ARP Explained
All layer three network protocols must have a method for mapping layer three addresses to their corresponding layer two addresses (typically a MAC address) for point-to-point data transfer. In this case, point-to-point means that only two hosts are participating in the data transfer. The other options, such as point-to-multipoint (Internet television or radio broadcasting) and multipoint-to-multipoint (TCP/IP-based videoconferencing), are beyond the scope of this book.
Consider an IP host that is trying to initiate a TCP/IP application session, such as FTP with another IP host. The initiating host first checks its ARP table (a cache of known IP address/MAC address associations) to see whether it already has the correct MAC address for the destination IP address:
If it does have the correct address, the IP datagram containing the FTP session initiation request is encapsulated into a layer two frame. The correct MAC address is inserted into the destination MAC address field of the layer two frame, and the frame is forwarded.
If the host does not have the required MAC address, its TCP/IP protocol stack takes one of two actions, depending on how the vendor that created the stack implemented the ARP function:
Queues the FTP session initiation request while it sends an ARP and resumes sending the request after the required MAC address has been determined.
Drops the FTP session initiation request while it sends an ARP. It assumes that another FTP session initiation request will be sent after the first one times out. After the required MAC address has been determined, the next FTP session initiation request is forwarded.
A thorough discussion of ARP and the issues surrounding it is beyond the scope of this book. IP addresses must be mapped to layer two addresses for every type of network capable of carrying IP datagrams: Token Ring, FDDI, Ethernet, ISDN, ATM, and PPP, for example. Some use similar mapping methods, whereas others have their own unique methods.
I hope that by presenting a general introduction to ARP, as well as supplying a common problem ARP has when faced with different LAN media, you will understand that ARP is a crucial function. Its behavior must be understood for all media types before IP can be implemented successfully. The common problem ARP has is presented in the next section.
Translating Bridges and ARP Frames
A translational bridge converts the frame fields from Token Ring to Ethernet II or 802.3. It also handles the bit ordering (MSB versus LSB) problem. However, unless the bridge has special functionality built into it, IP hosts on the bridge's Token Ring still cannot communicate with IP hosts on the bridge's Ethernet interface. This is because the Address Resolution Protocol (ARP) (RFC 826) that IP uses to map layer two addresses to layer three addresses transmits MAC address information in fields higher than layer two. These fields do not normally get bit swapped when a layer two frame is translated between different media by a translating bridge. See Figure 7-3 for an example of an ARP frame.
Note
Cisco routers do not transitionally bridge IP between media that use different bit ordering and frame formats. Cisco switches such as the catalyst 5xxx series can do this.
ARP in Action
When a host running IP needs to determine the layer two address (MAC) for a layer three (IP) address, it sends out an ARP request. In Figure 7-3, the Operation field would be set to the hex number indicating an ARP request. If the target host responded with an ARP reply, the target's layer two (MAC) address would appear in two places in the reply: in the layer two frame's Source Address (SA) field and in the ARP reply's Hardware Address of Source Station field.
Figure 7-3. An ARP fframe.
The host that sent the request and receives the reply determines the target host's layer two (MAC) address from the ARP reply's Source Hardware Address field, not the layer two frame's Source Address (SA) field. As long as the two addresses are the same, this doesn't cause a problem. See Figure 7-4.
Figure 7-4. An ARP request.
Note
It is important to note that ARP packets are not IP packets. They have an Ethertype (protocol identification code) of their own: 0806h. ARP packets do not cross routers. They will, however, cross a bridge.
Look at the ARP structure in Figure 7-4. Notice that it has the hardware address (MAC address) and protocol address (IP) of the sending station. It has fields for the same information for the destination station.
When an IP host sends an ARP request to another IP host in order to determine its MAC address, the source information is that of the sending station. The field for the hardware address of the destination station is typically set to all 0s. The field for the protocol (IP) address of the destination station is set to the IP address of the host whose layer two (MAC) address is being sought.
Another important point is that the layer two destination (MAC) address in the frame itself is set to the broadcast address FFFF.FFFF.FFFF.FFFF (all 1s). This causes every station on the network to receive the ARP and check whether the protocol (IP) address of the destination station matches its own address. If it does match, the receiving host responds. If it doesn't match, it ignores the ARP.
If a host decides to respond to an ARP, it uses the MAC address received in the hardware address of the ARP's source station field as the layer two destination MAC address for the ARP response. The host then inserts its hardware (MAC) address and its protocol (IP) address as the source information in the ARP response. The host inserts its MAC address in the layer two frame's source address MAC field. Finally, it sends the layer two frame to the station that sent the ARP request. See Figure 7-5.
The station sending the ARP reply derives the destination address for that reply using the hardware address of the source station from the ARP request's data portion. This means that the address used in the destination layer two MAC address is in MSB format on the Ethernet side of the bridge. The bridge bit swaps this address to the LSB format as it translates the frame to Token Ring.
Figure 7-5 shows that the destination MAC address on the Token Ring is incorrect. The IP hosts will not receive this frame. No IP connectivity will be possible.
Figure 7-5. The destination MAC address for the ARP Rresponse on the token ring is incorrect.
Vendor-Specific Solutions to ARP
Some vendors offer the capability to translate the information in the hardware address fields in ARP requests and ARP replies. This solution allows systems to communicate on media that use different bit transmission orders. See Figure 7-6.
In Figure 7-6, the bridge has pre-swapped the hardware addresses. The hosts think they are using the correct MAC addresses when they transmit their IP packets, but they are using the opposite versions. However, the bridge bit swaps the MAC addresses to the correct versions and thus makes connectivity possible.
Figure 7-6. Bridge pre-swapping bits.
In Figure 7-7, you can see an FTP session initiate a request that is received by the host on the Ethernet.
Figure 7-7. IP connectivity works bits.
Static ARPs
Another solution when the bridges do not support IP ARP bit swapping is to implement static ARPs on the IP hosts. However, this can be a tremendous administrative burden in a large network.
The remainder of this section shows how to configure and delete a static ARP in Windows 95.
Displaying the Parameters of the ARP.EXE Command
To display the parameters of the ARP.EXE command, enter arp at the DOS command prompt:
C:>arp
Displays and modifies the IP-to-Physical address translation tables used by
address resolution protocol (ARP).
ARP -s inet_addr eth_addr [if_addr]
ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr]
-a Displays current ARP entries by interrogating the current
protocol data. If inet_addr is specified, the IP and Physical
addresses for only the specified computer are displayed. If
more than one network interface uses ARP, entries for each ARP
table are displayed.
-g Same as -a.
inet_addr Specifies an internet address.
-N if_addr Displays the ARP entries for the network interface specified
by if_addr.
-d Deletes the host specified by inet_addr.
-s Adds the host and associates the Internet address inet_addr
with the Physical address eth_addr. The Physical address is
given as 6 hexadecimal bytes separated by hyphens. The entry
is permanent.
eth_addr Specifies a physical address.
if_addr If present, this specifies the Internet address of the
interface whose address translation table should be modified.
If not present, the first applicable interface will be used.
C:>
Displaying the Current ARP Entries
To display the current ARP entries, enter arp -a at the DOS command prompt:
C:>arp -a
Interface: 171.68.16.69
Internet Address Physical Address Type
171.68.16.65 00-00-0c-32-93-95 dynamic
C:>
How to Create a Static ARP Entry and Display It
To create a static ARP entry and display it, enter the following command at a DOS prompt:
C:>arp -s 171.68.16.67 02-00-0c-00-08-00 171.68.16.69
C:>arp -a
Interface: 171.68.16.69
Internet Address Physical Address Type
171.68.16.65 00-00-0c-32-93-95 dynamic
171.68.16.67 02-00-0c-00-08-00 static
Deleting Static ARP Entries
The following output shows how to delete a static ARP entry and how to show that it has been deleted:
C:>arp -d 171.68.16.67
C:>arp -a
Interface: 171.68.16.69
Internet Address Physical Address Type
171.68.16.65 00-00-0c-32-93-95 dynamic
C:>
If the static ARPs you create do not reappear after the PC is restarted, you need to create a batch file or script containing the required commands and run it every time the system starts. Consult your Windows 95 documentation for instructions on this procedure.