"TCP/IP Detailed Volume 1: Agreement" 1th Chapter Overview-Reading Notes
"TCP/IP Detailed Volume 1: Protocol" chapter 2nd link layer-Reading notes
"TCP/IP Detailed Volume 1: Protocol" 3rd IP: Internet Protocol (1)-Reading notes
"TCP/IP Detailed Volume 1: Protocol" 3rd IP: Internet Protocol (2)-Reading notes
"TCP/IP Detailed Volume 1: Protocol" 4th ARP: Address Resolution Protocol-Reading notes
"TCP/IP Detailed Volume 1: Protocol" chapter 5th RARP: Reverse Address Resolution Protocol-Reading notes
"TCP/IP Detailed Volume 1: Protocol" chapter 6th icmp:internet Control Message Protocol-reading notes
"TCP/IP Detailed Volume 1: Protocol" 11th UDP: User Datagram Protocol-reading notes
TCP/IP Detailed Volume 1: Protocol 17th, 18 TCP: Transmission Control Protocol (1)-Reading notes
TCP/IP Detailed Volume 1: Protocol 17th, 18 TCP: Transmission Control Protocol (2)-Reading notes
TCP/IP Detailed Volume 1: Protocol chapter 19th Interactive Data flow of TCP-reading notes
1. Introduction
When a host sends an Ethernet data frame to another host on the same LAN, the destination interface is determined based on the Ethernet address of the bits. The device driver never checks the destination IP address in the IP datagram. Address resolution provides mappings for these two different address forms: the IP address of the three bit and any type of address used by the data link layer.
Description: ARP provides dynamic mapping between the IP address and the corresponding hardware address. This process is done automatically, and the general application user or system administrator does not have to care.
2. Give an example
When typing the following command: FTP BSDI (host name), the following steps occur:
(1) the application FTP client calls the function gethostbyname to convert the hostname (BSDI) to the IP address of the three bit. This conversion process either uses DNS, or uses a static host file (/etc/hosts) in a smaller network.
(2) The FTP client requests TCP to establish a connection with the resulting IP address.
(3) TCP sends a connection request to a remote host, which sends an IP datagram with the above IP address.
(4) If the destination host is on a local network (such as Ethernet, Token Ring network, or the other end of a point-to-point link), then the IP datagram can be sent directly to the destination host. If the destination host is on a remote network, the IP routing function is adopted to determine the next-station router address on the local network and let it forward the IP datagram.
(5) Assuming that it is an Ethernet, then the sending host must convert the IP address of the bit to the Ethernet address of the bit. Translation is required from the logical Internet address to the corresponding physical hardware address, which is the function of ARP.
(6) ARP sends an Ethernet data frame called an ARP request to each host on the Ethernet, a process known as broadcast. The ARP Request data frame contains the IP address of the destination host (host named BSDI), which means "if you are the owner of this IP address, please answer your hardware address." ”
(7) the ARP layer of the destination host receives this broadcast message, identifies that it is the sending side asking for its IP address, and sends an ARP response. This ARP response contains the IP address and the corresponding hardware address.
(8) after receiving the ARP reply, make ARP request-answer the Exchange IP datagram can now be transferred.
(9) send the IP data to the host for reporting purposes.
Description
(1) There is a basic concept behind ARP, which is that the network interface has a hardware address (a value of one bit, which identifies different Ethernet or Token Ring network interfaces).
(2) the data frame exchange at the hardware level must have the correct interface address. However, TCP/IP has its own address: the IP address of the + bit. Knowing the host's IP address does not allow the kernel to send a frame of data to the host. The kernel, such as the Ethernet driver, must know the hardware address of the destination to send the data.
(3) The function of ARP is to provide dynamic mapping between the IP address of the one-bit and the hardware address with different network technologies.
(4) the point-to-point link does not use ARP. When these links are set (typically during the boot process), you must tell the IP address at each end of the kernel link. Hardware addresses such as Ethernet addresses are not involved.
3. ARP cache
The key to efficient ARP operation is because there is an ARP cache on each host. This cache holds a mapping record between the nearest intern et address to the hardware address. The lifetime of each entry in the cache is typically 20 minutes, starting from the time it was created.
You can use the ARP command to check the ARP cache. -a means that all content in the cache is displayed.
The Ethernet address of the net bit is represented by a 6 hexadecimal number, separated by a colon.
4. Grouping formats for ARP
When an IP address is resolved on an Ethernet network, the ARP request and answer grouping is shown in format 4-3.
Note: ARP can also be used for other types of networks that can resolve addresses other than the IP address.
ARP Grouping Description:
(1) The first two fields are the source address and destination address of the Ethernet. Addresses with a destination address of 1 are broadcast addresses. All Ethernet interfaces on the cable will receive the broadcast data frame.
(2) the Ethernet frame type represents the type of the subsequent data. For ARP requests or replies, the value of this field is 0x0806.
(3) the Hardware Type field represents the type of hardware address. Its value is 1, which means the Ethernet address.
(4) the Protocol Type field represents the type of protocol address to be mapped. Its value is 0x0800, which represents the IP address.
(5) hardware address length and protocol address length respectively indicate the length of the hardware address and protocol address, in bytes. For ARP requests or responses for IP addresses on Ethernet, they are 6 and 4, respectively.
(6) The Action field indicates four operation types, which are ARP requests (value 1), ARP reply (value 2), Rarp request (value 3), and Rarp answer (value 4).
For an ARP request, all other fields except the destination hardware address have padding values. When the system receives an ARP request message from the destination, it fills in the hardware address, replaces the two sending address with two destination addresses, and then resets the Operation field to 2 and sends it back.
5 . Additional instructions on ARP request
(1) Although the ARP request is broadcast, the ARP response is sent directly to the requesting-side host, not broadcast.
(2) in general, when the system receives an ARP request or sends an ARP response, the hardware address and IP address of the requesting side are stored in the ARP cache. It is logical to assume that if the request side is sending an IP datagram, the receiver of the datagram will most likely send a reply.
(3) The table entry in the ARP cache is typically set to a time-out value. Systems evolved from the Berkeley system generally set a timeout value of 20 minutes for the complete table entry, and a timeout value of 3 minutes for incomplete table entries.
6. ARP Proxy
If the ARP request is a host from a network host to another network, the router connecting the two networks can answer the request, which is called a delegated arp or ARP proxy. This can spoof the sending side that initiated the ARP request, making it false that the router is the destination host, whereas the destination host is actually on the "other side" of the router.
Description: The function of the router is equivalent to the agent of the destination host, and the packet is forwarded to it from other hosts.
The ARP Proxy is also known as mixed ARP or ARP lease (ARP hack). These names come from other uses of the ARP proxy: The routers between the two physical networks can hide the physical network from one another. In this case, two physical networks can use the same network number, as long as the intermediary router is set up as an ARP proxy in response to an ARP request from one network to another network host.
7. free ARP
It means that the host sends ARP to find its own IP address. Typically, it occurs when the interface is configured during system boot. Free ARP has two functions:
(1) a host can use it to determine whether another host has the same IP address set. The host does not want to have an answer to this ARP request.
(2) if the host that sent the free ARP changed the hardware address (most likely the main machine, and changed a piece of interface card, and then restarted), then this grouping can make the old hardware address of other host cache update accordingly.
Description
A well-known ARP protocol fact is that if the host receives an ARP request for an IP address, and it is already in the recipient's cache, it is necessary to update the contents of the cache with the send-side hardware address (such as the Ethernet address) in the ARP request. The host receives any ARP requests to complete this operation (ARP requests are broadcast on-line, so all hosts on the network will do so each time an ARP request is sent).
Summary:
In most TCP/IP implementations, ARP is a basic protocol, but its operation is generally transparent to the application or system administrator. The ARP cache is critical in its operation and can be checked and manipulated by the ARP command on the cache. Each item in the cache has a timer that deletes incomplete and complete table entries.
"TCP/IP Detailed Volume 1: Protocol" 4th ARP: Address Resolution Protocol-reading notes (reprint)