ARPARP

“Protocol address”

Ex: IP address

“Hardware address”

Ex: Ethernet address

RFC 826

ARPARP

D.A S.A Type CRC

ARP

Sender h/w

Senderproto

Target h/w

Targetproto

ARP headerARP header

Hardware type (2 octets)Hardware type (2 octets)– Value =1 for Value =1 for EthernetEthernet

Protocol type (2 octets)Protocol type (2 octets)– Value = 0x0800 for Value = 0x0800 for IPIP

Hardware address size in bytes (1 octet)Hardware address size in bytes (1 octet)– Value = 6 for Value = 6 for EthernetEthernet

Protocol address size in bytes (1 octet)Protocol address size in bytes (1 octet)– Value = 4 for Value = 4 for IPIP

ARP headerARP header

OpcodeOpcode

– ARP ARP requestrequest

– ARP ARP replyreply

– RARP requestRARP request

– RARP replyRARP reply

ObservationsObservations

ARP: ARP: dynamic dynamic mapping between any layer mapping between any layer 3 and layer 2 protocol3 and layer 2 protocol

ARP is not required on a point-to-point linkARP is not required on a point-to-point link

ARP requests broadcast, replies unicastARP requests broadcast, replies unicast

ARP requests/replies are short ARP requests/replies are short padding padding required in Ethernetrequired in Ethernet

ObservationsObservations

Gratuitous ARPGratuitous ARP

A machine asks for the hardware address A machine asks for the hardware address corresponding to its corresponding to its own own IP addressIP address

Normally seen at bootstrap timeNormally seen at bootstrap time– To catch misconfigured machinesTo catch misconfigured machines– Two machines with the same IP addressTwo machines with the same IP address

ARP cacheARP cache

Before issuing an ARP request, a machine Before issuing an ARP request, a machine always checks its always checks its ARP cacheARP cache to see if the to see if the desired hardware address is present desired hardware address is present

If no such address mapping is found, then If no such address mapping is found, then the ARP request is issuedthe ARP request is issued

Timeout for cache entriesTimeout for cache entries

arp –a arp –a shows all the shows all the ARP cacheARP cache entries entries

.13.65.13.66

.13.35 .13.33 .13.34

Ethernet

ABCD

PPP

R

X140.252.1.52 / 24

140.252.1.29 / 24

X has a pkt for B (140.252.1.29)What happens?

140.252.1.183 / 24

.13.65.13.66

.13.35 .13.33 .13.34

Ethernet

ABCD

PPP

R

X140.252.1.52 / 16

140.252.1.29 / 24

X has a pkt for B (140.252.1.29)What happens?

140.252.1.183 / 24

.13.65.13.66

.13.35 .13.33 .13.34

Ethernet

ABCD

PPP

R

X140.252.1.52 / 16

140.252.2.29 / 24

X has a pkt for B (140.252.1.29)What happens?

140.252.1.183 / 24

ARPARP

X sends an ARP request for IP X sends an ARP request for IP 140.252.1.29140.252.1.29

Router R receives itRouter R receives it

If If Proxy ARPProxy ARP is set up on R, then R is set up on R, then R replies to the ARP request with its own replies to the ARP request with its own hardware address (interface IP hardware address (interface IP 140.252.1.183)140.252.1.183)

Proxying for the interface 140.252.1.29Proxying for the interface 140.252.1.29

Gratuitous ARPGratuitous ARP Sender generates a request to inform the Sender generates a request to inform the

receivers about some informationreceivers about some information– Change in L2 addressChange in L2 address

– Duplicate address detectionDuplicate address detection

– Virtual IPVirtual IP Allow failover in a pool of servers – if Allow failover in a pool of servers – if

heartbeat timer detects the failure heartbeat timer detects the failure Active server fails and backup takes over Active server fails and backup takes over Redundancy Redundancy

Proxy ARPProxy ARP X believes it has the hardware address of X believes it has the hardware address of

140.252.1.29 while it really has the address of 140.252.1.29 while it really has the address of 140.252.1.183140.252.1.183

MotivationMotivation

– SecuritySecurity

– All packets for these machines have to pass All packets for these machines have to pass through the router running Proxy ARP, where the through the router running Proxy ARP, where the packets can be examinedpackets can be examined

– The sender does not know that its packets are The sender does not know that its packets are passing through a machine and are being passing through a machine and are being checkedchecked

Proxy ARP Proxy ARP

Specified in RFC-1027Specified in RFC-1027

Proxy ARP is a tool to help ease the Proxy ARP is a tool to help ease the transition to a subnetted environment transition to a subnetted environment – Ex: 172.20.0.0/16 to 172.20.1.0/24Ex: 172.20.0.0/16 to 172.20.1.0/24

Not meant to be a substitute for a routing Not meant to be a substitute for a routing protocol protocol – Directly attached hosts rather than Directly attached hosts rather than

route to a destination hostroute to a destination host

Proxy ARPProxy ARP

What happens when 172.20.97.101/16 What happens when 172.20.97.101/16 wants to communicate with wants to communicate with 172.20.71.76/24?172.20.71.76/24?

172.20.1.0/24

172.20.33.0/24

172.20.35.0/24

172.20.1.0/16

172.20.71.0/24

172.20.74.0/24

172.20.32.0/24

R1 R2

Proxy ARP Proxy ARP Station on old backbone will send out an ARP Station on old backbone will send out an ARP

requestrequest Routers R1 and R2 will not forward the ARP Routers R1 and R2 will not forward the ARP

broadcastbroadcast The destination is “directly” connected to R2The destination is “directly” connected to R2 R2 sends out an ARP reply with its MAC R2 sends out an ARP reply with its MAC

addressaddress Forwarding is automatic if communication is Forwarding is automatic if communication is

initiated in the opposite directioninitiated in the opposite direction Summary – Proxy ARP useful as a “transition” Summary – Proxy ARP useful as a “transition”

from classical subnetting to explicit from classical subnetting to explicit subnetting subnetting

Required Conditions Required Conditions

Address does not belong to the same Address does not belong to the same subnet subnet

Proxy is enabledProxy is enabled– Device based (NIC) Device based (NIC)

All valid requests received on the device are All valid requests received on the device are processedprocessed

– Destination based Destination based Both the destination address and the device Both the destination address and the device

are taken for a decision ( IPv6 supports this!)are taken for a decision ( IPv6 supports this!) Host process it if proxying is enabledHost process it if proxying is enabled Forwarding is enabled on the proxy server Forwarding is enabled on the proxy server

DNATDNAT

Destination NAT ( aka Route NAT) allows a Destination NAT ( aka Route NAT) allows a host to define a dummy (NAT) addresses:host to define a dummy (NAT) addresses:– Ingress packets addressed to them are Ingress packets addressed to them are

detected by hostdetected by host– Forwarded to another addressForwarded to another address

Mainly used by Routers Mainly used by Routers – No relation to Destination NAT No relation to Destination NAT

implemented by Netfilterimplemented by Netfilter

DNATDNAT

Assume a subnet 10.0.0.0/24 Assume a subnet 10.0.0.0/24 Host 10.0.0.5 is a dummy hostHost 10.0.0.5 is a dummy host A host from the subnet wants to talk to A host from the subnet wants to talk to

this hostthis host– The real host is 10.0.1.10 The real host is 10.0.1.10

Router receives it and proxies it by Router receives it and proxies it by replying its own interfacereplying its own interface

Router proxies traffic between the Router proxies traffic between the requester and 10.0.1.10requester and 10.0.1.10

Point-to-Point Protocol Point-to-Point Protocol A non broadcast channel protocol A non broadcast channel protocol A data link layer protocol like EthernetA data link layer protocol like Ethernet

– Derived from HDLC and DDCMPDerived from HDLC and DDCMP– Offers datagram service (LLC Type 1!)Offers datagram service (LLC Type 1!)– Flag Flag indicates start and end of packetindicates start and end of packet– AddressAddress when two stations share the link when two stations share the link

HDLC uses Master and several TributariesHDLC uses Master and several Tributaries Packets are transmitted from Master to Packets are transmitted from Master to

Tributary and vice versaTributary and vice versa Tributary – Tributary is not possible. Tributary – Tributary is not possible.

PPPPPP

PPP operates over serial dial-up telephone PPP operates over serial dial-up telephone lineline– Dial up connections with 56K modemsDial up connections with 56K modems– A protocol of choice connecting home A protocol of choice connecting home

users to their ISPs users to their ISPs SONET/SDH linkSONET/SDH link X.25 connection X.25 connection ISDN circuitISDN circuitFlag AddressControl Prot Data FCS Flag

A note on LLCA note on LLC Logical Link Control – defines the fields that Logical Link Control – defines the fields that

allow multiple higher-layer protocols to share allow multiple higher-layer protocols to share the use of data linkthe use of data link

Provides additional functionality in addition to Provides additional functionality in addition to simple datagram servicesimple datagram service– LLC type 1 – datagram protocol – best effortLLC type 1 – datagram protocol – best effort

IP, IPx, Token Ring, FDDIIP, IPx, Token Ring, FDDI

– LLC type 2 – reliable connection-oriented LLC type 2 – reliable connection-oriented protocol on top of basic datagramprotocol on top of basic datagram NetBEUI, MS Lan ManagerNetBEUI, MS Lan Manager

– LLC type 3 – connectionless with acksLLC type 3 – connectionless with acks LLC is 3 Bytes long LLC is 3 Bytes long

LLC Type 1 LLC Type 1 CTL – 1 byte long and can have one of threeCTL – 1 byte long and can have one of three

– UI – unnumbered InformationUI – unnumbered Information Datagram Datagram

– XID – Exchange Identification XID – Exchange Identification Command and Response Command and Response

– Test Test Command and ResponseCommand and Response

Command and Response in XID and Test is Command and Response in XID and Test is distinguished on a one bit in SSAPdistinguished on a one bit in SSAP– G/I is replaced with command or G/I is replaced with command or

response!response!

Point-to-Point Protocol Point-to-Point Protocol

Multiplexing Multiplexing – Multiple upper layer protocols can be Multiple upper layer protocols can be

simultaneously multiplexed over the simultaneously multiplexed over the same linksame link

– A 16 bit A 16 bit Protocol Protocol field field Supports asynchronous link with 8 bits of Supports asynchronous link with 8 bits of

data and no parity data and no parity

Supports bit-oriented synchronous linksSupports bit-oriented synchronous links

PPP PPP The principal components of PPP:The principal components of PPP:

– Framing – A method to encapsulate data in Framing – A method to encapsulate data in a PPP frame, and detecting errors in a a PPP frame, and detecting errors in a frameframe Start/End of frame, Byte Stuffing, Esc Start/End of frame, Byte Stuffing, Esc

sequence, ..sequence, ..

– Link-control protocol – for initializing, Link-control protocol – for initializing, maintaining, and taking down the PPP linkmaintaining, and taking down the PPP link MTU, Skip the use of certain fields, Auth protocol MTU, Skip the use of certain fields, Auth protocol

to useto use

– Network-control protocol – A family of Network-control protocol – A family of protocols, one for each upper-layerprotocols, one for each upper-layer IP address, compression, .. IP address, compression, ..

PPP – Requirements PPP – Requirements Specified in RFC 1547Specified in RFC 1547

– Packet framingPacket framing– Transparency – PPP not to place any Transparency – PPP not to place any

constraints in data appearing in network constraints in data appearing in network layerlayer No constraints on data appearing from layer 3! No constraints on data appearing from layer 3!

– Multiple network layer protocols – multiple Multiple network layer protocols – multiple network layer protocols running at the network layer protocols running at the same timesame time Just like IP supporting many TCP and UDP flows!Just like IP supporting many TCP and UDP flows!

– Multiple types of links – Synchronous , Multiple types of links – Synchronous , Asynchronous, serial or parallel, low-speed Asynchronous, serial or parallel, low-speed or high speed , electrical or optical or high speed , electrical or optical

PPP – Requirements PPP – Requirements

– Error detectionError detection Detect errors in received frameDetect errors in received frame

– Connection liveliness – Able to detect a Connection liveliness – Able to detect a failure at the link levelfailure at the link level Inability to transfer data from sending side and Inability to transfer data from sending side and

signal this error conditionsignal this error condition

– Network layer address negotiation – learn Network layer address negotiation – learn and configure each other’s network layer-and configure each other’s network layer-addressaddress

– Simplicity – Should be a simple protocolSimplicity – Should be a simple protocol More than 50 RFCs now define various aspects More than 50 RFCs now define various aspects

of this “simple” protocolof this “simple” protocol

PPP FramePPP Frame

Flag Fixed hdr Proto Information CRC Flag

Protocol field:

IP datagram Link control protocol N/w control proto

PPP framePPP frame PPP frame inspired by HDLCPPP frame inspired by HDLC

Flag = 0x7E; indicates frame boundariesFlag = 0x7E; indicates frame boundaries

Fixed header Fixed header Address and Control fields (both Address and Control fields (both taken from HDLC)taken from HDLC)– Address: All 1-s (“All Stations” address) and thus Address: All 1-s (“All Stations” address) and thus

ARP is not needed!ARP is not needed!– Control: 0x03 (“Unnumbered Information” frame Control: 0x03 (“Unnumbered Information” frame

with “Poll/Final” bit set to 0)with “Poll/Final” bit set to 0) Both the fields are currently take only the above fixed Both the fields are currently take only the above fixed

value! value!

Escape sequenceEscape sequence Flag in “information field,” or special character Flag in “information field,” or special character

need to escapeneed to escape

Asynchronous and byte-oriented links:Asynchronous and byte-oriented links:– Replace by a 2-byte sequenceReplace by a 2-byte sequence– 11stst byte: 0x7d (Escape byte) byte: 0x7d (Escape byte)– 22ndnd byte: original byte (one to be escaped), but byte: original byte (one to be escaped), but

with its 6with its 6thth bit complemented bit complemented– ““66thth bit”: bits are numbered b bit”: bits are numbered b88 b b77 b b66 b b55 b b44 b b33 b b22 b b11

Max length of Info field Max length of Info field negotiable when link is negotiable when link is configured with configured with Default: 1500 bytesDefault: 1500 bytes

SequenceSequence Want to exchange network layer packets over a serial Want to exchange network layer packets over a serial

linklink– Not just IP; others like IPX are allowed tooNot just IP; others like IPX are allowed too

LCP first, to establish the linkLCP first, to establish the link– Link Control ProtocolLink Control Protocol– Configure things like the Asynchronous Control Configure things like the Asynchronous Control

Character MapCharacter Map

Next, establish network layer specific parameters Next, establish network layer specific parameters (NCP)(NCP)– Network Control ProtocolNetwork Control Protocol– IP addresses in case we want to exchange IP IP addresses in case we want to exchange IP

packetspackets

PPPPPP Protocol field: 2 octetsProtocol field: 2 octets

– identify a datagram corresponding to a identify a datagram corresponding to a specific layer 3 protocolspecific layer 3 protocol 0x0021: IP datagram0x0021: IP datagram 0x0029: Apple talk0x0029: Apple talk 0x0027: DECnet0x0027: DECnet

– identify a specific Network Control identify a specific Network Control Protocol (NCP)Protocol (NCP) 0x8021: IP Control Protocol (IPCP)0x8021: IP Control Protocol (IPCP)

– Link Control Protocol packetsLink Control Protocol packets 0xC0210xC021

PPP Phase diagram (RFC PPP Phase diagram (RFC 1661) 1661)

Link layer: PPPLink layer: PPP To establish a PPP link?To establish a PPP link?

– Link control data packets must be exchangedLink control data packets must be exchanged

Typical use: to reduce overheadTypical use: to reduce overhead

Omit the Address and Control fields in the PPP Omit the Address and Control fields in the PPP frameframe

– ““pppd” must be running at the receiverpppd” must be running at the receiver

RFC 1548: RFC 1548: Encapsulation and LCPEncapsulation and LCP

RFC 1322: RFC 1322: NCP for IPNCP for IP

LCPLCP When the link is down how to start it back?When the link is down how to start it back? Look for someway to start Look for someway to start

– Clock signal ? Recover this; although Clock signal ? Recover this; although provisional provisional

Start with a PPP Configure-RequestsStart with a PPP Configure-Requests The far end can respond with PPP Configure-The far end can respond with PPP Configure-

AckAck Negotiate Link parameters Negotiate Link parameters

– FCS – 16 bits (default), 32 bits or nullFCS – 16 bits (default), 32 bits or null– Magic numberMagic number– Callback – billing and securityCallback – billing and security

Maintain the link – LCP echo – Requests Maintain the link – LCP echo – Requests

NCP NCP IPCP – IP Control Protocol IPCP – IP Control Protocol Specifies a number of configuration Specifies a number of configuration

options distinguished with a type options distinguished with a type – 1. IP-addresses1. IP-addresses– 2. IP-Compression-Protocol2. IP-Compression-Protocol– 3. IP-address3. IP-address– 4. Mobile-IPv44. Mobile-IPv4– 129. Primary DNS server address129. Primary DNS server address– 130. Primary NBNS server address130. Primary NBNS server address– 131. Secondary DNS server address131. Secondary DNS server address– 132. Secondary NBNS server address132. Secondary NBNS server address

Link layer: PPPLink layer: PPP

– After the link has been established, After the link has been established, network control data packets must be network control data packets must be exchanged exchanged

Typical use: to obtain and indicate the IP Typical use: to obtain and indicate the IP address of each end dynamicallyaddress of each end dynamically

Typical use: to achieve TCP and IP header Typical use: to achieve TCP and IP header compression (van Jacobson compression)compression (van Jacobson compression)

Option negotiationOption negotiation

Options sent by one side are “offered” by the Options sent by one side are “offered” by the sendersender

– Option may be accepted by the peer, or notOption may be accepted by the peer, or not

Examples of options:Examples of options:

– Asynchronous control character mapAsynchronous control character map

– Magic numberMagic number

Option exampleOption example Option: Option: Async control character map (4 octets)Async control character map (4 octets)

– Negotiating control character transparency on Negotiating control character transparency on an asynchronous linkan asynchronous link

Control characters: ASCII control characters Control characters: ASCII control characters (decimal 0 through 31)(decimal 0 through 31)

The character mapThe character map– If position If position j j (0 <= (0 <= j j <=31) has a 0, then the <=31) has a 0, then the

character corresponding to decimal character corresponding to decimal j j can be can be sent in the clearsent in the clear

– Else, it must be mappedElse, it must be mapped

Option exampleOption example

Magic numberMagic number

To detect “looped back” linkTo detect “looped back” link

Idea:Idea:

– Choose the magic number randomlyChoose the magic number randomly

– If the received magic number is distinct from If the received magic number is distinct from the last magic number sent to the peer, then the last magic number sent to the peer, then the link is not looped backthe link is not looped back