Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1814565
  • 博文数量: 438
  • 博客积分: 9799
  • 博客等级: 中将
  • 技术积分: 6092
  • 用 户 组: 普通用户
  • 注册时间: 2012-03-25 17:25
文章分类

全部博文(438)

文章存档

2019年(1)

2013年(8)

2012年(429)

分类: 系统运维

2012-05-10 12:08:45

Introduction

The problem that we deal with in this chapter is that IP addresses only make sense to the TCP/IP protocol
suite. A data link such as an Ethernet or a token ring has its own addressing scheme (often 48-bit addresses) to
which any network layer using the data link must conform. A network such as an Ethernet can be used by
different network layers at the same time. For example, a collection of hosts using TCP/IP and another
collection of hosts using some PC network software can share the same physical cable.

When an Ethernet frame is sent from one host on a LAN to another, it is the 48-bit Ethernet address that determines for which interface the frame is destined. The device driver software never looks at the destination IP address in the IP datagram.

Address resolution provides a mapping between the two different forms of addresses: 32-bit IP addresses and
whatever type of address the data link uses.


ARP (address resolution protocol)provides a dynamic mapping from an IP address to the corresponding hardware address. We use the term dynamic since it happens automatically and is normally not a concern of either the application user or the system administrator.

RARP (reverse address resolution protocol)is used by systems without a disk drive (normally diskless workstations or X terminals) but requires manual configuration by the system administrator.

ARP sends an Ethernet frame called an ARP request to every host on the network. This is called a broadcast. We show the broadcast in Figure 4.2 with dashed lines. The ARP request contains the IP address of the destination host (whose name is bsdi) and is the request "if you are the owner of this IP address, please respond to me with your hardware address."
 

The destination host's ARP layer receives this broadcast, recognizes that the sender is asking for its hardware address, and replies with an ARP reply. This reply contains the IP address and the corresponding hardware address.

Point-to-point links don't use ARP. When these links are configured (normally at bootstrap time) the kernel
must be told of the IP address at each end of the link. Hardware addresses such as Ethernet addresses are not
involved.


ARP Cache

Essential to the efficient operation of ARP is the maintenance of an ARP cache on each host. This cache
maintains the recent mappings from Internet addresses to hardware addresses. The normal expiration time of
an entry in the cache is 20 minutes from the time the entry was created.

We can examine the ARP cache with the arp command. The -a option displays all entries in the cache.


ARP Packet Format

Below is the format of an ARP request and an ARP reply packet, when used on an Ethernet to resolve an IP address. (ARP is general enough to be used on other networks and can resolve addresses other than IP addresses. The first four fields following the frame type field specify the types and sizes of the final four fields.)


destination
addr
source
addr
type
0x8060
ARP Request or ARP ReplyPaddingCRC
662        28  104

The first two fields in the Ethernet header are the source and destination Ethernet addresses. The special Ethernet destination address of all one bits means the broadcast address. All Ethernet interfaces on the cable receive these frames.

The 2-byte Ethernet frame type specifies the type of data that follows. For an ARP request or an ARP reply, this field is 0x0806.


Internet Protocol (IPv4) over Ethernet ARP packet
bit offset0 – 78 – 15
0Hardware type (HTYPE)
16Protocol type (PTYPE)
32Hardware address length (HLEN)Protocol address length (PLEN)
48Operation (OPER)
64Sender hardware address (SHA) (first 16 bits)
80(next 16 bits)
96(last 16 bits)
112Sender protocol address (SPA) (first 16 bits)
128(last 16 bits)
144Target hardware address (THA) (first 16 bits)
160(next 16 bits)
176(last 16 bits)
192Target protocol address (TPA) (first 16 bits)
208(last 16 bits)

The adjectives hardware and protocol are used to describe the fields in the ARP packets. For example, an ARP request asks for the protocol address (an IP address in this case) corresponding to a hardware address (an Ethernet address in this case).

The HTYPE field specifies the type of hardware address. Its value is 1 for an Ethernet. PTYE specifies the type of protocol address being mapped. Its value is 0x0800 for IP addresses. This is purposely the same value as the type field of an Ethernet frame containing an IP datagram.

The next two 1-byte fields, HLEN and PLEN, specify the sizes in bytes of the hardware addresses and the protocol addresses. For an ARP request or reply for an IP address on an Ethernet they are 6 and 4, respectively.

The OPER field specifies whether the operation is an ARP request (a value of 1), ARP reply (2), RARP request (3), or RARP reply (4). This field is required since the frame type field is the same for an ARP request and an ARP reply.

The next four fields that follow are the sender's hardware address (an Ethernet address in this example), the sender's protocol address (an IP address), the target hardware address, and the target protocol  address. Notice there is some duplication of information: the sender's hardware address is available both in the Ethernet header and in the ARP request. For an  ARP request all the fields are filled in except the target hardware address. When a system receives an ARP request directed to it, it fills in its hardware address,  swaps the two sender addresses with the two target addresses, sets the OPER field to 2, and sends the reply.

ARP Cache Timeout

A timeout is normally provided for entries in the ARP cache.Berkeley-derivedimplementations normally have a timeout of 20 minutes for a completed entry and 3 minutes for an incompleteentry (a nonexistent host onthe Ethernet.) These implementations normally restart the 20-minute timeout for an entry each time the entryis used.

Proxy ARP

Proxy ARP lets a router answer ARP requests on one of its networks for a host on another of its networks. This fools the sender
of the ARP request into thinking that the router is the destination host, when in fact the destination host is "on the other side" of
the router. The router is acting as a proxy agent for the destination host, relaying packets to it from other hosts.


Proxy ARP is also called promiscuous ARP or the ARP hack. These names are from another use of proxy ARP: to hide two physical networks from each other, with a router between the two. In this case both physical networks can use the same network ID as long as the router in the middle is configured as a proxy ARP agent to respond to ARP requests on one network for a host on the other network. This technique has been used in the past to "hide" a group of hosts with older implementations of TCP/IP on a separate physical cable. Two common reasons for separating these older hosts are their inability to handle subnetting and
their use of the older broadcasting address (a host ID of all zero bits, instead of the current standard of a host ID with all one bits).


Gratuitous ARP

gratuitous ARP occurs when a host sends an ARP request looking for its own IP address. This is usually done when the interface is configured at bootstrap time.

Gratuitous ARP provides two features.

1. It lets a host determine if another host is already configured with the same IP address. The host bsdi is not expecting a reply to this request. But if a reply is received, the error message "duplicate IP address sent from Ethernet address: a:b:c:d:e:f" is logged on the console. This is a warning to the system administrator that one of the systems is
misconfigured.

2. If the host sending the gratuitous ARP has just changed its hardware address (perhaps the host was shut down, the interface card replaced, and then the host was rebooted), this packet causes any other host on the cable that has an entry in its cache for the old hardware address to update its ARP cache entry accordingly. A little  known fact of the ARP protocol [Plummer 1982] is that if a host receives an ARP request from an IP address that is already in the receiver's cache, then that cache entry is updated with the sender's hardware address (e.g., Ethernet address) from the ARP request. This is done for any ARP request received by the host. (Recall that ARP requests are broadcast, so this is done by all hosts on the network each time an ARP request is sent.)


arp Command

-a flag to display all the entries in the ARP cache.

-d option to delete an entry from the ARP cache.

-s option requires a hostname and an Ethernet address: the IP address corresponding to the hostname, and the Ethernet address are added to the cache. This entry is made permanent (i.e., it won't time out from the cache) unless the keyword temp appears at the end of the command line.

The keyword pub at the end of a command line with the -s option causes the system to act as an ARP agent for that host. The system will answer ARP requests for the IP address corresponding to the hostname, replying with the specified Ethernet address. If the advertised address is the system's own, then this system is acting as a proxy ARP agent for the specified hostname.



阅读(871) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~