A mechanism is needed to map IP addresses onto the addresses of the underlying network. The mechanism used is the Address Resolution Protocol (ARP). The idea underlying ARP is exactly what most people do when they have to find Mr. X in a throng of 150 people: the person who wants him calls out loudly enough that everyone in the room can hear them, expecting him to respond if he is there. When he responds, we know which person he is.
ARP is not confined to Ethernet, but is used on other types of networks, such as ham radio.
The Linux Kernel keeps a cache of ARP entries. You can access and manipulate this cache using the arp command. arp has the following usage:
All hostname arguments may be either symbolic hostnames or IP addresses in dotted quad notation.
The first invocation displays the ARP entry for the IP address or host specified, or all hosts known if no hostname is given. For example, on my Linux box at home, this might give something like this:
sam@rygel:~$ arp -a
ip68-0-144-1.tc.ph.cox.net (188.8.131.52) at 00:01:42:F8:1F:54 [ether] on eth0
and my work box may give something like this:
[hart@einstein hart]$ /sbin/arp -a
astro.physics.Arizona.EDU (184.108.40.206) at 00:00:F8:0C:25:5C [ether] on eth0
foonly.physics.Arizona.EDU (220.127.116.11) at 00:E0:18:B9:79:1C [ether] on eth0
ramano.physics.arizona.edu (18.104.22.168) at 00:01:B3:1A:1F:D4 [ether] on eth0
The -s option is used to permanently add hostname's Ethernet address to the ARP tables. The hwaddr argument specifies the hardware address, which is by default expected to be an Ethernet address specified as six hexadecimal bytes separated by colons. You may also set the hardware address for other types of hardware, using the -t option.
For some reason, ARP queries for the remote host sometimes fail, for instance when its ARP driver is buggy or there is another host in the network that erroneously identifies itself with that host's IP address; this problem requires you to manually add an IP address to the ARP table. Hard-wiring IP addresses in the ARP table is also a (very drastic) measure to protect yourself from hosts on your Ethernet that pose as someone else.
Invoking arp using the -d switch deletes all ARP entries relating to the given host. This switch may be used to force the interface to re-attempt obtaining the Ethernet address for the IP address in question. This is useful when a misconfigured system has broadcasted wrong ARP information (of course, you have to reconfigure the broken host first).
You may wonder how a host can reach an Internet address that may be on a different network halfway around the world. The answer to this question involves routing, namely finding the physical location of a host in a network.
The command used to setup routing is... route (big surprise). route allows you to add or remove routes from the kernel routing table. It can be invoked as:
route [add|del] [-net|-host] target [if]
The add and del arguments determine whether to add or delete the route to target. The -net and -host arguments tell the route command whether the target is a network or a host (a host is assumed if you don't specify). The if argument is optional, and allows you to specify to which network interface the route should be directed-the Linux kernel makes a sensible guess if you don't supply this information.
Going back to our example of a ficticious university whose Theoretical Physics department has been assigned the network of 22.214.171.124, if this department had a Linux machine called 'topcat' with an IP address of 126.96.36.199, you might want that machine to be routed through the departmental network and could invoke route as:
# route add -net 188.8.131.52
At first this looks a little like magic, because it's not really clear how route detects which interface to route through. However, the trick is rather simple: the kernel checks all interfaces that have been configured so far and compares the destination address (184.108.40.206 in this case) to the network part of the interface address (that is, the bitwise AND of the interface address and the netmask). The only interface that matches is eth0.
route prints out the complete kernel routing table when invoked without any arguments, however, -n makes it print addresses as dotted quad instead of using the hostname which can be more readable:
sam@rygel:~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.227.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet8
220.127.116.11 0.0.0.0 255.255.248.0 U 0 0 0 eth0
0.0.0.0 18.104.22.168 0.0.0.0 UG 0 0 0 eth0