Reverse Address Resolution Protocol

The Reverse Address Resolution Protocol (RARP ) is a network protocol that allows the mapping of hardware addresses to Internet addresses. It belongs to the network layer of the Internet protocol family.

Use and operation

Example for Ethernet networks:

RARP is used, if someone's IP address of a computer is not known.

RARP sends to a RARP request broadcast with its own MAC address as the contents of the computers connected to the network. A RARP server, which IP to know all assignments MAC addresses, then sends a reply with the IP address to the requesting MAC address ( RARP reply).

Exploited with RARP, that the manufacturers unique prefixes for MAC addresses are assigned worldwide. The manufacturers try to turn, distribute it globally unique MAC addresses. In a network layer 2, no two devices may use the same MAC address. Outside a layer -2 network, this is not desirable, however, possible. The MAC addresses can be relatively easy to customize. Therefore, it is not guaranteed that a MAC address is globally unique.

The supposed uniqueness of the MAC address must not be used as a safety criterion. It is far too easy to operate MAC address spoofing. Almost all operating systems allow ordinary users, the MAC address comfortable to write to the configuration masks or simple utilities such as ifconfig (UNIX, Linux) or ip link ( Linux). Valid MAC addresses in a Layer 2 network can be identified by listening to the network traffic. This only physical access to the network is necessary. The exclusive assignment of IP addresses only to registered MAC addresses via DHCP or RARP does not exclude that unauthorized access to the network; for the use of a secure authentication mechanism like IEEE 802.1X is necessary.

The mapping table on the RARP server that contains at any MAC address the locally assigned IP address must be manually maintained by the system administrator.

Packet format

In the Ethernet frame to the RARP packet connects to the MAC header, and thus to the Ethernet type field. The Ethernet type 0x8035 for RARP is. Although the format for ARP and RARP is the same and the protocol could be distinguished on the basis of the operative field, it is very different operations. The different Ethernet type distinguishes the protocols already on the lower level, so that ARP server can not be disturbed by RARP packets and vice versa.

Ethernet MAC addresses and IPv4 addresses

Operation (2 bytes ) contains the value indicating which operation is to be performed (3 for RARP request, 4 for RARP reply).

Source MAC address ( 6 bytes) contains a RARP request packet, the MAC address of the transmitter. A RARP reply it contains the MAC address of the responding server.

Source IP address ( 4 bytes) is undefined in a RARP request. In a RARP reply packet, it contains the IP address of the responding server.

Destination MAC address ( 6 bytes) contains a RARP request packet, the MAC address of the transmitter. In a RARP reply packet, it contains the MAC address of the requesting host.

Destination IP address ( 4 bytes) is undefined in a RARP request. In a RARP reply packet, it contains the IP address of the requesting host.

Problems

Ethernet broadcasts are limited to subnets so that RARP can be used only in a subnet. If a local area network ( LAN) divided into subnetworks, a private RARP server must be used in each of these subnets in the RARP enabled terminals or workstations, to be present.

Through RARP experienced by a computer only its IP address. But to a complete configuration of a network interface for terminal equipment for at least part of the subnet mask and the default gateway. IP addresses were previously divided into classes before the introduction of network masks whose netmask is known. However, in the case of subnetting this network mask is incorrect. Also the setting of other parameters would be desirable, but can not be made via RARP. RARP is not a substitute for DHCP.

RARP and TFTP

After RARP often TFTP ( Trivial File Transfer Protocol ) is used that a core dump of the operating system transfers eg for diskless workstations to the computer. Only after this dump is loaded into the memory of the workstation, it can be booted. If RARP is used, neither the name of the dump nor the address of the TFTP server can be passed.

Therefore Early diskless workstations from Sun Microsystems use the hexadecimal representation of the IP address as the file name. First they try under the assumption that the RARP and TFTP servers are identical, perform the TFTP transfer using the RARP server whose address can be found in the RARP Replies source address field. If such a period of time (3 seconds) does not answer, the whole of the TFTP transfer with the aid of Ethernet broadcast is performed. The TFTP server therefore does not have to be identical to the RARP server. Nevertheless, the TFTP server is a local computer on the subnet must be relevant in this process. In addition, under certain circumstances, many broadcast frames are sent, resulting in a load of other devices on the same subnet.

BOOTP and DHCP

The BOOTP protocol and it fitting end DHCP protocol avoid the problems of the RARP protocol. They allow the setting of many parameters and thus, among other things, the complete configuration of the network interface. In addition, if TFTP is used, the file name and server address multiple servers can be passed. If the address of a gateway set in the interface configuration, the TFTP server can be located in any network because the packets are routed correctly.

When using a BOOTP Helpers on the routers BOOTP broadcast can also be routed to other networks. The need for a server on each subnet will therefore be omitted. Since the division of LANs into subnetworks is now common practice, BOOTP and DHCP have the RARP protocol almost completely displaced.