the first source host to think of itself and the destination host is located in the same network segment, but the actual is not the same network segment, this is how it happened.

This is actually possible because of the problem caused by the different masks. In the first few chapters we talked about the VLSM (variable eldest son netmask) technique, which means that an IP can use different masks to divide the network segments. That would create a situation, such as the a:192.168.0.1/255.255.0.0 and b:192.168.1.1/255.255.255.0 two IP, because the problem of the mask causes A to think B is the same network segment as itself, but B thinks that a is not in the same network segment as himself, In this case the communication needs to rely on the ARP proxy.

"ARP works on that layer" in learning we find that the OSI model divides ARP into the data link layer, and in the TCP/IP model, it divides the ARP into the network layer, which is the level of ARP.

First, the OSI model is a theoretical model, and the TCP/IP model is divided after the network implementation. The OSI is divided into 7 layers, with the lowest layer including physical layer, data link layer, network layer and so on. TCP/IP is divided into 4 layers, including network access layer, Internetwork Interconnect layer, Transport layer, application layer. The misunderstanding here is that the lowest layer in the TCP/IP model is called the network layer, in fact it corresponds to the OSI physical layer and Data link layer, so the name is changed into the access layer people will not argue it. In fact, ARP does not include the IP header when it is transmitted over the network.

"ARP cache table" The ARP cache table is a ip-mac, and the device updates and cleans it regularly.

A Gateway gateway is essentially an IP address (the router's IP) that leads to another network. For example, network A and network B, network a segment is 192.168.1.0/255.255.255.0, network B is 192.168.2.0/255.255.255.0. In the absence of a router, TCP/IP communication between the two networks is not possible, even if the two networks are connected on the same switch, the TCP/IP protocol will determine two hosts in different networks based on the subnet mask. To achieve communication between the two networks, you must pass through the gateway. If the host in Network a discovers that the destination host for the packet is no longer on the local network, forwards the packet to its own gateway, which is then forwarded by the gateway to Network B's gateway, and the gateway of Network B is forwarded to a host on network B.

ARP protocol-Route switching principle 5-"Hcna notes"