ARP
Basics
- Address Resolution Protocol (ARP) is a protocol for mapping an IP address to a physical machine address(MAC).
ARP Header
Hardware type (Ethernet = 1) | |||||||||||||||
Protocol type (IPv4 = 0x0800) | |||||||||||||||
Hardware address length (Ethernet size is 6) | Protocol address length (IPv4 size is 4.) | ||||||||||||||
Operation ( 1 for request; 2 for reply) | |||||||||||||||
Sender MAC Address | |||||||||||||||
Sender IP Address | |||||||||||||||
Target MAC Address | |||||||||||||||
Target IP Address |
RARP
- Rendered obsolete by BOOTP & DHCP
- Both support a much greater feature set than RARP
- RARP was limited to serving only IP addresses
Gratuitous ARP
- Sender IP Address and Target IP Address are both same as the Source IP address
- Destination MAC in Ethernet frame is the broadcast address ff:ff:ff:ff:ff:ff.
- Usually no reply packet will come.
- A gratuitous ARP reply is a reply to which no request has been made.
- GARP can be useful for following reasons
- It can help detect IP conflicts.
- It assist in the updating of other machines' ARP tables.
- It inform switches of the MAC address of the machine on a given switch port.
- If a Link goes up, Driver for interface will send a gratuitous ARP to update ARP tables of all other local hosts.
- If we see multiple GARPs from the same host frequently, it may point to bad Ethernet hardware/cabling.
Proxy ARP
- ARP was designed to be used by devices that are directly connected on a local network.
- ARP relies on broadcasts which are not propagated beyond a Router.
- Therefore ARP cannot function between devices on different physical networks.
- When such operation is required, a router, can be configured as an ARP proxy to respond to ARP requests on the behalf of a device on a different network.
- Scenario
- Here SRX interface ge-0/0/0.0 has IP address 1.1.1.1/24.
- The Router in ISP (not shown) needs to send a packet to the Destination IP address 1.1.1.2.
- It will send an ARP Request for the IP address 1.1.1.2.
- If Proxy ARP is not configured on the SRX, it will not reply to the ARP Request as it does not have the IP address configured on the interface ge-0/0/0.0.
- The ARP request will timeout and the packet will be dropped at the router.
- If Proxy ARP is configured on interface ge-0/0/0.0 for the IP 1.1.1.2, then when the router sends a ARP Request out for the IP address 1.1.1.2, the SRX will respond to the ARP Request.
- Then the router will be able to send the packet to the Destination IP address 1.1.1.2 for the MAC address of the SRX.
- Configuration
Identify the address & IP address for which the Proxy ARP is needed:
Address: 1.1.1.2 Interface: ge-0/0/0.0
Proxy ARP command for SRX is:
set security nat proxy-arp interface ge-0/0/0.0 address 1.1.1.2/32
- Disadvantages
- Complexity
- If more than one router connects two physical networks using the same network ID, problems may arise.
- Introduces potential security risks as router “impersonates” devices
For these reasons, it may be better to redesign the network so routing is done between physical networks separated by a router.
Inverse ARP
- Used in Frame Relay.
Packet Captures
{{#widget:DISQUS |id=networkm |uniqid=ARP |url=https://aman.awiki.org/wiki/ARP }}