4 ARP: address resolution protocol
4.1 Introduction This chapter We want to discuss the problem that only the IP address of the TCP / IP protocol cluster. Both data links such as Ethernet or token ring networks have their own addressing mechanisms (often 48 bit addresses), which must be followed by any network layer using the data link. A network such as an Ethernet can be used by different network layers at the same time. For example, a group of hosts using TCP / IP protocols and another group using a host of a PC network software can share the same cable. When a host sends an Ethernet data frame to another host located on the same LAN, it is determined according to the Ethernet address of 48 Bit to determine the destination interface. The device driver does not check the destination IP address in the IP datagram. Address resolution To these two different address forms provide mapping: 32 Bit IP address and any type of address used by the data link layer. RFC 826 [Plummer 1982] is an ARP status describing documentation. The two protocols we have to discuss are shown in Figure 4.1: ARP (address resolution protocol) and RARP (inverse address resolution protocol).
Figure 4.1 Address Resolution Protocol: ARP and RARP
ARP provides dynamic mapping between the IP address to the corresponding hardware address. The reason why us use is because this process is automated, and the general application user or system administrator does not have to care. RARP is used by systems without disk drives (typically diskless workstation or X terminal), which requires system administrators to manually set. We discuss it in Chapter 5.
4.2 An example of any time we knock into the following form:% FTP BSDI will do the following steps. The serial number of these steps is shown in Figure 4.2. 1. Application FTP Client Tune Function GethostByName (3) Converts Host Name (BSDI) to the IP address of 32 bit. This function is called a parser in DNS (Domain Name System), which we will introduce it in Chapter 14. This conversion process or uses DNS, or uses a static host file (/ etc / hosts) in a smaller network. 2. The FTP client requests TCP to establish a connection with the obtained IP address. 3. TCP sends a host to the remote to the remote, that is, send a IP datagram with the above IP address. (In Chapter 18, we will discuss the details of this process.) 4. If the destination host is on the local network (such as the other end of the Ethernet, the token ring, or point-to-point link), then the IP datagram can be sent directly to Destination host. If the destination host is on a remote network, then it is determined by the IP routing function to determine the next router address located on the local network and let it forward the IP datagram. In both cases, IP datagrams are sent to a host or router located on the local network. 5. Assume that it is an Ethernet, then the sender host must transform the IP address of the 32 bit to the 48 Bit Ethernet address. Translation from the logical Internet address to the corresponding physical hardware address. This process is the function of ARP. ARP is originally used for broadcast networks, and there are many hosts or routers to connect on the same network. 6. ARP sends an Ethernet data frame called an ARP request to Ethernet to Ethernet. This process is called broadcast, as shown in the dashed line in Figure 4.2. The ARP request data frame contains the IP address of the destination host (host name BSDI), whose means "If you are the owner of this IP address, please answer your hardware address."
Figure 4.2 ARP operation when the user enters the "FTP host name"
7. After the ARP layer of the destination host receives this broadcast message, you recognize that this is the IP address of the sender to find its IP, so I send an ARP answer. This ARP answer contains the IP address and the corresponding hardware address. 8. After receiving the ARP answer, make the ARP request - the IP datagram to answer the exchange can now be transferred. 9. Send IP data to report to the destination host. There is a basic concept behind the ARP, that is, the network interface has a hardware address (a 48 bit value, identifies different Ethernet or token ring network interfaces). Data frame exchange in the hardware level must have the correct interface address. However, TCP / IP has its own address: 32 Bit IP address. Knowing the host's IP address does not allow the kernel to send a frame data to the host. The kernel (such as an Ethernet driver) must know the hardware address of the destination to send data. ARP's functionality is to provide dynamic mapping between 32 Bitip addresses and hardware addresses using different network technologies. Point-to-point link does not use ARP. When these links are set (generally in the boot process), the IP address of each end of the kernel link must be informed. The hardware address like the Ethernet address is not involved. 4.3 The key to the efficient operation of the ARP cache ARP is that there is an ARP cache on each host. This cache stores the most recent Internet address to the mapping record between the hardware address. The survival time of each of the cache is generally 20 minutes, and the start time begins to count from being created. We can use the ARP (8) command to check the ARP cache. Parameters -a mean to display all content in the cache.
BSDI% ARP -ASUN (140.252.13.33) AT 8: 0: 20: 3: F6: 42SVR4 (140.252.13.34) AT 0: 0: C0: C2: 9B: 26
48 BIT's Ethernet address is represented by 6 hexadecimal numbers, and the middle is separated by colon. In the Section 4.8 we will discuss other features of the ARP command.
4.4 ARP Packet Format The format of the ARP request and the answer packet is shown in Figure 4.3 when parsing the IP address on Ethernet. (ARP can be used for other types of networks, you can parse addresses other than the IP address. Type the last four fields of the frame type field specify the type and length of the last four fields.)
Figure 4.3 ARP request or answer packet format for Ethernet
The first two fields in the Ethernet header are the source address and destination address of the Ethernet. The destination address is a special address of all 1 is a broadcast address. All Ethernet interfaces on the cable should receive the broadcast data frame. Two-word-wide Ethernet frame type indicates the type of back data. For ARP requests or answers, the value of this field is 0x0806. Adjective Hardware (hardware) and protocol (protocol) are used to describe individual fields in the ARP packet. For example, an ARP request packet interrogation protocol address (here is an IP address) corresponding to the hardware address (here the Ethernet address). The hardware type field represents the type of hardware address. Its value is 1 means the Ethernet address. The protocol type field represents the type of protocol address to be mapped. Its value indicates the IP address is 0x0800. Its value is the same as the value of the type fields in the Ethernet data frame containing the IP datagram, which is intentionally designed. (See Figure 2.1) The next two 1-byte field, hardware address length, and protocol address length indicate the length of the hardware address and protocol address, in bytes. For an ARP request or answer for an Ethernet IP address, their values are 6 and 4, respectively. The operation field indicates the four operation types, which are the ARP request (value 1), the ARP answer (value 2), the RARP request (value 3), the RARP answer (value 4). (We discussed RARP in Chapter 5.) This field must be required because the ARP request and the frame type field value of the ARP answer are the same. The next four fields are the hardware addresses of the sender (in this example, the Ethernet address), the transmitting point protocol address (IP address), the hardware address of the destination end, the protocol address of the destination. Note that there are some duplicate information here: the hardware address of the sending end in the data frame of the Ethernet and the ARP request data frame. For an ARP request, all other fields except the end hardware address are filled. When the system receives an ARP request message for this machine, it fills the hardware address, and then replaces two sender addresses with two destinations, and sets the operation field to 2, and finally Send it back. 4.5 ARP Examples In this section, we use the TCPDump command to see what ARP will do when the normal TCP tool software running like Telnet. Appendix A contains other details of the tcpdump command.
Ordinary example In order to see the operation process of ARP, we execute the telnet command and the invalid server connection.
(See the original book P.57 1)
When we run the tcpdump command with the -e parameter (Sun), we are displayed on the hardware address (in our example is the Ethernet address of 48 bits.)
Figure 4.4 ARP requests and answers from TCP connection requests
The original output of TCPDUMP in Figure 4.4 is shown in A.3 in Figure 4. Since this is the first TCPDUMP output example of this book, you should check the original output in the appendix to see what modifications we have made. We delete the last four lines outputted by the tcpdump command because they end the connection information (we will discuss this chapter 18), which is not related to the content discussed here. In the first line, the hardware address of the source host (BSDI) is 0: 0: C0: 6F: 2D: 40. The hardware address of the destination host is ff: ff: ff: ff: ff: ff, this is an Ethernet broadcast address. Each Ethernet interface on the cable should receive this data frame and process it, as shown in Figure 4.2. One output field in line 1 is ARP, indicating that the value of the frame type field is 0x0806, indicating that this data frame is an ARP request or answered. In each line, the value 60 behind the word ARP or IP refers to the length of the Ethernet data frame. Since the data frame length of the ARP request or answered is 42 bytes (28-byte ARP data, 14-byte Ethernet frame header), each frame must be added to the minimum length requirements of the Ethernet: 60 bytes. See Figure 1.7, this minimum length of 60 bytes contains 14-bytes of Ethernet frame headers, but does not include 4 bytes of Ethernet frame end. There are some books to minimize the length of 64 bytes, which includes the frame of the Ethernet. We set the minimum length to 46 bytes in Figure 1.7, and it is intended to include 14-bytes of frame headers because the corresponding maximum length (1500 bytes) refer to the MTU-maximum transmission unit (Figure 2.5). We often use MTUs because it limits the length of IP datagram, but generally independent of the minimum length. Most equipment drivers or interface cards automatically use the padding character to fill the Ethernet data frame to the minimum length. The length of the IP datagram (including TCP segments) in lines 3, 4 and 5 is small than the minimum length, so it must be filled to 60 bytes. The next output field ARP WHO-HAS in line 1 represents this data frame as an ARP request, the destination IP address is the address of the SVR4, the IP address of the sender is the address of the BSDI. TCPDUMP prints the default IP address corresponding to the host name. (In Section 4.7, we will use the -n parameter to view the real IP address in the ARP request.) From the second line we can see that although the ARP request is broadcast, the destination address of the ARP answers is BSDI ( 0: 0: C0: 6F: 2D: 40). The ARP answer is to send it directly to the requested terminal, but broadcast. TCPDUMP prints the words of the ARP Reply while printing the host name and hardware address of the responder. The third line is the first TCP segment request to establish a connection. Its destination hardware address is a destination host (SVR4). We will discuss the details of this paragraph in Chapter 18. In each row, the numbers behind the line number indicate that TCPDUMP receives the time (in seconds) of the packet. In addition to the first line, each of the other ridges also contains the time difference (in seconds) of the previous line. From this figure, we can see that the time delay between the ARP request and the received ARP answer is 2.2 ms. The first paragraph TCP message is issued after 0.7 ms. In this example, the time to perform dynamic address parsing with ARP is less than 3 ms. Finally, I need to point out, in the TCPDump command output, we didn't see the SVR4 ARP requests issued before the first TCP message (line 4). This is because it may already have a BSDI entry in the ARP cache of SVR4. In general, when the system receives an ARP request or sends an ARP answer, the hardware address of the request is stored in the ARP cache.
Logically can be assumed that if the request end wants to send an IP datagram, the receiving end of the duplicate will most likely send an answer. What is the case where the ARP request does not exist If the host is turned off or there is no situation? To this end, we specify an Internet address that does not exist - the network that does not exist according to the network number and subnet number, but does not exist the designated host number. From Figure 3.10 We can see that the host number from 36 to 62 does not exist (the host number is 63 is a broadcast address). Here, we will give examples with host numbers 36.
(See the original book P.59 1)
The output of the tcpdump command is shown in Figure 4.5.
Figure 4.5 ARP request to the host does not exist
This time, we don't use the -e option because we already know that the ARP request is broadcast online. Interesting is to see multiple ARP requests: 5.5 seconds after the first request, the second request is performed, and the third request is performed after 24 seconds. (Chapter 21 we will see the details of the TCP timeout and rehabilitation algorithms.) The timeout limit output of the TCPDump command is 29.5 seconds. However, in the Telnet command, use the Date command to check the time before and after use, you can find that the Telnet client's connection request appears to give up after about 75 seconds. In fact, we will see later, most BSD implementations set the time limit for completing the TCP connection request to 75 seconds. In Chapter 18, when we see a sequence sequence for establishing a connected TCP message segment, the ARP request corresponds to the initial TCP SYN (synchronization) segment that TCP attempts to send. Note that we can't see the TCP report segments on the line. What we can see is the ARP request. The TCP message segment can be sent until the ARP answer returns, because the hardware address can be known at this time. If we run the tcpdump command with the filter mode, only the TCP data will be viewed, then there will be no output.
The entries set in the ARP cache timeout set in the ARP cache typically set the timeout value. (In Section 4.8, we will see that the administrator can put the address in the cache with the ARP command without setting the timeout value.) The system evolved from the Berkeley system generally sets the timeout value for a complete set item 20 minutes. 20 minutes And set the timeout value for incomplete entry for 3 minutes. (In the previous example we have seen an incomplete entry, that is, an ARP request is issued on an unsteady host.) When these entries are used again, these implementations generally reset the timeout value to 20 minutes.
(Below is the original book P.601 "said in the RFC, when the entry is in use, the timeout value should be started, but most of the systems evolved from the Berkeley system do not do this - each time It is a timeout value in the access table key.
4.6 ARP Agent If the ARP request is sent from a host to another network, then the router connecting these two networks can answer the request, which is called the ARP or ARP agent (Proxy ARP). This can deceive the transmitting end of the ARP request to make it mistakenly as the router is the destination host, and the destination host is "the other side" on the router. The function of the router is equivalent to the agent of the destination host, forward the packet from other hosts to it. For example, the best way to explain the ARP agent. As shown in Figure 3.10, the system Sun is connected to two Ethernet. However, we also pointed out that in fact, it is not the case, please compare it to the graph in the sea. There is actually a router between Sun and subnet 140.252.1, that is, the router with ARP proxy function makes Sun as in the subnet 140.252.1. The specific placement is shown in Figure 4.6, the router Telebit Netblazer is named NetB, between the subnet and the host SUN.
Figure 4.6 Examples of ARP Agents
When the subsidy 140.252.1 (called Gemini) has an IP Data report to the address of 140.252.1.29 (140.252) and subnet numbers (1), because they are the same The ARP request for IP address 140.252.1.29 is transmitted in the Ethernet of Figure 4.6. The router Netb recognizes that the IP address belongs to its unpacking host, so it will answer its Ethernet interface address 140.252.1 as the hardware address. The host Gemini sends IP datagram to Netb through Ethernet, and Netb forwards the datagram to the Sun by the Coching SLIP link. This process is transparent to the hosts on all 140.252.1 subnets, and the host Sun is actually configured behind the router NetB. If we execute the ARP command on the host Gemini, we have found the hardware address of the NetB and Sun IP address maps on the same subnet 140.252.1. This is usually used using a clue that commissioned ARP. Gemini% ARP -A is hereby output line NETB (140.252.1.183) at 0:80: AD: 3: 6A: 80SUN (140.252.1.29) AT 0: 80: AD: 3: 6A: 80
Another detail that needs to be explained in Figure 4.6 is obviously lacking an IP address below the router NetB (SLIP link). Why is there only one IP address on both ends of the Co-Down SLIP link, but have an IP address between the two ends between BSDI and SLIP? In the 3.8 section, we have pointed out that the use of the ifconfig command can display the destination address of the Coiled SLIP link, which is 140.252.1.183. Netblazer does not need to know the IP address of each end of the Coiled SLIP link. (Do this will use more IP addresses.) In contrast, it determines the first packet of the co-cylindrical line through group reached the serial line interface, so the unique IP address is not required for each of the cohancer hosts connected to the router. . All Coiled Host uses the same IP address 140.252.1.183 as the destination address of the SLIP link. The ARP agent can transfer the datagram to the router Sun, but how other hosts on the subnet 140.252.13 do? Routing must enable data to reach other hosts. It requires special processing here, and the entries in the routing table must be set in a place in network 140.252, so that all datagical destinations are either a subnet 140.252.13, or a host on the subnet, which points to the router. Netb. The router Netb knows how to report data to the final destination, that is, through the router Sun. ARP proxy is also known as mixing ARP (Promiscuous ARP) or ARP rental. These names come from other purposes of the ARP proxy: the router between the two physical networks can hide the physical network to each other. In this case, the two physical networks can use the same network number, as long as the intermediate router is set to an ARP proxy to respond to an ARP request to another network host. This technique is used to hide a host that runs old version of TCP / IP on different physical cables. Separate these old hosts There are two common reasons, one of which cannot handle subnet division, and the other of them uses old broadcast addresses (all host numbers 0, not all bit specifics for current use 1 The host number).
4.7 Free ARP We can see another ARP feature called free ARP (Gratuary ARP). It refers to the host sends an ARP to find your own IP address. Typically, it occurs when interface configuration during system boot. In our internet, if we boot host BSDi and run the TCPDUMP command on the host Sun, we can see the packet shown in Figure 4.7.
Figure 4.7 Examples of free ARP (we run the TCPDUMP command with the -n option, print the address of the point division), not the host name.) For each field in the ARP request, the protocol address of the sender and the protocol address of the destination are Consistent: The address of the host BSDI is 140.252.13.35. In addition, the source address 0: 0: 0: C0: 6F: 2D: 40, as the TCPDump command is displayed, equal to the hardware address of the sender (see Figure 4.4). Free ARP can have two ways. 1. A host can determine if another host has the same IP address. Host BSDI does not want to have an answer to this request. However, if you receive an answer, you will generate an error message on the terminal log "Ethernet address: A: B: C: D: E: f Send to repeat IP address". This will warn the system administrator, and a system has incorrect settings. 2. If the host sends a free ARP, the hardware address is changed (it is probably the host is turned off, and the interface card is changed, then restarted), then this packet can make the other host cache the old hardware address Update. A more famous ARP protocol fact [Plummer 1982] YES, if the host receives an ARP request for an IP address, and it has been in the recipient's cache, then the sender address in the ARP request (such as Ethernet address) update the corresponding content in the cache. The host receives any ARP request to complete this operation. (ARP request is broadcast online, so all hosts on the network must do this every time the ARP request is sent.) Document [BHIDE, ELNOZAHY, AND MORGAN 1991] has an application example, by sending a backup hardware address and The free ARP request for the IP address of the fault server, allows the backup file server to work smoothly in the fault server. This makes all the destinations to the faulty server, and the client does not have to pay attention to the original server.
(The following is the original book P.631) Unfortunately, the author opposes this practice, as it depends on all different types of clients to have the correct ARP protocol implementation. They obviously encounters the case of the client's ARP protocol implementation and norms. By checking all systems on the subnets on the subnet, you can find that SunOS 4.1.3 and 4.4BSD send free ARP when boot, but SVR4 does not do this.
4.8 ARP Command We have used this command and parameter -a to display all the contents of the ARP cache. Here you will introduce the functions of other parameters. Super users can use parameter -D to delete a certain item in the ARP cache. (This command format can be used before running some examples to let us see the Exchange process of the ARP.) In addition, the contents of the cache can be increased by parameter -s. This parameter requires hostname and Ethernet address: IP addresses corresponding to host names and Ethernet addresses are added to the cache. The newly added content is permanent (for example, it has no timeout value) unless the keyword TEMP is attached at the end of the command line. The keyword pubs and -s parameters at the end of the command line can make the system play a role of host ARP proxy. The system will answer the ARP request for the IP address corresponding to the host name, and an answer is used as the specified Ethernet address. If the broadcast of the broadcast is the system itself, the system is a role in commissioning the ARP agent for the specified host name.
4.9 Summary In most TCP / IP implementations, ARP is an underlying protocol, but its run is generally transparent to applications or system administrators. The ARP cache is very critical during its run, we can use the ARP command to check and operate the cache. Each content in the cache has a timer that deletes incomplete and complete entries according to it. The ARP command can display and modify the contents of the ARP cache. We introduced the general operation of ARP, and also introduced some special features: commission ARP (when the router answers the ARP request from another router interface) and free ARP (send your IP address ARP request, generally occurred In the boot process). Exercise 4.1 When we enter a command to generate an output similar to Figure 4.4, find the local ARP fast cache is empty, enter the command BSDI% RSH SVR4 ARP -A If the ARP speed cache on the host is also empty, it will happen what's the situation? (This command will run the ARP -A command on the SVR4 host.) 4.2 Please describe how to determine if a given host can correctly handle the received unnecessary ARP request. 4.3 Since the ARP will wait for a response because the ARP is sent, step 7 described in Section 4.2 may last for a period of time. Do you think the ARP will handle multiple packets sent from the same destination IP address during this time? 4.4 At the end of Section 4.5, we pointed out that the Host Requirements RFC and Berkeley derived systems have different times in processing activity ARP forms. So if we try to contact a server host that is being replaced with an Ethernet card, it will happen to a server host that is being replaced with an Ethernet card. If the server broadcasts a free (Gratuary) ARP during the boot process, will this situation change?
