Special ARP Uses: Gratuitous ARP, ARP Probe, and ARP Announce

  tr_cn        2024-11-07 20:57:26       375        0    

In an Ethernet environment, all data is ultimately sent in the form of a Layer 2 Ethernet Frame, which includes the Src MAC, Dst MAC, and other headers such as CRC, etc. Ethernet will then deliver the data to the destination.

When we program, we often specify the IP and Port, but rarely specify the MAC address. So, how is the Frame sent out? This is done by the operating system. If the system does not know the MAC address corresponding to an IP, it will send a broadcast ARP request (since this request also needs to be sent over Ethernet, it will also fill in the Dst MAC, which is ff:ff:ff:ff:ff:ff). The request asks who has the target IP, and if someone does, they should reply with their MAC address. All hosts in the broadcast domain will receive this request, and only the host with the matching IP will respond with its MAC address. This way, Host B learns the MAC address corresponding to the IP.

This is the normal ARP request and response process.

The following fields are worth noting:

For an ARP request:

  • Operation: 1 (1 means request, 2 means response)
  • Src MAC: sender's MAC address
  • Src IP: sender's IP address
  • Dst MAC: all ones, meaning it’s broadcasted to all hosts
  • Dst IP: all ones

For an ARP response:

  • Operation: 2
  • Src MAC: sender's MAC address (the responder)
  • Src IP: sender's IP address
  • Dst MAC: receiver's MAC address (the originator of the ARP request)
  • Dst IP: receiver's IP address

ARP is a very simple protocol, but people have designed other uses based on the working principles of switches and hosts. These uses are not particularly complex; the key is understanding the basic working principles of these devices, which allows one to understand the intentions behind these special ARP designs.

Gratuitous ARP

The purpose of Gratuitous ARP is to update other devices' ARP caches or the MAC address table of a switch.

In VRRP (Virtual Router Redundancy Protocol), the primary goal is to switch the gateway, and the target of the update is the MAC address table. A switch's MAC address table is mainly learned through the Src MAC address of received packets, which is associated with the physical port of the MAC address. Therefore, the most important field is the Src MAC, while others are not as significant.

So, in the context of VRRP, a Gratuitous ARP looks like this:

  • Operation: 1 (request)
  • Src MAC: sender's MAC address
  • Src IP: sender's IP address
  • Dst MAC: all ones (broadcast to all hosts)
  • Dst IP: all ones
  • Queried IP: the sender's own IP, so no response is expected.

In Linux's balance-alb bonding mode, the purpose of ARP is to refresh the ARP cache on other hosts and to ensure that different hosts receive different MAC addresses. Therefore, the ARP message used is a response and is sent as a unicast.

  • Operation: 2 (response)
  • Src MAC: sender's MAC address
  • Src IP: sender's IP address
  • Dst MAC: the MAC recorded by the bond driver
  • Dst IP: the IP recorded by the bond driver
  • Response content: IP xx is associated with MAC YY.

Depending on the use case, a Gratuitous ARP may also be a broadcast reply, broadcasting the response information to all hosts.

ARP Probe

The purpose of an ARP Probe is to check if an IP address is already in use on the local network before the device actually begins using that IP.

The method used is to send an ARP request asking for the MAC address of the IP in question. If a device is using that IP, it will respond with an ARP reply. However, there’s a potential issue: if a device receives an ARP request asking "Who has IP X? Please reply with IP Y at MAC Z," even if it doesn't have IP X, it will still learn from the request and update its ARP cache with the mapping of IP Y to MAC Z.

The problem here is that while we are just trying to check if the IP is in use, a regular ARP request could lead to other devices incorrectly updating their ARP cache. To avoid this, ARP Probe uses a request where the Src IP is set to 0.0.0.0, making the request harmless because the device is not claiming ownership of the IP yet.

The ARP Probe request is as follows (the bold sections indicate differences from a normal ARP request):

  • Operation: 1 (request)
  • Src MAC: sender's MAC address
  • Src IP: 0.0.0.0
  • Dst MAC: all ones (broadcast to all hosts)
  • Dst IP: all ones
  • Queried IP: the IP the device intends to use

This method ensures that the request doesn't cause any unintended updates to the ARP cache, allowing a safe check for IP usage.

ARP Announce

ARP Announce is used after the ARP Probe confirms there is no issue, and the device decides to use the IP, but it performs one more check to confirm its uniqueness.

ARP Announce sends a normal ARP request, asking within the LAN for the MAC address of the IP the device is going to use. Normally, no reply will be received because this IP belongs to the device. In an exceptional case, if a reply is received, it means the IP is already in use on the LAN, and the device must stop using that IP.

ARP Announce is a regular ARP request, similar to a Gratuitous ARP. The queried target IP is the device's own IP.

ARP Announce is also called Unsolicited ARP.

The only difference between ARP Announce and ARP Probe is the Src IP. ARP Announce uses the device's own IP as the source IP, so it will also update the ARP cache of other devices in the LAN.

ARP Announce Request:

  • Operation: 1 (request)
  • Src MAC: sender's MAC address
  • Src IP: sender's IP address
  • Dst MAC: all ones (broadcast to all hosts)
  • Dst IP: all ones
  • Queried IP: the IP the device intends to use

Translated from https://www.kawabangga.com/posts/6698

LINUX  NETWORK  ARP 

       

  RELATED


  0 COMMENT


No comment for this article.



  RANDOM FUN

Failing Boundary Testing