Network Working Group Finlayson, Mann, Mogul, Theimer
Request for Comments: 903 Stanford University
A Reverse Address Resolution Protocol
Ross Finlayson, Timothy Mann, Jeffrey Mogul, Marvin Theimer
Computer Science Department
Status of this Memo
This RFC suggests a method for workstations to dynamically find their
protocol address (e.g., their Internet Address), when they know only
their hardware address (e.g., their attached physical network
This RFC specifies a proposed protocol for the ARPA Internet
community, and requests discussion and suggestions for improvements.
Network hosts such as diskless workstations frequently do not know
their protocol addresses when booted; they often know only their
hardware interface addresses. To communicate using higher-level
protocols like IP, they must discover their protocol address from
some external source. Our problem is that there is no standard
mechanism for doing so.
Plummer's "Address Resolution Protocol" (ARP)  is designed to
solve a complementary problem, resolving a host's hardware address
given its protocol address. This RFC proposes a "Reverse Address
Resolution Protocol" (RARP). As with ARP, we assume a broadcast
medium, such as Ethernet.
The following considerations guided our design of the RARP protocol.
A. ARP and RARP are different operations. ARP assumes that every
host knows the mapping between its own hardware address and protocol
address(es). Information gathered about other hosts is accumulated
in a small cache. All hosts are equal in status; there is no
distinction between clients and servers.
On the other hand, RARP requires one or more server hosts to maintain
a database of mappings from hardware address to protocol address and
respond to requests from client hosts.
Finlayson, Mann, Mogul, Theimer [Page 1]
RFC 903 June 1984
B. As mentioned, RARP requires that server hosts maintain large
databases. It is undesirable and in some cases impossible to maintain
such a database in the kernel of a host's operating system. Thus,
most implementations will require some form of interaction with a
program outside the kernel.
C. Ease of implementation and minimal impact on existing host
software are important. It would be a mistake to design a protocol
that required modifications to every host's software, whether or not
it intended to participate.
D. It is desirable to allow for the possibility of sharing code with
existing software, to minimize overhead and development costs.
We propose that RARP be specified as a separate protocol at the
data-link level. For example, if the medium used is Ethernet, then
RARP packets will have an Ethertype (still to be assigned) different
from that of ARP. This recognizes that ARP and RARP are two
fundamentally different operations, not supported equally by all
hosts. The impact on existing systems is minimized; existing ARP
servers will not be confused by RARP packets. It makes RARP a general
facility that can be used for mapping hardware addresses to any
higher level protocol address.
This approach provides the simplest implementation for RARP client
hosts, but also provides the most difficulties for RARP server hosts.
However, these difficulties should not be insurmountable, as is shown
in Appendix A, where we sketch two possible implementations for
RARP uses the same packet format that is used by ARP, namely:
ar$hrd (hardware address space) - 16 bits
ar$pro (protocol address space) - 16 bits
ar$hln (hardware address length) - 8 bits
ar$pln (protocol address length) - 8 bits
ar$op (opcode) - 16 bits
ar$sha (source hardware address) - n bytes,
where n is from the ar$hln field.
ar$spa (source protocol address) - m bytes,
where m is from the ar$pln field.
ar$tha (target hardware address) - n bytes
ar$tpa (target protocol address) - m bytes
ar$hrd, ar$pro, ar$hln and ar$pln are the same as in regular ARP
Finlayson, Mann, Mogul, Theimer [Page 2]
RFC 903 June 1984
Suppose, for example, that 'hardware' addresses are 48-bit Ethernet
addresses, and 'protocol' addresses are 32-bit Internet Addresses.
That is, we wish to determine Internet Addresses corresponding to
known Ethernet addresses. Then, in each RARP packet, ar$hrd = 1
(Ethernet), ar$pro = 2048 decimal (the Ethertype of IP packets),
ar$hln = 6, and ar$pln = 4.
There are two opcodes: 3 ('request reverse') and 4 ('reply reverse').
An opcode of 1 or 2 has the same meaning as in ; packets with such
opcodes may be passed on to regular ARP code. A packet with any
other opcode is undefined. As in ARP, there are no "not found" or
"error" packets, since many RARP servers are free to respond to a
request. The sender of a RARP request packet should timeout if it
does not receive a reply for this request within a reasonable amount
The ar$sha, ar$spa, $ar$tha, and ar$tpa fields of the RARP packet are
interpreted as follows:
When the opcode is 3 ('request reverse'):
ar$sha is the hardware address of the sender of the packet.
ar$spa is undefined.
ar$tha is the 'target' hardware address.
In the case where the sender wishes to determine his own
protocol address, this, like ar$sha, will be the hardware
address of the sender.
ar$tpa is undefined.
When the opcode is 4 ('reply reverse'):
ar$sha is the hardware address of the responder (the sender of the
ar$spa is the protocol address of the responder (see the note
ar$tha is the hardware address of the target, and should be the
same as that which was given in the request.
ar$tpa is the protocol address of the target, that is, the desired
Note that the requirement that ar$spa in opcode 4 packets be filled
Finlayson, Mann, Mogul, Theimer [Page 3]
RFC 903 June 1984
in with the responder's protocol is purely for convenience. For
instance, if a system were to use both ARP and RARP, then the
inclusion of the valid protocol-hardware address pair (ar$spa,
ar$sha) may eliminate the need for a subsequent ARP request.
 Plummer, D., "An Ethernet Address Resolution Protocol", RFC 826,
MIT-LCS, November 1982.
Appendix A. Two Example Implementations for 4.2BSD Unix
The following implementation sketches outline two different
approaches to implementing a RARP server under 4.2BSD.
A. Provide access to data-link level packets outside the kernel. The
RARP server is implemented completely outside the kernel and
interacts with the kernel only to receive and send RARP packets. The
kernel has to be modified to provide the appropriate access for these
packets; currently the 4.2 kernel allows access only to IP packets.
One existing mechanism that provides this capability is the CMU
"packet-filter" pseudo driver. This has been used successfully at
CMU and Stanford to implement similar sorts of "user-level" network
B. Maintain a cache of database entries inside the kernel. The full
RARP server database is maintained outside the kernel by a user
process. The RARP server itself is implemented directly in the
kernel and employs a small cache of database entries for its
responses. This cache could be the same as is used for forward ARP.
The cache gets filled from the actual RARP database by means of two
new ioctls. (These are like SIOCIFADDR, in that they are not really
associated with a specific socket.) One means: "sleep until there is
a translation to be done, then pass the request out to the user
process"; the other means: "enter this translation into the kernel
table". Thus, when the kernel can't find an entry in the cache, it
puts the request on a (global) queue and then does a wakeup(). The
implementation of the first ioctl is to sleep() and then pull the
first item off of this queue and return it to the user process.
Since the kernel can't wait around at interrupt level until the user
process replies, it can either give up (and assume that the
requesting host will retransmit the request packet after a second) or
if the second ioctl passes a copy of the request back into the
kernel, formulate and send a response at that time.
Finlayson, Mann, Mogul, Theimer [Page 4]