ARP and RARP

Applications use a logical address (IP address) to identify the destination host. The IP
packets are encapsulated into frames. The delivery of frames across links (source –
source, or source – router, router – router, …, router – destination) is based on local
addresses called physical or MAC addresses. The mapping of IP addresses into
physical addresses is done through the Address Resolution Protocol (ARP).
 Position of ARP and RARP
in the TCP/IP Protocol Suite

“Helper
Protocols” assist
in the delivery of
IP datagrams.
 ARP Operation
(case: destination is on the same physical network)

Link

The MAC address of

destination is broadcast IP = 141.23.56.23
address: 0xFF:FF:FF:FF:FF:FF
(Ethernet = 6) ARP Packet
(Ethernet = 1) IPv4 = 4 IPv4 = 0x0800
4 bytes

Opcode (1 = request, 2 = reply)

18 byte padding (to make frame payload equal to 46 bytes – ARP packet is 28 bytes)
 Encapsulation of an ARP Packet

46 bytes

Start Field Delimiter Q: Why are ARP packets not encapsulated

(10101011 = 0xAB) into IP datagrams?
A: Because ARP packets never leave the
LAN segment
 Four cases using ARP
Case 1: Host to Host

The IP address of destination host is taken from the IP datagram.

 Four cases using ARP (cont.)
Case 2: Host to Router

(next hop)

The IP address of the destination (router) is not taken from the IP datagram.
Instead it is taken from the next-hop column of the routing table of the source host.
 Four cases using ARP (cont.)
Case 3: Router to Router

The IP address of destination (router) is not taken from the IP datagram.

Instead it is taken from the next-hop column of the sending router’s routing table
 Four cases using ARP (cont.)
Case 4: Router to Host

Now, the IP address of destination host is taken from the IP datagram.

Example 1

A host with IP address 130.23.43.20 and physical

address 0xB23455102210 has a packet to send to
another host with IP address 130.23.43.25 and
physical address 0xA46EF45983AB. The two hosts
are on the same Ethernet network. Show the ARP
request and reply packets encapsulated in Ethernet
frames.
 Example 1: ARP Request

ARP request
130.23.43.20
Don’t know the destination MAC address

130.23.43.25

(46 bytes with padding) Broadcast address

Notice packet orientation!
 Example 1: ARP reply
ARP reply

Notice packet orientation!

 ARP Cache Table

It would be very inefficient to use ARP to deliver each IP datagram.

Therefore the most recent mappings are kept in a cache table.
In order to be consistent with network dynamics, entries in the
ARP cache have a timeout value which is used to remove aged
entries.

IP Address Physical Address Timeout

PA MACA TOA
PB MACB TOB
.... .... ....
 ARP Cache Table (cont.)
The ARP cache of a host can be displayed with the command:
arp –a
(the command is the same on Windows and UNIX)
 ARP Cache Table (cont.)
The implementation of an ARP cache table requires more than the
essential information shown on the previous two slides
Number of
Number of the queue ARP requests
where packets are waiting sent Life time of the
for address resolution entry (sec)

State Queue Attempt Time Protocol Hardware

Out Address Address
R 5 900 180.3.6.1 ACAE32457342
F
P 14 5 201.11.56.7

R = resolved, P = pending, F = free (time to leave has expired)

 ARP Implementation

All modules use threads

IP datagram
Timer
(5 sec)
MAC address
of immediate
destination
(next hop or
direct)
Case: Sending a packet, destination IP has MAC in Cache Table (state = R)

2 Each destination is
given a queue (all
packets with the
same destination
are in the same
queue)

3
Case: Sending a packet, destination IP does not have an associated MAC
address in the cache but an entry with state = P:
1

2
3 Put packet in
existing queue
Case: Sending a packet, no entry in cache corresponding to the
destination IP address:
1

2
3
Create a new queue

4
Case: An ARP reply arrives, corresponding IP address is in the cache

3
Dequeue all packets
2

4
1
 Case: An ARP reply arrives, corresponding IP address is not in the cache

Create a new
entry in cache
Do you see any
security
2 vulnerabilities with
this practice?

1
Previous case in which an ARP reply arrives and the
corresponding IP address is not in the cache:

Q: When can this happen?

A: The pending entry has been deleted because:

(a) time-out expired
(b) number of attempts exceeded
and the reply finally arrives late.
Case: An ARP request arrives

We know our
own hardware
address
2
1
 Cache-Control Module
Invoked by a periodic timer
(5 seconds)
for (every entry in the cache table){
switch (State){
case PENDING:
increment Attempt;
if (Attempt > max){
State = FREE;
Destroy corresponding queue;}
else
Send an ARP request;
break; If P-state within a timer
case RESOLVED: period (5 seconds), then send
Decrement Time-Out; the request again
if (Time-Out <= 0){
State = FREE;
Destroy corresponding queue;}
break;
case FREE: }
}
Example 2

The ARP output module receives an IP datagram (from

the IP layer) with the destination address 114.5.7.89. It
checks the cache table and finds that an entry exists for
this destination with the RESOLVED state (R in the
table). It extracts the hardware address, which is
457342ACAE32, and sends the packet and the address to
the data link layer for transmission. The cache table
remains the same.
 Original Cache Table (Example 2)

State Queue Attempt Time Protocol Hardware

Out Address Address
R 5 900 180.3.6.1 ACAE32457342
P 2 2 129.34.4.8
P 14 5 201.11.56.7
R 8 450 114.5.7.89 457342ACAE32
P 12 1 220.55.5.7
F
R 9 60 19.1.7.82 4573E3242ACA
P 18 3 188.11.8.71
Example 3

Twenty seconds later, the ARP output module receives an

IP datagram (from the IP layer) with the destination
address 116.1.7.22. It checks the cache table and does not
find this destination in the table. The module adds an
entry to the table with the state PENDING and the
Attempt value 1. It creates a new queue for this
destination and enqueues the packet. It then sends an ARP
request to the data link layer for this destination.
 Updated CT (Example 3)

State Queue Attempt Time Protocol Hardware

Out Address Address
R 5 900 180.3.6.1 ACAE32457342
P 2 2 129.34.4.8
P 14 5 201.11.56.7
R 8 450 114.5.7.89 457342ACAE32
P 12 1 220.55.5.7
P 23 1 116.1.7.22
R 9 60 19.1.7.82 4573E3242ACA
P 18 3 188.11.8.71
Example 4

Fifteen seconds later, the ARP input module receives an

ARP packet with target protocol address 188.11.8.71. The
module checks the table and finds this address. It changes
the state of the entry to RESOLVED and sets the time-
out value to 900. The module then adds the target
hardware address (E34573242ACA) to the entry. Now it
accesses queue 18 and sends all the packets in this queue,
one by one, to the data link layer.
 Updated Cache Table (Example 4)

State Queue Attempt Time Protocol Hardware

Out Address Address
R 5 900 180.3.6.1 ACAE32457342
P 2 2 129.34.4.8
P 14 5 201.11.56.7
R 8 450 114.5.7.89 457342ACAE32
P 12 1 220.55.5.7
P 23 1 116.1.7.22
R 9 60 19.1.7.82 4573E3242ACA
R 18 900 188.11.8.71 E34573242ACA
Example 5

Twenty-five seconds later, the cache-control module

updates every entry. The time-out values for the first three
resolved entries are decremented by 60. The time-out
value for the last resolved entry is decremented by 25.
The state of the next-to-the last entry is changed to FREE
because the time-out is now zero. For each of the four
pending entries, the value of the attempts field is
incremented by one. After incrementing, the attempts
value for the entry with IP protocol address 201.11.56.7 is
more than the maximum of 5 and so the state is changed
to FREE and the queue deleted.
 Cache Table Updated by the Cache Control Module (Example 5)

Time-Out is decremented by 60 sec (20 + 15 + 25)

State Queue Attempt Time Protocol Hardware

Out Address Address
R 5 840 180.3.6.1 ACAE32457342
P 2 3 129.34.4.8
P F 14 6 201.11.56.7
R 8 390 114.5.7.89 457342ACAE32
P 12 2 220.55.5.7
P 23 2 116.1.7.22
R F 60 0
R 18 900 188.11.8.71 E34573242ACA
 RARP
Used when a network configuration file is
not available (e.g. on a diskless machine)

Broadcast

Unicast
RARP Packet Format
Encapsulation of RARP Packet
 Alternative Solutions to the RARP Protocol
When a diskless computer is booted, it needs
network configuration information in addition to its
IP address. For example, a system needs to know
its subnet mask, the IP address of a router on the
LAN (the gateway address), and the IP address of
a name server for hostname to IP address
translation. RARP cannot provide this extra
information. However, protocols such as DHCP
and BOOTP have been developed to provide this
information. We will discuss both the DHCP and
BOOTP protocols later in the course.
 Question 1:

• A router with IP address 125.45.23.12 and

Ethernet physical address 23:45:AB:4F:67:CD
has received a packet for a host destination
with IP address 125.11.78.10 and Ethernet
physical address AA:BB:A2:4F:67:CD. Draw
a diagram showing the ARP packet sent by the
router. Assume no subnetting. Also draw a
diagram showing the ARP packet sent in
response to the first packet.
 Question 2

• Draw a diagram showing the RARP packet

sent by a diskless host with Ethernet physical
address 98:45:23:4F:67:CD. Also draw a
diagram showing the RARP packet sent in
response. Assume the IP address of the host
booting up is 200.67.89.33. Assume no
subnetting and choose valid physical and
logical (protocol or IP) addresses for the
RARP (bootstrap) server.