Address Resolution Protocol (ARP)

TCP/IP Protocol Suite 1

Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
 8-1 ADDRESS MAPPING

Delivery of a packet to a host or a router requires two levels of addressing:

logical and physical.

Need to map a logical address to its corresponding physical address and

vice versa.

These can be done using either static or dynamic mapping.

TCP/IP Protocol Suite 2

 Static Mapping

Creating a table that associates a logical address with a physical address.

This has some limitations because physical addresses may change.

• A machine could change its NIC, resulting in a new physical address.

• In some LANs, such as LocalTalk, the physical address changes every time
the computer is turned on.

To implement these changes, a static mapping table must be updated

periodically.

TCP/IP Protocol Suite 3

 Dynamic Mapping

Each time a machine knows the logical address of another machine, it can use a
protocol to find the physical address.

Two protocols have been designed to perform dynamic mapping:

Address Resolution Protocol (ARP)
Reverse Address Resolution Protocol (RARP).

ARP maps a logical address to a physical address;

RARP maps a physical address to a logical address.

TCP/IP Protocol Suite 4

 8-2 ADDRESS MAPPING

Anytime a host or a router has an IP datagram to send to another host or

router, it has the logical (IP) address of the receiver.

But the IP datagram must be encapsulated in a frame to be able to pass

through the physical network.

This means that the sender needs the physical address of the receiver.

ARP accepts a logical address from the IP protocol, maps the address to
the corresponding physical address and pass it to the data link layer.

TCP/IP Protocol Suite 5

 Figure 8.1 Position of ARP in TCP/IP protocol suite

TCP/IP Protocol Suite 6

 Figure 8.1 Position of ARP in TCP/IP protocol suite

Anytime a host, or a router, needs to find the physical address of another host
or router on its network, it sends an ARP query packet.

The packet includes the physical and IP addresses of the sender and the IP
address of the receiver.

Because the sender does not know the physical address of the receiver, the
query is broadcast over the network.

TCP/IP Protocol Suite 7

 Figure 8.1 Position of ARP in TCP/IP protocol suite

Every host or router on the network receives and processes the ARP query
packet, but only the intended recipient recognizes its IP address and sends
back an ARP response packet.

The response packet contains the recipient’s IP and physical addresses.

The packet is unicast directly to the inquirer using the physical address
received in the query packet.

TCP/IP Protocol Suite 8

 Figure 8.2 ARP operation

broadcast

TCP/IP Protocol Suite 9

 Figure 8.3 ARP packet

Packet Format

Hardware type. 16-bit field defining the type of network on which ARP is running. For Ethernet type is 1.

Protocol type. 16-bit field defining the protocol. For example, the value of this field for the IPv4 protocol is
080016. ARP can be used with any higher-level protocol.

Hardware length. 8-bit field defining the length of the physical address in bytes. For Ethernet, value is 6.

Protocol length. 8-bit field defining the length of the logical address in bytes. For the IPv4 value is 4.

TCP/IP Protocol Suite 10

 Figure 8.4 Encapsulation of ARP packet

Encapsulation

An ARP packet is encapsulated directly into a data link frame.

Example shows ARP packet encapsulated in an Ethernet frame.

Type field indicates that the data carried by the frame is an ARP packet.

Type: 0x0806

Preamble Destination Source

Type Data CRC
and SFD address address
8 bytes 6 bytes 6 bytes 2 bytes 4 bytes

TCP/IP Protocol Suite 11

 Operation
ARP functions on a typical internet.

• steps involved.

• Four cases in which a host or router needs to use ARP.

TCP/IP Protocol Suite 12

 7 Steps Involved in an ARP Process

1. The sender knows the IP address of the target.

2. IP asks ARP to create an ARP request message, filling in the sender physical address, the
sender IP address, and the target IP address. The target physical address field is filled with 0s.

3. The message is passed to the data link layer where it is encapsulated in a frame using the
physical address of the sender as the source address and the physical broadcast address as the
destination address.

4. Every host or router receives the frame. Because the frame contains a broadcast destination
address, all stations remove the message and pass it to ARP. All machines except the one
targeted drop the packet. The target machine recognizes the IP address.

5. The target machine replies with an ARP reply message that contains its physical address. The
message is unicast.

6. Sender receives the reply message. Which contains the physical address of the target machine.

7. The IP datagram, which carries data for the target machine, is now encapsulated in a frame
and is unicast to the destination.

TCP/IP Protocol Suite 13

 Note

An ARP request is broadcast;

an ARP reply is unicast.

TCP/IP Protocol Suite 14

 Figure 8.5 Four cases using ARP

Four Different Cases

Four different cases in which the services of ARP can be used.

Case 1:
Sender is a host and wants to send a packet to another host on the same network.
In this case, the logical address that must be mapped to a physical address is the destination IP
address in the datagram header.

TCP/IP Protocol Suite 15

 Figure 8.5 Four cases using ARP

Case 2:
Sender is a host and wants to send a packet to another host on another network.

In this case, the host looks at its routing table and finds the IP address of the next hop
(router) for this destination. If it does not have a routing table, it looks for the IP address
of the default router. The IP address of the router becomes the logical address that must
be mapped to a physical address

TCP/IP Protocol Suite 16

 Figure 8.5 Four cases using ARP

Case 3:
Sender is a router that has received a datagram destined for a host on another network.

It checks its routing table and finds the IP address of the next router. The IP address of the
next router becomes the logical address that must be mapped to a physical address.

TCP/IP Protocol Suite 17

 Figure 8.5 Four cases using ARP

Case 4:
Sender is a router that has received a datagram destined for a host in the same
network.

Destination IP address of the datagram becomes the logical address that must be
mapped to a physical address.

TCP/IP Protocol Suite 18

Example 8.1
A host with IP address 130.23.43.20 and physical address
B2:34:55:10:22:10 has a packet to send to another host with IP address
130.23.43.25 and physical address A4:6E:F4:59:83:AB.
The two hosts are on the same Ethernet network.
Show the ARP request and reply packets encapsulated in Ethernet frames.

Hardware type: 0x0001

Protocol type: 0x0800

Type: 0x0806

Preamble Destination Source

Type Data CRC
and SFD address address
8 bytes 6 bytes 6 bytes 2 bytes 4 bytes

TCP/IP Protocol Suite 19

 Figure 8.6 Example 8.1
IP addresses are shown in hexadecimal.

TCP/IP Protocol Suite 20

 Figure 8.7 Proxy ARP

Proxy ARP

A technique called proxy ARP is used to create a subnetting effect.

A proxy ARP is an ARP that acts on behalf of a set of hosts.

Whenever a router running a proxy ARP receives an ARP request looking for the
IP address of one of these hosts, the router sends an ARP reply announcing its
own hardware (physical) address.

After the router receives the actual IP packet, it sends the packet to the
appropriate host or router.

TCP/IP Protocol Suite 21

 Figure 8.7 Proxy ARP

Proxy ARP

When it receives an ARP request with a target IP address that matches the
address of one of its protégés (141.23.56.21, 141.23.56.22, and
141.23.56.23), it sends an ARP reply and announces its hardware address as
the target hardware address.

When the router receives the IP packet, it sends the packet to the appropriate
host.

TCP/IP Protocol Suite 22

 Figure 8.7 Proxy ARP

Let us give an example. In Figure 8.7 the ARP installed on the right-
hand host will answer only to an ARP request with a target IP address of
141.23.56.23.

Request

TCP/IP Protocol Suite 23

 User Datagram Program (UDP)

TCP/IP Protocol Suite 24

Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
 14-1 INTRODUCTION

UDP is located between the application layer and the IP layer, and serves
as the intermediary between the application programs and the network
operations.
Process to Process Communication
Control Mechanisms( Minimal Level)- No Flow control, No Ack, Error
Control up to some extent (Silently Drop!)

TCP/IP Protocol Suite 25

 Figure 14.1 Position of UDP in the TCP/IP protocol suite

TCP/IP Protocol Suite 26

 Figure 14.1 Position of UDP in the TCP/IP protocol suite

UDP is a connectionless, unreliable transport protocol.

It does not add anything to the services of IP except for providing process-to-
process communication instead of host-to-host communication.

UDP is a very simple protocol using a minimum of overhead.

If a process wants to send a small message and does not care much about reliability,
it can use UDP.

Sending a small message using UDP takes much less interaction between the sender
and receiver than using TCP.

TCP/IP Protocol Suite 27

 Figure 14.1 Position of UDP in the TCP/IP protocol suite

Process-to-Process Communication

TCP/IP Protocol Suite 28

 Figure 14.1 Position of UDP in the TCP/IP protocol suite

Port Numbers

TCP/IP Protocol Suite 29

 Figure 14.1 Position of UDP in the TCP/IP protocol suite

IP Address vs Port Numbers

TCP/IP Protocol Suite 30

 Figure 14.1 Position of UDP in the TCP/IP protocol suite

ICANN Port Number Ranges

The well-known port numbers are less than 1024.

TCP/IP Protocol Suite 31

 Figure 14.1 Position of UDP in the TCP/IP protocol suite

Well-known Ports used with UDP

TCP/IP Protocol Suite 32

 Figure 14.1 Position of UDP in the TCP/IP protocol suite

Socket Address
The combination of an IP address and Port number is called a socket address.
client socket address defines the client process
server socket address defines the server process.

72

72

TCP/IP Protocol Suite 33

 14-2 USER DATAGRAM

UDP packets, called user datagrams, have a fixed-size header of 8 bytes.

TCP/IP Protocol Suite 34

 Source port number.
If the source host is the client (a client sending a request), the port number, in
most cases, is an ephemeral port number.

If the source host is the server (a server sending a response), the port number, is
a well-known port number.

Destination port number.

If the destination host is the server (a client sending a request), the port number,
is a well-known port number.

If the destination host is the client (a server sending a response), the port
number, is an ephemeral port number.

TCP/IP Protocol Suite 35

 Length.

Defines the total length of the user datagram, header plus data.

The 16 bits can define a total length of 0 to 65,535 bytes.

However, the total length needs to be much less because a UDP user datagram is
stored in an IP datagram with the total length of 65,535 bytes.

The length field in a UDP user datagram is actually not necessary.

IP datagram that defines a field for IP length − IP header’s length

UDP length = IP length − IP header’s length

TCP/IP Protocol Suite 36

 Checksum

Used to detect errors over the entire user datagram (header plus data).

UDP checksum calculation is different from the one for IP.

Checksum includes 3 sections: a pseudoheader, UDP header, and data coming from
the application layer.

pseudoheader is the part of the header of the IP packet in which the user
datagram is to be encapsulated with some fields filled with 0s.

TCP/IP Protocol Suite 37

Example 14.1
The following is a dump of a UDP header in hexadecimal format.

a. What is the source port number?

b. What is the destination port number?
c. What is the total length of the user datagram?
d. What is the length of the data?
e. Is the packet directed from a client to a server or vice versa?
f. What is the client process?

TCP/IP Protocol Suite 38

Example 14.1 Continued
Solution
a. The source port number is the first four hexadecimal digits (CB84)16 or 52100.
b. The destination port number is the second four hexadecimal digits (000D)16 or
13.
c. The third four hexadecimal digits (001C)16 define the length of the whole UDP
packet as 28 bytes.
d. The length of the data is the length of the whole packet minus the length of
the header, or 28 – 8 = 20 bytes.
e. Since the destination port number is 13 (well-known port), the packet is from
the client to the server.
f. The client process is the Daytime (Table 14.1).

TCP/IP Protocol Suite 39

Example 14.1 Continued

Table 14.1 Well-known Ports used with UDP

TCP/IP Protocol Suite 40

 14-3 UDP Services

services are provided by UDP.

• Process-to-Process Communication
• Connectionless Service
• Flow Control
• Error Control
• Congestion Control
• Encapsulation and Decapsulation
• Multiplexing and Demultiplexing

TCP/IP Protocol Suite 41

 Process-to-Process Communication

UDP provides process-to-process communication using sockets, a combination

of IP addresses and port numbers.

TCP/IP Protocol Suite 42

 Connectionless Services

Each user datagram sent by UDP is an independent datagram.

There is no relationship between the different user datagrams even if

they are coming from the same source process and going to the same
destination program.

The user datagrams are not numbered.

There is no connection establishment and no connection termination as is

the case for TCP.

This means that each user datagram can travel on a different path.

TCP/IP Protocol Suite 43

 Flow Control
• There is no flow control, and hence no window mechanism.
• The receiver may overflow with incoming messages.

Error Control
• There is no error control mechanism in UDP except for the checksum.
• Sender does not know if a message has been lost or duplicated.
• When the receiver detects an error through the checksum, the user datagram
is silently discarded.

Congestion Control
• Does not provide congestion control.

TCP/IP Protocol Suite 44

 Figure 14.5 Encapsulation and decapsulation

Encapsulation and Decapsulation

To send a message from one process to another, the UDP protocol

encapsulates and decapsulates messages.

TCP/IP Protocol Suite 45

 Encapsulation

When a process has a message to send through UDP, it passes the message to
UDP along with a pair of socket addresses and the length of data.

UDP receives the data and adds the UDP header. UDP then passes the user
datagram to IP with the socket addresses.

IP adds its own header, using the value 17 in the protocol field, indicating that
the data has come from the UDP protocol.

The IP datagram is then passed to the data link layer.

The physical layer encodes thebits into electrical or optical signals and sends it to
the remote machine.

TCP/IP Protocol Suite 46

 Decapsulation

When the message arrives at the destination host, the physical layer decodes the
signals into bits and passes it to the data link layer.

The data link layer uses the header (and the trailer) to check the data.

If there is no error, the header and trailer are dropped and the datagram is
passed to IP.

The IP software does its own checking. If there is no error, the header is dropped
and the user datagram is passed to UDP with the sender and receiver IP
addresses.

UDP uses the checksum to check the entire user datagram. If there is no error,
the header is dropped and the application data along with the sender socket
address is passed to the process.

The sender socket address is passed to the process in case it needs to respond to
the message received
TCP/IP Protocol Suite 47
 Queuing
In UDP, queues are associated with ports.

At the client site, when a process starts, it requests a port number from
the operating system.

create incoming and an outgoing queue associated with each process.

When the process terminates, the queues are destroyed.

TCP/IP Protocol Suite 48

 Queuing (contd)

The client process can send messages to the outgoing queue by using the source
port number specified in the request.

An outgoing queue can overflow. If this happens, the operating system can ask
the client process to wait before sending any more messages.

When a message arrives for a client, UDP sends the received user datagram to
the end of the queue.

An incoming queue can overflow. If this happens, UDP drops the user datagram
and asks for a port unreachable message to be sent to the server.

TCP/IP Protocol Suite 49

 Figure 14.7 Multiplexing and demultiplexing

Multiplexing and Demultiplexing

In a host running a TCP/IP protocol suite, there is only one UDP but possibly
several processes that may want to use the services of UDP.

To handle this situation, UDP multiplexes and demultiplexes.

TCP/IP Protocol Suite 50

 Figure 14.7 Multiplexing and demultiplexing

Multiplexing and Demultiplexing

Multiplexing
At the sender site, there may be several processes that need to send user
datagrams.

UDP accepts messages from different processes, differentiated by their assigned

port numbers. After adding the header, UDP passes the user datagram to IP.

Demultiplexing
At the receiver site, there is only one UDP.

However, we may have many processes that can receive user datagrams. This is
a one-to-many relationship and requires demultiplexing.

UDP receives user datagrams from IP. After error checking and dropping of the
header, UDP delivers each message to the appropriate process based on the port
numbers.

TCP/IP Protocol Suite 51

 Figure 14.7 Multiplexing and demultiplexing

Multiplexing and Demultiplexing

TCP/IP Protocol Suite 52

 14-4 UDP APPLICATION

UDP is suitable if the request and response can each fit in one single user
datagram,

The overhead to establish and close a connection may be significant in this case.

• In the connection-oriented service at least 9 packets are exchanged.

• in connectionless service only two packets are exchanged.
• The connectionless service provides less delay;
• If delay is an important issue for the application, the connectionless service is
preferred.

DNS uses the services of UDP because request and response can each fit in one
user datagram

TCP/IP Protocol Suite 53

A client-server application such as SMTP, which is used in electronic mail, cannot use
the services of UDP because a user can send a long e-mail message, which may
include multimedia (images, audio, or video).

Here the connectionless service may create problems. The user datagrams may
arrive and be delivered to the receiver application out of order.

TCP/IP Protocol Suite 54

Example 14.6
downloading a very large text file from the Internet.

need to use a transport layer that provides reliable service.

We don’t want part of the file to be missing or corrupted when we open

the file.

In this case, UDP is not a suitable transport layer.

TCP/IP Protocol Suite 55

 Typical Applications
some typical applications that can benefit more from the services of UDP than from
those of TCP.

• UDP is suitable for a process that requires simple request-response

communication with little concern for flow and error control. It is not usually used
for a process such as FTP that needs to send bulk data.

• UDP is suitable for a process with internal flow and error-control mechanisms. For
example, the Trivial File Transfer Protocol (TFTP) process includes flow and error
control. It can easily use UDP.
• UDP is a suitable transport protocol for multicasting. Multicasting capability is
embedded in the UDP software but not in the TCP software.

• UDP is used for management processes such as SNMP.

• UDP is used for some route updating protocols such as Routing Information
Protocol (RIP).

• UDP is normally used for real-time applications that cannot tolerate uneven delay
• between sections of a received message. 56
TCP/IP Protocol Suite
 Questions

A client uses UDP to send data to a server. The data are 16 bytes.
Calculate the efficiency of this transmission at the UDP level .

Redo the same question for calculating the efficiency of transmission at

the IP level using IP.

TCP/IP Protocol Suite 57

 Figure 14.1 Position of UDP in the TCP/IP protocol suite

Questions
1The following is a dump of a UDP header in hexadecimal form: 06 32 00 0D 00
1C E2 17

What is the:
(a)Source port number
(b) Destination port number
(c) Total length of the UDP
(d) Length of the data

2. What is the maximum number of bytes that can be accommodated as UDP

payload?

TCP/IP Protocol Suite 58

 END

TCP/IP Protocol Suite 59