ARP is one of the most used protocols and every netwoork engineer should have a good understanding of it. The purpose of ARP is to find out the hardware address for a host for which we know the IP. ARP is in no way bound to Ethernet, it will function for other layer 2 protocols also. The topology I have used is very simple, it’s my own wireless network at home. See the picture below:
In Windows, to see what is in the ARP cache type “arp -a”. In windows Vista/7 the entry is valid for about 30 seconds.
Since I already have an entry for 192.168.1.254 (my router) I need to delete it to force an ARP request to be sent. I will capture the traffic with Wireshark. The command to do this is “arp -d”.
Lets look at an ARP header:
The numbers above the image are the octet boundaries, one octet is 8 bits. This can also be expressed as one byte. The first field which is 2 octets in size is hardware type. This field indicates what layer 2 protocol is being used, in this case Ethernet. This number will be one for Ethernet(0×0001). Protocol type is the layer 3 protocol in use which in our case is IP. IP has the number 0×0800. Hardware address length is one octet long and indicates the length of the hardware address. For Ethernet this is 6 bytes(48 bits). Protocol address length is the length of IP which is 4 octets. Opcode tells us what kind of ARP message this is, this will be a one for a request or a two for a reply. It can also be a three or four in the case of RARP (Reverse ARP).
Source hardware address and destination hardware address is in our case the MAC(Media Access Control) address. The protocol address is the source and destination IP address.
My computer now sends an ARP request (Opcode 0×0001). This is what it looks like:
192.168.1.254 is the router and .65 is my computer. Notice that the frame is a broadcast since we don’t know the MAC-address of the router. This is what the frame looks like in detail:
The router then sends a reply which is unicasted, the router knows the computers MAC-address since it was in the frame that it received. The frame looks like this:
This is the more detailed version:
The router will save the MAC for the computer in it’s own cache. If we are asking for the hardware address of the router that means we are interested in communicating with it so it is more effecient to save the information then to send a new request from the router to the computer.
I hope this post has given you some more detail about how ARP works.
This is a bit off topic but I just had to share this with you. I have a HP Elitebook 2530p laptop which I put in a dockingstation at work. Something is very weird with the dockingstation, when I connect the VGA cable to it my screen is flickering. The weird thing is if I remove the power adapter connected to the docking station the flickering stops. If I use the VGA cable directly connected to the laptop there is no flickering. Seems like the docking station is very sensitive to electro magnetic interference from the power adapter. Here are some pictures I took of it, I actually sawed the cable to get it to fit while my computer is docked.
As many of you know, with IOS 15.0 Cisco has moved to one IOS per platform with different licenses for different features. This certainly means fewer versions to administer but it also means that the future for Dynamips/GNS3 isn’t looking so bright. There is a need in the certification community but also for testing designs to be able to emulate routers. It would be great if Cisco release an educational IOS or better yet an emulator that they official supported (Packet tracer doesn’t count). Please sign Greg Ferros petition at http://etherealmind.com/petition/ if you want to support this. I have already signed it.
I finished this book yesterday. Overall a pretty good read although very academic and somewhat dated in certain areas. If you want to know more about TCP/IP this is a good book to read. I am also going to read some chapters from “The protocols TCP/IP illustrated”. I have done about 20-30 hours of reading so far. I will make a post of this at the end of the month.
These are the books I am planning on reading:
- Interconnections: Bridges and Routers by Radia Perlman
- Internetworking with TCP/IP: Principles, Protocols and Architecture v.1 by Douglas E. Comer
- TCP/IP Illustrated: Protocols v. 1: The Protocols by W. Richard Stevens
- Internet Routing Architectures by Sam Halabi
- Routing TCP/IP (CCIE Professional Development): Volume 2 by Jeff Doyle and Jennifer Caroll
- Inside Cisco IOS Software Architecture (CCIE Professional Development) by Vijay Bollaprogada, Russ White and Curtis Murphy
- Developing IP Multicast Networks: 1 (Design & Implementation) by Beau Williamson
- CCIE Routing and Switching Exam Certification Guide by Wendell Odom, Rus Healy and Denise Donohue
- Cisco QOS: Exam Certification Guide by Wendell Odom and Michael J. Cavanaugh
Most of these I will read cover to cover and some I will only read parts of. I will do no labs for now. The second time over I will go with the blueprint. Read one section at a time in books, read in DocCD and configuration guides, do labs, maybe watch some videos. This will take a lot of time but should give me a good foundation to stand on. This means I will probably not take the written before getting relatively close to the lab exam.
I am roughly halfway through this book right now by Douglas E. Comer. The book is called Internetworking with TCP/IP Vol.1: Principles, Protocols, and Architecture (4th Edition). I am finding it a good read so far. It talks about the history of the Internet with ARPA-net and NSF-net and describes most of the protocols that have been used and that are used today. It has some good explanations on TCP where it describes TCP slow start and other features of TCP. As a part of my studies for the CCIE I am keeping a count of how much time I study. If anyone is interested I will post the numbers later on. So far I have done about 15 hours of reading.
Since I have started studying for the CCIE I needed a lab. I don’t have the space/money to get a dedicated home lab so I have to use Dynamips and GNS3 instead.
It is well known that Dynamips runs better on Linux, I am by no means experienced in Linux but Ubuntu is very easy to run. Since I wanted to use the laptop I have at work I didn’t want to risk doing a dual boot and messing up the MBR or something like that. Booting on a live-cd would work but then I wouldn’t be able to save anything.
Instead I installed Ubuntu on an USB memory stick. The capacity of it is 2GB which means I can have 1GB for installing stuff and saving topologies etc.
Start by downloading Ubuntu. I have 4GB RAM so I used the 64 bit version.
Follow the instructions on Ubuntus homepage which means downloading Universal USB Installer.
I used these settings:
Make sure you don’t have anything important on it before you do the format. You want to use persistence if you want to be able to save on the USB. If you have a larger USB you can choose
a larger filesystem so you have more space available.
When the installer is done you can boot from the memory stick. You might have to change the boot order in BIOS if Ubuntu doesn’t start.
I then followed this guide.
If you extract the files to / the .net file will be correct if you are using the same IOS. If you are using another version you have to update the .net file.
The important thing is to run multiple hypervisors which will be done if you use the .ini that is supplied.
Following this guide I was able to run 15 routers at about 60-70% CPU and around 1.5GB RAM. My laptop is a HP Elitebook 2530p Core 2 Duo L9600@2.13GHz with 4GB RAM installed. I run Windows 7 when I don’t
lab and now I can boot Ubuntu from an USB when I want to lab without having to mess with my regular harddrive. If you have any issues post them in comments and I will try to give feedback.
Well, I didn’t really finish it. I was about halfway through when I decided I had enough. I was a bit disappointed with it I must say. I do like Perlman but her writing style didn’t really appeal to me. It was basically like reading a 400 page long RFC and a lot of legacy protocols like Decnet and Appletalk. So I decided my time was better spent on reading something else.
I have a wonderful fiancee and a son who is 2 years old today! Having a family means there is a lot less time available for studying. I can’t do those cram sessions for 8 hours straight. I have a strategy for finding time and it might be useful to others.
I usually go up at 6 am in the morning but from now on I will go up one hour earlier to be able to study. I commute to work, so I have 30 minutes on the train when I’m going to work and 30 minutes when I go home from work. That is one additional hour so that means 2 hours. I am basically going to give up on TV from now on unless it’s something very special. I will try to study 1-2 hours after my son goes to sleep. So my plan is to study 3-4 hours per day. I think studying for the CCIE might take about 2000 hours. That means I am on a 2 year plan from now on and if I can do it faster, great, but I am not going to rush through this.
One other thing I try to do is listen to podcasts etc on my phone when I am riding my bike or talking a walk.
So there is time available to do studying, it is all about how much you can sacrifice to do the studying. Family always comes first though, it’s not worth sacrificing family for a certification.
So… I decided to go for the CCIE. I have a lot of reading to do and the first book I’m reading is “Interconnections, Bridges, Routers, Switches and Internetworking Protocols Second Edition” by Radia Perlman. Radia is the inventor of STP and is also very involded in the next big thing TRILL. I’m reading this book to get a good background for STP and the mechanics behind it. I watched a Googletech video with Radia the other day and was very impressed. Radia thinks that every algorithm should also have an algorhyme. Here is the algorhyme for spanning tree.
I think that I shall never see
a graph more lovely than a tree.
A tree whose crucial property
is loop-free connectivity.
A tree that must be sure to span
so packet can reach every LAN.
First, the root must be selected.
By ID, it is elected.
Least-cost paths from root are traced.
In the tree, these paths are placed.
A mesh is made by folks like me,
then bridges find a spanning tree.