Reverse Address Resolution Protocol

The Reverse Address Resolution Protocol ( RARP ) is a network protocol that enables the assignment of hardware addresses to Internet addresses. It belongs to the network layer of the Internet protocol family .

Use and how it works

Example of Ethernet - networks :

RARP is used when a computer does not know its own IP address .

RARP sends a RARP request - broadcast with its own MAC address as content to the computers connected to the network. A RARP server , which knows all IP to MAC address assignments, then sends a response with the IP address to the requesting MAC address ( RARP reply ).

RARP makes use of the fact that manufacturers are assigned unique prefixes for MAC addresses worldwide. The manufacturers in turn endeavor to distribute unique MAC addresses worldwide. No two devices may use the same MAC address in a layer 2 network. Outside of a layer 2 network, this is not desirable, but possible. The MAC addresses can be adjusted relatively easily by users. Therefore, it is not guaranteed that a MAC address is unique worldwide.

The supposed uniqueness of the MAC address must not be used as a security criterion. It is far too easy to do MAC address spoofing . Almost all operating systems allow ordinary users to comfortably overwrite the MAC address in configuration masks or with simple utilities such as ifconfig (UNIX, Linux) or ip link (Linux). Valid MAC addresses in a Layer 2 network can be found by listening to network traffic. All that is required is physical access to the network. The exclusive assignment of IP addresses only to registered MAC addresses via RARP or DHCP does not rule out unauthorized access to the network; this requires the use of a secure authentication mechanism such as IEEE 802.1X .

The allocation table on the RARP server, which contains the locally assigned IP address for each MAC address, must be maintained manually by the system administrator.

Packet format

In the Ethernet frame, the RARP packet is attached to the MAC header and thus to the Ethernet type field. The Ethernet type for RARP is 0x8035. Although the format for ARP and RARP is the same and the protocol could be distinguished based on the field of operation, the operations are very different. The different types of Ethernet distinguish the protocols at the lower level so that ARP servers cannot be disturbed by RARP packets and vice versa.

Explanation of the fields:

• Operation (2 bytes): Contains the value which indicates which operation is to be carried out ( 3for RARP request , 4for RARP reply).

• Source MAC address (6 bytes): Contains the MAC address of the sender in a RARP request packet. In a RARP reply it contains the MAC address of the responding server.

• Source IP address (4 bytes): Is undefined for a RARP request . In a RARP reply it contains the IP address of the responding server.

• Destination MAC address (6 bytes): Contains the MAC address of the sender in a RARP request packet. In a RARP reply it contains the MAC address of the requesting host.

• Destination IP address (4 bytes): Is undefined for a RARP request . In a RARP reply it contains the IP address of the requesting host.

Problems

Ethernet broadcasts are limited to subnets so that RARP can only be used in one subnet. If a local area network ( LAN ) is divided into subnetworks, each of these subnetworks in which RARP-capable terminals or workstations are used must have their own RARP server.

A computer only learns its IP address through RARP. A complete configuration of a network interface for end devices also includes at least the network mask and the default gateway. Before the introduction of network masks, IP addresses were divided into classes whose network mask is known. In the case of subnetting, however, this netmask is incorrect. It would also be desirable to set additional parameters, but this cannot be done using RARP. RARP is not a substitute for DHCP.

RARP and TFTP

According to RARP, TFTP ( Trivial File Transfer Protocol ) is often used. B. in diskless workstations transfers a memory dump of the operating system to the computer. Only after this memory dump has been loaded into the workstation's memory can it be started up. If RARP is used, neither the name of the memory dump nor the address of the TFTP server can be transferred.

Early diskless workstations from Sun Microsystems therefore use the hexadecimal representation of the IP address as the file name. First, assuming that the RARP and TFTP servers are identical, they try to carry out the TFTP transfer with the RARP server whose address you can find in the source address field of the RARP replica. If this does not answer for a certain time (3 seconds), the entire TFTP transfer is carried out with the help of Ethernet broadcasts. The TFTP server therefore does not have to be identical to the RARP server. Nevertheless, with this method the TFTP server must also be a local computer on the respective subnet. In addition, many broadcast frames may be sent, which puts a load on the other devices in the same subnet.

BOOTP and DHCP

The BOOTP protocol and the DHCP protocol based on it avoid the problems of the RARP protocol. They allow the setting of many parameters and thus, among other things, the complete configuration of the network interface. If TFTP is also used, the file name and the server address of several servers can be transferred. If the address of a gateway is set during the interface configuration, the TFTP servers can be in any network, since the packets are routed correctly.

When using a BOOTP helper on the router , the BOOTP broadcast can also be routed to other networks. There is therefore no need for a server on each subnet. Since the division of LANs into subnets is now common, BOOTP and DHCP have almost completely replaced the RARP protocol.

Web links

• RFC 903 - Reverse Address Resolution Protocol