Transcript Lecutre_4_ARP+ICMP

Connectivity with
ARP and RARP
1
ARP and RARP
Introduction
• There needs to be a mapping between the layer 2 and layer 3
addresses (i.e. IP to Ethernet).
• Mapping should be dynamic (i.e. when you change NICs).
• Address Resolution Protocol (ARP): You have the layer 3 address
and do not have the layer 2 address.
• Reverse ARP (RARP): You have the layer 2 address, but do not
have the layer 3 address.
• Layer 2 provides the addressing needed to get to the next device and
Layer 3 provides the addressing needed to get to the end-to-end
destination. Need both layer 2 and layer 3 addressing.
2
ARP and RARP
ARP
• ARP associates an IP address to a layer 2 (physical or hardware)
address.
• An ARP request is a broadcast.
• An ARP reply is a unicast.
IP: 141.23.56.23
MAC: A4-6E-F4-59-83-AB
A
B
ARP
Client
ARP Request – layer 2 broadcast
IP: 141.23.56.23
MAC:FF-FF-FF-FF-FF-FF
ARP reply - unicast
IP: 141.23.56.23
MAC: A4-6E-F4-59-83-AB
3
ARP and RARP
ARP
Packet Format:
• HTYPE – Hardware Type (16 bits):
• Defines the type of network ARP is running on.
• Each LAN is assigned a unique HTYPE.
• Can be used on any network.
• Example: Ethernet HTYPE is 1.
0
15 16
Hardware Type
Hardware Length
31
Protocol Type
Protocol Length
Operation
Sender Hardware Address
Sender Protocol Address
Target Hardware Address
Target Protocol Address
4
ARP and RARP
ARP
Packet Format:
• PTYPE – Protocol Type (16 bits):
• Defines the type of protocol.
• Can be used with any layer 3 protocol.
• Example: IPv4 is 0x0800.
• HLEN – Hardware Length (8 bits):
• Defines the length of physical address in bytes.
• Example: Ethernet is 6 (6 * 8 = 48 bits).
• PLEN – Protocol Length (8 bits):
• Length of the layer 3 address in bytes.
• Example: IPV4 is 4 (4 * 8 = 32 bits).
5
ARP and RARP
ARP
Packet Format:
• OPER - Operation (16 bits):
• 2 operations:
• 1 = ARP Request
• 2 = ARP Reply
3 = RARP Request
4 = RARP Reply
• SHA/THA – Sender/Target Hardware Address (variable):
• Layer 2 address of the sender/target.
• Example: Ethernet is 48 bits in length.
• SPA/TPA – Sender/Target Protocol Address (variable):
• Layer 3 address of the sender/target.
• Example: IPv4 is 32 bits in length
6
ARP and RARP
ARP
Encapsulation:
• ARP packets are encapsulated directly into layer 2 frames.
• Example: ARP over Ethernet.
• Preamble and Start Frame Delimiter (SFD) (8 bytes)
• Addresses (6 bytes)
• Type (2 bytes): 0x0806
• Data (Variable)
• CRC (4 bytes)
ARP Request or ARP Reply
Preamble &
SFD (8)
Destination
Address (6)
Source
Address (6)
Type
(2)
Data (Variable)
CRC (4)
7
ARP and RARP
ARP
Operation:
1. Sender knows IP address of target.
2. IP asks ARP to create an ARP request with the SHA, SPA, TPA,
and THA. THA is all 0s because ARP request does not know it.
3. ARP request is passed to layer 2 for frame encapsulation and
broadcast.
4. Every node on the LAN receives this frame, decapsulates it, and
passes the ARP request to ARP. All nodes discard the ARP request,
except the target node.
5. The target node replies with an ARP unicast reply containing its
layer 2 address.
6. The sender receives the ARP reply and knows the target’s layer 2
address.
7. Now packets can be encapsulated into frames and addresses to the
8
target.
ARP and RARP
ARP
4 ARP Cases:
1. The sender is a host and wants to send a packet to another host on
the same network. Host-to-host.
2. The sender is a host and wants to send a packet to another host on
a different network. Host-to-router (default gateway).
3. The sender is a router that has received a packet destined for a host
on a different network. Router-to-router.
4. The sender is a router that has received a packet destined for a host
on the same network. Router-to host.
9
ARP and RARP
Reverse ARP (RARP)
• Opposite of ARP.
• A device has its physical address (layer 2), but does not have a layer
3 address.
MAC: A4-6E-A4-57-82-36
A
B
RARP
Server
RARP
Client
RARP Request - broadcast
IP: 0.0.0.0
MAC: A4-6E-A4-57-82-36
RARP reply – direct to SHA
IP: 141.14.56.21
MAC: A4-6E-A4-57-82-36
10
ARP and RARP
RARP
0
15 16
31
Hardware Type
Hardware Length
Protocol Type
Protocol Length
Operation
Sender Hardware Address
Sender Protocol Address
Target Hardware Address
Target Protocol Address
RARP Request or RARP Reply
Preamble &
SFD (8)
Destination
Address (6)
Source
Address (6)
Type
(2)
Type = 0x8035
Data (Variable)
CRC (4)
11
ARP
D ff.ff.ff.ff.ff.ff
D fe.34.56.32.d5.29
DSP
128.187.174.10
128.187.171.2
SP 128.187.174.10
DSH
44.fe.34.56.32.d5
fe.34.56.32.d5.29
SH 44.fe.34.56.32.d5
S DP
128.187.171.2
128.187.174.10
DP 128.187.171.2
S DH
fe.34.56.32.d5.29
0.0.0.0.0.0
DH fe.34.56.32.d5.29
171
H1
H2
H3
D ff.ff.ff.ff.ff.ff
SP 128.187.171.2
SH fe.34.56.32.d5.29
DP 128.187.174.10
DH 0.0.0.0.0.0
H7
H8
H9
173
56.47.ef.c6.34.78
Switch
172
H4
H5
H6
H10
H11
H12
174
55.7e.c6.11.78.99
D ff.ff.ff.ff.ff.ff
D ff.ff.ff.ff.ff.ff
D fe.34.56.32.d5.29
D
128.187.174.10
SP 128.187.171.2
SP 128.187.171.2
SP 128.187.174.10
D
44.fe.34.56.32.d5
SH fe.34.56.32.d5.29
SH fe.34.56.32.d5.29
SH 44.fe.34.56.32.d5
S
128.187.171.2
DP 128.187.174.10
DP 128.187.174.10
DP 128.187.171.2
S
fe.34.56.32.d5.29
DH 0.0.0.0.0.0
DH 0.0.0.0.0.0
DH fe.34.56.32.d5.29
12
H10= IP 128.187.174.10, Ethernet 44.fe.34.56.32.d5
ARP D fe.34.56.32.d5.29
D ff.ff.ff.ff.ff.ff
SP 128.187.174.10
D SP
128.187.174.10
128.187.171.2
SH 56.47.ef.c6.34.78
D SH
56.47.ef.c6.34.78
fe.34.56.32.d5.29
DP 128.187.171.2
S 128.187.171.2
DP 128.187.174.10
DH fe.34.56.32.d5.29
S fe.34.56.32.d5.29
DH 0.0.0.0.0.0
171
H1
H2
H3
H7
H8
H9
173
56.47.ef.c6.34.78
Router
172
H4
H5
H6
H10
H11
H12
174
55.7e.c6.11.78.99
D
D ff.ff.ff.ff.ff.ff
55.7e.c6.11.78.99
D 128.187.174.10
SP
SP128.187.171.2
128.187.174.10
D 44.fe.34.56.32.d5
SH SH
55.7e.c6.11.78.99
44.fe.34.56.32.d5
S 128.187.171.2
DPDP
128.187.174.10
128.187.171.2
S 55.7e.c6.11.78.99
DH 0.0.0.0.0.0
55.7e.c6.11.78.99
H10= IP 128.187.174.10, Ethernet 44.fe.34.56.32.d5
13
ICMP
Internet Control Message Protocol
14
Purpose of ICMP
The Internet Control Message Protocol is a
protocol for the exchange of error messages and
other vital information between (Physical) Internet
entities such as hosts and routers.
15
ICMP in the TCP/IP protocol suite
ICMP is a network layer protocol, often it is placed next to
the IP protocol.
ICMP Header
IP Header
Frame Header
ICMP Data Area
IP Data Area
Frame Area
16
ICMP in the TCP/IP protocol suite
 ICMP lies just above IP, as ICMP messages are
carried inside IP Packets.
 ICMP messages are carried as IP payload,
17
ICMP functions
 Announce network errors: such as a host or
entire portion of the network being unreachable,
due to some type of failure. A TCP or UDP packet
directed at a port number with no receiver
attached is also reported via ICMP.
Announce network congestion: When a
router begins buffering too many packets, due to
an inability to transmit them as fast as they are
being received, it will generate ICMP Source
Quench messages. Directed at the sender, these
messages should cause the rate of packet
transmission to be slowed.

18
ICMP Applications
There are two simple and widely used
applications which are based on ICMP:


Ping
Traceroute.
19
ICMP Applications
 PING: The ping utility checks whether a host is alive
& reachable or not. This is done by sending an ICMP
Echo Request packet to the host, and waiting for an
ICMP Echo Reply from the host.

TRACE ROUTE: Traceroute is a utility that records the
route (the specific gateway computers at each hop)
through the Internet between your computer and a
specified destination computer. It also calculates and
displays the amount of time each hop took.
20
ICMP Operation
21
More about Message Types
The DESTINATION UNREACHABLE message is used when the subnet or a
router cannot locate the destination.
The TIME EXCEEDED message is sent when a packet is dropped because its
counter has reached zero. This event is symptom that there is enormous
congestion, or that the timer values are being set too low.
The PARAMETER PROBLEM message indicates that an illegal value has been
detected in a header field. This problem indicates a bug in the sending host’s IP
software or possibly in the router’s software.
The SOURCE QUENCH message was formerly used to throttle hosts that were
sending too many packets. When a host received this message, it was expected
to slow down. It is rarely used any more when congestion occurs.
22
More about Message Types
The REDIRECT MESSAGE is used when a router notices that a packet seems to be
routed wrong. It is used by the router to tell the sending host about the probable error.
The ECHO Request and ECHO REPLY messages are used to see if a given destination is
reachable and alive. Upon receiving the ECHO message, the destination is expected to
send an ECHO REPLY message back.
The TIMESTAMP REQUEST and TIMESTAMP REPLY messages are similar, except that
the arrival time of the message and the departure time of the reply are recorded in the
reply. This facility is used to measure network performance.
23
Questions???
24