ARP and RARP Address Translation

ARP, due to its apparent simplicity, is a rather overlooked concept, and sometimes its effect on the well being of network infrastructures is underestimated.

For a good understanding of network dynamics, it is also mandatory to understand the timers involved with regard to ARP and switch table entries and their lifetime. ARP table entries have a lifetime in the range of minutes up to tens of minutes, depending on the operating system under discussion.

1. The program passed Tom's typed text in a buffer, to the socket.
2. The data was put inside a TCP data packet with a TCP header added to the data. This header contained a source and destination port number along with some other information and a checksum.
3. The TCP packet was be placed inside an IP data packet with a source and destination IP address along with some other data for network management.
4. The IP data packet was placed inside an ethernet data packet. This data packet includes the destination and source address of the network interface cards (NIC) on the two computers. The address here is the hardware address of the respective cards and is called the MAC address.
5. The ethernet packet was transmitted over the network line.
6. With a direct connection between the two computers, the network interface card on the intended machine, recognized its address and grabbed the data.
7. The IP data packet was extracted from the ethernet data packet.
8. The TCP data packet was extracted from the IP data packet.
9. The data was extracted from the TCP packet and the program displayed the retrieved data (text) in the text display window for the intended recipient to read.

In step 4 above, the IP data was going to be placed inside an ethernet data packet, but the computer constructing the packet does not have the ethernet address of the recipient's computer. The computer that is sending the data, in order to create the ethernet part of the packet, must get the ethernet hardware (MAC) address of the computer with the intended IP address. This must be accomplished before the ethernet packet can be constructed. The ethernet device driver software on the receiving computer is not programmed to look at IP addresses encased in the ethernet packet. If it did, the protocols could not be independent and changes to one would affect the other. This is where address resolution protocol (ARP) is used. Tom's computer sends a network broadcast asking the computer that has the recipient's IP address to send it's ethernet address. This is done by broadcasting. The ethernet destination is set with all bits on so all ethernet cards on the network will receive the data packet. The ARP message consists of an ethernet header and ARP packet. The ethernet header contains:

1. A 6 byte ethernet destination address.
2. A 6 byte ethernet source address.
3. A 2 byte frame type. The frame type is 0806 hexadecimal for ARP and 8035 for RARP

The encapsulated ARP data packet contains the following:

1. Type of hardware address (2 bytes). 1=ethernet.
2. Type of protocol address being mapped( 2 bytes). 0800H (hexadecimal) = IP address.
3. Byte size of the hardware address (1 byte). 6
4. Byte size of the protocol address (1 byte). 4
5. Type of operation. 1 = ARP request, 2=ARP reply, 3=RARP request, 4=RARP reply.
6. The sender's ethernet address (6 bytes)
7. The sender's IP address (4 bytes)
8. The recipient's ethernet address (6 bytes)
9. The recipient's IP address (4 bytes)

When the ARP reply is sent, the recipient's ethernet address is left blank.

In order to increase the efficiency of the network and not tie up bandwidth doing ARP broadcasting, each computer keeps a table of IP addresses and matching ethernet addresses in memory. This is called ARP cache. Before sending a broadcast, the sending computer will check to see if the information is in it's ARP cache. If it is it will complete the ethernet data packet without an ARP broadcast. Each entry normally lasts 20 minutes after it is created. RFC 1122 specifies that it should be possible to configure the ARP cache timeout value on the host. To examine the cache on a Windows, UNIX, or Linux computer type "arp -a".

If the receiving host is on another network, the sending computer will go through its route table and determine the correct router (A router should be between two or more networks) to send to, and it will substitute the ethernet address of the router in the ethernet message. The encased IP address will still have the intended IP address. When the router gets the message, it looks at the IP data to tell where to send the data next. If the recipient is on a network the router is connected to, it will do the ARP resolution either using it's ARP buffer cache or broadcasting.

Reverse Address Resolution Protocol (RARP)

As mentioned earlier, reverse address resolution protocol (RARP) is used for diskless computers to determine their IP address using the network. The RARP message format is very similar to the ARP format. When the booting computer sends the broadcast ARP request, it places its own hardware address in both the sending and receiving fields in the encapsulated ARP data packet. The RARP server will fill in the correct sending and receiving IP addresses in its response to the message. This way the booting computer will know its IP address when it gets the message from the RARP server.