How does ARP reads destination IP address as its Layer 2 protocol - ip

By searching on internet I got information that Address Resolution Protocol (ARP) is Link Layer (L2) protocol. As per ARP functionality it broadcasts to entire network to check to whom this specific IP belongs to get its MAC address.. but as ARP is L2 protocol, how does it knows destination IP address as IP's are encapsulated in L3 and L2 protocol can't read it

Layer 3 and above are located in the "Payload" part of an ethernet header.
As you can see here the ARP packet also contains IP addresses from its sender and receiver:

ARP packet contain source HW address and src IP address as well as destination HW address and destination IP also .
when ARP resolution happens, means when ARP send request and get response from same destination,ARP update the destination IP in arp_entry .

I would like to elaborate on the previous questions.
first, here it is the case where you can't really apply the model. ARP is sometimes layer 2 and sometimes layer 3 (the similar functionality in IPv6 is done with neighbor discovery protocol, which is carried in ICMP packets)
ARP packets do not carry IP payload. They only carry ARP packets. See other answers for the format
ARP is executed by two end-hosts, which both have to implement both layer 2 and layer 3
ARP is initiated by layer 3, when layer 3 tries to send packet to an IP address on the local network.
ARP is processed by a host, which implements both layer 2 and layer 3. A host without layer 3 cannot have an IP address.
Intermediate layer 2 systems generally cannot process ARP requests, past forwarding ethernet packets with broadcast destination MAC

Related

Where is the IP Address is a TCP header - How does Layer 3 know were aplication is sending the packet

The TCP header includes the port information - understood.
But as the packet/segment is sent down to Layer 3 to encapsulate it as an IP packet, how does layer 3 know what destination IP address to use - which is specified in the application layer. There is no where in the TCP header to inform L3 of the destination IP address. Is there a backchannel for this information ? If so what is the backchannel ?
how does layer 3 know what destination IP address to use - which is specified in the application layer.
Information are not somehow forwarded from the application layer to the network layer. If an application creates a TCP socket and then calls connect on it it gives both the IP address and the port to the OS. The OS then will use these information to encapsulate the data for the connection in an IP packet.

Does the link layer in the TCP/IP stack derive the MAC address of the NICs that are to receive data packets based on the destination's IP address?

I am trying to understand the functioning of the different layers in the TCP/IP stack, and I just wanted some clarification on how the link layer derives the MAC address of NICs to receive packets.
This isn't a function of TCP/IP, per se. Instead, the ARP (Address Resolution Protocol) is used in IPv4 to translate the destination IP address to the correct MAC address.
This is accomplished by the stack by first determining if the delivery is local (within the subnet) by comparing the destination to the configured network mask. If it is local, ARP will be used to generate broadcast frames at the link layer, attempting to resolve the known IP address to the known MAC address.
On the other hand, if the destination IP address is determined not to be on the local subnet, the ARP protocol will be used to send a broadcast ARP at the link layer to discover the MAC address of the router that should be used based on the configured routing table.
Using IPv6, ARP is eliminated and replaced with multicast (more specifically, solicited node multicast) using the Neighbor Discovery Protocol over ICMP6.

Visibility of IP addresses in layer 2?

Whether IP addresses will be visible to layer 2 (data link layer) devices. If not, then how come those layers use ARP protocols to convert IP address to MAC address without knowing IP address.
Thank You.
From thread here
ARP has always been a Layer 2 protocol. The reason: The highest layer addresses carried within ARP are Layer2 MAC addresses for typical ARP operation. The IP addresses in the ARP packets are protocol payload, no addressing information of the ARP packet itself.
ARP is a protocol that does not fit too well into the 7 layer OSI model or the ancient DoD layer model. These models were defined for end user applications like HTTP or FTP and they still define, how traffic is sent from application to application through a network stack (L3+L4) and a network interface (L2 + L1) down on the wire.
ARP is a service protocol that glues together layer 2 and layer 3 protocols. It solves the problem that you need to add a layer 2 (MAC) destination address over a shared media like Ethernet or Wireless LAN using IP packets. But ARP is a separate process with separate packets. You will find no ARP protocol information within an IP packet. This is the reason, why ARP is definitely not a layer 2.5 protocol.
Whether IP addresses will be visible to layer 2 (data link layer) devices.
generally speaking no. Ethernet header has ethertype field, which speficies next header format after the current ethernet header. There are a couple of values that are still at layer 2, like VLAN tags, spanning tree BPDUs, and similar. If Ethertype is anything else, layer 2 device is not supposed to look into it. (And a device that does should not really be called layer 2 device)
On end-hosts, ethertype will determine how packet is processes, after layer 2 processing is done. But this is no longer layer 2 processing.
If not, then how come those layers use ARP protocols to convert IP address to MAC address without knowing IP address.
I think you think of it backwards. ARP protocol is used by IP layer to find MAC address of a device with a given IP address on a local network. It is not used by layer 2 to map IPs.
For example, let's say your home network has two devices, your laptop which has IP 192.168.0.10 and your phone, which has IP 192.168.0.20. The network mask is /24. Now you want to send a packet from your laptop to your phone, for example ping 192.168.0.20.
First, an ICMP packet is created. Next, layer 3 determines where to send the packet. It has determined that the other host is connected to the same local network (based on first 24 bits of both addresses).
Next, this packet needs to be sent to local network. However, local network is layer 2, and layer 2 can only forward MAC addresses. Thus layer 3 signals layer 2 to do "MAC address lookup" for the IP address. Approximatelly, your laptop will send a broadcast packet to all connected devices saying that it looks for MAC address of a device that has IP address 192.168.0.20. Since your phone currently has this address, it replies, with its own MAC address. When the laptop receives the reply, it can send a frame with destination MAC to your phone. Note: laptop will usually also save an entry in its APR cache.

Journey of a TCP packet and changes (Ip address and port happens) in every hop

I'm trying to understand what sort of structural changes happens to the IP packet during the Hop.
Allow me to please explain my question with example.
traceroute -w 1 google.com
traceroute to google.com (216.58.199.174), 64 hops max, 52 byte packets
1 192.168.0.1 (192.168.0.1) 1.055 ms 0.857 ms 0.822 ms
2 10.0.0.1 (10.0.0.1) 2.038 ms 1.477 ms 1.540 ms
3 * * *
4 114.79.130.1.dvois.com (114.79.130.1) 3.091 ms 2.076 ms 2.329 ms
5 10.241.1.6 (10.241.1.6) 3.245 ms 3.102 ms 3.358 ms
6 10.240.254.140 (10.240.254.140) 4.388 ms 2.149 ms 2.319 ms
7 10.240.254.1 (10.240.254.1) 3.067 ms 3.336 ms 2.852 ms
8 10.241.1.1 (10.241.1.1) 2.542 ms 2.339 ms 3.231 ms
9 1.186.191.10.dvois.com (1.186.191.10) 3.046 ms 3.076 ms 3.382 ms
10 216.239.62.212 (216.239.62.212) 3.290 ms 3.559 ms 3.466 ms
11 209.85.143.5 (209.85.143.5) 3.699 ms 3.250 ms 4.062 ms
12 bom05s08-in-f174.1e100.net (216.58.199.174) 3.739 ms 4.038 ms 3.803 ms
Assuming that I'm making a request to google.com
The first thing the IP packet originated from my machine would do add this bit inside packet.
(My machine) source IP i.e assuming it is 192.168.0.100
also a port number is assigned from where the request was originated for simplicity let assume it is 6000
destination IP i.e google.com IP 216.58.199.174 (also the destination port is assigned for simplicity let assume it is 80)
my mac address
There other detail as well that an IP packet contain but let just focus on these 3 part
Now I know IP packet are transferred from source to destination with help of other devices / routers in hops (as can be seen in the traceroute output)
But what I'm not clear of whether the source IP & port inside the IP packet are update in Hop.
I'm assuming it does because that way it response coming from the server (google server over here) can be relayed back to the intended originator of the request (that is my laptop browser window).
So If what I'm assuming is correct. Here how things work then
On 1st Hop to my router my router update the source IP to 192.168.0.1 and source port to 6001(lets assume)
Internally it maintain a reverse entry table telling that If I ever happen to receive a response on 192.168.0.1 at port 6001 then I have to route it to 192.168.0.100 to port 6000.
Like wise in each Hop(hop to 114.79.130.1.dvois.com , 1.186.191.10.dvois.com and others) a entry is update i.e source IP and source port(in IP packet) and reverse mapping is maintain to relay the response back.
Is my understanding correct?. Also a what happen to MAC in hop.
You need to look at the network layers. An application will send data to the Transport Layer, e.g. TCP.
TCP has addresses called ports, and the application is assigned to one of the addresses, port 6000 in your example. TCP will segment these data and put TCP headers on the data segment. The TCP headers include the source and destination port number.
TCP will send the segments to layer-3 (IPv4 or IPv6). IP will encapsulate the TCP segments into IP packets. The IP packet headers will contain the source and destination IP addresses.
IP will send the IP packets to layer-2, e.g. ethernet. Not all layer-2 protocols use MAC addresses. MAC addresses are used by IEEE LAN protocols. Other layer-2 protocols use something else, or nothing at all for addressing. Ethernet will encapsulate the layer-3 IP packets in layer-2 ethernet frames. The ethernet frames will have the source and destination MAC addresses. The host (your computer) will mask both the source and destination layer-3 IP addresses to determine if the destination address is on the same LAN. If the destination is on the same LAN, the frames will be addressed with the MAC address of the destination host, otherwise they are addressed with the MAC address of the configured gateway as the destination host. This will require resolving the layer-3 addresses to the layer-2 addresses. ARP (Address Resolution Protocol) will look to see if the destination host MAC address is in its ARP cache. If not, it will send an ARP request to get the destination MAC address.
Layer-2 will then send the frames to layer-1 (physical interface) to be encoded and placed on the wire.
When the frame is received by the router, the layer-2 frame, including the MAC addresses, is stripped off the packet and discarded, losing the original MAC addresses. The router will decrement the TTL and create a new header checksum, and inspect the layer-3 IP packet for the destination address. The router will then look up how to get to the destination IP address in its routing table. If it doesn't find a route to the destination IP address in its routing table, the packet is discarded, otherwise the router will switch the packet to the next interface toward the destination and create a new layer-2 frame for the new interface. If the next interface is a WAN interface, it may use something like PPP that doesn't use MAC addresses.
The next router in the path will get the new frame, and it will repeat the routing process. This happens until the packet gets to the last router, and the last router will put on a frame for the destination LAN. The destination host will process in reverse order from the sending host. The destination host will have the source layer-3 and layer-4 addresses from the packet and segment, and it can send back to the source using those addresses in the same manner that the original host was the sender.
Routers are layer-3 devices, and they only look at the layer-3 packet, not into the layer-4 segment. A router will only change the TTL and Header Checksum fields of the packet.
Hmm.
Look. Every router has a default gateway for a network range, so if it handles your packet going from your IP A to some remote IP C it does not need to rewrite anything. It just knows, that it has to forward this packet to the interface, say, 3.
Of course it may have route cost and many other settings, but generally it is like that.
It does not need to remember and store your table. It has only route table to intercommunicate with neighbour routers.
Look here: https://en.wikipedia.org/wiki/Time_to_live
Every hop TTL value decreases. At 0 value the packet will be killed.
L2 devices change nothing.
L3 (routers) devices rewrite L2 info (MACs)
IP address is changed by NATs, FWs, Proxy and so on. Generic router does not change neither IP nor port (souce and destination) values. It changes TTL. It may rewrite ToS.

hop to hop communication

If we are in the same network, then hop to hop communication takes place by layer-2 devices such as switches, bridges, etc. that work at the MAC layer.
But if we have to send packets to a destination in some other network then hop to hop communication takes place through routers.
Is this correct?
Your statements are conceptually correct, though the details are not quite right.
A layer 3 protocol like IP can route a packet from its source to its destination across the entire Internet, but a layer 2 protocol like ethernet can only route packets for a single hop. When a device transmits a packet on a TCP/IP network, it must know the ethernet (layer 2) address of the next hop and the IP (layer 3) address of the packet's final destination.
Let's look at the two cases you describe, using a scenario where a user on Device A knows the IP address of Device B and wants to send it a packet.
Devices on the same (unswitched) subnet
The user on Device A issues the command ping 10.1.1.23.
Device A broadcasts an ARP (layer 2) request, asking which device on its network can route a packet to IP address 10.1.1.23.
Device B recognizes the IP address as its own and answers the request by returning a packet with its IP and ethernet addresses as the source, and Device A's IP and ethernet addresses as the destination.
Now Device A has everything it needs to communicate with Device B. Every packet it transmits to Device B will have the proper ethernet and IP addresses as the destination.
Devices on the same (switched) subnet
The user on Device A issues the command ping 10.1.1.23.
Device A broadcasts an ARP (layer 2) request, asking which device on its network can route a packet to IP address 10.1.1.23.
A switch receives the packet on one of its ports and retransmits the same packet on whichever port is connected to Device B. This is the only significant difference between switched and unswitched subnets.
Device B recognizes the IP address as its own and answers the request by returning a packet with its IP and ethernet addresses as the source, and Device A's IP and ethernet addresses as the destination.
Now Device A has everything it needs to communicate with Device B. Every packet it transmits to Device B will have the proper ethernet and IP addresses as the destination.
Devices on different subnets
The user on Device A issues the command ping 8.8.8.8.
Device A broadcasts an ARP (layer 2) request, asking which device on its network can route a packet to IP address 8.8.8.8.
The address 8.8.8.8 is on a different network, so no local device recognizes the address as its own. However, a router sees the packet, checks its routing tables, and sees that it knows how to forward packets to the 8.8.8.x network. So the router replies by returning a packet that has its own ethernet address as the source.
Now Device A can communicate with Device B by sending packets that have a destination IP address of 8.8.8.8, but the router's ethernet address as their destination.
The router receives the packets because they are destined for its ethernet (layer 2) address, but it notices that their destination IP (layer 3) addresses are different from its own, and so it forwards them to whatever address is stored in its routing table.
Yes, you are correct. To access other networks (networks on a different subnet) a client will route the traffic to its default gateway, which will encapsulate the traffic and route appropriately. For communicating on the same network only a layer 2 switch is required.

Resources