Address Resolution Protocol
From Wikipedia, the free encyclopedia
In computer networking, the Address Resolution Protocol (ARP) is the method for finding a host's hardware address when only its Network Layer address is known. ARP is defined in RFC 826.[1] It is a current Internet Standard (STD 37).
ARP is not an IP-only or Ethernet-only protocol; it can be used to resolve many different network-layer protocol addresses to hardware addresses, although, due to the overwhelming prevalence of IPv4 and Ethernet, ARP is primarily used to translate IP addresses to Ethernet MAC addresses. It is also used for IP over other LAN technologies, such as Token Ring, FDDI, or IEEE 802.11, and for IP over ATM.
For IPv6 ARP's functionality is provided by the Neighbor Discovery Protocol (NDP).
Contents
[edit] Operating Scope
ARP is a Link Layer protocol and as such it only operates on the local area network segment or point-to-point link that a host is connected to.
[edit] Packet structure
The following is the packet structure used for ARP requests and replies. On Ethernet networks, these packets use an EtherType of 0x0806, and are sent to the broadcast MAC address of FF:FF:FF:FF:FF:FF. Note that the EtherType (0x0806) is used in the Ethernet header, and should not be used as the PTYPE of the ARP packet. The ARP type (0x0806) should never be used in the PTYPE field of an ARP packet, since we never want to link a hardware protocol address to the ARP protocol. Note that the packet structure shown in the table has SHA, SPA, THA, & TPA as 32-bit words but this is just for convenience — their actual lengths are determined by the hardware & protocol length fields.
- Hardware type (HTYPE)
- Each data link layer protocol is assigned a number used in this field. For example, Ethernet is 1.
- Protocol type (PTYPE)
- Each protocol is assigned a number used in this field. For example, IP is 0x0800.
- Hardware length (HLEN)
- Length in bytes of a hardware address. Ethernet addresses are 6 bytes long.
- Protocol length (PLEN)
- Length in bytes of a logical address. IPv4 address are 4 bytes long.
- Operation
- Specifies the operation the sender is performing: 1 for request, and 2 for reply.
- Sender hardware address (SHA)
- Hardware address of the sender.
- Sender protocol address (SPA)
- Protocol address of the sender.
- Target hardware address (THA)
- Hardware address of the intended receiver. This field is ignored in requests.
- Target protocol address (TPA)
- Protocol address of the intended receiver.
[edit] Example request
If a host with IPv4 address of 10.10.10.123 (0A.0A.0A.7B in hexadecimal notation) and MAC address of 00:09:58:D8:11:22 wants to send a packet to another host at 10.10.10.140 (0A.0A.0A.8C in hexadecimal notation) but it does not know the MAC address, then it must send an ARP request to discover the address. The packet shown shows that it would be broadcast over the local network because it uses destination MAC address as FF:FF:FF:FF:FF:FF.
[edit] Example reply
Given the scenario laid out in the request section, if the host 10.10.10.140 is running and available, then it would receive the ARP request and send a reply packet as shown below. (This reply assumes that the host 10.10.10.140 has a MAC address of 00:09:58:D8:33:AA.) Note that the sender and target address blocks have been swapped (the sender of the reply is the target of the request; the target of the reply is the sender of the request). Furthermore, the host 10.10.10.140 has filled in its MAC address in the sender hardware address.
Any hosts on the same network as these two hosts would also see the request (since it is a broadcast) so they are able to cache information about the source of the request. The ARP reply (if any) is directed only to the originator of the request so information in the ARP reply is not available to other hosts on the same network.
[edit] ARP Announcements
An ARP announcement (also known as "Gratuitous ARP") is a packet (usually an ARP Request [2]) containing a valid SHA and SPA for the host which sent it, with TPA equal to SPA. Such a request is not intended to solicit a reply, but merely updates the ARP caches of other hosts which receive the packet.
This is commonly done by many operating systems on startup, and helps to resolve problems which would otherwise occur if, for example, a network card had recently been changed (changing the IP-address-to-MAC-address mapping) and other hosts still had the old mapping in their ARP caches.
G-ARP is also used by some drivers to ensure load balancing on incoming traffic. In a team of network cards, G-ARP is used to announce a different MAC address in the team to receive incoming packets.
ARP announcements are also used to defend link-local IP addresses in the (Zeroconf) protocol (RFC 3927), and for IP address takeover within high-availability clusters.
[edit] ARP Probe
This term is used in the "IPv4 Address Conflict Detection" specification (RFC 5227). Before beginning to use an IPv4 address (whether received from manual configuration, DHCP, or some other means), a host implementing this specification MUST test to see if the address is already in use, by broadcasting ARP probe packets. An ARP Request constructed with an all-zero 'sender IP address' is referred to as an "ARP Probe".
[edit] ARP mediation
ARP mediation refers to the process of resolving Layer 2 addresses when different resolution protocols are used on either circuit, e.g. ATM on one end and Ethernet on the others.
[edit] Variants of the protocol
ARP has also been adapted to resolve other kinds of Layer 2 addresses; for example, ATMARP is used to resolve ATM NSAP addresses in the Classical IP over ATM protocol.
[edit] Inverse ARP and Reverse ARP
The Inverse Address Resolution Protocol, also known as Inverse ARP or InARP, is a protocol used for obtaining Layer 3 addresses (e.g. IP addresses) of other stations from Layer 2 addresses (e.g. the DLCI in Frame Relay networks). It is primarily used in Frame Relay and ATM networks, where Layer 2 addresses of virtual circuits are sometimes obtained from Layer 2 signaling, and the corresponding Layer 3 addresses must be available before these virtual circuits can be used.
ARP translates Layer 3 addresses to Layer 2 addresses, therefore InARP can be viewed as its inverse. In addition, InARP is actually implemented as an extension to ARP. The packet formats are the same; only the operation code and the filled fields differ.
Reverse ARP (RARP), like InARP, also translates Layer 2 addresses to Layer 3 addresses. However, RARP is used to obtain the Layer 3 address of the requesting station itself, while in InARP the requesting station is querying the Layer 3 address of another node. RARP has been obsoleted by BOOTP which itself has been superseded by the Dynamic Host Configuration Protocol (DHCP).
[edit] See also
[edit] References
[edit] External links
This article was originally based on material from the Free On-line Dictionary of Computing, which is licensed under the GFDL.
