First, the working principle of ARP in the same network segment
First, each host builds an ARP list in its own ARP buffer to represent the correspondence between IP addresses and MAC addresses. When the source host needs to send a data packet to the destination host, it will first check whether the MAC address corresponding to the IP address exists in its ARP list. If so, it will directly send the data packet to this MAC address; if not, it will Send an ARP request broadcast packet to the local network segment to query the MAC address corresponding to the destination host. The ARP request packet includes the IP address of the source host, the hardware address, and the IP address of the destination host. After all hosts in the network receive this ARP request, they will check whether the destination IP in the data packet is the same as their own IP address. If it is not the same, ignore the packet; if it is the same, the host first adds the sender's MAC address and IP address to its own ARP list. The host sends an ARP response packet to tell the other party that it is the MAC address it needs to find; after the source host receives the ARP response packet, it adds the IP address and MAC address of the destination host to its own ARP list, and Use this information to start the transfer of data. If the source host has never received an ARP response packet, it means that the ARP query fails.
For example:
A's address is: IP: 192.168.10.1 MAC: AA-AA-AA-AA-AA-AA
B's address is: IP: 192.168.10.2 MAC: BB-BB-BB-BB-BB-BB
According to the above According to the principle, we briefly explain the process: if A wants to communicate with B, A needs to know the Ethernet address of B, so A sends an ARP request broadcast (who is 192.168.10.2, please tell 192.168.10.1), when When B receives the broadcast, it checks itself and finds that it is consistent with its own, and then sends an ARP unicast response to A (192.168.10.2 at BB-BB-BB-BB-BB-BB).
2. Communication between hosts across network segments in a local area network
When hosts on different network segments communicate, the host encapsulates the mac address of the gateway (usually a router), and then the host sends the data to the router, and the subsequent routes perform routing forwarding, parse the mac address of the target address through arp, and then deliver the data packet. destination. The specific process analysis is as follows:
As shown in the figure above, hosts A and B are connected through routers and belong to two different network segments with subnet mask 24 (255.255.255.0)
1. Host A sends data to host B, and after the data is encapsulated with IP, it is found that there is no mac address of host B; Then query ARP, ARP responds: "I am on the 192.168.3.0/24 network segment, and the destination address is 192.168.4.0/24, which does not belong to the same network segment and needs to use the default gateway"; ARP found that the default gateway was 192.168.3.2, but not Gateway mac address, which needs to be queried first;
2. The host first puts the data packet in the cache, and then sends an ARP query message: encapsulates its own mac address as the source mac address, and writes the all-F broadcast address to the destination mac address, requesting the mac address of the gateway 192.168.3.2. Then send it out by broadcast;
3. When the router receives the broadcast data packet, it first adds the original 192.168.3.1 to its own mac address table, and the corresponding mac address is 0800.0222.2222. Route discovery is to request its own mac address, and then the route replies with an ARP reply: encapsulates its own IP address as the source IP, its own mac address is the source mac, the IP of host A is the destination IP, and the mac of host A is the destination mac, and sends a single Broadcast response "I am 192.168.3.2. My mac address is 0800.0333.2222";
4. After the host receives the response, it matches the gateway mac address to 192.168.4.2 (for cross-gateway communication, the mac addresses of other network segment IP addresses are the gateway mac addresses), and then encapsulates the data packets in the cache with the gateway mac address for sending;
5、路由收到数据包,检查目的IP地址,发现不是给自己的,决定要进行路由,然后查询路由表,需要发往192.168.4.0网段中的192.168.4.2地址。路由准备从相应接口上发出去,然后查询mac地址表,发现没有主机B的映射。路由器发送arp请求查询主机B的mac地址(原理同2、3步,主机B收到请求后首先会添加网关的mac地址,然后单播回复arp请求);
6、路由器收到主机B的mac地址后,将其添加到路由mac地址表中,然后将缓存中的数据2层帧头去掉,封装自己的mac地址为源mac,主机B的mac地址为目的mac(源和目的IP地址不变),加上二层帧头及校验,发送给主机B;
7、主机B收到数据之后,进行处理,发送过程结束;
8、如果主机B收到数据后进行回复,主机B会进行地址判断,不在同一网段,然后决定将数据发送给网关,主机B查询mac地址表获得网关mac地址,将数据封装后发送(arp地址解析的过程不再需要了,mac地址表条目有一定的有效时间),网关收到数据后直接查询mac表,将二层帧mac地址更改为A的mac发送出去。如此,主机A收到主机B的回复;
综上在跨网段通信过程中有以下过程:
1、判断地址是否同一网段
2、查询目的IP地址的mac(发送arp请求)
此外需注意点:
1、ARP请求以广播发送、以单播回应
2、路由器隔离广播。每一个网段都是独立的广播域
3、跨越网段通信需要使用网关的mac地址