ARP stands for Address Resolution Protocol. ARP is used to associate a Layer 3 i.e. Network layer address such as an IP address with a Layer 2 i.e. Data Link layer address such as a MAC address.
The IP address is a Layer 3 i.e. Network layer address. The MAC address is a Layer 2 i.e. Data Link address. The Layer 3 address is logical. It will pertain to a single protocol like IP or IPX. The Layer 2 address is a physical address. It pertains to the actual hardware interface Network card in the computer. A computer can have multiple Layer 3 addresses but will have only one Layer 2 address per LAN interface. At Layer 2 though, the data is addressed to the next hop. This is very handy because you need to know only a host's Layer 3 address, which can be found out from DNS, for example, but you will not need to know the hardware address of the destination, and you do not have to cause chaos in the network by send an ARP request across networks or across the internet to find out the destination machine. The Layer 3 address that is addressed to the destination host will be encapsulated within a Layer 2 frame addressed to the next hop.
Let us assume your computer needs to send data to a remote computer. When the data gets to the Network layer it will put the destination IP address. All of this information i.e. the Network layer datagram, also known as a packet, is passed down to the Data link layer where it is taken and placed within a Data link frame. Based on the IP address and the subnet mask, your computer figures out whether the destination IP is on the local network or if needs to traverse through to another network. If the destination IP address is local i.e. within the same subnetwork, the computer will look in its ARP table to find the MAC address. If the entry is not present, then the computer will broadcast an ARP request to find out the MAC address for the destination IP. In the diagram above, the computer is looking for the MAC address of the IP 10.145.53.45 . Since this request is broadcast, all machines on the LAN will receive it and process the contents. Every machine will ignore this request except the one which finds a match for its IP address. That machine will respond to the caller by sending it's MAC address, 01:43:AC:DB:52:81 in our diagram. Upon receiving this information, the calling computer will update it's ARP table to include the new piece of information and will send out the frame addressed with the destination machine's MAC address.
Now let us say that the sender machine is looking for a destination machine that is not on its own network. In most cases, your computer is configured with a subnet mask and a default gateway address, like say a subnet mask of 255.255.255.0 and a default gateway of 10.145.53.1 . By applying the subnet mask to the IP address it is trying to reach, the computer is able to figure out that the destination machine is not on its own network but that it is on a different network. The sending computer will use the MAC address of the default gateway and reach out to the default gateway which is configured on the Layer 3 router's interface connected to this network. This happens through an intermediate switch which has all the local network computers talking to each other through it. When the default gateway i.e. the router receives the frame, it will see that the MAC address matches its own, so the frame must be for it. The router will examine the data link frame. The router will then un-encapsulate the Data link frame and pass the data part up to the Network layer. At the Network layer, the router will see that the destination IP address contained in the header of the IP packet does not match its own. The router will realize that the destination IP is not its own but that the frame has been sent to it to go through it i.e. the default gateway interface on the router. Once the router realizes that the packet is supposed to be routed, it will look in its routing table for the closest match to the destination IP in order to figure out through which interface this packet needs to be sent out. It will always use the path that is most specific while gleaning it from its routing table. When a match is found, the router will create a new Data link frame, stripping off the old MAC address and inserting its own MAC address of the outgoing router interface, and and address it to the next hop. The destination IP address never changes but the MAC address keeps changing as the packet travels from one router to another. This process will continue at each router along the way until the information reaches a router connected to the network where the destination computer and IP address can be found. This last router will see that the packet is addressed to a host that is on its directly connected network. This router will send out this frame to the corresponding switch which in turn will send out an ARP request for the MAC address of the destination IP (provided it already does not have it in its table) and then address it to the destination's MAC address.
MAC addresses are needed because a switch that interconnects devices on a network uses a CAM table which lists the MAC addresses of all devices plugged into each of its ports. When the switch receives traffic destined for a particular MAC address, it uses this table to know through which port to send the traffic. If the destination MAC address is unknown, the transmitting device will first check for the address in its cache; if it is not there, then it must be resolved through additional communication on the network.
The resolution process that TCP/IP networking uses to resolve an IP address to a MAC address is called the ARP. The ARP resolution uses only two packets ----- ARP request and ARP response.
ARP Header:
Header type: Layer 2 type. Ethernet
Protocol type: The higher layer protocol for which the ARP request is used
Hardware Address length: 6 bytes
Protocol Address length: Length of the Logical address of the protocol specified
Operation: 1 for Request, 2 for Response
Sender Hardware Address:
Sender Protocol Address: Sender's upper layer protocol address
Target Hardware Address: Intended receiver's hardware address (zeroed in ARP requests)
Target Protocol Address: Intended receiver's upper layer protocol address
ARP request:
FF:FF:FF:FF:FF:FF Operation code: 0x0001
Target MAC address: 00:00:00:00:00:00
ARP response:
Operation code: 0x0002
Sender MAC address and IP address are now the Target MAC address and IP address.
Gratuitous ARP packet
A gratuitous ARP packet is transmitted on the network to prevent IP-to-MAC mapping in cache to become invalid and cause communication errors, when and if the IP address changes. It updates the cache with the new IP-to-MAC address mapping. Happens often during startup of a machine. Very useful in load balancing.
pqr55.us.company.com: / >
pqr55.us.company.com: / >
pqr55.us.company.com: / > arp -a
pqr45-zone2.us.company.com (10.145.73.101) at 23:43:FC:f1:b1:dc [ether] on eth0
pqr64.us.company.com (10.145.73.184) at B1:10:e0:0e:c8:7e [ether] on eth0
pqr46-zone2.us.company.com (10.145.73.103) at 23:43:FC:fa:70:38 [ether] on eth0
pqr61.us.company.com (10.145.73.247) at B1:10:e0:0e:cd:ec [ether] on eth0
pqr43-zone1.us.company.com (10.145.73.167) at 23:43:FC:fa:9d:56 [ether] on eth0
bts96-b.us.company.com (10.145.72.241) at B1:80:a3:89:5b:75 [ether] on eth0
? (10.145.73.40) at 23:43:FC:b2:de:3a [ether] on eth0
pqr56.us.company.com (10.145.73.234) at 23:43:FC:fb:a6:fe [ether] on eth0
pqr63.us.company.com (10.145.73.180) at B1:10:e0:0e:a9:3e [ether] on eth0
pqr66.us.company.com (10.145.73.199) at B1:10:e0:0d:19:0c [ether] on eth0
project12.us.company.com (10.145.72.12) at B1:a0:b8:38:b2:ac [ether] on eth0
bts96-c.us.company.com (10.145.72.242) at B1:80:a3:89:11:c9 [ether] on eth0
project23-sp.us.company.com (10.145.72.123) at B1:14:4f:9e:10:78 [ether] on eth0
pqr67-zone1.us.company.com (10.145.72.160) at B1:10:e0:0e:70:b8 [ether] on eth0
bts96-a.us.company.com (10.145.72.240) at B1:80:a3:89:11:cd [ether] on eth0
project16.us.company.com (10.145.72.16) at B1:14:4f:e6:56:e3 [ether] on eth0
? (169.254.39.37) at <incomplete> on bond1
pqr44-zone1.us.company.com (10.145.73.170) at 23:43:FC:fa:9b:a8 [ether] on eth0
pqr62.us.company.com (10.145.73.176) at B1:10:e0:0e:dd:dc [ether] on eth0
project39-sp.us.company.com (10.145.72.139) at B1:14:4f:9e:0e:88 [ether] on eth0
tarzan-sp.us.company.com (10.145.73.53) at B1:19:b9:d2:f2:99 [ether] on eth0
jkljump-96.us.company.com (10.145.72.254) at B1:03:ba:1d:18:91 [ether] on eth0
project17-sp.us.company.com (10.145.72.117) at B1:14:4f:9e:10:3f [ether] on eth0
pqr65-zone1.us.company.com (10.145.72.112) at B1:10:e0:0e:df:4e [ether] on eth0
bts96-d.us.company.com (10.145.73.109) at B1:80:a3:89:12:59 [ether] on eth0
pqr69.us.company.com (10.145.73.245) at B1:10:e0:2a:28:3a [ether] on eth0
project40-sp.us.company.com (10.145.72.140) at B1:14:4f:9e:10:32 [ether] on eth0
pqr68.us.company.com (10.145.73.206) at B1:10:e0:0d:25:fa [ether] on eth0
uranus-brocade-sw.us.company.com (10.145.73.119) at B1:27:f8:09:45:23 [ether] on eth0
pqr56-priv (172.31.150.6) at 23:43:FC:fb:a7:00 [ether] on bond1
project10-sp.us.company.com (10.145.72.11) at B1:14:4f:a6:61:c0 [ether] on eth0
project30.us.company.com (10.145.72.30) at B1:14:4f:9e:0b:13 [ether] on eth0
sacramento22-1947-rtr-1-v3001.us.company.com (10.145.72.1) at B1:10:e0:2f:41:41 [ether] on eth0
pqr28.us.company.com (10.145.73.46) at 23:43:FC:b2:fe:92 [ether] on eth0
pqr55.us.company.com: / >
pqr55.us.company.com: / >
No comments:
Post a Comment