Mapping Internet Addresses to Physical Addresses (ARP and NDP)

Linux

Mapping Internet Addresses to Physical Addresses (ARP and NDP)

By novicejava1 0
mapping_internet_addresses_to_physical_addresses

Here in this article we will try to understand about Address Resoultion protocol (ie. ARP) and Neighbor Discovery protocol (ie. NDP) which are primarily used for resolving the MAC address of a device based on the IP address that is provided.

Need for Address Resolution Protocol

Assume we have a physical network consisting of two devices connected to a ethernet cable. Ideally these devices can communicate with each by using the MAC address assigned to their Network inteface card using the Physical Layer.

But in a realtime situation we want our applications running on these devices which are assigned an IP address to communicate with each other without worrying about the lower level network details such as MAC address.

So we want to have a protocol that abstracts away the hardware addresses at a low level of the protocol stack. This is where the Address Resolution Protcol comes into picture.

Here in the above example, we have two devices that are connected through an ethernet cable and are assigned with an IP address and MAC address. Let’s assume device A with an IP address IP-A want to send a packet to device B with IP address IP-B. Also device A knows about the device B IP address to send the packet.

For a packet to be delivered within the physical network using the physical layer, the sender need to know the MAC address on the receiver. So how does the sender A resolve the MAC address of the receiver B based on the device B IP address.

Techniques for MAC address resolution

A MAC (Media Access Control) address is a unique, permanent hardware identifier assigned to a device’s network interface (like Wi-Fi or Ethernet) by its manufacturer, serving as a digital fingerprint for communication on local networks.

We have two common types of MAC address as described below.

  1. MAC-48/EUI-48: This is the standard MAC address of 48 bits that is assigned to each network interface card for a device to connect with the Ethernet/Wi-Fi layer for communication.
  2. EUI-64: EUI-64 (Extended Unique Identifier) is a method that automatically generates the 64-bit interface ID portion of an IPv6 address using a device’s 48-bit MAC address.

For IPv6 direct mapping is pretty much straightforward wherein it use a computer’s hardware address as the host portion of the computer’s Internet address. So for a protcol software to resolve the MAC address from the IP address is simplicy extracting the Host portion of the IP address.

For IPv4 address which are 32 bit long cannot fit a 48 bit MAC address for direct mapping. So IP4 based devices follow a different approach for address resolution by using the broadcast capability of Ethernet.

Address Resolution Protocol (ie. ARP) was designed to solve this problem of Hardware address resolution. So on a high level if device A want to send a packet to device B. It sends a ARP request message with the IP address of device B. This ARP request is actually broadcasted within the network to all the devices. Device B receives the requests looks at the IP address and validates it matches with its IP address and processes the ARP request. Device B now sends a ARP reply with the MAC address of the device B to device A. Device A recieves the reply and uses the MAC address to send the packet to device B.

Here is the high level flow request and reply between device A and device B as shown below.

So, the Address Resolution Protocol, ARP, allows a host to find the physical address of a target host on the same physical network, given only the target’s IP address.

ARP Protocol Features

  1. ARP Cache: ARP software maintains a cache of IP address to MAC address binding on each device. So whatever ARP reply is received for the ARP request it is cache on the device level. Subsequent packets that needs to sent to a particular destination will look for MAC address in the ARP cache and use it or will initiate a new ARP request if no entry is found.
  2. ARP Cache Invalidation: It is a process through which outdated or incorrect Address Resolution Protocol (ARP) entries are removed from the ARP cache, which map IP addresses to MAC addresses, typically done automatically by timeouts or manually via commands (like arp -d in Windows/Linux) to resolve network issues from IP/MAC changes or ARP spoofing, ensuring traffic goes to the correct device on a local network.
  3. Cache Queue: An ARP cache queue refers to a mechanism where a device temporarily holds packets waiting for an ARP resolution (IP to MAC address mapping) before sending them, preventing constant ARP requests and speeding up ommunication.
  4. Gratuitous ARP: Gratuitous ARP (GARP) is an unsolicited ARP message (either a request or reply) sent by a device to announce or update its IP-to-MAC address mapping on a local network, effectively refreshing other devices’ ARP caches without a standard request, commonly used for detecting IP conflicts, advertising MAC changes (like during hardware replacement).

ARP Message Format

Here is the format of a 28-octet ARP message when used with an IPv4 protocol address and an Ethernet hardware address.

Hardware Type: 2 octets (e.g., 0x0001 for Ethernet).
Protocol Type: 2 octets (e.g., 0x0800 for IPv4).
Hardware Address Length (HAL): 1 octet (e.g., 0x06 for Ethernet MAC).
Protocol Address Length (PAL): 1 octet (e.g., 0x04 for IPv4).
Operation: 2 octets (0x01 for Request, 0x02 for Reply).
Sender Hardware Address (MAC): 6 octets.
Sender Protocol Address (IP): 4 octets.
Target Hardware Address (MAC): 6 octets.
Target Protocol Address (IP): 4 octets.

Neighbor Discovery Protocol

For IPv6 based devices, Neighbor Discovery Protocol (ie. NDP) replaces ARP and allows a host to map between an IPv6 address and a hardware address.

NDP is a suite of functions built upon ICMPv6 (ICMP for IPv6) to manage local network communication, replacing several IPv4 protocols like ARP. NDP handles address resolution (mapping IPv6 to MAC addresses), router discovery, neighbor reachability, and duplicate address detection, all using specific ICMPv6 message.

The key difference between ARP and NDP is, ARP uses a late-binding approach with soft state. It waits until a ARP req-reply is completed to get the MAC address and initiates a packet transfer.

But NDP uses early binding and takes a proactive approach to state maintenance. An IPv6 node uses NDP to discover neighbors at startup. Furthermore, an IPv6 node continually checks the status of neighbors.

Hope you enjoyed reading this article. Thank you..