Wednesday, October 23, 2019

Address Resolution Protocol

————————————————- Address Resolution Protocol The  Address Resolution Protocol  (ARP) is a  computer networking  protocol for determining a network host's link layer or hardware address when only its  Internet Layer  (IP) or  Network Layer  address is known. This function is critical in local area networking as well as for routing internetworking traffic across gateways (routers) based on  IP addresses  when the next-hop router must be determined. ARP was defined by  RFC 826  in 1982. [1]  It is  Internet Standard  STD 37. ARP has been implemented in many types of networks, such as  Internet Protocol  (IP) network,  CHAOS,  DECNET, Xerox  PARC Universal Packet,  Token Ring,  FDDI,  IEEE 802. 11  and other  LAN  technologies, as well as the modern high capacity networks, such as  Asynchronous Transfer Mode  (ATM). Due to the overwhelming prevalence of  IPv4  and Ethernet in general networking, ARP is most frequently used to translate  IPv4 addresses  into Ethernet  MAC addresses. In the next generation Internet Protocol,  IPv6, ARP's functionality is provided by the  Neighbor Discovery Protocol  (NDP). ———————————————— Overview and IPv4-plus-Ethernet example Consider a LAN where machines using IPv4 over Ethernet wish to communicate. A sender wishes to send a message to some other machine on the LAN and knows a destination IPv4 address. The destination IPv4 address is hopefully associated with some appropriate network interface belonging to the recipient machine, and is present on the LAN. But in order for communication to succeed, the sending machine  first needs to discover the ethernet MAC address of the intended recipient network interface. This requirement comes about because Ethernet hardware does not (necessarily) understand IPv4 protocols or IPv4 addresses in the sense that Ethernet hardware ‘listens out for' relevant Ethernet MAC addresses but does not ‘listen out for' IPv4 addresses. (An impractical alternative would be to have all units listen to every Ethernet packet and inspect the contents for relevant IPv4 addresses, discarding the packets that are intended for other devices, but this would be very inefficient. ) So before sending an IPv4 packet, the sender sends a roadcast message onto the LAN using ARP in order to discover the Ethernet MAC address of some interface that is listening for that desired target IPv4 address. Some appropriate unit replies that it has a network interface with a certain MAC address that is associated with the IPv4 address in question. The original would-be sender now has the information needed and can go ahead and send its IPv4 packet to the destination inserting it int o an Ethernet frame with the correct destination MAC address for the appropriate recipient. The sender's operating system also stores the newly discovered MAC address in a table (‘caches' the result). This table of mappings from IPv4 addresses to MAC addresses is retained and consulted again and again, so the ARP discovery procedure only has to be performed one time, when a packet is sent to a ‘new' destination IPv4 address. ————————————————- Operating scope The Address Resolution Protocol is a low level request and answer protocol that is communicated on the media access level of the underlying network. For  Ethernet  systems, an ARP message is the payload of Ethernet packets. ARP therefore operates only across the local link that a host is connected to. Within the framework of the  Internet Protocol Suite, this characteristic makes ARP a  Link Layer  protocol. [2] ARP is also very often discussed in terms of the  Open Systems Interconnect  (OSI)  networking model, because that model addresses hardware-to-software interfaces more explicitly and is preferred by some equipment manufacturers. However, ARP was not developed based on the design principles and strict encapsulation hierarchy of this model and, therefore, such discussions create a number of conflicts as to the exact operating layer within this model. Most often ARP is placed into the  Data Link Layer  (Layer 2), but since it requires the definitions of network addresses of the  Network Layer, it is not unusual to find it referenced at that layer. An example of use in OSI networking, is ATMARP, used to resolve  Asynchronous Transfer Mode  (ATM)  NSAP  addresses in IP over ATM deployments. ————————————————- Packet structure The  Address Resolution Protocol  uses a simple message format that contains one address resolution request or response. The size of the ARP message depends on the upper layer and lower layer address sizes, which are given by the type of networking protocol (usually  IPv4) in use and the type of hardware or virtual link layer that the upper layer protocol is running on. The message header specifies these types, as well as the size of addresses of each. The message header is completed with the operation code for request (1) and reply (2). The payload of the packet consists of four addresses, the hardware and protocol address of the sender and receiver hosts. The principal packet structure of ARP packets is shown in the following table which illustrates the case of IPv4 networks running on Ethernet. In this scenario, the packet has 48-bit fields for the sender hardware address (SHA) and target hardware address (THA), and 32-bit fields for the corresponding sender and target protocol addresses (SPA and TPA). Thus, the ARP packet size in this case is 28 bytes. Hardware type (HTYPE) This field specifies the Link Layer protocol type. Example: Ethernet is 1. Protocol type (PTYPE) This field specifies the upper layer protocol for which the ARP request is intended. For example, Internet Protocol (IPv4) is encoded as 0x0800. Hardware length (HLEN) Length (in  octets) of a hardware address. Ethernet addresses size is 6. Protocol length (PLEN) Length (in octets) of a  logical address  of the specified protocol (cf. PTYPE). IPv4 address size is 4. Operation Specifies the operation that the sender is performing: 1 for request, 2 for reply. Sender hardware address (SHA) Hardware (MAC) address of the sender. Sender protocol address (SPA) Upper layer protocol address of the sender. Target hardware address (THA) Hardware address of the intended receiver. This field is ignored in requests. Target protocol address (TPA) Upper layer protocol address of the intended receiver. ARP protocol parameter values have been standardized and are maintained by  IANA Internet Protocol (IPv4) over Ethernet ARP packet| bit offset| 0 – 7| 8 – 15| 0| Hardware type (HTYPE)| 16| Protocol type (PTYPE)| 32| Hardware address length (HLEN)| Protocol address length (PLEN)| 48| Operation (OPER)| 64| Sender hardware address (SHA) (first 16 bits)| 80| (next 16 bits)| 96| (last 16 bits)| 112| Sender protocol address (SPA) (first 16 bits)| 128| (last 16 bits)| 144| Target hardware address (THA) (first 16 bits)| 160| (next 16 bits)| 76| (last 16 bits)| 192| Target protocol address (TPA) (first 16 bits)| 208| (last 16 bits)| ————————————————- ARP probe An  ARP probe  is an ARP request constructed with an all-zero  sender IP address. The term is used in the  IPv4 Addre ss Conflict Detection  specification (RFC 5227). Before beginning to use an IPv4 address (whether received from manual configuration, DHCP, or some other means), a host implementing this specification must test to see if the address is already in use, by broadcasting ARP probe packets. ————————————————- ARP announcements ARP may also be used as a simple announcement protocol. This is useful for updating other host's mapping of a hardware address when the sender's IP address or MAC address has changed. Such an announcement, also called a  gratuitous ARP  message, is usually broadcast as an ARP request containing the sender's protocol address (SPA) in the target field (TPA=SPA), with the target hardware address (THA) set to zero. An alternative is to broadcast an ARP reply with the sender's hardware and protocol addresses (SHA and SPA) duplicated in the target fields (TPA=SPA, THA=SHA). An ARP announcement is not intended to solicit a reply; instead it updates any cached entries in the ARP tables of other hosts that receive the packet. The operation code may indicate a request or a reply because the ARP standard specifies that the opcode is only processed after the ARP table has been updated from the address fields. [4][5][6] Many operating systems perform gratuitous ARP during startup. That helps to resolve problems which would otherwise occur if, for example, a network card was recently changed (changing the IP-address-to-MAC-address mapping) and other hosts still have the old mapping in their ARP caches. Gratuitous ARP is also used by some interface drivers to effect load balancing for incoming traffic. In a team of network cards, it is used to announce a different MAC address within the team that should receive incoming packets. ARP announcements can be used to defend  link-local  IP addresses in the  Zeroconf  protocol (RFC 3927), and for IP address takeover within  high-availability clusters. ————————————————- ARP mediation ARP mediation  refers to the process of resolving Layer 2 addresses when different resolution protocols are used on multiple connected circuits, e. . , ATM on one end and Ethernet on the others. ————————————————- Inverse ARP and Reverse ARP The  Inverse Address Resolution Protocol  (Inverse ARP or InARP), is a protocol used f or obtaining  Network Layer  addresses (e. g. ,  IP addresses) of other nodes from  Data Link Layer(Layer 2) addresses. It is primarily used in  Frame Relay  (DLCI) and ATM networks, in which Layer 2 addresses of  virtual circuits  are sometimes obtained from Layer 2 signaling, and the corresponding Layer 3 addresses must be available before these virtual circuits can be used. As ARP translates Layer 3 addresses to Layer 2 addresses, InARP may be described as its inverse. In addition, InARP is actually implemented as a protocol extension to ARP. It uses the same packet format from ARP; but has different operation codes. Reverse Address Resolution Protocol  (Reverse ARP or RARP), like InARP, also translates Layer 2 addresses to Layer 3 addresses. However, while in InARP the requesting station is querying the Layer 3 address of another node, RARP is used to obtain the Layer 3 address of the requesting station itself for address configuration purposes. RARP is now obsolete. It was replaced by  BOOTP, which was later superseded by the  Dynamic Host Configuration Protocol  (DHCP). ————————————————- Proxy ARP Proxy ARP  (Address Resolution Protocol) is a technique by which a device on a given network answers the  ARP  queries for a  network address  that is not on that network. The ARP Proxy is aware of the location of the traffic's destination, and offers its own MAC address in reply, effectively saying, â€Å"send it to me, and I'll get it to where it needs to go. Serving as an ARP Proxy for another host effectively directs LAN traffic to the Proxy. The â€Å"captured† traffic is then typically routed by the Proxy to the intended destination via another interface or via a  tunnel. The process which results in the node responding with its own MAC address to an ARP request for a different IP address for proxying purposes is sometimes referred to as ‘publishing'. ————————————————- Uses Below are some typical uses for proxy ARP: Joining a broadcast LAN with  serial  links (e. g. ,  dialup  or  VPN  connections). Assume an Ethernet broadcast domain (e. g. , a group of stations connected to the same hub) using a certain IPv4 address range (e. g. , 192. 168. 0. 0/24, where 192. 168. 0. 1 – 192. 168. 0. 127 are assigned to wired nodes). One or more of the nodes is an  access router  accepting dialup or VPN connections. The access router gives the dial-up nodes IP addressses in the range 192. 168. 0. 128 – 192. 168. 0. 254; for this example, assume a dial-up node gets IP address 192. 168. 0. 254. The access router uses Proxy ARP to make the dial-up node present in the subnet without being wired into the Ethernet: he access server ‘publishes' its own MAC address for 192. 168. 0. 254. Now, when another node wired into the Ethernet wants to talk to the dial-up node, it will ask on the network for the MAC address of 192. 168. 0. 254 and find the access server's MAC address. It will therefore send its IP packets to the access server, and the access server will know to pass them on to the particular dial-up node. All dial-up nodes therefore appear to the wired Ethernet nodes as if they are wired into the same Ethernet subnet. Taking multiple addresses from a LAN Assume a station (e. g. , a server) with an interface (10. 0. 0. 2) connected to a network (10. 0. 0. 0/24). Certain applications may require multiple IP addresses on the server. Provided the addresses have to be from the 10. 0. 0. 0/24 range, the way the problem is solved is through Proxy ARP. Additional addresses (say, 10. 0. 0. 230-10. 0. 0. 240) are  aliased  to the  loopbackinterface of the server (or assigned to special interfaces, the latter typically being the case with  VMware/UML/jails/vservers/other virtual server environments) and ‘published' on the 10. . 0. 2 interface (although many operating systems allow direct allocation of multiple addresses to one interface, thus eliminating the need for such tricks). On a firewall In this scenario a firewall can be configured with a single IP address. One simple example of a use for this would be placing a firewall in front of a single host or group of hosts on a subnet. Example- A network (10. 0. 0. 0/8) has a serve r which should be protected (10. 0. 0. 20) a proxy-arp firewall can be placed in front of the server. In this way the server is put behind a firewall without making any changes to the network at all. Mobile-IP In case of  Mobile-IP  the Home Agent uses Proxy ARP in order to receive messages on behalf of the Mobile Node, so that it can forward the appropriate message to the actual mobile node's address (Care Of Address). Transparent subnet gatewaying A setup that involves two physical segments sharing the same IP subnet and connected together via a  router. This use is documented in  RFC 1027 ————————————————- Advantages The advantage of Proxy ARP over other networking schemes is simplicity. A network can be extended using this technique without the knowledge of the upstream router. For example, suppose a host, say A, wants to contact another host B, where B is on a different subnet/broadcast domain than A. For this, host A will send an  ARP  request with a Destination IP address of B in its ARP packet. The multi-homed router which is connected to both the subnets, responds to host A's request with its MAC address instead of host B's actual  MAC  address, thus proxying for host B. In the due course of time, when host A sends a packet to the router which is actually destined to host B, the router just forwards the packet to host B. The communication between host A and B is totally unaware of the router proxying for each other. ————————————————- Disadvantages Disadvantage of Proxy ARP include scalability (ARP resolution is required for every device routed in this manner) and reliability (no fallback mechanism is present, and masquerading can be confusing in some environments). It should be noted that ARP manipulation techniques, however, are the basis for protocols providing  redundancy  on broadcast networks (e. g. ,Ethernet), most notably  CARP  and  Virtual Router Redundancy Protocol. Proxy ARP can create DoS attacks on networks if misconfigured. For example a misconfigured router with proxy ARP has the ability to receive packets destined for other hosts (as it gives its own MAC address in response to ARP requests for other hosts/routers), but may not have the ability to correctly forward these packets on to their final destination, thus blackholing the traffic.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.