TCP/IP Study Notes 4-ARP: Address Resolution Protocol

When a host sends an Ethernet data frame to another host located on the same LAN, the destination interface is determined based on the 48-bit ethernet address. Device DriverProgramNever check the destination IP address in the IP datagram. Address Resolution (ARP) provides ing for these two different address formats: 32-bit IP addresses and any types of IP addresses used by the data link layer.

A network interface has a hardware address (a 48-bit value that identifies different Ethernet or ring-based network interfaces ). The correct interface address must be provided for data frame exchange at the hardware level. However, TCP/IP has its own address: 32bit IP address. Knowing the Host IP address does not allow the kernel to send a frame of data to the host. The kernel (such as the Ethernet driver) must know the destination hardware address to send data. ARP provides dynamic ing between 32-bit IP addresses and hardware addresses using different network technologies.

ARP is not used for point-to-point links.

The key to efficient ARP operation is that each host has an ARP high-speed cache. This cache stores the ing records between the nearest Internet address and the hardware address. The survival time of each item in the cache is generally 20 minutes, And the start time starts from the time when it is created.

1. ARP grouping format.

The first two fields are the Source and Destination addresses of Ethernet. The special address with the destination address of all 1 is the broadcast address. All Ethernet interfaces on the cable must receive broadcast data frames.

Two bytes long Ethernet frame types indicate the type of the subsequent data. For ARP requests or responses, the value of this field is 0x0806.

Hardware and protocol are used to describe each field in the ARP group. The hardware type field indicates the hardware address type. The value 1 indicates the ethernet address. The protocol type field indicates the Protocol address type to be mapped. Its value is 0x0800, indicating the IP address.

The following two 1-byte fields indicate the length of the hardware address and the Protocol address respectively, in bytes. For ARP requests or responses from IP addresses over Ethernet, their values are 6 and 4, respectively.

The operation field indicates four operation types: ARP request (value: 1), ARP response (value: 2), and RARP request (value: 3) and RARP response (value: 4 ).

The following four fields are the sender's hardware address (in this example, the ethernet address), the sender's Protocol address (IP address), the destination's hardware address, and the destination's Protocol address. Note that there is some duplicate information: both the Ethernet data frame header and the ARP request data frame have the sending hardware address.

2. ARP high-speed cache timeout settings
The system evolved from the Berkeley system generally sets the timeout value for the complete table item to 20 minutes, for incomplete table items, the timeout value is set to 3 minutes. When these table items are used again, these implementations generally reset the timeout value to 20 minutes.

3. ARP proxy
If the ARP request is sent from one network host to another, the router connecting the two networks can answer the request, this process is called the delegate ARP or ARP proxy (proxyarp ). In this way, the sender of the ARP request can be spoofed to assume that the vro is the target host. In fact, the target host is on the "other side" of the vro ". The vro function is equivalent to the proxy of the target host, which forwards the group from other hosts.

4. Free ARP
gratuitousarp refers to the IP address that the host sends ARP to find itself. Generally, it occurs when the interface is configured during system boot.
free ARP has two functions:
1) One host can use it to determine whether the other host has the same IP address.
2) if the host sending free ARP changes the hardware address (probably because the host is shut down, an interface card is replaced, and then restarted ), then, this group will update the old hardware addresses in the cache of other hosts.