TCP/IP Detailed reading notes: arp-Address Resolution Protocol

Address resolution provides mappings for two different address forms: 32bit IP and any type of address used by the data link layer.

When a host sends an Ethernet data frame to another host on the same LAN, it is based on the Ethernet address of the 48bit instead of the IP address. The device driver never checks the destination IP address in the IP datagram.

ARP provides dynamic mapping between the IP address and the corresponding hardware address.

Example

This example is to connect the host BSDI via the FTP protocol.

Before sending a TCP connection, the IP address needs to be mapped to a hardware address, which requires ARP.

ARP sends an Ethernet data frame called an ARP request to all hosts on the Ethernet network, that is, broadcast, to let the host that is the IP address squeak. The destination host receives this broadcast message and sends an ARP response that contains the IP address and the corresponding hardware address.

The basic concept behind ARP is that the network interface has a hardware address. Exchanging data at the hardware level must have the correct interface address, and the kernel (such as the Ethernet driver) must know the hardware address of the destination to send the data, and the IP address is useless here.

ARP cache

The key to efficient ARP operation is that each host has an ARP cache. This cache stores the mappings between the closest IP and hardware addresses, typically 20 minutes, and resets the time-out value when accessing entries.

The command to view the ARP cache is: Arp-a.

Grouping formats for ARP

The packet format is divided into 14-byte Ethernet headers and 28-byte ARP request/reply.

The first is the Ethernet header.

The first two fields of the Ethernet header are the source and destination addresses of the Ethernet. The destination address is all 1 and the broadcast address is broadcast when the request is sent.

Ethernet Frame Type: Represents the following data type, for ARP requests and replies, the value is 0x0806.

Next is the ARP request/reply.

Hardware type: The type of the hardware address, such as 1 for the Ethernet address.

Protocol type: The protocol address type to be mapped, 0x0800 represents the IP address. It is important to note that it is the same as the value of the Type field of the Ethernet data frame in the IP datagram.

Hardware address Length: In bytes, with a value of 6, which is the 48bit hardware address.

Protocol address length: bytes, value 4, which is the 32bit IP address.

OP: Four types of operation, ARP request (1), ARP response (2), Rarp request (3), Rarp Answer (4).

The remaining 4 fields are very clear in the literal sense, do not repeat.

ARP Example

Perform a connection, and then use the tcpdump (Linux command) to view it.

As you can see, the first line has the hardware address of the source host, the destination is FF:FF:FF:FF, which is the broadcast address. The output is followed by ARP, which indicates that the frame Type field value is 0x0806, which indicates that this is an ARP request/reply. The back 60 is the length of the Ethernet data frame.

In the second line we can see that although the ARP request is broadcast, the ARP response is unicast.

The third line is the request to establish a TCP connection. This is not the focus of this chapter, and so on 18 chapters detailed.

In general, when the host receives an ARP request or sends an answer, it puts the hardware address and IP of the requesting side into the ARP cache. This way, when the TCP connection is established, the answering side does not need to send ARP to resolve the IP.

If you attempt to connect to a non-existent host, multiple ARP requests are made and an incomplete entry is saved in the ARP cache. There is a time-out retransmission algorithm problem, TCP will be involved.

ARP Proxy

The above discussion is in the same Ethernet situation. If an ARP request is a host that is sent from one network host to another, the router that connects the two networks can answer the request, a process called a delegated ARP or ARP proxy. In this way, the initiator will mistakenly assume that the router is the destination host, and the router as the destination host agent, the packet will be forwarded to the destination host.

Here is a question about explaining an IP problem, which one can understand please advise.

Intentional ARP

Typically when the interface is configured during system boot, the host sends ARP to find its own IP. This feature is called "Intentional Arp" (the original translation is free of ARP, I feel meaningless).

This feature has two functions:

1) Verify that another host has the same IP set. If the IP is unique, then there should be no ARP response, and once the answer is answered, the IP settings are duplicated.

2) If the host that sends the intentional ARP changes the hardware address exactly, such as swapping a NIC and restarting, the ARP request can update the old hardware address in the other host cache.

TCP/IP Detailed reading notes: arp-Address Resolution Protocol