Friend: I guess destination mac address in a packet doesn't change in its journey. Routers stay in promiscuous mode and grabs every packet it can see and forwards based on routing algorithms.
Me: I beg to differ! If the sending node has to keep the destination mac address in the packet, sender has to know destination mac address before it sends a packet. How does it happen to know destination MAC? It kind of seems like DNS name resolution where given a host name its IP address is retrieved. But there is a catch here. ARP protocol works within a subnet not on Internet unlike DNS. So I'm not sure if we can find destination mac address. For time being let's assume that we know destination mac address and embed it in packet. If there are two routers in a subnet (I'm not sure if such a topology exists for real!) then both routers will forward the packet. That means packet gets duplicated unnecessarily. Which doesn't happen in real networks. So I realized that whenever sender wants to send packet to a host which is in a different subnet, it sends it to the router it is connected to. That is, router's mac address is put in packet destination mac field. Now the router doesn't have to listen in promiscuous mode. It now filters packets which are not destined to it.
coming back to the center of this discussion, i would like to mention some reasons for why we need 2 addressing schemes. Before I delve into the details let me list down key differences between MAC and IP addresses.
- MAC is 6 octets and is burned into NIC ROM by the manufacturer and IEEE ensures that manufacturers give unique MAC addresses to these devices. IP is (4 octets in case of IPv4 or 16 octets in case of IPv6) either statically configured or dynamically obtained using DHCP protocol.
- MAC operates at Link Layer and it is independent of geographical location. That is, even if the node moves to any geographical location, its mac address DO NOT change. IP operates at network Layer and it changes whenever node moves to a different subnet.
- MAC address is used by all nodes to make decision about passing packet to higher layers of the node or discard it. Routers use IP address to determine how to pick the destination interface and forwarding.
- During a packet journey source and destination MAC address in link layer header change for every link in the path. Source and destination IP addresses do not change unless NAT's are involved. When NAT's are involved, IP address changes only near the end points and not in the middle of network.
I'm sure would have missed some of the differences between them. I would appreciate if you can comment any difference that is not mentioned.
We have already seen that IP addresses operate at network layer and are specific to IP protocol. Most people seem to think that only IP protocol operates at network layer. But thats not true. There are other protocols which operate at network layer like Novell's IPX or Digital equipment Corporation's DECnet. Each have its own addressing scheme. How do we interconnect such wide variety addressing nodes. We needed something which is common across all of the above.
Another reason being, filtering based on MAC address reduces the packets that go upward in the protocol stack. If we do not have MAC address then every frame seen on the communication medium has to be sent to higher layers. Which is resource consuming.
At this juncture it is really worth knowing about ARP and DHCP protocols, their role in communication.
ARP : ARP stands for Address Resolution Protocol. It is a lookup service to find MAC address of a node given its IP address. Its worth noting about another protocol RARP which does reverse lookup i.e. given MAC address it finds IP address. One important point I would like to mention is that It works within a subnet not on Internet.
Here is the protocol.
- ARP protocol works at link layer. ARP request packet (Who has IP 192.168.1.100?) is sent to broadcast MAC address FF:FF:FF:FF:FF:FF in a subnet.
- If the node exists with that IP, it replies to the sender its MAC address. Sender then updates its ARP table. Each entry in it has expiry time. So even when a node dies its entry will be deleted from the table, keeping it in clean state.
Security weakness???
Sender blindly trusts the response from any node. There is no authentication. So attacker can possibly send his MAC address when queried for another IP. Sender now have a wrong mapping between IP and MAC address in its table. This is called ARP poisoning.
DHCP : DHCP stands for Dynamic Host Configuration Protocol. It is used to obtain IP address from DHCP server dynamically when a node arrives into the system. Here is how the protocol works.
- DHCP discovery is the first step. Newly arrived node broadcasts a DHCP request packet to port 67 (It is the default port for DHCP server). packet has IP source address as 0.0.0.0 and destination 255.255.255.255 (broadcast address).
- Node receives DHCP offers from DHCP server with assigned IP address, network mast etc.
- Node sends DHCP Confirm message to DHCP server.
- Once node receives DHCP Ack then the protocol ends and both agree on the new IP address.
I hope to come up with an interesting blog on NAT's soon.
No comments:
Post a Comment