ARP and RARP

1
COURSE
LECTURE 5
COMS 525 TCPIP
TOPIC
ADDRESS RESOLUTION PROTOCOL (ARP) REVERSE
ADDRESS RESOLUTION PROTOCOL ( RARP)
K. PALANIVEL Systems Analyst, Computer
Centre Pondicherry University, Puducherry
605014.
2
Discussion

• Understand the need for ARP
• Understand the cases in which ARP is used
• Understand the components and interactions in an
  ARP package
• Understand the need for RARP

3
Communication between Hosts
Example
From Host A to Host B
From Host B to Host A
4
Address Mapping

• The delivery of a packet to a host or a router
  requires two levels of addressing logical and
  physical.
• It needs to be able to map a logical address to
  its corresponding physical address and vice
  versa.
• These can be done using either static or dynamic
  mapping.

5
Address Mapping

• Anytime a host or a router has an IP datagram to
  send to another host or router, it has the
  logical (IP) address of the receiver.
• But the IP datagram must be encapsulated in a
  frame to be able to pass through the physical
  network.
• This means that the sender needs the physical
  address of the receiver.
• A mapping corresponds a logical address to a
  physical address.
• ARP accepts a logical address from the IP
  protocol, maps the address to the corresponding
  physical address and pass it to the data link
  layer.

6
Address Mapping
7
Overview
8
ARP and RARP

• The Internet is based on IP addresses
• Data link protocols (Ethernet, FDDI, ATM) may
  have different (MAC) addresses
• The ARP and RARP protocols perform the
  translation between IP addresses and MAC layer
  addresses
• ARP for broadcast LANs, particularly Ethernet LANs

9
Processing of IP packets by network device
drivers
10
Address Translation with ARP

• ARP Request
• Sender broadcasts an ARP request to all stations
  on the network What is the hardware address of
  Router137?

11
Address Translation with ARP
DCHP Server
12
ARP Operations
broadcast
13
Address Translation with ARP

• ARP Reply Router 137 responds with an ARP Reply
  which contains the hardware address

14
ARP Packet Format
15
ARP Encapsulation
An ARP request is broadcast
An ARP reply is unicast.
16
ARP Encapsulation
ARP Request
ARP Reply
ARP Payload
ARP ReplyPayload
17
ARP Encapsulation
18
ARP Encapsulation

• ARP request and reply packets.
• Note that the ARP data field in this case is 28
  bytes, and that the individual addresses do not
  fit in the 4-byte boundary.
• That is why we do not show the regular 4-byte
  boundaries for these addresses.
• Also note that the IP addresses are shown in
  hexadecimal.

19
Example

• ARP Request from Argon
• Source hardware address 00a02471e444Sourc
  e protocol address 128.143.137.144Target
  hardware address 000000000000Target
  protocol address 128.143.137.1
• ARP Reply from Router137
• Source hardware address 00e0f923a820
  Source protocol address 128.143.137.1 Target
  hardware address 00a02471e444Target
  protocol address 128.143.137.144

20
Four Cases on ARP
21
Example
22
Example
A host with IP address 130.23.43.20 and physical
address B23455102210 has a packet to send to
another host with IP address 130.23.43.25 and
physical address A46EF45983AB. The two
hosts are on the same Ethernet network. Show the
ARP request and reply packets encapsulated in
Ethernet frames.
23
Example
Solution Figure 8.6 shows the ARP request and
reply packets. Note that the ARP data field in
this case is 28 bytes, and that the individual
addresses do not fit in the 4-byte boundary.
That is why we do not show the regular 4-byte
boundaries for these addresses. Also note that
the IP addresses are shown in hexadecimal.
24
ARP Cache

• Since sending an ARP request/reply for each IP
  datagram is inefficient, hosts maintain a cache
  (ARP Cache) of current entries.
• The entries expire after 20 minutes.
• Contents of the ARP Cache
• (128.143.71.37) at 00104BC5D115 ether on
  eth0
• (128.143.71.36) at 00B0D0E117D5 ether on
  eth0
• (128.143.71.35) at 00B0D0DE70E6 ether on
  eth0
• (128.143.136.90) at 00053C062735 ether on
  eth1
• (128.143.71.34) at 00B0D0E117DB ether on
  eth0
• (128.143.71.33) at 00B0D0E117DF ether on
  eth0

25
ARP Caching

• The ARP output module receives an IP datagram
  (from the IP layer) with the destination address
  114.5.7.89.
• It checks the cache table and finds that an entry
  exists for this destination with the RESOLVED
  state (R in the table).
• It extracts the hardware address, which is
  457342ACAE32, and sends the packet and the
  address to the data link layer for transmission.
• The cache table remains the same.

26
ARP Caching

• Twenty seconds later, the ARP output module
  receives an IP datagram (from the IP layer) with
  the destination address 116.1.7.22.
• It checks the cache table and does not find this
  destination in the table. The module adds an
  entry to the table with the state PENDING and the
  Attempt value 1.
• It creates a new queue for this destination and
  enqueues the packet. It then sends an ARP request
  to the data link layer for this destination.
• The new cache table is shown in Table

27
ARP Caching

• Fifteen seconds later, the ARP input module
  receives an ARP packet with target protocol (IP)
  address 188.11.8.71.
• The module checks the table and finds this
  address.
• It changes the state of the entry to RESOLVED and
  sets the time-out value to 900. The module then
  adds the target hardware address (E34573242ACA)
  to the entry.
• Now it accesses queue 18 and sends all the
  packets in this queue, one by one, to the data
  link layer.
• The new cache table is shown in Table 8.7.

28
ARP Caching

• Twenty-five seconds later, the cache-control
  module updates every entry. The time-out values
  for the first three resolved entries are
  decremented by 60.
• The time-out value for the last resolved entry is
  decremented by 25. The state of the next-to-the
  last entry is changed to FREE because the
  time-out is zero.
• For each of the three pending entries, the value
  of the attempts
• field is incremented by one. After incrementing,
  the attempts value for one entry (the one with IP
  address 201.11.56.7) is more than the maximum
  the state is changed to FREE, the queue is
  deleted, and an ICMP message is sent to the
  original destination (see Chapter 9). See Table
  8.8.

29
ARP Caching
30
Proxy ARP

• Proxy ARP Host or router responds to ARP Request
  that arrives from one of its connected networks
  for a host that is on another of its connected
  networks.

31
Proxy ARP
32
Proxy ARP
Example
Solution
33
Switch Lookup Table
34
Things to know about ARP

• What happens if an ARP Request is made for a
  non-existing host?
• Several ARP requests are made with increasing
  time intervals between requests. Eventually, ARP
  gives up.
• On some systems (including Linux) a host
  periodically sends ARP Requests for all addresses
  listed in the ARP cache.
• This refreshes the ARP cache content, but also
  introduces traffic.
• Gratuitous ARP Requests A host sends an ARP
  request for its own IP address
• Useful for detecting if an IP address has already
  been assigned.

35
Vulnerabilities of ARP

• Since ARP does not authenticate requests or
  replies, ARP Requests and Replies can be forged
• ARP is stateless ARP Replies can be sent without
  a corresponding ARP Request
• According to the ARP protocol specification, a
  node receiving an ARP packet (Request or Reply)
  must update its local ARP cache with the
  information in the source fields, if the
  receiving node already has an entry for the IP
  address of the source in its ARP cache. (This
  applies for ARP Request packets and for ARP Reply
  packets)
• Typical exploitation of these vulnerabilities
• A forged ARP Request or Reply can be used to
  update the ARP cache of a remote system with a
  forged entry (ARP Poisoning)
• This can be used to redirect IP traffic to other
  hosts

36
Components of ARP
37
RARP

• RARP finds the logical address for a machine that
  only knows its physical address.
• The RARP request packets are broadcast
• the RARP reply packets are unicast.

38
RARP

• Bootstrapping a diskless terminal - this was the
  original problem in the 70s and 80s
• Reverse ARP RFC903 - a way to obtain an IP
  address starting from MAC address
• Today problem dynamic IP address assignment -
  limited pool of addresses assigned only when
  needed
• RARP not sufficiently general for modern usage
• BOOTP (Bootstrap Protocol - RFC 951) significant
  changes to RARP (a different approach)
• DHCP (Dynamic Host Configuration Protocol - RFC
  1541) extends and replaces BOOTP

39
RARP
40
RARP
RARP Client
RARP Server
41
RARP
42
RARP
43
RARP
44
RARP Problems

• Network traffic
• for reliability, multiple RARP servers need to be
  configured on the same Ethernet
• to allow bootstrap of terminals even when one
  server is down
• But this implies that ALL servers simultaneously
  respond to RARP request
• contention on the Ethernet occurs ÎRARP requests
  not forwarded by routers
• being hardware level broadcasts...

45
BOOTP/DHCP approach

• Requests/replies encapsulated in UDP datagrams
• may cross routers
• no more dependent on physical medium
• request addressing
• destination IP 255.255.255.255
• source IP 0.0.0.0
• destination port (BOOTP) 67
• source port (BOOTP) 68
• router crossing
• router configured as BOOTP relay agent
• forwards broadcast UDP requests with destination
  port 67

46
QUESTIONS ???