Address Resolution Protocol

From Wikipedia, the free encyclopedia

The five layer TCP/IP model
5. Application layer

DHCPDNSFTPHTTPIMAP4IRCNNTPXMPPMIMEPOP3SIPSMTPSNMPSSHTELNETBGPRPCRTPRTCPTLS/SSLSDPSOAPL2TPPPTP
4. Transport layer

TCPUDPDCCPSCTPGTP
3. Network layer

IP (IPv4IPv6) • ICMPIGMPRSVPIPsec
2. Data link layer

ATMDTMEthernetFDDIFrame RelayGPRSPPPARPRARP
1. Physical layer

Ethernet physical layerISDNModemsPLCSONET/SDHG.709Wi-Fi
This box: view  talk  edit

In computer networking, the Address Resolution Protocol (ARP) is the method for finding a host's hardware address when only its network layer address is known. Due to the overwhelming prevalence of IPv4 and Ethernet, ARP is primarily used to translate IP addresses to Ethernet MAC addresses. It is also used for IP over other LAN technologies, such as Token Ring, FDDI, or IEEE 802.11, and for IP over ATM.

ARP is used in four cases of two hosts communicating:

  1. When two hosts are on the same network and one desires to send a packet to the other
  2. When two hosts are on different networks and must use a gateway/router to reach the other host
  3. When a router needs to forward a packet for one host through another router
  4. When a router needs to forward a packet from one host to the destination host on the same network

The first case is used when two hosts are on the same physical network (that is, they can directly communicate without going through a router). The last three cases are the most used over the Internet as two computers on the internet are typically separated by more than 3 hops.

Imagine computer A sends a packet to computer D and there are two routers, B & C, between them. Case 2 covers A sending to B; case 3 covers B sending to C; and case 4 covers C sending to D.

ARP is defined in RFC 826.



ARP, which stands for Address Resolution Protocol, is an extremely common and extremely important protocol. Every host on a network has two addresses, one physical and one logical. The address resolution protocol provides the necessary bridge between these two addresses. In an Ethernet network, two addresses are used to identify the source and the destination of the information sent by a host. All information sent by a computer contains the computer's hardware source address, source IP address, destination hardware address and destination IP address. ARP is needed to link the two.

There are four types of ARP messages that can be sent. The ARP request, ARP reply, RARP request, and the RARP reply. In an ARP request, the local host requests the physical address of the destination hardware from the destination host. The address reply from the destination host is the ARP reply. Not only does the destination host send a reply but is also sends RARP request that will verify sender’s hardware address. Once the addresses are verified the transmission of the packet will begin.

When the IP protocol needs to communicate with another device on the network, it checks the ARP cache to determine if it has the required information to communicate with the destination IP address. If there is no match in the ARP cache an ARP broadcast request is sent out. This message would resemble, "Does anyone know whose physical address belongs to this IP address?" When the correct destination hears the ARP request it can then respond with its physical address. Or an example, “Yes, that’s me. My physical address is…” The ARP cache is then updated and the original information can be routed to its designated target. Below is an example of an ARP request and reply.

Entries to the ARP cache can be static or dynamic. The example above is an example of a dynamic entry. The sending host automatically sent the request to the destination with out the computer’s operator even being aware. An entry into the ARP cache can also happen manually by adding a static entry. This can be done by going to the command prompt and entering arp-s

Once an IP address has been resolved to a hardware address it will remain in the ARP cache for 2 minutes. If a request is sent to the same IP address within the two minutes, it will be renewed and remain in the cache for another 2 minutes. This process can repeat until the entry has remained for 10 minutes, at that time it will be cleared out of the cache and another ARP request will be needed.

Contents

ARP was not originally designed as an IP-only protocol although today it is primarily used to map IP addresses to MAC addresses.

ARP can be used to resolve MAC addresses to many different Layer 3 protocols addresses. ARP has also been adapted to resolve other kinds of Layer 2 addresses; for example, ATMARP is used to resolve ATM NSAP addresses in the Classical IP over ATM protocol.

ARP Mediation refers to the process of resolving Layer 2 addresses when different resolution protocols are used on either circuit, for e.g. ATM on one end and Ethernet on the other.

The Inverse Address Resolution Protocol, also known as Inverse ARP or InARP, is a protocol used for obtaining Layer 3 addresses (e.g. IP addresses) of other stations from Layer 2 addresses (e.g. the DLCI in Frame Relay networks). It is primarily used in Frame Relay and ATM networks, where Layer 2 addresses of virtual circuits are sometimes obtained from Layer 2 signalling, and the corresponding Layer 3 addresses must be available before these virtual circuits can be used..

ARP translates Layer 3 addresses to Layer 2 addresses, therefore InARP can be viewed as its inverse. In addition, InARP is actually implemented as an extension to ARP. The packet formats are the same, only the operation code and the filled fields differ.

Reverse ARP (RARP), like InARP, also translates Layer 2 addresses to Layer 3 addresses. However, RARP is used to obtain the Layer 3 address of the requesting station itself, while in InARP the requesting station already knows its own Layer 2 and Layer 3 addresses, and it is querying the Layer 3 address of another station. RARP has since been abandoned in favor of BOOTP which was subsequently replaced by DHCP.

The following is the packet structure used for ARP requests and replies. On Ethernet networks, these packets use an EtherType of 0x0806, and are sent to the broadcast MAC address of FF:FF:FF:FF:FF:FF. Note that the packet structure shown in the table has SHA, SPA, THA, & TPA as 32-bit words but this is just for convenience — their actual lengths are determined by the hardware & protocol length fields.

+ Bits 0 - 7 8 - 15 16 - 31
0 Hardware type (HTYPE) Protocol type (PTYPE)
32 Hardware length (HLEN) Protocol length (PLEN) Operation (OPER)
64 Sender hardware address (SHA)
 ? Sender protocol address (SPA)
 ? Target hardware address (THA)
 ? Target protocol address (TPA)
Hardware type (HTYPE) 
Each data link layer protocol is assigned a number used in this field. For example, Ethernet is 1.
Protocol type (PTYPE) 
Each protocol is assigned a number used in this field. For example, IPv4 is 0x0800.
Hardware length (HLEN) 
Length in bytes of a hardware address. Ethernet addresses are 6 bytes long.
Protocol length (PLEN) 
Length in bytes of a logical address. IPv4 address are 4 bytes long.
Operation 
Specifies the operation the sender is performing: 1 for request, and 2 for reply.
Sender hardware address (SHA) 
Hardware address of the sender.
Sender protocol address (SPA) 
Protocol address of the sender.
Target hardware address (THA) 
Hardware address of the intended receiver. This field is zero on request.
Target protocol address (TPA) 
Protocol address of the intended receiver.

If a host with IPv4 address of 10.10.10.123 and MAC address of 00:09:58:D8:11:22 wants to send a packet to another host at 10.10.10.140 but it does not know the MAC address then it must send an ARP request to discover the address. The packet shown shows what would be broadcast over the local network. If the host 10.10.10.140 is running and available then it would receive the ARP request and send the appropriate reply.

+ Bits 0 - 7 8 - 15 16 - 31
0 Hardware type = 1 Protocol type = 0x0800
32 Hardware length = 6 Protocol length = 4 Operation = 1
64 SHA (first 32 bits) = 0x000958D8
96 SHA (last 16 bits) = 0x1122 SPA (first 16 bits) = 0x0A0A
128 SPA (last 16 bits) = 0x0A7B THA (first 16 bits) = 0x0000
160 THA (last 32 bits) = 0x00000000
192 TPA = 0x0A0A0A8C

Given the scenario laid out in the request section, if the host 10.10.10.140 has a MAC address of 00:09:58:D8:33:AA then it would send the shown reply packet. Note that the sender and target address blocks have been swapped (the sender of the reply is the target of the request; the target of the reply is the sender of the request). Furthermore the host 10.10.10.140 has filled in its MAC address in the sender hardware address.

Any hosts on the same network as these two hosts would also see the request (since it is a broadcast) so they are able to cache information about the source of the request. The ARP reply (if any) is directed only to the originator of the request so information in the ARP reply is not available to other hosts on the same network.

+ Bits 0 - 7 8 - 15 16 - 31
0 Hardware type = 1 Protocol type = 0x0800
32 Hardware length = 6 Protocol length = 4 Operation = 2
64 SHA (first 32 bits) = 0x000958D8
96 SHA (last 16 bits) = 0x33AA SPA (first 16 bits) = 0x0A0A
128 SPA (last 16 bits) = 0x0A8C THA (first 16 bits) = 0x0009
160 THA (last 32 bits) = 0x58D81122
192 TPA = 0x0A0A0A7B

An ARP announcement (also known as "Gratuitous ARP") is a packet (usually an ARP Request [1]) containing a valid SHA and SPA for the host which sent it, with TPA equal to SPA. Such a request is not intended to solicit a reply, but merely updates the ARP caches of other hosts which receive the packet.

This is commonly done by many operating systems on startup, and helps to resolve problems which would otherwise occur if, for example, a network card had recently been changed (changing the IP address to MAC address mapping) and other hosts still had the old mapping in their ARP cache.

ARP announcements are also used for 'defending' IP addresses in the RFC3927 (Zeroconf) protocol.

This article was originally based on material from the Free On-line Dictionary of Computing, which is licensed under the GFDL.

Retrieved from "http://en.wikipedia.org../../../a/d/d/Address_Resolution_Protocol_63ce.html"
Advanced Search
Included Web Search Engines


Safe Search

close

Top Matching Results

Occasionally Search.com will highlight specialized results that are based on the context of your query. Examples of specialized results include specific links to news, images, or video.

Top Matching Results may highlight information from other Search.com pages, content from the CNET Network of sites, or third party content. The listings are based purely on relevance. Search.com does not receive payment for listings in this section but our partners that provide this data may get paid for listing these products.

Sponsored Links

This section contains paid listings which have been purchased by companies that want to have their sites appear for specific search terms and related content. These listings are administered, sorted and maintained by a third party and are not endorsed by Search.com.

Search Results

Search.com sends your search query to several search engines at one time and integrates the results into one list which has been sorted by relevance using Search.com's proprietary algorithm. You can customize the list of search engines included in your metasearch from the preferences.

The search engines that are used in your metasearch may allow companies to pay to have their Web sites included within the results. To view the Paid Inclusion policy for a specific search engine, please visit their Web site. Search.com does not accept payment or share revenue with any search engine partner for listings in this section.