Basics

Address Resolution Protocol

Today we are going to see how the devices learn each others’ address. Before that let us first take a look at the type of addresses assigned to the device.

  1. Layer – 2 Address
  2. Layer – 3 Address

Layer – 2  Address:

The address assigned to the Network interfaces for communication at the data link layer of a network segment is known as Layer 2 address. The address used for Ethernet technology is referred to as Media Access Control aka MAC address.

This is also known as burned-in address (BIA), hardware address, physical address , EUI-48 and many more.

It is a 48 bit hexadecimal address and can be represented in following ways:

  • Six 8 bit fields separated by colon- 1a:2b:3c:4d:5e:6f
  • Three 16 bit fields –  1a2b:3c4d:5e6f
  • Two 24 bit fields –  1a2b3c:4d5e6f

mac

MAC address is divided into two parts of 24 bits.

First 24 bits represent the OUI (Organization Unique Identifier). OUI code is unique for each network card manufacturer and is issued by IEEE.

Next 24 bits are decided by organization.

Two bits within the initial 3 octets have special significance:

Group Bit (b0) : If group bit is 0, then the MAC address is Unicast identifier.

If set to 1, then this address belong to Layer -2 Multicast address.

Local Bit (b1): For globally unique EUI-48 identifiers allocated by an OUI owner, the Local bit is zero.  If the Local bit is a one, the identifier is considered by IEEE 802 to be a local identifier under the control of the local network administrator

Reserved MAC Addresses:

  •  The 2**23 multicast identifiers from 01-00-5E-00-00-00 through 01-00-5E-7F-FF-FF        have been allocated for IPv4 multicast [RFC1112].
  • The 2**20 multicast identifiers from 01-00-5E-80-00-00 through 01-00-5E-8F-FF-FF have been allocated for MPLS multicast  [RFC5332].
  • The 2**8 unicast identifiers from 00-00-5E-00-00-00 through 00-00-5E-00-00-FF are reserved and require IESG Ratification for allocation.
  • The 2**8 unicast identifiers from 00-00-5E-00-01-00 through 00-00-5E-00-01-FF have been allocated for the Virtual Router Redundancy Protocol (VRRP) [RFC3768].

Layer -3 Address:

The address assigned to each device for communication at network layer is known as Layer -3 address. The most common are IPv4 and IPv6 address. For details on IP address, please check out this blog:  IPv4 – Basics of Networking – Part II

ARP:

The Layer-3 and Layer-2 address should be mapped to each other and this mapping must be learnt by the neighboring device to be able to forward the frames.

The protocol used for this learning method is Address Resolution Protocol aka ARP.

The database which stores the L3 to L2 mapping is known as ARP table.

ARP Message Format:

ARPDatagram

Hardware type: This field specifies type of hardware used.

hrd

Protocol type: This field is the complement of the Hardware Type field, specifying the type of layer three addresses used in the message. For IPv4 addresses, this value is 2048 (0800 hex), which corresponds to the EtherType code for the Internet Protocol.

Hardware size: Specifies how long hardware addresses are in this message. For Ethernet or other networks using IEEE 802 MAC addresses, the value is 6.

Protocol size: specifies how long protocol (layer three) addresses are in this message. For IP(v4) addresses this value is of course 4.

OpCode: This field specifies the nature of the ARP message being sent.

opcode

Sender MAC address : The MAC address of the machine sending the request

Sender IP address: The protocol address of the machine sending the ARP request

Target MAC address: The MAC address being sought

Target IP address: The protocol address of the destination

Working of ARP:

Topology used:

topology-arp

Suppose you initiate a ping request from R2 (10.0.0.1) to R3 (20.0.0.1), it will create a frame for communication with below details:

DATA SIP DIP SMAC DMAC
PING 10.0.0.1 20.0.0.1

aabb.cc00.2000

???
  • Device will check whether destination IP belongs to the same network or not. If not, then it will check if the gateway address is configured.
  • If default gateway is not configured, it will give an “Destination Host Unreachable” error.
  • The device will need a destination MAC address in order to initiate the communication between two devices.
  • To learn the MAC address, it will initiate a ARP broadcast frame.
  • In case the DIP is in the same network, the ARP broadcast will be sent for resolving the MAC address of the destination IP only. However if it does not belong to the same network, the device will send a broadcast to learn the MAC address for the Gateway IP, 10.0.0.254 in our case.
  • The destination MAC address in ARP broadcast will always be FFFF.FFFF.FFFF (Layer -2 broadcast).
DATA SIP DIP SMAC DMAC
ARP Broadcast 10.0.0.1 10.0.0.254

aabb.cc00.2000

FFFF.FFFF.FFFF

arp broadcast

  • The frame will reach the router . On checking that this frame belongs to it and is a ARP broadcast request, it will send a ARP reply with its MAC address as SMAC.
DATA SIP DIP SMAC DMAC
ARP Reply 10.0.0.254 10.0.0.1

aabb.cc00.1000

aabb.cc00.2000

arp reply

  • After receiving the ARP reply, device will update the ARP table for future use also. The ARP broadcast and reply process is performed only in the beginning of the communication.

R2#sh ip arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.0.0.1                –   aabb.cc00.2000  ARPA   Ethernet0/0

Internet  10.0.0.254              0   aabb.cc00.1000  ARPA   Ethernet0/0

 

  • Device will now send a PING packet to 20.0.0.1 with DMAC as Gateways’s MAC Address.
DATA SIP DIP SMAC DMAC
PING 10.0.0.1 20.0.0.1 aabb.cc00.1000 aabb.cc00.2000
  • This frame will be received on router and as destination belongs to different network, router will check the routing table to forward it.
  • If it does not have the L3 to L2 mapping in the ARP table, the same procedure as explained above will be repeated with SIP of 20.0.0.254 and DIP of 20.0.0.1

R2#ping 20.0.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 20.0.0.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

ping request

Do remember, in the end to end flow Source IP and Destination IP will remain the same. Only the address at Layer-2 will changed.

Types of ARP, which we will be discussing in detail :

  • ARP
  • RARP
  • Proxy-ARP
  • Gratuitous ARP

Gratuitous ARP:

A gratuitous ARP request is a request packet where the source and destination IP are both set to the IP of the machine issuing the packet and the destination MAC is the broadcast address ff:ff:ff:ff:ff:ff. Ordinarily, no reply packet will occur. A gratuitous ARP reply is a reply to which no request has been made.

garp req

Advantages of GARP:

  • To detect the ip conflicts in the network.  When a machine receives an ARP request containing a source IP that matches its own, then it knows there is an IP conflict.
  • Everytime a link or interface come up, it sends a GARP to populate the ARP/MAC table of all other hosts.
  • GARP is also used by HSRP to inform the switch where to forward the traffic when the Standby router takes over the Active role.

Reverse ARP

As the name implies, RARP is the reverse of the ARP. ARP resolves IP-to-MAC binding, RARP is used to translate MAC-to-IP address. This is most commonly used by devices during bootup when they don’t have any IP address assigned.

Proxy-ARP

Proxy ARP is the technique in which a router replies to ARP request intended for another machine.

Lets add a static route on R1 and R2 for each other’s loopback address to understand the proxy arp concept:

  1. Static route with next hop as outgoing interface:
  • When Proxy ARP is enabled: Both the routers will send a ARP request with SIP of 10.0.0.x and DIP of loopback address (1.1.1.1/2.2.2.2). As both the networks are on different subnet and proxy arp is enabled by default, Routers will reply with their MAC address and you will see the ARP entry for the loopback address in the table.

R1#sh run int lo0

 

interface Loopback0

ip address 1.1.1.1 255.255.255.255

end

R1#sh run | s ip rou

ip route 2.2.2.2 255.255.255.255 Ethernet0/0

R1#sh ip arp 2.2.2.2

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  2.2.2.2                 1   aabb.cc00.2000  ARPA   Ethernet0/0

R1#

 

R2#sh run int lo0

 

interface Loopback0

ip address 2.2.2.2 255.255.255.255

end

 

R2#sh run | s ip rou

ip route 1.1.1.1 255.255.255.255 Ethernet0/0

R2#

R2#sh ip arp 1.1.1.1

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  1.1.1.1                 1   aabb.cc00.1000  ARPA   Ethernet0/0

static

  • When Proxy ARP is disabled: The routers will not reply to the ARP request and hence we will see Incomplete ARP entry.

 

R1#sh run int e0/0

 

interface Ethernet0/0

ip address 10.0.0.254 255.255.255.0

 no ip proxy-arp

end

 

R1#sh run | s ip rou

ip route 2.2.2.2 255.255.255.255 Ethernet0/0

R1#sh ip arp 2.2.2.2

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  2.2.2.2                 0   Incomplete      ARPA

R1#

2. Static route with next hop as interface IP address:

When the next hop is configured as an interface IP address, the router will use MAC address for that IP address from the ARP table and no new ARP entry is created for the static route.

R2(config)#ip route 1.1.1.1 255.255.255.255 10.0.0.254

 

R2#sh ip arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.0.0.1                –   aabb.cc00.2000  ARPA   Ethernet0/0

Internet  10.0.0.254              7   aabb.cc00.1000  ARPA   Ethernet0/0

R2#

 

R2#ping 1.1.1.1 so 2.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

Packet sent with a source address of 2.2.2.2

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R2#sh ip arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.0.0.1                –   aabb.cc00.2000  ARPA   Ethernet0/0

Internet  10.0.0.254              8   aabb.cc00.1000  ARPA   Ethernet0/0

R2#

 

Advertisements

Categories: Basics, General

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s