ARP

Protocol address

Ex: IP address
Hardware address

Ex: Ethernet address
RFC 826
ARP
D.A S.A
Type
CRC
ARP
Sender h/w
Sender
proto
Target h/w
Target
proto
ARP header
Hardware type (2 octets)
Value =1 for Ethernet

Protocol type (2 octets)
Value = 0x0800 for IP

Hardware address size in bytes (1 octet)
Value = 6 for Ethernet

Protocol address size in bytes (1 octet)
Value = 4 for IP
ARP header
Opcode

ARP request

ARP reply

RARP request

RARP reply

Observations
ARP: dynamic mapping between any layer 3 and
layer 2 protocol

ARP is not required on a point-to-point link

ARP requests broadcast, replies unicast

ARP requests/replies are short padding
required in Ethernet
Observations
Gratuitous ARP

A machine asks for the hardware address
corresponding to its own IP address

Normally seen at bootstrap time
To catch misconfigured machines
Two machines with the same IP address
ARP cache
Before issuing an ARP request, a machine
always checks its ARP cache to see if the desired
hardware address is present

If no such address mapping is found, then the
ARP request is issued

Timeout for cache entries

arp a shows all the ARP cache entries
.13.65
.13.66
.13.35 .13.33 .13.34
Ethernet
A B C D
PPP
R
X
140.252.1.52 / 24
140.252.1.29 / 24
X has a pkt for B (140.252.1.29)
What happens?
140.252.1.183 / 24
.13.65
.13.66
.13.35 .13.33 .13.34
Ethernet
A B C D
PPP
R
X
140.252.1.52 / 16
140.252.1.29 / 24
X has a pkt for B (140.252.1.29)
What happens?
140.252.1.183 / 24
.13.65
.13.66
.13.35 .13.33 .13.34
Ethernet
A B C D
PPP
R
X
140.252.1.52 / 16
140.252.2.29 / 24
X has a pkt for B (140.252.1.29)
What happens?
140.252.1.183 / 24
ARP
X sends an ARP request for IP 140.252.1.29

Router R receives it

If Proxy ARP is set up on R, then R replies
to the ARP request with its own hardware
address (interface IP 140.252.1.183)

Proxying for the interface 140.252.1.29


Gratuitous ARP
Sender generates a request to inform the
receivers about some information
Change in L2 address

Duplicate address detection

Virtual IP
Allow failover in a pool of servers if heartbeat
timer detects the failure
Active server fails and backup takes over
Redundancy
Proxy ARP
X believes it has the hardware address of 140.252.1.29
while it really has the address of 140.252.1.183

Motivation

Security

All packets for these machines have to pass through
the router running Proxy ARP, where the packets can
be examined

The sender does not know that its packets are
passing through a machine and are being checked
Proxy ARP
Specified in RFC-1027

Proxy ARP is a tool to help ease the transition to
a subnetted environment
Ex: 172.20.0.0/16 to 172.20.1.0/24
Not meant to be a substitute for a routing
protocol
Directly attached hosts rather than route to a
destination host











































Proxy ARP
What happens when 172.20.97.101/16 wants to
communicate with 172.20.71.76/24?
172.20.1.0/24
172.20.33.0/24
172.20.35.0/24
172.20.1.0/16
172.20.71.0/24
172.20.74.0/24
172.20.32.0/24
R1 R2
Proxy ARP
Station on old backbone will send out an ARP
request
Routers R1 and R2 will not forward the ARP
broadcast
The destination is directly connected to R2
R2 sends out an ARP reply with its MAC address
Forwarding is automatic if communication is
initiated in the opposite direction
Summary Proxy ARP useful as a transition
from classical subnetting to explicit subnetting
Required Conditions
Address does not belong to the same subnet
Proxy is enabled
Device based (NIC)
All valid requests received on the device are
processed
Destination based
Both the destination address and the device are
taken for a decision ( IPv6 supports this!)
Host process it if proxying is enabled
Forwarding is enabled on the proxy server

DNAT
Destination NAT ( aka Route NAT) allows a host
to define a dummy (NAT) addresses:
Ingress packets addressed to them are
detected by host
Forwarded to another address
Mainly used by Routers
No relation to Destination NAT implemented
by Netfilter
DNAT
Assume a subnet 10.0.0.0/24
Host 10.0.0.5 is a dummy host
A host from the subnet wants to talk to this host
The real host is 10.0.1.10
Router receives it and proxies it by replying its
own interface
Router proxies traffic between the requester and
10.0.1.10

Point-to-Point Protocol
A non broadcast channel protocol
A data link layer protocol like Ethernet
Derived from HDLC and DDCMP
Offers datagram service (LLC Type 1!)
Flag indicates start and end of packet
Address when two stations share the link
HDLC uses Master and several Tributaries
Packets are transmitted from Master to Tributary
and vice versa
Tributary Tributary is not possible.

PPP
PPP operates over serial dial-up telephone line
Dial up connections with 56K modems
A protocol of choice connecting home users to
their ISPs
SONET/SDH link
X.25 connection
ISDN circuit
Flag Address Control Prot Data
FCS
Flag
A note on LLC
Logical Link Control defines the fields that
allow multiple higher-layer protocols to share
the use of data link
Provides additional functionality in addition to
simple datagram service
LLC type 1 datagram protocol best effort
IP, IPx, Token Ring, FDDI
LLC type 2 reliable connection-oriented
protocol on top of basic datagram
NetBEUI, MS Lan Manager
LLC type 3 connectionless with acks
LLC is 3 Bytes long

LLC Type 1
CTL 1 byte long and can have one of three
UI unnumbered Information
Datagram
XID Exchange Identification
Command and Response
Test
Command and Response
Command and Response in XID and Test is
distinguished on a one bit in SSAP
G/I is replaced with command or response!


Point-to-Point Protocol
Multiplexing
Multiple upper layer protocols can be
simultaneously multiplexed over the same link
A 16 bit Protocol field
Supports asynchronous link with 8 bits of data
and no parity

Supports bit-oriented synchronous links


PPP
The principal components of PPP:
Framing A method to encapsulate data in a
PPP frame, and detecting errors in a frame
Start/End of frame, Byte Stuffing, Esc sequence, ..
Link-control protocol for initializing,
maintaining, and taking down the PPP link
MTU, Skip the use of certain fields, Auth protocol
to use
Network-control protocol A family of
protocols, one for each upper-layer
IP address, compression, ..

PPP Requirements
Specified in RFC 1547
Packet framing
Transparency PPP not to place any
constraints in data appearing in network layer
No constraints on data appearing from layer 3!
Multiple network layer protocols multiple
network layer protocols running at the same
time
Just like IP supporting many TCP and UDP flows!
Multiple types of links Synchronous ,
Asynchronous, serial or parallel, low-speed or
high speed , electrical or optical


PPP Requirements
Error detection
Detect errors in received frame
Connection liveliness Able to detect a failure
at the link level
Inability to transfer data from sending side and
signal this error condition
Network layer address negotiation learn and
configure each others network layer-address
Simplicity Should be a simple protocol
More than 50 RFCs now define various aspects of
this simple protocol

PPP Frame
Flag Fixed hdr Proto Information CRC Flag
Protocol field:
IP datagram Link control protocol N/w control proto
PPP frame
PPP frame inspired by HDLC

Flag = 0x7E; indicates frame boundaries

Fixed header Address and Control fields (both taken
from HDLC)
Address: All 1-s (All Stations address) and thus ARP
is not needed!
Control: 0x03 (Unnumbered Information frame with
Poll/Final bit set to 0)
Both the fields are currently take only the above fixed value!


Escape sequence
Flag in information field, or special character need
to escape

Asynchronous and byte-oriented links:
Replace by a 2-byte sequence
1
st
byte: 0x7d (Escape byte)
2
nd
byte: original byte (one to be escaped), but with
its 6
th
bit complemented
6
th
bit: bits are numbered b
8
b
7
b
6
b
5
b
4
b
3
b
2
b
1

Max length of Info field negotiable when link is
configured with Default: 1500 bytes
Sequence
Want to exchange network layer packets over a serial
link
Not just IP; others like IPX are allowed too

LCP first, to establish the link
Link Control Protocol
Configure things like the Asynchronous Control
Character Map

Next, establish network layer specific parameters (NCP)
Network Control Protocol
IP addresses in case we want to exchange IP packets
PPP
Protocol field: 2 octets
identify a datagram corresponding to a
specific layer 3 protocol
0x0021: IP datagram
0x0029: Apple talk
0x0027: DECnet
identify a specific Network Control Protocol
(NCP)
0x8021: IP Control Protocol (IPCP)

Link Control Protocol packets
0xC021

PPP Phase diagram (RFC 1661)
Link layer: PPP
To establish a PPP link?

Link control data packets must be exchanged

Typical use: to reduce overhead

Omit the Address and Control fields in the PPP frame

pppd must be running at the receiver

RFC 1548: Encapsulation and LCP

RFC 1322: NCP for IP

LCP
When the link is down how to start it back?
Look for someway to start
Clock signal ? Recover this; although
provisional
Start with a PPP Configure-Requests
The far end can respond with PPP Configure-Ack
Negotiate Link parameters
FCS 16 bits (default), 32 bits or null
Magic number
Callback billing and security
Maintain the link LCP echo Requests



NCP
IPCP IP Control Protocol
Specifies a number of configuration options
distinguished with a type
1. IP-addresses
2. IP-Compression-Protocol
3. IP-address
4. Mobile-IPv4
129. Primary DNS server address
130. Primary NBNS server address
131. Secondary DNS server address
132. Secondary NBNS server address


Link layer: PPP
After the link has been established, network
control data packets must be exchanged

Typical use: to obtain and indicate the IP address
of each end dynamically

Typical use: to achieve TCP and IP header
compression (van Jacobson compression)

Option negotiation
Options sent by one side are offered by the
sender

Option may be accepted by the peer, or not

Examples of options:

Asynchronous control character map

Magic number
Option example
Option: Async control character map (4 octets)

Negotiating control character transparency on an
asynchronous link

Control characters: ASCII control characters (decimal 0
through 31)

The character map
If position j (0 <= j <=31) has a 0, then the
character corresponding to decimal j can be sent in
the clear

Else, it must be mapped

Option example
Magic number

To detect looped back link

Idea:

Choose the magic number randomly

If the received magic number is distinct from the last
magic number sent to the peer, then the link is not
looped back