IP Address Assignment, Acquisition, and Hierarchy 409
Whenever a network device wants to send data across a network, it uses information
provided by its ARP table. In Figure 7-39, a source device wants to send data to
another device.
Figure 7-38 ARP Obtains the IP Address Via the MAC Address
Table 7-10 ARP Table Entry
Internet Address Physical Address Type
68.2.168.1 00-50-57-00-76-84 Dynamic
Table 7-11 ARP Table for 198.150.11.36
MAC Address IP Address
FE:ED:F9:44:45:66 198.150.11.34
DD:EC:BC:AB:04:AC 198.150.11.33
DD:EC:BC:00:94:D4 198.150.11.35
FE:ED:F9:23:44:EF 198.150.11.36
Host Y Host Z
ARP Request
Broadcast
Host Z
MAC ?
Host Z
ARP Reply
Host Y
MAC
Host Z
MAC
Example 1: TCP/IP Destination Local
Host Y
Host Z
ARP Request
Broadcast
Host Z

MAC ?
Host Z
ARP Reply
Host Y
MAC
Router
MAC
Example 2: TCP/IP Destination not Local
Net for
Routing
Table:
Host Z
Router A
1102.book Page 409 Tuesday, May 20, 2003 2:53 PM
410 Chapter 7: TCP/IP Protocol Suite and IP Addressing
Figure 7-39 ARP Tables
ARP Operation Within a Subnet
If a host wants to send data to another host, it must know the destination IP and MAC
addresses. If it cannot locate a MAC address for the destination IP address in its ARP
table, the host initiates a process called an ARP request, as shown in Figure 7-39.
An ARP request lets a host discover the destination MAC address. A host builds an
ARP request packet and sends it to all devices on the network. This ARP request
packet is divided into two parts:
■ The frame header
■ The ARP message
To ensure that all devices see the ARP request, the source uses a broadcast MAC address.
The broadcast address in a MAC addressing scheme has all places set to hexadecimal F.
Thus, a MAC broadcast address has the form FF-FF-FF-FF-FF-FF. Because ARP request
packets travel in a broadcast mode, all devices on the local network receive the packets
and pass them up to the network layer for further examination. If a device’s IP address

matches the destination IP address in the ARP request, that device responds by sending
the source its MAC address. This is called the ARP reply.
When the originating device receives the ARP reply, it extracts the MAC address from
the sender hardware address field and updates its ARP table. The originating device can
197.15.22.33 197.15.22.44 197.15.22.123 197.15.22.4
197.15.22.37 197.15.22.126
???
Source
Destination
Destination = 197.15.22.126
Physical Address IP Address
02-60-8C-01-02-03 197.15.22.33
00-00-A2-05-09-89 197.15.22.44
09-00-20-67-92-89 197.15.22.123
08-00-02-90-90-90 197.15.22.4
ARP Table
1102.book Page 410 Tuesday, May 20, 2003 2:53 PM
IP Address Assignment, Acquisition, and Hierarchy 411
then properly address its data with both a destination MAC address and a destination
IP address. It uses this new information to perform Layer 2 and Layer 3 encapsulations
of the data before it sends them out over the network. When the data arrives at the
destination, the data link layer makes a match, strips the MAC header, and transfers
the data up to the network layer. The network layer examines the data and finds that
its IP address matches the destination IP address carried in the IP header. The network
layer strips the IP header and transfers the encapsulated data to the next-highest layer
in the OSI model, the transport layer (Layer 4). This process is repeated until the rest
of the packet’s partially de-encapsulated data reaches the application, where the user
data can be read.
Default Gateway
A default gateway is the IP address of the interface on the router that connects to the

network segment on which the source host is located. The default gateway’s IP address
must be in the same network segment as the source host, as shown in Figure 7-40.
Figure 7-40 Default Gateway
Lab Activity Address Resolution Protocol (ARP)
In this lab you use the workstation ARP table and the arp -a command to
confirm that a computer is successfully resolving network (Layer 3) addresses
to MAC (Layer 2) addresses.
1102.book Page 411 Tuesday, May 20, 2003 2:53 PM
412 Chapter 7: TCP/IP Protocol Suite and IP Addressing
RARP IP Address Assignment
Reverse Address Resolution Protocol (RARP) binds MAC addresses to IP addresses.
This binding allows some network devices to encapsulate data before sending it out on
the network. A network device or workstation might know its MAC address but not
its IP address. Devices using RARP require that a RARP server be present on the net-
work to answer RARP requests, as shown in Figure 7-41.
Figure 7-41 RARP IP Address Assignment
Consider an example in which a source device wants to send data to another device.
The source knows the destination’s MAC address but is unable to locate its IP address
in the ARP table. For the destination device to retrieve the data, pass it to higher layers
of the OSI model, and respond to the originating device, the source must include both
its MAC address and IP address. Therefore, the source initiates a process called a RARP
request, which helps it detect its own IP address. The device builds a RARP request
packet, as shown in Figure 7-42, and sends it out on the network. To ensure that all devices
see the RARP request on the network, the device uses a broadcast MAC address.
1102.book Page 412 Tuesday, May 20, 2003 2:53 PM
IP Address Assignment, Acquisition, and Hierarchy 413
Figure 7-42 ARP/RARP Message Structure
The various parts of the RARP header structure are as follows:
■ Hardware type—Specifies a hardware interface type for which the sender
requires a response.

■ Protocol type—Specifies the type of high-level protocol address the sender has
supplied.
■ HLen—Hardware address length
■ PLen—Protocol address length
■ Operation—Values are as follows:
— 1: ARP request
— 2: ARP response
— 3: RARP request
— 4: RARP request
— 5: Dynamic RARP request
— 6: Dynamic RARP reply
— 7: Dynamic RARP error
— 8: InARP request
— 9: InARP reply
■ Sender (HA) hardware address—HLen bytes in length
■ Sender (PA) protocol address—PLen bytes in length
■ Target (HA) hardware address—HLen bytes in length
■ Target (PA) protocol address—PLen bytes in length
RARP Header Structure
1102.book Page 413 Tuesday, May 20, 2003 2:53 PM
414 Chapter 7: TCP/IP Protocol Suite and IP Addressing
RARP uses the same packet format as ARP. But in a RARP request, the MAC headers
and operation code are different from an ARP request. The RARP packet format con-
tains places for MAC addresses of both destination and source. The source IP address
field is empty. The broadcast goes to all devices on the network; therefore, the destina-
tion MAC address is set to all binary 1s. Workstations running RARP have codes in
ROM that direct them to start the RARP process. Figure 7-43 shows the RARP process.
Figure 7-43 RARP Process
Bootstrap Protocol (BOOTP) IP Address Assignment
Like RARP, BOOTP operates in a client/server environment and requires only a single

packet exchange to obtain IP information. However, unlike RARP, which sends back
only a four-octet IP address, BOOTP packets can include the IP address as well as the
address of a router (default gateway), the address of a server, and vendor-specific infor-
mation, as shown in Figure 7-44.
One of the problems with BOOTP is that it was not designed to provide dynamic
address assignment. With BOOTP, a network administrator creates a configuration file
that specifies the parameters for each device. The administrator must add hosts and
maintain the BOOTP database. Also, even though the addresses are dynamically
assigned, there is still a one-to-one relationship between the number of IP addresses
and the number of hosts. This means that for every host on the network, there must be
a BOOTP profile with an IP address assignment. No two profiles can have the same IP
address, because those profiles might be used at the same time, and that would mean
that two hosts have the same IP address.
MAC address
02-60-8C-01-02-03
MAC address
00-00-A2-05-09-89
MAC address
08-00-2-90-90-90
MAC address
08-00-02-89-90-8
MAC address
08-00-20-67-92-89
MAC address
02-00-A2-04-09-89
Source IP
Address ?
Source IP
Address ?
Source IP

Address ?
RARP Server
source IP address
197.15.22.126
Source IP
Address ?
Source IP
Address ?
Source
1102.book Page 414 Tuesday, May 20, 2003 2:53 PM
IP Address Assignment, Acquisition, and Hierarchy 415
Figure 7-44 BOOTP Message Structure
A device uses BOOTP when it starts up to obtain an IP address. BOOTP uses UDP
to carry messages; the UDP message is encapsulated in an IP packet. A computer
uses BOOTP to send a broadcast IP packet (using a destination IP address of all 1s—
255.255.255.255—in dotted-decimal notation). A BOOTP server receives the broad-
cast and then sends back a broadcast. The client receives a frame and checks the MAC
address. If it finds its own MAC address in the destination address field and a broad-
cast in the IP destination field, it takes and stores the IP address and other information
supplied in the BOOTP reply message.
Dynamic Host Configuration Protocol (DHCP) IP Address
Assignment
Dynamic Host Configuration Protocol (DHCP) is the successor to BOOTP. Unlike
BOOTP, DHCP allows a host to obtain an IP address dynamically without the net-
work administrator’s having to set up an individual profile for that machine. All that is
required for using DHCP is a defined range of IP addresses on a DHCP server. As hosts
come online, they contact the DHCP server and request an address. The DHCP server
chooses an address and leases it to that host. With DHCP, the entire computer’s TCP/IP
configuration can be obtained in one message. This includes all the data supplied by
the BOOTP message, plus a leased IP address and subnet mask.

BOOTP Message Structure
1102.book Page 415 Tuesday, May 20, 2003 2:53 PM
416 Chapter 7: TCP/IP Protocol Suite and IP Addressing
The major advance that DHCP makes over BOOTP is that it allows users to be mobile.
This allows them to freely change network connections from location to location. There
is no longer a requirement for a fixed profile for every device attached to the network
as there is with the BOOTP system. The key to this DHCP advancement is its capabil-
ity to lease an IP address to a device and then reclaim that IP address for another user
after the first user releases it. This means that there is now a one-to-many ratio of IP
addresses and that an address is available to anyone who connects to the network.
DHCP uses the same message format as BOOTP, as shown in Figure 7-45, with the
following exceptions. The unused field in the BOOTP format now represents a Flags
field. The most-significant bit is the only flag defined currently. It represents a broad-
cast message. DHCP and BOOTP also define the vendor-specific area, as follows:
■ 1-byte Option field
■ 1-byte Length field
■ Variable-length (specified by the Length field) Option Data field
Figure 7-45 DHCP Message Structure
For DHCP message types, the values for the fields are as follows:
■ 53 for the Option field, indicating a DHCP message
■ 1 for the Length field, indicating that the Data field is 1 byte long
0-7 Bits
16-24 Bits
Seconds (2 Bytes)
Siaddr (4 Bytes)
Giaddr (4 Bytes)
DHCP Message Structure
25-31 Bits8-15 Bits
Op (1) Htype (1) Hlen (1) Hops (1)
Xid (4 Bytes)

Flags (2 Bytes)
Ciaddr (4 Bytes)
Yiaddr (4 Bytes)
Chaddr (16 Bytes)
Server Host Name (32 Bytes)
Boot File Name (64 Bytes)
Vendor Specific Area (32 Bytes)
1102.book Page 416 Tuesday, May 20, 2003 2:53 PM
IP Address Assignment, Acquisition, and Hierarchy 417
When a DHCP client boots, it enters an initialize state. It sends DHCPDISCOVER
broadcast messages, which are UDP packets with the port number set to the BOOTP
port. After sending the DHCPDISCOVER packets, the client moves into the select state
and collects DHCPOFFER responses from DHCP servers. The client then selects the
first response it receives and negotiates the lease time (how long it can keep the address
without renewing it) with the DHCP server by sending a DHCPREQUEST packet. Next,
the DHCP server acknowledges a client request with a DHCPACK packet. The client
can now enter the bound state and begin using the address. Figure 7-46 summarizes
the DHCP state.
Figure 7-46 DHCP Startup States
Problems in Address Resolution
One of the major problems in networking is how to communicate with other network
devices. In TCP/IP communications, a datagram on a LAN must contain both a desti-
nation MAC address and a destination IP address. In Figure 7-47, computer 176.10.16.1
wants to send data to 176.10.16.4. It has its IP address, but data transmission requires
both the IP and MAC address of 176.10.16.4. How does it get that MAC address to
perform the data transmission?
Lab Activity DHCP Client Setup
In this lab, you set up a networked computer as a DHCP client to use DHCP
services.
1102.book Page 417 Tuesday, May 20, 2003 2:53 PM

418 Chapter 7: TCP/IP Protocol Suite and IP Addressing
Figure 7-47 Address Resolution Issues
These addresses must be correct and match the destination host’s MAC and IP addresses,
or the destination host discards them. So on LANs there must be a way to automati-
cally resolve (or translate) IP addresses to MAC addresses. Doing the resolution manu-
ally would be much too rigid and time-consuming for the user. This solution covers
only LAN issues; a different set of issues are raised when data is sent outside the LAN.
There are two parts to the problem in communicating with devices that are not on the
same physical network segment:
■ Obtaining the MAC address of the intermediate devices
■ Transferring the data packets from one network segment to another to get to the
destination host
Figure 7-48 illustrates this problem with an example. Computer 192.168.10.34 needs
to communicate with computer 192.168.1.1. How does it get the MAC address for
192.168.1.1, and would it do any good if it could get the MAC address? Remember
that MAC addresses are useful only in LANs. They won’t be any help outside the
192.168.10.0 network. So you need the router’s MAC address to get the data out of
the LAN and on to the WAN system.
Figure 7-48 Remote Address Resolution Issues
176.10.16.2 176.10.16.3 176.10.16.4
176.10.16.7
176.10.16.6 176.10.16.5
176.10.16.1
chpt_07.fm Page 418 Tuesday, May 27, 2003 9:12 AM