[Warm reminder] Need information or need to enter the group to communicate to the bottom
What is the network layer ARP
The full name of the ARP protocol is Address Resolution Protocol (Address Resolution Protocol), which is a protocol used to realize the mapping from IP address to MAC address, that is, to inquire about the MAC address corresponding to the target IP. The ARP protocol is extremely important in IPv4.
Note: ARP is only used in the IPv4 protocol, and the IPv6 protocol uses Neighbor
Discovery Protocol, translated as Neighbor Discovery Protocol, it was included in ICMPv6.
In short, ARP is a protocol to solve the address problem. It uses the IP address as a clue to locate the MAC address of the next host that should receive the data packet. If the target host is not on the same link, it will look up the MAC address of the next-hop router.
1.1.2. Basic concepts of ARP
Address Resolution Protocol,Address Resolution Protocol
Use the other party's IP address to resolve the other party's MAC address
1.1.3. ARP packets
ARP message format
Hardware type: Identifies the type of hardware address, a value of 1 indicates an Ethernet address
Protocol type: indicates that the protocol address class to be mapped is related. 0x0080 indicates the type of IP address
The length of the hardware address and the length of the protocol address. For the ARP request or response of the IP address on the Ethernet, their values are 6 and 4 respectively
Operation type (op): 1 means ARP request, 2 means ARP reply, 3 means RARP request, 4 means RARP reply
Sender's hardware address: the hardware address of the sender's device
Protocol address of the sender: IP address of the sender's device
Target hardware address: hardware address of the receiver's device
Target protocol address: IP address of the receiver's device
ARP request packet
ARP reply packet
1.1.4. ARP address resolution process
1. Assuming that hosts A and B are on the same network segment, host A wants to send information to host B:
(1) Host A first checks its own ARP table to determine whether it contains an ARP table entry corresponding to Host B. If found
Corresponding MAC address, host A directly uses the MAC address in the ARP table to frame the IP datagram, and
Send the IP datagram to host B.
(2) If host A cannot find the corresponding MAC address in the ARP table, it will cache the IP datagram and then broadcast it
Send an ARP request message. The sender IP address and sender MAC address in the ARP request message are the IP of host A
Address and MAC address, the destination IP address and destination MAC address are the IP address of host B and the MAC address of all 0s.
Since the ARP request message is sent by broadcast, all hosts on the network segment can receive the request, but only the requested
The requested host (ie, host B) will process the request.
(3) Host B compares its own IP address with the target IP address in the ARP request message, and when the two are the same, the following processing is performed:
Store the IP address and MAC address of the sender (host A) in the ARP request message into its own ARP table. Of
Then send an ARP response message to host A in unicast mode, which contains its own MAC address.
(4) After host A receives the ARP response message, it adds the MAC address of host B to its own ARP table for subsequent reports.
The forwarding of the text, the IP datagram is encapsulated and sent out at the same time.
2. When host A and host B are not in the same network segment, host A will first send an ARP request to the gateway.
The marked IP address is the IP address of the gateway. After host A obtains the MAC address of the gateway from the received response message, it encapsulates the message and sends it
To the gateway. If the gateway does not have an ARP table entry for host B, the gateway will broadcast an ARP request, and the target IP address is the IP address of host B
After the gateway obtains the MAC address of host B from the received response message, it can send the message to host B; if the gateway
There is already an ARP table entry for host B, and the gateway sends the packet to host B directly.
1.1.5. Gratuitous ARP
The concept of free ARP
Gratuitous ARP means that the host sends ARP to find its own IP address. It usually occurs during interface configuration during system boot. The difference from standard ARP is that Gratuitous ARP encapsulates the destination IP address into its own IP address, that is, requests its own MAC from the network. address
The role of gratuitous ARP
Detect address conflict
Ÿ Under normal circumstances, sending a gratuitous ARP request will not receive an ARP response. If an ARP response is received, it means that there is a host with the same IP address as this machine in the network, and an address conflict has occurred
Update the old hardware address in the cache of other hosts
Ÿ If the host sending the gratuitous ARP happens to change the hardware address, for example, the interface card is changed
Ÿ When other hosts receive this ARP request, they find that there is a corresponding IP address in their ARP cache table, but the MAC address does not match, then they need to use the received ARP request to update the local ARP cache entry
The gateway uses gratuitous ARP to prevent ARP attacks
Ÿ Some gateway devices actively send free ARP packets to the network within a certain time interval, allowing other hosts in the network to update the gateway MAC address information in the ARP table entry to achieve the effect of preventing or mitigating ARP attacks
Use gratuitous ARP for ARP attacks
The ARP protocol does not only receive an ARP response after sending an ARP request. As long as the computer receives an ARP response packet, it will update the local ARP cache with the IP and MAC addresses in the response packet.
The host can fabricate the gratuitous ARP response, set the source MAC of ARP to the wrong MAC address, and send this fake gratuitous ARP response to the network, then all hosts that receive the gratuitous ARP response will update the corresponding entries in the local ARP table. MAC address corresponding to IP address
After the update is successful, the data packets of these hosts will be forwarded to the wrong MAC address, thus realizing ARP spoofing
1.1.6. Proxy ARP
Proxy ARP
If these two hosts are not in the same network and are isolated by Layer 3 devices, how can they communicate?
The destination IP address and the IP address of the machine are on different networks. Since host A is not configured with a gateway, it will send an ARP Request message in broadcast form to request the MAC address of host B. However, the broadcast packet cannot be forwarded by the router, so host B cannot receive the ARP request packet from host A, and of course it cannot respond.
Enabling the proxy ARP function on the router can solve this problem.
After enabling proxy ARP, host A resolves the gateway MAC address process:
1. Host A sends arp to request gateway MAC: The computer host must first configure the gateway address, and host A sends data to host B. It is found that it is data communication on different network segments, and I don’t have this ARP mapping relationship on B locally. An arp request message will be sent to resolve the gateway MAC address. The source IP and source MAC addresses are both host A, the destination IP is the gateway IP address, and the destination MAC address is all 0s.
2. The gateway replies to its own MAC address: After the gateway receives this arp request message, it checks whether the destination host is reachable and reachable, and then sends its MAC address back to host A with an arp reply message, and the destination host is unreachable Do not reply.
3: Host A sends data to host B: Host A will add the gateway MAC and the IP address of the gateway to the arp table after receiving this arp response message. To send data to host B, host A needs to resolve B’s MAC address. Send an arp request message, the source IP and source MAC are the information of A, the destination IP address is the IP address of B, and the destination MAC is the gateway MAC.
4: Processing after the gateway receives the data packet: the gateway receives such a request, it will look up the routing table, if there is a routing table entry for host B, the router will use the MAC address of its G0/0/0 interface to respond to ARP request. After host A receives the ARP reply, it will use the router's G0/0/0 interface MAC address as the destination MAC address for data forwarding.
Why need proxy ARP
We must first understand that one of the important functions of the router is to restrict the broadcast of the LAN within the network segment to prevent its spread, otherwise it will cause a broadcast storm
The ARP request is a broadcast report. If the object he inquired is in the same local area network, he will receive an ARP response. What to do if the subject is not in a local area network? The router provides proxy ARP to provide a solution to this problem
The working mechanism of proxy ARP
When two hosts A and B are on the same network segment but different broadcast segments (not on the same physical network), when host A sends an ARP request for the MAC address of host B, because the router does not forward the broadcast report, the ARP request can only reach the router .
If the router uses the ARP proxy function and knows that host B belongs to the network it is connected to, the router will use its own interface MAC address instead of the MAC address of host B to respond to host A by ARP. Host A receives the ARP response, but does not know the existence of proxy ARP
Advantages and disadvantages of proxy ARP
advantage
Proxy ARP can add a new Router without affecting the routing table, making the main network transparent to the host.
Generally, proxy ARP should be used on a network where the host is not configured with a default gateway or does not have any routing strategy.
Disadvantage
It can be seen from the working process that this is actually a kind of ARP spoofing
The proxy ARP function of the router between the two physical networks actually hides the physical network from each other, which makes it impossible to generalize the network topology.
Proxy ARP increases the ARP traffic of the network segment where it is used. The host needs more ARP cache space and will not work for networks that do not use ARP for address resolution