ARP - IP but why?

You know how things sometimes drop into place in your mind once you have
a eureka moment and get the concept of something? Well, I would
appreciate some help with a concept.

Looking at the various OSI layers and then the TCP/IP model I keep seeing
this thing called ARP. I've figured that it is Address Resolution
Protocol and it matches up network addresses with hardware (MAC)
addresses. The thing I am blindly missing is why?

If you have a static IP address on an Ethernet network, why would you
ever need to translate the IP address to a MAC address? You would already
have a path to the host. I can see DHCP may need to employ the services
of ARP, but a static IP???

It's like I say - this is one of those eureka 'Now I get it' moments.

Klunk wrote:
> You know how things sometimes drop into place in your mind once you have
> a eureka moment and get the concept of something? Well, I would
> appreciate some help with a concept.
>
> Looking at the various OSI layers and then the TCP/IP model I keep seeing
> this thing called ARP. I've figured that it is Address Resolution
> Protocol and it matches up network addresses with hardware (MAC)
> addresses. The thing I am blindly missing is why?
>
> If you have a static IP address on an Ethernet network, why would you
> ever need to translate the IP address to a MAC address? You would already
> have a path to the host. I can see DHCP may need to employ the services
> of ARP, but a static IP???
>
> It's like I say - this is one of those eureka 'Now I get it' moments.


When the IP packets are transmited on Ethernet,
the sender needs to know the Ethernet (MAC)
address of the next-hop interface: The data
link layer (i.e. Ethernet) cannot find the
proper recipient in the local network on IP
address only.

The sender needs to have the Ethernet address
corresponding to the IP to build the proper
Ethernet header for the frame. The address
translation can be already in the ARP cache,
or else the sender needs to use an ARP question
broadcast in the local Ethernet to find the
correspondence.

--

Tauno Voipio

On Wed, 11 Jun 2008 12:57:43 +0000, Tauno Voipio passed an empty day by
writing:

> Klunk wrote:
>> You know how things sometimes drop into place in your mind once you
>> have a eureka moment and get the concept of something? Well, I would
>> appreciate some help with a concept.
>>
>> Looking at the various OSI layers and then the TCP/IP model I keep
>> seeing this thing called ARP. I've figured that it is Address
>> Resolution Protocol and it matches up network addresses with hardware
>> (MAC) addresses. The thing I am blindly missing is why?
>>
>> If you have a static IP address on an Ethernet network, why would you
>> ever need to translate the IP address to a MAC address? You would
>> already have a path to the host. I can see DHCP may need to employ the
>> services of ARP, but a static IP???
>>
>> It's like I say - this is one of those eureka 'Now I get it' moments.
>
>
> When the IP packets are transmited on Ethernet, the sender needs to know
> the Ethernet (MAC) address of the next-hop interface: The data link
> layer (i.e. Ethernet) cannot find the proper recipient in the local
> network on IP address only.
>
> The sender needs to have the Ethernet address corresponding to the IP to
> build the proper Ethernet header for the frame. The address translation
> can be already in the ARP cache, or else the sender needs to use an ARP
> question broadcast in the local Ethernet to find the correspondence.

Thanks for the response. This line:
The data link
> layer (i.e. Ethernet) cannot find the proper recipient in the local
> network on IP address only.
Had me asking why not? Then it dawned on me - the IP address can change,
the MAC cannot.

Klunk wrote:
> On Wed, 11 Jun 2008 12:57:43 +0000, Tauno Voipio passed an empty day by
> writing:
>
>> Klunk wrote:
>>> You know how things sometimes drop into place in your mind once you
>>> have a eureka moment and get the concept of something? Well, I would
>>> appreciate some help with a concept.
>>>
>>> Looking at the various OSI layers and then the TCP/IP model I keep
>>> seeing this thing called ARP. I've figured that it is Address
>>> Resolution Protocol and it matches up network addresses with hardware
>>> (MAC) addresses. The thing I am blindly missing is why?
>>>
>>> If you have a static IP address on an Ethernet network, why would you
>>> ever need to translate the IP address to a MAC address? You would
>>> already have a path to the host. I can see DHCP may need to employ the
>>> services of ARP, but a static IP???
>>>
>>> It's like I say - this is one of those eureka 'Now I get it' moments.
>>
>> When the IP packets are transmited on Ethernet, the sender needs to know
>> the Ethernet (MAC) address of the next-hop interface: The data link
>> layer (i.e. Ethernet) cannot find the proper recipient in the local
>> network on IP address only.
>>
>> The sender needs to have the Ethernet address corresponding to the IP to
>> build the proper Ethernet header for the frame. The address translation
>> can be already in the ARP cache, or else the sender needs to use an ARP
>> question broadcast in the local Ethernet to find the correspondence.
>
> Thanks for the response. This line:
> The data link
>> layer (i.e. Ethernet) cannot find the proper recipient in the local
>> network on IP address only.
> Had me asking why not? Then it dawned on me - the IP address can change,
> the MAC cannot.

Actually, the MAC address can be changed too (but that's a more advanced
topic).

A single Ethernet adaptor can also have more than one IP address
associated with it - again, that's for more advanced networking setups.

But the main point about sending packets to Ethernet MAC addresses
rather than IP addresses is for routing. Suppose you want to send a
packet to 20.1.2.3 on the internet. Your PC's routing table does not
have a specific route for that address, but has a default gateway (say,
192.168.0.1) for your router. It sends out an ARP packet asking "who's
got 192.168.0.1?", and the router replies with its MAC address. Your PC
then sends the original packet out with a target IP of 20.1.2.3 (in the
IP telegram), but the MAC destination (on the Ethernet envelope) of the
router. The router then takes the packet and passes it on upstream,
going through a similar process as needed.

Klunk wrote:
> You know how things sometimes drop into place in your mind once you have
> a eureka moment and get the concept of something? Well, I would
> appreciate some help with a concept.
>
> Looking at the various OSI layers and then the TCP/IP model I keep seeing
> this thing called ARP. I've figured that it is Address Resolution
> Protocol and it matches up network addresses with hardware (MAC)
> addresses. The thing I am blindly missing is why?
>
> If you have a static IP address on an Ethernet network, why would you
> ever need to translate the IP address to a MAC address? You would already
> have a path to the host. I can see DHCP may need to employ the services
> of ARP, but a static IP???
>
> It's like I say - this is one of those eureka 'Now I get it' moments.

I see what you're saying, but a client can't know if an IP address was
assigned via DHCP or is static, so keeping a local IP/MAC cache isn't
feasible.

On Jun 11, 2:49*pm, Cork Soaker <Thunderb...@Hardy.invalid> wrote:

> I see what you're saying, but a client can't know if an IP address was
> assigned via DHCP or is static, so keeping a local IP/MAC cache isn't
> feasible.

Sure it is. Machines *do* keep local IP/MAC caches. The problem is
really this simple:

I'm 192.168.1.1, I want to send a packet to 192.168.1.2, which is on
the same Ethernet segment as me. What Ethernet address do I send the
packet to? I check my IP/MAC cache, and there's no entry for this
address, so I use ARP to populate the cache.

DS

On Wed, 11 Jun 2008 12:45:44 +0000, Klunk wrote:

> Looking at the various OSI layers...

The key word here is layers. Each layer takes care of its own area and
more or less lets the other layers look after themselves.

Internet protocol (IP) is hardware independent. As the name suggests, it
is a protocol for routing data in and between networks. Not all networks
are ethernet based, that is to say, there are different link layer
protocols. When you route IP packets to a host on the other side of the
world, you don't think about what hardware they are traversing, you don't
think about MAC addresses. IP is an abstraction that saves you having to
worry about differences in hardware.

Ethernet is a link layer protocol. It has a different way of sending data
than other link layer protocols like frame relay or PPP. Ethernet, frame
relay and PPP are all methods of moving IP packets.

When you send an IP packet over ethernet, the IP packet gets encapsulated
inside an ethernet packet. When it reaches its destination the ethernet
frame gets stripped off and only the original IP packet is presented to
the network layer. A similar thing happens when you send an IP packet
over PPP. The network layer is not concerned with how the data is sent at
the link layer.

Ethernet uses MAC addresses. MAC addresses are limited in their scope. IP
packets can traverse multiple networks, MAC cannot. IP addresses are an
abstraction at a layer above the link layer that overcome the limitations
of the link layer.

Over ethernet, IP addresses will have to be mapped to MAC addresses,
because this is the level where the data is actually sent. But that IP
packet might be sent via ethernet to the MAC address of a router, which
will then encapsulate it with PPP which will send it off somewhere. But
at the far end, it will be presented to the network layer simply as an IP
packet.

Dan

To add to Dan's excellent summary, I like to make an analogy to
telephones. You could think of a phone number as equivalent to the IP
address and the local loop circuit ID as roughly the equivalent of a MAC
address. When you dial my phone number, that number is logically
associated with my house (or the circuit that terminates at my house).
If I move across town, I'll keep the same phone number, but my circuit
ID will change. So there needs to be a way to correlate my phone number
to which ever circuit is supposed to connect when it is dialed.

This isn't a perfect correlation, but it demonstrates the need for
logical vs. physical end-points. Data networks, as both you and Dan
mentioned, are divided up into a layered model. The Network layer
(layer-3) keeps track of logical (IP) addresses, and Ethernet (as one of
many possible data-link layer protocols) handles delivery to a specific
device (or network card). Because, unlike telephones, devices running a
TCP/IP stack are intelligent, they "know" their IP addresses. In order
to send a packet to an IP address, ultimately it must be delivered to
the unique device. ARP is the bridge between the two. Since an IP
address can be assigned to any ethernet device, it is utilized to
associate (temporarily) an IP address to a real-world computer, printer,
whatever. Once the network layer builds the TCP (or UDP or ICMP or
whatever) packet with a destination IP address, it hands it down to the
link layer. The transition requires an ARP to discover which device owns
that IP address. Once it is known, another header ( the ethernet header)
is added with the source and destination MAC address (at which point it
becomes a "frame"). When the device with the destination MAC address
receives the frame, it removes the ethernet header and sends the packet
up to the network layer which deals with the IP address, then to the
transport layer which looks at the transport protocol and port, and so
on until, at the highest level, data is presented to the application
listening on that port.

As Dan pointed out, this means we can change our link-layer protocol
without having to deal with anything up the chain. That's what makes it
possible to connect to your DSL router using ethernet, then shoot the
same TCP/IP packet to your ISP using point-to-point protocol over ATM
(PPPoA), Frame relay to the next ISP, the back to Ethernet to the web
host. Nothing above layer-2 cares about any of this. Similarly, we will
move into IPv6 globally without the layer-2 transport providers having
to do anything different (or application developers on the other end).

Kurt



Dan N wrote:
> On Wed, 11 Jun 2008 12:45:44 +0000, Klunk wrote:
>
>> Looking at the various OSI layers...
>
> The key word here is layers. Each layer takes care of its own area and
> more or less lets the other layers look after themselves.
>
> Internet protocol (IP) is hardware independent. As the name suggests, it
> is a protocol for routing data in and between networks. Not all networks
> are ethernet based, that is to say, there are different link layer
> protocols. When you route IP packets to a host on the other side of the
> world, you don't think about what hardware they are traversing, you don't
> think about MAC addresses. IP is an abstraction that saves you having to
> worry about differences in hardware.
>
> Ethernet is a link layer protocol. It has a different way of sending data
> than other link layer protocols like frame relay or PPP. Ethernet, frame
> relay and PPP are all methods of moving IP packets.
>
> When you send an IP packet over ethernet, the IP packet gets encapsulated
> inside an ethernet packet. When it reaches its destination the ethernet
> frame gets stripped off and only the original IP packet is presented to
> the network layer. A similar thing happens when you send an IP packet
> over PPP. The network layer is not concerned with how the data is sent at
> the link layer.
>
> Ethernet uses MAC addresses. MAC addresses are limited in their scope. IP
> packets can traverse multiple networks, MAC cannot. IP addresses are an
> abstraction at a layer above the link layer that overcome the limitations
> of the link layer.
>
> Over ethernet, IP addresses will have to be mapped to MAC addresses,
> because this is the level where the data is actually sent. But that IP
> packet might be sent via ethernet to the MAC address of a router, which
> will then encapsulate it with PPP which will send it off somewhere. But
> at the far end, it will be presented to the network layer simply as an IP
> packet.
>
> Dan

On Wed, 11 Jun 2008 22:49:30 +0100, Cork Soaker passed an empty day by
writing:

> Klunk wrote:
>> You know how things sometimes drop into place in your mind once you
>> have a eureka moment and get the concept of something? Well, I would
>> appreciate some help with a concept.
>>
>> Looking at the various OSI layers and then the TCP/IP model I keep
>> seeing this thing called ARP. I've figured that it is Address
>> Resolution Protocol and it matches up network addresses with hardware
>> (MAC) addresses. The thing I am blindly missing is why?
>>
>> If you have a static IP address on an Ethernet network, why would you
>> ever need to translate the IP address to a MAC address? You would
>> already have a path to the host. I can see DHCP may need to employ the
>> services of ARP, but a static IP???
>>
>> It's like I say - this is one of those eureka 'Now I get it' moments.
>
> I see what you're saying, but a client can't know if an IP address was
> assigned via DHCP or is static, so keeping a local IP/MAC cache isn't
> feasible.

My brain hurts now :-(

Thank you all - I thing I better print that off, study it and turn it
into English for me :-)

* Cork Soaker peremptorily fired off this memo:

> I see what you're saying, but a client can't know if an IP address was
> assigned via DHCP or is static, so keeping a local IP/MAC cache isn't
> feasible.

/var/lib/dhcp3/dhclient.eth2.leases

I imagine Windows has similar info stored somewhere.

--
Your most unhappy customers are your greatest source of learning.
-- Bill Gates, Business @ The Speed of Thought (1999)