分类: 系统运维
2012-05-10 12:08:45
Introduction
The problem that we deal with in this chapter is that IP addresses only make sense to the TCP/IP protocol
suite. A data link such as an Ethernet or a token ring has its own addressing scheme (often 48-bit addresses) to
which any network layer using the data link must conform. A network such as an Ethernet can be used by
different network layers at the same time. For example, a collection of hosts using TCP/IP and another
collection of hosts using some PC network software can share the same physical cable.
When
an Ethernet frame is sent from one host on a LAN to another, it is the
48-bit Ethernet address that determines for which interface the frame is
destined. The device driver software never looks at the destination IP
address in the IP datagram.
Address resolution provides a mapping between the two different forms of addresses: 32-bit IP addresses and
whatever type of address the data link uses.
ARP (address resolution protocol)provides
a dynamic mapping from an IP address to the corresponding hardware
address. We use the term dynamic since it happens automatically and is
normally not a concern of either the application user or the system
administrator.
RARP (reverse address resolution protocol)is
used by systems without a disk drive (normally diskless workstations or
X terminals) but requires manual configuration by the system
administrator.
ARP sends an
Ethernet frame called an ARP request to every host on the network. This
is called a broadcast. We show the broadcast in Figure 4.2 with dashed
lines. The ARP request contains the IP address of the destination host
(whose name is bsdi) and is the request "if you are the owner of this IP
address, please respond to me with your hardware address."
The
destination host's ARP layer receives this broadcast, recognizes that
the sender is asking for its hardware address, and replies with an ARP
reply. This reply contains the IP address and the corresponding hardware
address.
Point-to-point links don't use ARP. When these links are configured (normally at bootstrap time) the kernel
must be told of the IP address at each end of the link. Hardware addresses such as Ethernet addresses are not
involved.
ARP Cache
Essential to the efficient operation of ARP is the maintenance of an ARP cache on each host. This cache
maintains the recent mappings from Internet addresses to hardware addresses. The normal expiration time of
an entry in the cache is 20 minutes from the time the entry was created.
We can examine the ARP cache with the arp command. The -a option displays all entries in the cache.
ARP Packet Format
Below
is the format of an ARP request and an ARP reply packet, when used on
an Ethernet to resolve an IP address. (ARP is general enough to be used
on other networks and can resolve addresses other than IP addresses. The
first four fields following the frame type field specify the types and
sizes of the final four fields.)
| destination addr | source addr | type 0x8060 | ARP Request or ARP Reply | Padding | CRC |
| 6 | 6 | 2 | 28 | 10 | 4 |
The
first two fields in the Ethernet header are the source and destination
Ethernet addresses. The special Ethernet destination address of all one
bits means the broadcast address. All Ethernet interfaces on the cable
receive these frames.
The 2-byte Ethernet frame type specifies
the type of data that follows. For an ARP request or an ARP reply, this
field is 0x0806.
| Internet Protocol (IPv4) over Ethernet ARP packet | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| bit offset | 0 – 7 | 8 – 15 | ||||||||||||||
| 0 | Hardware type (HTYPE) | |||||||||||||||
| 16 | Protocol type (PTYPE) | |||||||||||||||
| 32 | Hardware address length (HLEN) | Protocol address length (PLEN) | ||||||||||||||
| 48 | Operation (OPER) | |||||||||||||||
| 64 | Sender hardware address (SHA) (first 16 bits) | |||||||||||||||
| 80 | (next 16 bits) | |||||||||||||||
| 96 | (last 16 bits) | |||||||||||||||
| 112 | Sender protocol address (SPA) (first 16 bits) | |||||||||||||||
| 128 | (last 16 bits) | |||||||||||||||
| 144 | Target hardware address (THA) (first 16 bits) | |||||||||||||||
| 160 | (next 16 bits) | |||||||||||||||
| 176 | (last 16 bits) | |||||||||||||||
| 192 | Target protocol address (TPA) (first 16 bits) | |||||||||||||||
| 208 | (last 16 bits) | |||||||||||||||
The
adjectives hardware and protocol are used to describe the fields in the
ARP packets. For example, an ARP request asks for the protocol address
(an IP address in this case) corresponding to a hardware address (an
Ethernet address in this case).
The HTYPE field specifies the
type of hardware address. Its value is 1 for an Ethernet. PTYE specifies
the type of protocol address being mapped. Its value is 0x0800 for IP
addresses. This is purposely the same value as the type field of an
Ethernet frame containing an IP datagram.
The next two 1-byte
fields, HLEN and PLEN, specify the sizes in bytes of the hardware
addresses and the protocol addresses. For an ARP request or reply for an
IP address on an Ethernet they are 6 and 4, respectively.
The OPER field specifies whether the operation is an ARP request (a value of 1), ARP reply (2), RARP request (3), or RARP reply (4). This field is required since the frame type field is the same for an ARP request and an ARP reply.
The
next four fields that follow are the sender's hardware address (an
Ethernet address in this example), the sender's protocol address (an IP
address), the target hardware address, and the target protocol address.
Notice there is some duplication of information: the sender's hardware
address is available both in the Ethernet header and in the ARP request.
For an ARP request all the fields are filled in except the target
hardware address. When a system receives an ARP request directed to it,
it fills in its hardware address, swaps the two sender addresses with
the two target addresses, sets the OPER field to 2, and sends the reply.
ARP Cache Timeout
A timeout is normally provided for entries in the ARP cache.Berkeley-derivedimplementations normally have a timeout of 20 minutes for a completed entry and 3 minutes for an incompleteentry (a nonexistent host onthe Ethernet.) These implementations normally restart the 20-minute timeout for an entry each time the entryis used.
Proxy ARP
Proxy ARP lets a router answer ARP requests on one of its networks for a host on another of its networks. This fools the sender
of
the ARP request into thinking that the router is the destination host,
when in fact the destination host is "on the other side" of
the router. The router is acting as a proxy agent for the destination host, relaying packets to it from other hosts.
Proxy ARP is also called promiscuous ARP or the ARP hack. These names are from another use of proxy ARP: to hide two physical
networks from each other, with a router between the two. In this case
both physical networks can use the same network ID as long as the router
in the middle is configured as a proxy ARP agent to respond to ARP
requests on one network for a host on the other network. This technique
has been used in the past to "hide" a group of hosts with older
implementations of TCP/IP on a separate physical cable. Two common
reasons for separating these older hosts are their inability to handle
subnetting and
their use of the older broadcasting address (a host ID
of all zero bits, instead of the current standard of a host ID with all
one bits).
Gratuitous ARP
gratuitous ARP occurs when a host sends an ARP request looking for its own IP address. This is usually done when the interface is configured at bootstrap time.
Gratuitous ARP provides two features.
1. It lets a host determine if another host is already configured with the same IP address. The host bsdi is not expecting a reply to this request. But if a reply is received, the error message "duplicate IP address sent from Ethernet address: a:b:c:d:e:f" is logged on the console. This is a warning to the system administrator that one of the systems is
misconfigured.
2. If the host sending the gratuitous ARP has just changed its hardware address (perhaps the host was shut down, the interface card replaced, and then the host was rebooted), this packet causes any other host on the cable that has an entry in its cache for the old hardware address to update its ARP cache entry accordingly. A little known fact of the ARP protocol [Plummer 1982] is that if a host receives an ARP request from an IP address that is already in the receiver's cache, then that cache entry is updated with the sender's hardware address (e.g., Ethernet address) from the ARP request. This is done for any ARP request received by the host. (Recall that ARP requests are broadcast, so this is done by all hosts on the network each time an ARP request is sent.)
arp Command
-a flag to display all the entries in the ARP cache.
-d option to delete an entry from the ARP cache.
-s option requires a hostname and an Ethernet address: the IP address corresponding to the hostname, and the Ethernet address are added to the cache. This entry is made permanent (i.e., it won't time out from the cache) unless the keyword temp appears at the end of the command line.
