CHAPTER 23Support Protocols:ARP, DHCP, NAT & ICMP

CECS 474 Computer Network Interoperability

Notes for Douglas E. Comer, Computer Networks and Internets (5th Edition)

Tracy Bradley Maples, Ph.D.Computer Engineering & Computer ScienceCalifornia State University, Long Beach

PART 1: ARP (Address Resolution Protocol) 

Notes: • Hardware only recognizes MAC addresses• Layers 3-5 only uses IP addresses

 As a result: Software is needed to perform translation between IP addresses and MAC addresses. This software is part of the network interface.

The process is known as address resolution. (A protocol address is said to be resolved to the correct hardware address.) 

"Protocol addresses are abstractions provided by software; physical network hardware does not know how to locate a computer from its protocol address. The

protocol address of the next hop must be translated to an equivalent hardware address before a packet can be sent."

--Comer

Examples:

If A sends to B => The application on A uses B's IP address as the destination address in the IP Datagram. Protocol software on A calls ARP to find B's MAC address and uses it to send the frame.

If A sends to F => An application on A uses F's IP address as the destination address in the IP Datagram. Protocol software on A cannot directly resolve F's address because F is not local. So A determines that the next hop is router R1(and has R1’s IP Address). Protocol software on A resolves R1's MAC address and uses it to send the frame. Software on R1 determines that the next hop is router R2 (and has R2’s IP Address), resolves the MAC address of R2, and uses it to send the frame. R2 receives the packet, determines the destination F is attached locally, resolves the MAC address of F, and uses it to send the packet.

ARP (Cont’d)Address Resolution Address resolution is local to a network. That is, a computer can resolve the address of another computer only if both computers are attached to the same physical network.

ARP (Cont’d): Address Resolution with Message Exchange Message exchange is a distributed approach where a computer that needs to resolve an address sends a message to a remote machine. Typically: Message-exchange is the address resolution method used on LAN hardware. The TCP/IP protocol suite includes an Address Resolution Protocol (ARP) to standardize the formats and meanings of messages. Two types of ARP messages:

• request -- contains an IP address and requests the hardware address.• response -- contains both the IP address and the hardware address (i.e., resolves

the IP address to a MAC Address).

ARP (Cont’d): ARP Message Delivery ARP specifies that the ARP request should be:

• placed in a hardware frame• broadcast to all computers on the network• each computer should receive and examine the IP address• the computer mentioned in the request sends a response, the others discard

the request without a response. (Note: the response is sent as a unicast, not a broadcast.)

Figure: An ARP message exchange. (a) Computer W begins to broadcast an ARP request that contains computer Y's IP address.(b) All computers receive the request. (c) Computer Y sends a response directly to W.

ARP (Cont’d): ARP Message Format Generality: ARP is designed to work with any IP address size and any MAC address size.

Difficulty: An ARP message must contain a MAC (hardware) address. Although most MAC addresses are 48-bits, not all are.  Solution:

• Use a fixed-size field at the beginning of the message to specify the size of the address. • To increase the generality of ARP, an address length field is included for the IP addresses as well.  

ARP (Cont’d): ARP Message Format

While ARP can be used to bind an arbitrary high-level address to an arbitrary hardware address, it is almost always used to bind a 32-bit IP address to a 48-bit Ethernet or WiFi address.

ARP (Cont’d): Sending an ARP Message ARP messages is transmitted in a hardware frame.  The ARP message is treated as the data being transported (i.e., the network hardware does not know anything about the ARP message). We say, “The ARP message is encapsulated in the hardware frame.”

ARP (Cont’d): Identifying ARP Frames A computer knows that an incoming frame contains an ARP message using the type field in the frame header. Example: In the Ethernet standard, a frame containing an ARP packet must contain the hex value 0x806.

Caching ARP Responses • ARP software extracts and saves information from a response so that it can be used

in subsequent packets.• ARP software maintains a small table of bindings in memory to be used as a cache.

 ARP (Cont’d): Processing an Incoming ARP Message 

When an ARP message arrives, the receiver must:

1) Extract the sender's address binding, and checks to see if it is in the cache. If it is, it uses the incoming ARP message to replace the previously stored binding. 2) The receiver examines the OPERATION field to determine whether the message is a response or a request.

• If it is a response, the receiver is waiting for a binding, so the binding is extracted, cached, and used to send a packet.

• If it is a request, the receiver compares the TARGET PADDR with the local protocol address. If the two are identical, the computer issues a response (i.e., the receiver sends the binding of it’s IP address and MAC address).

 ARP Optimization:

- Computers use the ARP messages to keep their caches’ current. See (1) above.- After a computer replies to an ARP request, it extracts the sender's address binding

and adds it to the binding cache.

ARP (Cont’d): Layering, Address Resolution, Protocol Addresses Address resolution takes place in the Network Interface Layer. Conceptual Boundary: Higher protocol layers and applications use only protocol addresses not physical addresses.

PART 2: DHCP (Dynamic Host Configuration Protocol)  Defn: DHCP (Dynamic Host Configuration Protocol) is a protocol designed to enable individual computers on an IP network to obtain their network configurations from a server. • The DHCP server assigns the address.

• Without DHCP, the IP address must be assigned individually and then entered manually at each computer system.

• With DHCP, the system automatically obtains an IP address from the server during the boot-up process, requiring no intervention on the part of either ITS or the user (once the user configures their computer to use DHCP).

DHCP (Cont’d): Advantages of DHCP 1. Eliminates the need for manual client configuration  Manually assigning client IP addresses is complicated because many network enabled devices are mobile. These devices are frequently moved from one network to another. 2. Efficient utilization of IP Address space  Each computer is assigned its configuration from a "pool" of available IP addresses for a specific time period (a lease period), meaning no IP addresses are wasted.  3. Ease of changing network parameters

 Major network resource changes requires only the DHCP server be updated with the new information, rather than every system.  4. Host mobility is enabled  DHCP provides the capability for a client to connect to any subnet that has DHCP without changing the setup. Thus, users with laptops can easily rove campus without having to ever modify their network configuration if using DHCP.  5. Immediate and automatic address assignment  IP addresses are assigned by the DHCP server automatically, without the need for manual intervention.

DHCP (Cont’d): How DHCP Works… DHCP assigns a number automatically based on a defined range of numbers (i.e., a scope) that belongs to a network.  DHCP assigns a TCP/IP address when a system is started.

DHCP Operation:• A user turns on a machine with a DHCP client.• The machine goes to the router and looks for a DHCP helper address.• The router directs the machine to the correct DHCP server.• The client sends a DHCP REQUEST packet.• The server sends a DHCP OFFER packet.• The client sends a DHCP ACK packet.• The server assigns an IP number according to the scope range defined on the server.

PART 3: NAT (Network Address Translation) With IPv4, every computer using the Internet needs a unique IP address of the form X.X.X.X (where each X is a number from 0 to 255).

Due to the limited number of IPv4 addresses, there is a need for Private Networks with IP addresses that are private and not valid on the Internet.

To fill this need, there are certain addresses (10.X.X.X and 192.168.X.X) that have been designated for use on these Private Networks that are not part of the Internet.

No computer directly attached to the public Internet is allowed to have these addresses.

When such a network wants to communicate with the Internet it does it though a NAT Router (or NAT Gateway).

NAT (Cont’d): Overloading  Defn: NAT overloading allows a single public IP address to be shared among multiple private IP addresses. The Overloading Process

Initially: • The company sets up a NAT-enabled router. The router has one unique IP

address allocated by the ISP.• An internal network is set up with private local IP addresses that are not

allocated by an ISP. (Usually, 192.168.X.X or 10.X.X.X)

NAT (Cont’d)

Outgoing traffic during NAT operation:• A computer on the internal network attempts to connect to a computer outside the

network, such as a Web server.• The router receives the packet from the internal network.• The router saves the computer's private IP address and port number to an address

translation table. The router replaces the sending computer's non-routable IP address with the router's IP address. The router replaces the sending computer's source port with the [bogus] port number in the address translation table.

• The translation table now has a mapping of the computer's non-routable IP address and port number along with the router's IP address.

NAT (Cont’d)

Incomming traffic during NAT operation:

• When a packet comes in from a destination computer, the router extracts the destination port on the packet. It finds the address in the address translation table. It changes the destination address and destination port to the ones saved in the address translation table and the packet onto the local network.

• The computer receives the packet from the router• Since the NAT router now has the computer's source address and source port saved

to the address translation table, it will continue to use that same port number for the duration of the connection. The entries in the address translation table time out.

Example: A Sample NAT Address Translation Table

PART 4: ICMP (Internet Control Message Protocol) • IP defines a best-effort communication service: datagrams can be lost, duplicated,

delayed, or delivered out of order.• To achieve best-effort service, IP attempts to avoid errors and to report problems

when they occur.• IP includes a companion protocol, called ICMP, it is used to report errors back to the

original source.• IP and ICMP are co-dependent

IP depends on ICMP to report errors ICMP uses IP to carry error messages

Many ICMP messages have been defined.

Here are a few:

ICMP (cont’d)

Examples of error detection in IP: ChecksumWhen a host creates an IP datagram, it includes a checksum that covers the entire header. When a datagram is received, the checksum is verified to ensure that the header arrived intact. TIME TO LIVE Field TTL is used to prevent a datagram from circulating forever.When the TTL reaches zero, the datagram is dropped and an error message is generated.

ICMP contains two message types:1. Messages to report errors2. Messages to obtain information