ARPARP
“Protocol address”
Ex: IP address
“Hardware address”
Ex: Ethernet address
RFC 826
ARPARP
D.A S.A Type CRC
ARP
Sender h/w
Senderproto
Target h/w
Targetproto
ARP headerARP header
Hardware type (2 octets)Hardware type (2 octets)– Value =1 for Value =1 for EthernetEthernet
Protocol type (2 octets)Protocol type (2 octets)– Value = 0x0800 for Value = 0x0800 for IPIP
Hardware address size in bytes (1 octet)Hardware address size in bytes (1 octet)– Value = 6 for Value = 6 for EthernetEthernet
Protocol address size in bytes (1 octet)Protocol address size in bytes (1 octet)– Value = 4 for Value = 4 for IPIP
ARP headerARP header
OpcodeOpcode
– ARP ARP requestrequest
– ARP ARP replyreply
– RARP requestRARP request
– RARP replyRARP reply
ObservationsObservations
ARP: ARP: dynamic dynamic mapping between any layer mapping between any layer 3 and layer 2 protocol3 and layer 2 protocol
ARP is not required on a point-to-point linkARP is not required on a point-to-point link
ARP requests broadcast, replies unicastARP requests broadcast, replies unicast
ARP requests/replies are short ARP requests/replies are short padding padding required in Ethernetrequired in Ethernet
ObservationsObservations
Gratuitous ARPGratuitous ARP
A machine asks for the hardware address A machine asks for the hardware address corresponding to its corresponding to its own own IP addressIP address
Normally seen at bootstrap timeNormally seen at bootstrap time– To catch misconfigured machinesTo catch misconfigured machines– Two machines with the same IP addressTwo machines with the same IP address
ARP cacheARP cache
Before issuing an ARP request, a machine Before issuing an ARP request, a machine always checks its always checks its ARP cacheARP cache to see if the to see if the desired hardware address is present desired hardware address is present
If no such address mapping is found, then If no such address mapping is found, then the ARP request is issuedthe ARP request is issued
Timeout for cache entriesTimeout for cache entries
arp –a arp –a shows all the shows all the ARP cacheARP cache entries entries
.13.65.13.66
.13.35 .13.33 .13.34
Ethernet
ABCD
PPP
R
X140.252.1.52 / 24
140.252.1.29 / 24
X has a pkt for B (140.252.1.29)What happens?
140.252.1.183 / 24
.13.65.13.66
.13.35 .13.33 .13.34
Ethernet
ABCD
PPP
R
X140.252.1.52 / 16
140.252.1.29 / 24
X has a pkt for B (140.252.1.29)What happens?
140.252.1.183 / 24
.13.65.13.66
.13.35 .13.33 .13.34
Ethernet
ABCD
PPP
R
X140.252.1.52 / 16
140.252.2.29 / 24
X has a pkt for B (140.252.1.29)What happens?
140.252.1.183 / 24
ARPARP
X sends an ARP request for IP X sends an ARP request for IP 140.252.1.29140.252.1.29
Router R receives itRouter R receives it
If If Proxy ARPProxy ARP is set up on R, then R is set up on R, then R replies to the ARP request with its own replies to the ARP request with its own hardware address (interface IP hardware address (interface IP 140.252.1.183)140.252.1.183)
Proxying for the interface 140.252.1.29Proxying for the interface 140.252.1.29
Gratuitous ARPGratuitous ARP Sender generates a request to inform the Sender generates a request to inform the
receivers about some informationreceivers about some information– Change in L2 addressChange in L2 address
– Duplicate address detectionDuplicate address detection
– Virtual IPVirtual IP Allow failover in a pool of servers – if Allow failover in a pool of servers – if
heartbeat timer detects the failure heartbeat timer detects the failure Active server fails and backup takes over Active server fails and backup takes over Redundancy Redundancy
Proxy ARPProxy ARP X believes it has the hardware address of X believes it has the hardware address of
140.252.1.29 while it really has the address of 140.252.1.29 while it really has the address of 140.252.1.183140.252.1.183
MotivationMotivation
– SecuritySecurity
– All packets for these machines have to pass All packets for these machines have to pass through the router running Proxy ARP, where the through the router running Proxy ARP, where the packets can be examinedpackets can be examined
– The sender does not know that its packets are The sender does not know that its packets are passing through a machine and are being passing through a machine and are being checkedchecked
Proxy ARP Proxy ARP
Specified in RFC-1027Specified in RFC-1027
Proxy ARP is a tool to help ease the Proxy ARP is a tool to help ease the transition to a subnetted environment transition to a subnetted environment – Ex: 172.20.0.0/16 to 172.20.1.0/24Ex: 172.20.0.0/16 to 172.20.1.0/24
Not meant to be a substitute for a routing Not meant to be a substitute for a routing protocol protocol – Directly attached hosts rather than Directly attached hosts rather than
route to a destination hostroute to a destination host
Proxy ARPProxy ARP
What happens when 172.20.97.101/16 What happens when 172.20.97.101/16 wants to communicate with wants to communicate with 172.20.71.76/24?172.20.71.76/24?
172.20.1.0/24
172.20.33.0/24
172.20.35.0/24
172.20.1.0/16
172.20.71.0/24
172.20.74.0/24
172.20.32.0/24
R1 R2
Proxy ARP Proxy ARP Station on old backbone will send out an ARP Station on old backbone will send out an ARP
requestrequest Routers R1 and R2 will not forward the ARP Routers R1 and R2 will not forward the ARP
broadcastbroadcast The destination is “directly” connected to R2The destination is “directly” connected to R2 R2 sends out an ARP reply with its MAC R2 sends out an ARP reply with its MAC
addressaddress Forwarding is automatic if communication is Forwarding is automatic if communication is
initiated in the opposite directioninitiated in the opposite direction Summary – Proxy ARP useful as a “transition” Summary – Proxy ARP useful as a “transition”
from classical subnetting to explicit from classical subnetting to explicit subnetting subnetting
Required Conditions Required Conditions
Address does not belong to the same Address does not belong to the same subnet subnet
Proxy is enabledProxy is enabled– Device based (NIC) Device based (NIC)
All valid requests received on the device are All valid requests received on the device are processedprocessed
– Destination based Destination based Both the destination address and the device Both the destination address and the device
are taken for a decision ( IPv6 supports this!)are taken for a decision ( IPv6 supports this!) Host process it if proxying is enabledHost process it if proxying is enabled Forwarding is enabled on the proxy server Forwarding is enabled on the proxy server
DNATDNAT
Destination NAT ( aka Route NAT) allows a Destination NAT ( aka Route NAT) allows a host to define a dummy (NAT) addresses:host to define a dummy (NAT) addresses:– Ingress packets addressed to them are Ingress packets addressed to them are
detected by hostdetected by host– Forwarded to another addressForwarded to another address
Mainly used by Routers Mainly used by Routers – No relation to Destination NAT No relation to Destination NAT
implemented by Netfilterimplemented by Netfilter
DNATDNAT
Assume a subnet 10.0.0.0/24 Assume a subnet 10.0.0.0/24 Host 10.0.0.5 is a dummy hostHost 10.0.0.5 is a dummy host A host from the subnet wants to talk to A host from the subnet wants to talk to
this hostthis host– The real host is 10.0.1.10 The real host is 10.0.1.10
Router receives it and proxies it by Router receives it and proxies it by replying its own interfacereplying its own interface
Router proxies traffic between the Router proxies traffic between the requester and 10.0.1.10requester and 10.0.1.10
Point-to-Point Protocol Point-to-Point Protocol A non broadcast channel protocol A non broadcast channel protocol A data link layer protocol like EthernetA data link layer protocol like Ethernet
– Derived from HDLC and DDCMPDerived from HDLC and DDCMP– Offers datagram service (LLC Type 1!)Offers datagram service (LLC Type 1!)– Flag Flag indicates start and end of packetindicates start and end of packet– AddressAddress when two stations share the link when two stations share the link
HDLC uses Master and several TributariesHDLC uses Master and several Tributaries Packets are transmitted from Master to Packets are transmitted from Master to
Tributary and vice versaTributary and vice versa Tributary – Tributary is not possible. Tributary – Tributary is not possible.
PPPPPP
PPP operates over serial dial-up telephone PPP operates over serial dial-up telephone lineline– Dial up connections with 56K modemsDial up connections with 56K modems– A protocol of choice connecting home A protocol of choice connecting home
users to their ISPs users to their ISPs SONET/SDH linkSONET/SDH link X.25 connection X.25 connection ISDN circuitISDN circuitFlag AddressControl Prot Data FCS Flag
A note on LLCA note on LLC Logical Link Control – defines the fields that Logical Link Control – defines the fields that
allow multiple higher-layer protocols to share allow multiple higher-layer protocols to share the use of data linkthe use of data link
Provides additional functionality in addition to Provides additional functionality in addition to simple datagram servicesimple datagram service– LLC type 1 – datagram protocol – best effortLLC type 1 – datagram protocol – best effort
IP, IPx, Token Ring, FDDIIP, IPx, Token Ring, FDDI
– LLC type 2 – reliable connection-oriented LLC type 2 – reliable connection-oriented protocol on top of basic datagramprotocol on top of basic datagram NetBEUI, MS Lan ManagerNetBEUI, MS Lan Manager
– LLC type 3 – connectionless with acksLLC type 3 – connectionless with acks LLC is 3 Bytes long LLC is 3 Bytes long
LLC Type 1 LLC Type 1 CTL – 1 byte long and can have one of threeCTL – 1 byte long and can have one of three
– UI – unnumbered InformationUI – unnumbered Information Datagram Datagram
– XID – Exchange Identification XID – Exchange Identification Command and Response Command and Response
– Test Test Command and ResponseCommand and Response
Command and Response in XID and Test is Command and Response in XID and Test is distinguished on a one bit in SSAPdistinguished on a one bit in SSAP– G/I is replaced with command or G/I is replaced with command or
response!response!
Point-to-Point Protocol Point-to-Point Protocol
Multiplexing Multiplexing – Multiple upper layer protocols can be Multiple upper layer protocols can be
simultaneously multiplexed over the simultaneously multiplexed over the same linksame link
– A 16 bit A 16 bit Protocol Protocol field field Supports asynchronous link with 8 bits of Supports asynchronous link with 8 bits of
data and no parity data and no parity
Supports bit-oriented synchronous linksSupports bit-oriented synchronous links
PPP PPP The principal components of PPP:The principal components of PPP:
– Framing – A method to encapsulate data in Framing – A method to encapsulate data in a PPP frame, and detecting errors in a a PPP frame, and detecting errors in a frameframe Start/End of frame, Byte Stuffing, Esc Start/End of frame, Byte Stuffing, Esc
sequence, ..sequence, ..
– Link-control protocol – for initializing, Link-control protocol – for initializing, maintaining, and taking down the PPP linkmaintaining, and taking down the PPP link MTU, Skip the use of certain fields, Auth protocol MTU, Skip the use of certain fields, Auth protocol
to useto use
– Network-control protocol – A family of Network-control protocol – A family of protocols, one for each upper-layerprotocols, one for each upper-layer IP address, compression, .. IP address, compression, ..
PPP – Requirements PPP – Requirements Specified in RFC 1547Specified in RFC 1547
– Packet framingPacket framing– Transparency – PPP not to place any Transparency – PPP not to place any
constraints in data appearing in network constraints in data appearing in network layerlayer No constraints on data appearing from layer 3! No constraints on data appearing from layer 3!
– Multiple network layer protocols – multiple Multiple network layer protocols – multiple network layer protocols running at the network layer protocols running at the same timesame time Just like IP supporting many TCP and UDP flows!Just like IP supporting many TCP and UDP flows!
– Multiple types of links – Synchronous , Multiple types of links – Synchronous , Asynchronous, serial or parallel, low-speed Asynchronous, serial or parallel, low-speed or high speed , electrical or optical or high speed , electrical or optical
PPP – Requirements PPP – Requirements
– Error detectionError detection Detect errors in received frameDetect errors in received frame
– Connection liveliness – Able to detect a Connection liveliness – Able to detect a failure at the link levelfailure at the link level Inability to transfer data from sending side and Inability to transfer data from sending side and
signal this error conditionsignal this error condition
– Network layer address negotiation – learn Network layer address negotiation – learn and configure each other’s network layer-and configure each other’s network layer-addressaddress
– Simplicity – Should be a simple protocolSimplicity – Should be a simple protocol More than 50 RFCs now define various aspects More than 50 RFCs now define various aspects
of this “simple” protocolof this “simple” protocol
PPP FramePPP Frame
Flag Fixed hdr Proto Information CRC Flag
Protocol field:
IP datagram Link control protocol N/w control proto
PPP framePPP frame PPP frame inspired by HDLCPPP frame inspired by HDLC
Flag = 0x7E; indicates frame boundariesFlag = 0x7E; indicates frame boundaries
Fixed header Fixed header Address and Control fields (both Address and Control fields (both taken from HDLC)taken from HDLC)– Address: All 1-s (“All Stations” address) and thus Address: All 1-s (“All Stations” address) and thus
ARP is not needed!ARP is not needed!– Control: 0x03 (“Unnumbered Information” frame Control: 0x03 (“Unnumbered Information” frame
with “Poll/Final” bit set to 0)with “Poll/Final” bit set to 0) Both the fields are currently take only the above fixed Both the fields are currently take only the above fixed
value! value!
Escape sequenceEscape sequence Flag in “information field,” or special character Flag in “information field,” or special character
need to escapeneed to escape
Asynchronous and byte-oriented links:Asynchronous and byte-oriented links:– Replace by a 2-byte sequenceReplace by a 2-byte sequence– 11stst byte: 0x7d (Escape byte) byte: 0x7d (Escape byte)– 22ndnd byte: original byte (one to be escaped), but byte: original byte (one to be escaped), but
with its 6with its 6thth bit complemented bit complemented– ““66thth bit”: bits are numbered b bit”: bits are numbered b88 b b77 b b66 b b55 b b44 b b33 b b22 b b11
Max length of Info field Max length of Info field negotiable when link is negotiable when link is configured with configured with Default: 1500 bytesDefault: 1500 bytes
SequenceSequence Want to exchange network layer packets over a serial Want to exchange network layer packets over a serial
linklink– Not just IP; others like IPX are allowed tooNot just IP; others like IPX are allowed too
LCP first, to establish the linkLCP first, to establish the link– Link Control ProtocolLink Control Protocol– Configure things like the Asynchronous Control Configure things like the Asynchronous Control
Character MapCharacter Map
Next, establish network layer specific parameters Next, establish network layer specific parameters (NCP)(NCP)– Network Control ProtocolNetwork Control Protocol– IP addresses in case we want to exchange IP IP addresses in case we want to exchange IP
packetspackets
PPPPPP Protocol field: 2 octetsProtocol field: 2 octets
– identify a datagram corresponding to a identify a datagram corresponding to a specific layer 3 protocolspecific layer 3 protocol 0x0021: IP datagram0x0021: IP datagram 0x0029: Apple talk0x0029: Apple talk 0x0027: DECnet0x0027: DECnet
– identify a specific Network Control identify a specific Network Control Protocol (NCP)Protocol (NCP) 0x8021: IP Control Protocol (IPCP)0x8021: IP Control Protocol (IPCP)
– Link Control Protocol packetsLink Control Protocol packets 0xC0210xC021
PPP Phase diagram (RFC PPP Phase diagram (RFC 1661) 1661)
Link layer: PPPLink layer: PPP To establish a PPP link?To establish a PPP link?
– Link control data packets must be exchangedLink control data packets must be exchanged
Typical use: to reduce overheadTypical use: to reduce overhead
Omit the Address and Control fields in the PPP Omit the Address and Control fields in the PPP frameframe
– ““pppd” must be running at the receiverpppd” must be running at the receiver
RFC 1548: RFC 1548: Encapsulation and LCPEncapsulation and LCP
RFC 1322: RFC 1322: NCP for IPNCP for IP
LCPLCP When the link is down how to start it back?When the link is down how to start it back? Look for someway to start Look for someway to start
– Clock signal ? Recover this; although Clock signal ? Recover this; although provisional provisional
Start with a PPP Configure-RequestsStart with a PPP Configure-Requests The far end can respond with PPP Configure-The far end can respond with PPP Configure-
AckAck Negotiate Link parameters Negotiate Link parameters
– FCS – 16 bits (default), 32 bits or nullFCS – 16 bits (default), 32 bits or null– Magic numberMagic number– Callback – billing and securityCallback – billing and security
Maintain the link – LCP echo – Requests Maintain the link – LCP echo – Requests
NCP NCP IPCP – IP Control Protocol IPCP – IP Control Protocol Specifies a number of configuration Specifies a number of configuration
options distinguished with a type options distinguished with a type – 1. IP-addresses1. IP-addresses– 2. IP-Compression-Protocol2. IP-Compression-Protocol– 3. IP-address3. IP-address– 4. Mobile-IPv44. Mobile-IPv4– 129. Primary DNS server address129. Primary DNS server address– 130. Primary NBNS server address130. Primary NBNS server address– 131. Secondary DNS server address131. Secondary DNS server address– 132. Secondary NBNS server address132. Secondary NBNS server address
Link layer: PPPLink layer: PPP
– After the link has been established, After the link has been established, network control data packets must be network control data packets must be exchanged exchanged
Typical use: to obtain and indicate the IP Typical use: to obtain and indicate the IP address of each end dynamicallyaddress of each end dynamically
Typical use: to achieve TCP and IP header Typical use: to achieve TCP and IP header compression (van Jacobson compression)compression (van Jacobson compression)
Option negotiationOption negotiation
Options sent by one side are “offered” by the Options sent by one side are “offered” by the sendersender
– Option may be accepted by the peer, or notOption may be accepted by the peer, or not
Examples of options:Examples of options:
– Asynchronous control character mapAsynchronous control character map
– Magic numberMagic number
Option exampleOption example Option: Option: Async control character map (4 octets)Async control character map (4 octets)
– Negotiating control character transparency on Negotiating control character transparency on an asynchronous linkan asynchronous link
Control characters: ASCII control characters Control characters: ASCII control characters (decimal 0 through 31)(decimal 0 through 31)
The character mapThe character map– If position If position j j (0 <= (0 <= j j <=31) has a 0, then the <=31) has a 0, then the
character corresponding to decimal character corresponding to decimal j j can be can be sent in the clearsent in the clear
– Else, it must be mappedElse, it must be mapped
Option exampleOption example
Magic numberMagic number
To detect “looped back” linkTo detect “looped back” link
Idea:Idea:
– Choose the magic number randomlyChoose the magic number randomly
– If the received magic number is distinct from If the received magic number is distinct from the last magic number sent to the peer, then the last magic number sent to the peer, then the link is not looped backthe link is not looped back
Top Related