net0183lec19and20

NET0183 Networks and Communications

Lectures 19 and 20Support Protocols: ARP and ICMP

8/25/2009 1NET0183 Networks and Communications

by Dr Andy Brooks

Lecture powerpoints from the recommended textbook are by Lami Kaya, [email protected] powerpoints are © 2009 Pearson Education Inc.Their content has sometimes been edited by Andy Brooks.

8/25/2009NET0183 Networks and Communications

by Dr Andy Brooks2

The recommended textbook is Computer Networks and Internets by Douglas E. Comerhttp://www.coursesmart.com/0136066992/?a=1773944www.pearson-books.com/student (for additional discounts and offers)

http://www.coursesmart.com/0136066992/?a=1773944

www.pearson-books.com/student



© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved. 3

23.2 Address Resolution

• A network does not know how to locate a computer from its

IP address.

• The next-hop address must be translated to an equivalent

MAC address.

• Translation from a computer's IP address to an equivalent

hardware address is known as address resolution.

– An IP address is said to be resolved to the correct MAC address.

• Address resolution is local to a network.

4

Note: There are many different names for the same thing.


23.2 Address Resolution

• If router R1 forwards a datagram to router R2, router R1 will

resolve R2´s IP address to a MAC address.

• If host A sends a datagram to host B, A resolve´s B´s IP

address to B´s MAC address and sends the frame directly.

• If host A sends a datagram to host F, IP software on A

determines the datagram must pass through router R1, and

so resolves the address of R1.

Figure 23.1 An example internet of three networks.


23.3 The Address Resolution Protocol (ARP) • Most hardware has adopted the 48-bit Ethernet.

– link layer/MAC/hardware/Ethernet addresses are 6 bytes.

• The Address Resolution Protocol (ARP) is used to resolve IP addresses.

• Consider Figure 23.2– Suppose B needs to resolve the IP address of C

– B broadcasts a request that says:

“I'm looking for the MAC address of a computer that has IP address C”

– The broadcast only travels across one network.

– An ARP request message reaches all computers on a network.

– When C receives a copy of the request along with the other hosts, only C sends a directed reply back to B that says:

“I'm the computer with IP address C, and my MAC address is M”


23.3 The Address Resolution Protocol (ARP)

Figure 23.2 Illustration of the ARP message exchange when computer B

resolves the address of computer C.

An ARP request message reaches

all the computers on the network.

An ARP reply message is sent

directly to the requesting host.


23.4 ARP Message Format

• ARP protocol can be used to bind an arbitrary high-level

address to an arbitrary hardware address.

– address length fields are used

• In practice, the generality of ARP is seldom used as most

implementations of ARP are used to bind IP addresses to

Ethernet addresses.

• Figure 23.3 illustrates the format of an ARP message when

the protocol is used with an IP version 4 address (4 octets)

and Ethernet hardware address (6 octets).

– Each line of the figure corresponds to 32 bits of an ARP message.


23.4 ARP Message Format Figure 23.3 The format of an ARP message when binding an IPv4 address

to an Ethernet address.

Here, the ARP packet size is 28 bytes.


23.4 ARP Message Format • HARDWARE ADDRESS TYPE

– 16-bit field that specifies the type of hardware address being used

– the value is 1 for Ethernet

• PROTOCOL ADDRESS TYPE

– 16-bit field that specifies the type of protocol address being used

– the value is 0x0800 for IPv4

• HADDR LEN

– 8-bit integer that specifies the size of a hardware address in bytes

• PADDR LEN

– 8-bit integer that specifies the size of a protocol address in bytes

• OPERATION

– 16-bit field that specifies whether the message

• request (the field contains 1) or

• response (the field contains 2)



• SENDER HADDR

– HADDR LEN bytes for the sender's hardware address

• SENDER PADDR

– PADDR LEN bytes for the sender's protocol address

• TARGET HADDR

– HADDR LEN bytes for the target's hardware address

• TARGET PADDR

– PADDR LEN bytes for the target's protocol address



• When a request is sent the sender does not know the

target's hardware address - that is the information being

requested.

– Therefore, field TARGET HADDR in an ARP request can be filled

with zeroes (0s) because the contents are not used.

• In a response the target binding refers to the initial computer

that sent the request.

– The target address pair in a response serves no purpose.

• The inclusion of the target fields has survived from an early version of the

protocol.


23.5 ARP Encapsulation • When it travels across a physical network an ARP message

is encapsulated in a hardware frame.

• An ARP message is treated as data being transported and

the network does not interpret an ARP message.

• Figure 23.4 illustrates ARP encapsulation in an Ethernet

frame.

wired Ethernet frame header?

wireless Ethernet frame header?


23.5 ARP Encapsulation

• The type field in the frame header specifies that the frame

contains an ARP message.

• A sender must assign the appropriate value to the type field

before transmitting the frame.

• A receiver must examine the type field in each incoming

frame.

• Ethernet uses type field 0x806 to denote an ARP message.

• The value 0x806 is used for ARP requests and responses.

– A receiver must examine the OPERATION field in the message to

determine whether an incoming message is a request or a response.


23.6 ARP Caching and Message Processing • Sending an ARP request for each datagram is inefficient.

– Three (3) frames would traverse the network for each datagram

(an ARP request, ARP response, and the data datagram itself)

• Most communications involve a sequence of packets.

– A sender is likely to repeat the exchange many times.

• To reduce network traffic ARP software extracts and saves

the information from a response so it can be used for

subsequent packets.

– ARP maintains a small table of bindings in memory.

• ARP manages the table as a cache.

– An entry is replaced when a response arrives.

– The oldest entry is removed whenever the table runs out of space.

– Entries are removed if they not been updated for a long period of time.

– ARP starts by searching the cache when it needs to bind an address.


• If the binding is present in the cache, ARP uses the binding

without transmitting a request.

• If the binding is not present in the cache:

– ARP broadcasts a request

– waits for a response

– updates the cache

– and then proceeds to use the binding

• The cache is only updated when an ARP message arrives

(either a request or a response).

• Algorithm 23.1 outlines the procedure for handling an

incoming ARP message.

23.6 ARP Caching and Message Processing


• “To form the response, ARP begins with the incoming

message, reverses the sender´s and target´s bindings,

inserts its hardware address in field SENDER HADDR, and

changes the OPERATION field to 2, indicating a response.”

• Most computer communication involves two-way traffic so extracting the sender's address binding helps optimize ARP

performance.



23.7 The Conceptual Address Boundary

Figure 23.5

ARP hides the details of hardware addressing and allows

higher layers of software to use IP addresses.

Viewing the contents of the ARP cache in Windows.

© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.

20


23.8 Internet Control Message Protocol (ICMP)

• IP defines a best-effort communication service.

– datagrams can be lost, duplicated, delayed, or delivered out of order

• IP attempts to avoid errors and to report problems.

• We have already seen one example of error detection in IP:

– A header checksum is used to detect transmission errors

– When a host creates an IP datagram

• the host includes a checksum that covers the entire header

– Whenever a datagram is received

• the checksum is verified to ensure that the header arrived intact

• The IP header contains a TIME TO LIVE field used to

prevent a datagram from circulating forever.

– if the forwarding tables in routers incorrectly introduce a circular path



• Response to a header checksum error is the following:– The datagram is discarded immediately without more processing.

– The receiver cannot trust any fields in the datagram header because the receiver cannot know which bits were altered.

– The receiver cannot send an error message back to the sender because the receiver cannot trust the source address in the header.

– The receiver has no option but to discard the damaged datagram.

• IP includes a companion protocol, ICMP, which is used to report errors back to the original source.

• IP and ICMP are co-dependent:– IP depends on ICMP to report errors

– ICMP uses IP to carry error messages

• Figure 23.6 lists key ICMP messages and their purpose.

23

Note: The checksum is over the header and the data.

Note: Source Quench requests a host to reduce the rate at which datagrams are sent.



Figure 23.6 Examples of ICMP messages with the message number and purpose.



• As in Figure 23.6, ICMP contains two message types:

– messages used to report errors

– messages used to obtain information

• Time Exceeded and Destination Unreachable are for

reporting errors when a datagram cannot be delivered.

• A destination is unreachable if no route exists to the address.

• A datagram times out if

– either the TTL count in the header expires or

– fragments of the datagram do not arrive before the timer expires

• Echo Request and Echo Reply are used by the ping

application to test connectivity.

– When a host receives an echo request message ICMP software on a

host or router sends an echo reply that carries the same data as the

request.


23.9 ICMP Message Format and

Encapsulation

• ICMP uses IP to transport each error message.

• When a router has an ICMP message to send it creates an

IP datagram and encapsulates the ICMP message in it.

• Figure 23.7 (below) illustrates the two levels of encapsulation


23.9 ICMP Message Format and

Encapsulation

• ICMP messages are forwarded like any other datagram, with

one minor exception.

• If an ICMP error message causes an error, no error message

is sent.

• The designers of the Internet wanted to avoid the Internet

becoming congested carrying error messages about error

messages.

Windows tracerthttp://technet.microsoft.com/en-us/library/bb491018.aspx

28

Tracert

Determines the path taken to a destination by sending Internet Control Message Protocol (ICMP) Echo Request messages to the destination with incrementally increasing Time to Live (TTL) field values. The path displayed is the list of near-side router interfaces of the routers in the path between a source host and a destination. The near-side interface is the interface of the router that is closest to the sending host in the path. Used without parameters, tracert displays help.

Syntaxtracert [-d] [-h MaximumHops] [-j HostList] [-w Timeout] [TargetName]


by Dr Andy Brooks29

Parameters-d : Prevents tracert from attempting to resolve the IP addresses of intermediate routers to their names. This can speed up the display of tracert results. -h MaximumHops : Specifies the maximum number of hops in the path to search for the target (destination). The default is 30 hops. -j HostList : Specifies that Echo Request messages use the Loose Source Route option in the IP header with the set of intermediate destinations specified in HostList. With loose source routing, successive intermediate destinations can be separated by one or multiple routers. The maximum number of addresses or names in the host list is 9. The HostList is a series of IP addresses (in dotted decimal notation) separated by spaces.



by Dr Andy Brooks30

Parameters-w Timeout : Specifies the amount of time in milliseconds to wait for the ICMP Time Exceeded or Echo Reply message corresponding to a given Echo Request message to be received. If not received within the time-out, an asterisk (*) is displayed. The default time-out is 4000 (4 seconds). TargetName : Specifies the destination, identified either by IP address or host name. -? : Displays help at the command prompt.



by Dr Andy Brooks31


RemarksThis diagnostic tool determines the path taken to a destination by sending ICMP Echo Request messages with varying Time to Live (TTL) values to the destination. Each router along the path is required to decrement the TTL in an IP packet by at least 1 before forwarding it. Effectively, the TTL is a maximum link counter. When the TTL on a packet reaches 0, the router is expected to return an ICMP Time Exceeded message to the source computer. Tracert determines the path by sending the first Echo Request message with a TTL of 1 and incrementing the TTL by 1 on each subsequent transmission until the target responds or the maximum number of hops is reached. The maximum number of hops is 30 by default and can be specified using the -h parameter. The path is determined by examining the ICMP Time Exceeded messages returned by intermediate routers and the Echo Reply message returned by the destination. However, some routers do not return Time Exceeded messages for packets with expired TTL values and are invisible to the tracert command. In this case, a row of asterisks (*) is displayed for that hop.

Traceroute warning

• The Internet is dynamic and forwarding tables in routers change.

• Each datagram sent out each with a different TTL could take a different route.

• Traceroute output could imply a direct connection between machines that does not exist.


by Dr Andy Brooks32

net0183lec19and20

Documents

address of r1

ip address c

computers ip address

r2s ip address

address of computer

ip address of c b

bs mac address

equivalent mac address