IPv4 Physical Address Resolution
Applies To: Windows Server 2008
Physical Address Resolution
Based on the destination IP address and the route determination process, IP determines the next-hop IP address and interface. IP then sends the IP packet, the next-hop IP address, and the interface to ARP.
If the next-hop IP address is the same as the destination IP address, then ARP performs a direct delivery. In a direct delivery, the MAC address corresponding to the destination IP address must be resolved.
If the next-hop IP address is not the same as the destination IP address, then ARP performs an indirect delivery. The next-hop IP address is the IP address of a router between the current IP node and the final destination. In an indirect delivery, the MAC address corresponding to the IP address of the router must be resolved.
To resolve a next-hop IP address to its MAC address, ARP uses broadcast traffic on shared access networking media (such as Ethernet or Token Ring) to send out a broadcasted ARP Request frame. An ARP Reply, containing the MAC address corresponding to the requested next-hop IP address, is sent back to the sender of the ARP Request.
To keep the number of broadcasted ARP Request frames to a minimum, many TCP/IP protocol stacks incorporate an ARP cache, which is a table of recently resolved IP addresses and their corresponding MAC addresses. TCP/IP checks the ARP cache before sending an ARP Request frame. Each interface has its own ARP cache.
Depending on the vendor implementation, the ARP cache can have the following qualities:
ARP cache entries can be dynamic (based on ARP Replies) or static. Static ARP entries are permanent and are manually added by using a TCP/IP utility such as the ARP tool provided with Windows Server® 2008. Static ARP cache entries are used to prevent ARP Requests for commonly used local IP addresses, such as routers and servers. The problem with static ARP entries is that they have to be manually updated when network interface equipment changes.
Dynamic ARP cache entries have a time-out value associated with them to remove entries in the cache after a specified period of time. Dynamic ARP cache entries for Windows Server 2008 TCP/IP are given a maximum time of 10 minutes before being removed.
To view the ARP cache on a Windows Server 2008–based computer, type arp -a at a Windows Server 2008 command prompt.
IP sends ARP the IP packet, the next-hop IP address, and the next-hop interface. Whether performing a direct or indirect delivery, ARP carries out the following process, as shown in the following figure.
Based on the next-hop address and interface, ARP consults the appropriate ARP cache for an entry for the next-hop IP address. If an entry is found, ARP skips to step 6.
If an entry is not found, ARP builds an ARP Request frame containing the MAC address of the interface sending the ARP Request, the IP address of the interface sending the ARP Request, and the next-hop IP address. ARP then broadcasts the ARP Request using the appropriate interface.
All hosts receive the broadcasted frame and the ARP Request is processed. If the receiving host’s IP address matches the requested IP address (the next-hop IP address), its ARP cache is updated with the address mapping of the sender of the ARP Request.
If the receiving host’s IP address does not match the requested IP address, the ARP Request is silently discarded.
The receiving host formulates an ARP Reply containing the requested MAC address and sends it directly to the sender of the ARP Request.
When the ARP Reply is received by the sender of the ARP Request, it updates its ARP cache with the address mapping.
The ARP Request host and the ARP Reply host have each other’s address mappings in their ARP caches.
ARP sends the IP packet to the next-hop node by addressing it to the resolved MAC address.
The IP routing processes for all nodes involved in the delivery of an IP packet include the sending host, the intermediate routers, and the destination host.
IP on the Sending Host
When a host sends a packet, the packet is transmitted from an upper layer protocol (TCP, UDP, or ICMP) to IP, and then IP on the sending host does the following:
Sets the Time-to-Live (TTL) value to either a default or application-specified value.
Checks its routing table for the best route to the destination IP address.
If no route is found, IP sends a routing error message to the upper-layer protocol (TCP, UDP, or ICMP).
Determines the next-hop IP address and the interface based on the most specific matching route.
Sends the packet, the next-hop IP address, and the next-hop interface to Address Resolution Protocol (ARP), and then ARP resolves the next-hop IP address to its media access control (MAC) address and forwards the packet.
IP on the Router
When a packet is received at a router, the packet is passed to IP, and IP on the router does the following:
Verifies the IP header checksum.
If the IP header checksum fails, the IP packet is discarded without notification to the user. This is known as a silent discard.
Verifies whether the destination IP address in the IP packet corresponds to an IP address assigned to a router interface.
If so, the router processes the IP packet as the destination host (see step 3 in the following “IP on the Destination Host” section).
If the destination IP address is not the router, IP decrements the Time-to-Live (TTL).
If the TTL is 0, the router discards the packet and sends an ICMP Time Expired–TTL Expired in Transit message to the sender.
If the TTL is 1 or greater, IP updates the TTL field and calculates a new IP header checksum.
IP checks its routing table for the best route to the destination IP address in the IP packet.
If no route is found, the router discards the packet and sends an ICMP Destination Unreachable–Host Unreachable message to the sender.
Based on the best route found, IP determines the next-hop IP address and interface.
IP sends the packet, the next-hop IP address, and the interface to ARP, and then ARP forwards the packet to the appropriate MAC address.
This entire process is repeated at each router in the path between the source and destination host.
IP on the Destination Host
When a packet is received at the destination host, it is passed up to IP, and IP on the destination host does the following:
Verifies the IP header checksum.
If the IP header checksum fails, the IP packet is silently discarded.
Verifies that the destination IP address in the IP packet corresponds to an IP address assigned to the host.
If the destination IP address is not assigned to the host, the IP packet is silently discarded.
Passes the IP packet without the IP header to the appropriate upper-level protocol, based on the IP protocol field.
If the protocol does not exist, ICMP sends a Destination Unreachable–Protocol Unreachable message back to the sender.
For TCP and UDP packets, IP checks the destination port and processes the TCP segment or UDP header.
If no application exists for the UDP port number, ICMP sends a Destination Unreachable–Port Unreachable message back to the sender. If no application exists for the TCP port number, TCP sends a Connection Reset segment back to the sender.