Address Resolution Protocol (ARP) provides a completely different function to the network than Reverse Address Resolution Protocol (RARP). ARP is used to resolve the ethernet address of a NIC from an IP address in order to construct an ethernet packet around an IP data packet. This must happen in order to send any data across the network. Reverse address resolution protocol (RARP) is used for diskless computers to determine their IP address using the network.
Address Resolution Protocol (ARP)
In an earlier section, there was an example where a chat program was written to communicate between two servers. To send data, the user (Tom) would type text into a dialog box, hit send and the following happened:
- The program passed Tom’s typed text in a buffer, to the socket.
- The data was put inside a TCP data packet with a TCP header added to the data. This header contained a source and destination port number along with some other information and a checksum.
- The TCP packet was be placed inside an IP data packet with a source and destination IP address along with some other data for network management.
- The IP data packet was placed inside an ethernet data packet. This data packet includes the destination and source address of the network interface cards (NIC) on the two computers. The address here is the hardware address of the respective cards and is called the MAC address.
- The ethernet packet was transmitted over the network line.
- With a direct connection between the two computers, the network interface card on the intended machine, recognized its address and grabbed the data.
- The IP data packet was extracted from the ethernet data packet.
- The TCP data packet was extracted from the IP data packet.
- The data was extracted from the TCP packet and the program displayed the retrieved data (text) in the text display window for the intended recipient to read.
In step 4 above, the IP data was going to be placed inside an ethernet data packet, but the computer constructing the packet does not have the ethernet address of the recipient’s computer. The computer that is sending the data, in order to create the ethernet part of the packet, must get the ethernet hardware (MAC) address of the computer with the intended IP address. This must be accomplished before the ethernet packet can be constructed. The ethernet device driver software on the receiving computer is not programmed to look at IP addresses encased in the ethernet packet. If it did, the protocols could not be independent and changes to one would affect the other. This is where address resolution protocol (ARP) is used. Tom’s computer sends a network broadcast asking the computer that has the recipient’s IP address to send it’s ethernet address. This is done by broadcasting. The ethernet destination is set with all bits on so all ethernet cards on the network will receive the data packet. The ARP message consists of an ethernet header and ARP packet. The ethernet header contains:
- A 6 byte ethernet destination address.
- A 6 byte ethernet source address.
- A 2 byte frame type. The frame type is 0806 hexadecimal for ARP and 8035 for RARP
The encapsulated ARP data packet contains the following:
- Type of hardware address (2 bytes). 1=ethernet.
- Type of protocol address being mapped( 2 bytes). 0800H (hexadecimal) = IP address.
- Byte size of the hardware address (1 byte). 6
- Byte size of the protocol address (1 byte). 4
- Type of operation. 1 = ARP request, 2=ARP reply, 3=RARP request, 4=RARP reply.
- The sender’s ethernet address (6 bytes)
- The sender’s IP address (4 bytes)
- The recipient’s ethernet address (6 bytes)
- The recipient’s IP address (4 bytes)
When the ARP reply is sent, the recipient’s ethernet address is left blank.
In order to increase the efficiency of the network and not tie up bandwidth doing ARP broadcasting, each computer keeps a table of IP addresses and matching ethernet addresses in memory. This is called ARP cache. Before sending a broadcast, the sending computer will check to see if the information is in it’s ARP cache. If it is it will complete the ethernet data packet without an ARP broadcast. Each entry normally lasts 20 minutes after it is created. RFC 1122 specifies that it should be possible to configure the ARP cache timeout value on the host. To examine the cache on a Windows, UNIX, or Linux computer type “arp -a”.
If the receiving host is on another network, the sending computer will go through its route table and determine the correct router (A router should be between two or more networks) to send to, and it will substitute the ethernet address of the router in the ethernet message. The encased IP address will still have the intended IP address. When the router gets the message, it looks at the IP data to tell where to send the data next. If the recipient is on a network the router is connected to, it will do the ARP resolution either using it’s ARP buffer cache or broadcasting.
Reverse Address Resolution Protocol (RARP)
As mentioned earlier, reverse address resolution protocol (RARP) is used for diskless computers to determine their IP address using the network. The RARP message format is very similar to the ARP format. When the booting computer sends the broadcast ARP request, it places its own hardware address in both the sending and receiving fields in the encapsulated ARP data packet. The RARP server will fill in the correct sending and receiving IP addresses in its response to the message. This way the booting computer will know its IP address when it gets the message from the RARP server.
Â IP addresses are broken into 4 octets (IPv4) separated by dots called dotted decimal notation. An octet is a byte consisting of 8 bits. The IPv4 addresses are in the following form:
There are two parts of an IP address:
- Network ID
- Host ID
The various classes of networks specify additional or fewer octets to designate the network ID versus the host ID.
|Class||1st Octet||2nd Octet||3rd Octet||4th Octet|
|Net ID||Host ID|
|Net ID||Host ID|
|Net ID||Host ID|
When a network is set up, a netmask is also specified. The netmask determines the class of the network as shown below, except for CIDR. When the netmask is setup, it specifies some number of most significant bits with a 1’s value and the rest have values of 0. The most significant part of the netmask with bits set to 1’s specifies the network address, and the lower part of the address will specify the host address. When setting addresses on a network, remember there can be no host address of 0 (no host address bits set), and there can be no host address with all bits set.
Class A-E networks
The addressing scheme for class A through E networks is shown below. Note: We use the ‘x’ character here to denote don’t care situations which includes all possible numbers at the location. It is many times used to denote networks.
|Network Type||Address Range||Normal Netmask||Comments|
|Class A||001.x.x.x to 126.x.x.x||255.0.0.0||For very large networks|
|Class B||128.1.x.x to 191.254.x.x||255.255.0.0||For medium size networks|
|Class C||192.0.1.x to 223.255.254.x||255.255.255.0||For small networks|
|Class D||224.x.x.x to 188.8.131.52||Used to support multicasting|
|Class E||240.x.x.x to 247.255.255.255|
RFCs 1518 and 1519 define a system called Classless Inter-Domain Routing (CIDR) which is used to allocate IP addresses more efficiently. This may be used with subnet masks to establish networks rather than the class system shown above. A class C subnet may be 8 bits but using CIDR, it may be 12 bits.
There are some network addresses reserved for private use by the Internet Assigned Numbers Authority (IANA) which can be hidden behind a computer which uses IP masquerading to connect the private network to the internet. There are three sets of addresses reserved. These address are shown below:Â
- 172.16.x.x – 172.31.x.x
Other reserved or commonly used addresses:
- 127.0.0.1 – The loopback interface address. All 127.x.x.x addresses are used by the loopback interface which copies data from the transmit buffer to the receive buffer of the NIC when used.
- 0.0.0.0 – This is reserved for hosts that don’t know their address and use BOOTP or DHCP protocols to determine their addresses.
- 255 – The value of 255 is never used as an address for any part of the IP address. It is reserved for broadcast addressing. Please remember, this is exclusive of CIDR. When using CIDR, all bits of the address can never be all ones.
To further illustrate, a few examples of valid and invalid addresses are listed below:
- Valid addresses:
- 10.1.0.1 through 10.1.0.254
- 10.0.0.1 through 10.0.0.254
- 10.0.1.1 through 10.0.1.254
- Invalid addresses:
- 10.1.0.0 – Host IP can’t be 0.
- 10.1.0.255 – Host IP can’t be 255.
- 10.123.255.4 – No network or subnet can have a value of 255.
- 0.12.16.89 – No Class A network can have an address of 0.
- 255.9.56.45 – No network address can be 255.
- 10.34.255.1 – No network address can be 255.
Sometimes you may see a network interface card (NIC) IP address specified in the following manner:
The first part indicates the IP address of the NIC which is “192.168.1.1” in this case. The second part “/24” indicates the netmask value meaning in this case that the first 24 bits of the netmask are set. This makes the netmask value 255.255.255.0. If the last part of the line above were “/16”, the netmask would be 255.255.0.0.
Subnetting is the process of breaking down a main class A, B, or C network into subnets for routing purposes. A subnet mask is the same basic thing as a netmask with the only real difference being that you are breaking a larger organizational network into smaller parts, and each smaller section will use a different set of address numbers. This will allow network packets to be routed between subnetworks. When doing subnetting, the number of bits in the subnet mask determine the number of available subnets. Two to the power of the number of bits minus two is the number of available subnets. When setting up subnets the following must be determined:
- Number of segments
- Hosts per segment
Subnetting provides the following advantages:
- Network traffic isolation – There is less network traffic on each subnet.
- Simplified Administration – Networks may be managed independently.
- Improved security – Subnets can isolate internal networks so they are not visible from external networks.
A 14 bit subnet mask on a class B network only allows 2 node addresses for WAN links. A routing algorithm like OSPF or EIGRP must be used for this approach. These protocols allow the variable length subnet masks (VLSM). RIP and IGRP don’t support this. Subnet mask information must be transmitted on the update packets for dynamic routing protocols for this to work. The router subnet mask is different than the WAN interface subnet mask.
One network ID is required by each of:
- WAN connection
One host ID is required by each of:
- Each NIC on each host.
- Each router interface.
Types of subnet masks:
- Default – Fits into a Class A, B, or C network category
- Custom – Used to break a default network such as a Class A, B, or C network into subnets.
IPv6 is 128 bits. It has eight octet pairs, each with 16 bits and written in hexadecimal as follows:
Extension headers can be added to IPv6 for new features.
Supernetting is used to help make up for some of the shortage if IP addresses for the internet. It uses Classless Inter-Domain Routing (CIDR). If a business needs a specific number of IP addresses such as 1500, rather than allocating a class B set of addresses with the subnet mask of 255.255.0.0, a subnet mask of 255.255.248.0 may be allocated. Therefore the equivalent of eight class C addresses have been allocated. With supernetting, the value of 2 is not subtracted from the possible number of subnets since the router knows that these are contiguous networks. 8 times 254 = 2032
TCP/IP Illustrated, Volume1, The Protocols
Author:W. Richard Stevens, Publisher: Addison Wesley. ISBN 0201633469