Loading learning content...
Imagine you are a computer that has just been powered on. You have a network interface with a unique hardware address (MAC address) burned into your network interface card. You know who you are at the data link layer. But here's the problem: you have no idea what your IP address is.
For a computer with a hard disk, this is trivial—the IP configuration is stored locally and loaded during boot. But what if you have no disk? What if you are a diskless workstation, a thin client, or an embedded device with no persistent storage? How do you discover your network identity?
This is the fundamental problem that Reverse ARP (RARP) was designed to solve. While the Address Resolution Protocol (ARP) answers the question 'I know the IP address; what is the MAC address?', RARP inverts this question: 'I know my MAC address; what is my IP address?'
By the end of this page, you will understand the architectural motivation behind RARP, its protocol design and frame format, how RARP servers operate, the limitations that led to its eventual replacement, and why understanding RARP remains valuable for comprehending network bootstrapping concepts. You will develop a mental model that connects hardware identity to network identity—a concept that underpins all modern network auto-configuration.
To fully appreciate RARP, we must first understand the historical context and technical challenges that necessitated its creation. The early 1980s saw the rise of diskless workstations—computers that relied entirely on the network for storage and boot images.
Why Diskless Workstations?
Diskless workstations emerged for several compelling reasons:
| Motivation | Description |
|---|---|
| Cost Reduction | Hard disks were extremely expensive in the early 1980s. A diskless workstation could save hundreds or thousands of dollars per unit. |
| Central Management | All software and data resided on central servers, making administration and updates trivial. |
| Security | No local storage meant no local data theft; all sensitive information stayed on secured servers. |
| Reliability | Fewer mechanical parts (no disk) meant fewer hardware failures at the workstation. |
| Noise Reduction | Diskless workstations ran silently—ideal for office environments. |
The Boot Chicken-and-Egg Problem:
When a diskless workstation powers on, it faces a fundamental bootstrapping challenge:
This creates a chicken-and-egg problem: The machine needs network connectivity to get its configuration, but it needs configuration to achieve network connectivity.
What the Workstation Knows:
What the Workstation Doesn't Know:
The key insight behind RARP is that the MAC address is a permanent, unique identifier that exists before any software runs. By using this hardware identity as a key, a server can look up the corresponding IP address and provide it to the requesting machine. The MAC address becomes a 'voucher' that proves identity without requiring any prior network configuration.
RARP was defined in RFC 903 (1984) by Ross Finlayson, Timothy Mann, Jeffrey Mogul, and Marvin Theimer at Stanford University. The protocol's elegance lies in its simplicity: it reuses the ARP frame format almost entirely, merely inverting the query semantics.
The Fundamental Inversion:
| Protocol | Input (Known) | Output (Requested) | Direction |
|---|---|---|---|
| ARP | IP Address | MAC Address | IP → MAC |
| RARP | MAC Address | IP Address | MAC → IP |
This symmetry was intentional. By reusing the ARP frame structure, RARP could leverage existing network infrastructure and required minimal new code in network stacks.
Protocol Characteristics:
| Characteristic | Value | Significance |
|---|---|---|
| Layer | Data Link Layer | Works below IP; uses Ethernet directly |
| Transport | None | Direct Ethernet encapsulation |
| Delivery | Broadcast (request) / Unicast (reply) | Requests reach all local machines |
| Reliability | Unreliable | Client must implement retransmission |
| EtherType | 0x8035 | Different from ARP's 0x0806 |
| Scope | Local segment only | Cannot cross routers |
Critical Design Decision: Layer 2 Operation
RARP operates at Layer 2 (Data Link Layer), not Layer 3. This has profound implications:
RARP couldn't use IP because the client doesn't yet have an IP address. Using the special address 0.0.0.0 as a source was not defined at the time. The only reliable identifier the client has is its MAC address, so RARP operates entirely at the Ethernet layer, sending frames directly without any IP encapsulation.
The RARP Request/Reply Exchange:
The protocol follows a simple request-reply pattern:
Step 1: Client Broadcasts RARP Request
Step 2: RARP Server Unicasts Reply
The RARP frame format is virtually identical to ARP, sharing the same structure with only the operation code differing. This design decision enabled code reuse and simplified implementation.
Complete RARP Packet Structure:
RARP Packet Format (28 bytes for Ethernet/IPv4):+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+| Ethernet Header |+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+| Destination MAC (6 bytes) || Source MAC (6 bytes) || EtherType: 0x8035 (RARP) (2 bytes) |+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+| RARP Payload |+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+| Hardware Type (2 bytes): 0x0001 (Ethernet) || Protocol Type (2 bytes): 0x0800 (IPv4) || Hardware Length (1 byte): 6 (MAC = 6 bytes) || Protocol Length (1 byte): 4 (IPv4 = 4 bytes) || Operation (2 bytes): || 3 = RARP Request || 4 = RARP Reply || Sender Hardware Address (6 bytes) || Sender Protocol Address (4 bytes) || Target Hardware Address (6 bytes) || Target Protocol Address (4 bytes) |+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ Field Breakdown:┌─────────────────────┬────────┬────────────────────────────────┐│ Field │ Size │ Description │├─────────────────────┼────────┼────────────────────────────────┤│ Hardware Type │ 2 │ 1 = Ethernet ││ Protocol Type │ 2 │ 0x0800 = IPv4 ││ Hardware Length │ 1 │ 6 (Ethernet MAC) ││ Protocol Length │ 1 │ 4 (IPv4 address) ││ Operation │ 2 │ 3=Request, 4=Reply ││ Sender HW Address │ 6 │ MAC of sender ││ Sender Protocol Addr│ 4 │ IP of sender (0 in request) ││ Target HW Address │ 6 │ MAC being queried ││ Target Protocol Addr│ 4 │ IP being requested (answer) │└─────────────────────┴────────┴────────────────────────────────┘Operation Codes Comparison:
The operation code is the key differentiator between ARP and RARP:
| Operation Code | Value | Protocol | Purpose |
|---|---|---|---|
| ARP Request | 1 | ARP | Who has this IP? Tell me your MAC |
| ARP Reply | 2 | ARP | I have that IP. Here's my MAC |
| RARP Request | 3 | RARP | I have this MAC. What's my IP? |
| RARP Reply | 4 | RARP | That MAC maps to this IP |
EtherType Distinction:
The different EtherType values allow network interfaces and switches to distinguish between ARP and RARP traffic, enabling proper handling and filtering.
By reusing the ARP frame format, RARP developers minimized implementation complexity. A network stack that already supported ARP could add RARP support with minimal code changes—just handling the new operation codes and implementing server-side lookup logic. This design philosophy of format reuse appears throughout networking protocols.
Example RARP Exchange (Hexadecimal):
RARP Request from client 00:1A:2B:3C:4D:5E:
Destination: FF:FF:FF:FF:FF:FF (broadcast)
Source: 00:1A:2B:3C:4D:5E
EtherType: 80:35 (RARP)
Hardware: 00:01 (Ethernet)
Protocol: 08:00 (IPv4)
HW Length: 06
Proto Len: 04
Operation: 00:03 (RARP Request)
Sender HW: 00:1A:2B:3C:4D:5E
Sender IP: 00:00:00:00 (unknown)
Target HW: 00:1A:2B:3C:4D:5E (self)
Target IP: 00:00:00:00 (requesting this!)
RARP Reply granting IP 192.168.1.100 (0xC0A80164):
Destination: 00:1A:2B:3C:4D:5E (unicast to client)
Source: 00:AA:BB:CC:DD:EE (RARP server)
EtherType: 80:35 (RARP)
Hardware: 00:01 (Ethernet)
Protocol: 08:00 (IPv4)
HW Length: 06
Proto Len: 04
Operation: 00:04 (RARP Reply)
Sender HW: 00:AA:BB:CC:DD:EE (server)
Sender IP: C0:A8:01:01 (192.168.1.1 - server)
Target HW: 00:1A:2B:3C:4D:5E (client)
Target IP: C0:A8:01:64 (192.168.1.100 - answer!)
Unlike ARP, which can be handled by any host maintaining its own cache, RARP requires dedicated RARP servers that maintain the authoritative MAC-to-IP mapping database. The server architecture and implementation details significantly impact network reliability and scalability.
RARP Server Responsibilities:
Server Configuration Database:
The RARP server maintains a static mapping file, traditionally /etc/ethers on Unix systems:
# /etc/ethers - MAC to hostname mapping
00:1A:2B:3C:4D:5E workstation01
00:1A:2B:3C:4D:5F workstation02
00:1A:2B:3C:4D:60 workstation03
00:AA:BB:CC:DD:01 printer-floor3
00:AA:BB:CC:DD:02 thin-client-lobby
This file maps MAC addresses to hostnames. The actual IP addresses are resolved via /etc/hosts or DNS:
# /etc/hosts - hostname to IP mapping
192.168.1.100 workstation01
192.168.1.101 workstation02
192.168.1.102 workstation03
192.168.1.200 printer-floor3
192.168.1.201 thin-client-lobby
RARP's reliance on static configuration files means every new diskless workstation requires manual updates to the RARP server. Adding a new machine involves: (1) determining its MAC address, (2) updating /etc/ethers, (3) updating /etc/hosts, (4) potentially restarting the RARP daemon. This administrative overhead was a major limitation that BOOTP and DHCP later addressed.
Server Redundancy Considerations:
Because RARP is critical for booting diskless workstations, server redundancy is essential. Multiple RARP servers on the same segment provide fault tolerance:
| Scenario | Single Server | Multiple Servers |
|---|---|---|
| Server failure | All clients cannot boot | Other servers respond |
| Server overload | Slow responses, timeouts | Load distributed |
| Database update | All clients affected | Staged rollout possible |
| Network segment | One server per segment | Redundancy per segment |
Handling Multiple Servers:
When multiple RARP servers exist on a segment:
This race condition is intentional—it provides both redundancy and automatic failover without complex coordination protocols.
Server Implementation Details:
The RARP server daemon (typically rarpd on Unix) operates in a tight loop:
while (true) {
1. Receive Ethernet frame with EtherType 0x8035
2. Verify operation code = 3 (RARP Request)
3. Extract Target Hardware Address from frame
4. Look up Target HW Address in /etc/ethers
5. If found:
a. Resolve hostname to IP via /etc/hosts
b. Construct RARP Reply with assigned IP
c. Send unicast reply to requester's MAC
6. If not found:
a. Log (optionally)
b. Ignore (let another server handle it)
}
Implementation Challenges:
The RARP client behavior is implemented in the boot ROM of diskless workstations. Given the extremely limited space in these ROMs (often just a few kilobytes), the client implementation must be minimal yet robust.
Boot ROM RARP Client Algorithm:
1. Initialize network interface
2. Read own MAC address from NIC
3. Construct RARP Request frame
4. Set retry_count = 0
5. While (retry_count < MAX_RETRIES) {
a. Broadcast RARP Request
b. Start timer (e.g., 4 seconds)
c. Wait for RARP Reply
d. If reply received:
- Extract assigned IP address
- Configure local IP stack
- Proceed to next boot phase (TFTP)
- EXIT
e. If timeout:
- retry_count++
- Optionally double wait time (exponential backoff)
}
6. If no reply after MAX_RETRIES:
- Display error
- Halt or retry indefinitely
Timeout and Retry Strategy:
The RARP protocol specification (RFC 903) does not mandate specific timeout values, leaving implementation details to vendors. Common strategies include:
| Strategy | Parameters | Behavior |
|---|---|---|
| Fixed timeout | 4 seconds, 5 retries | Simple but may be too aggressive |
| Exponential backoff | 2s, 4s, 8s, 16s | Reduces network load under congestion |
| Random jitter | ±500ms variation | Prevents synchronized retries |
| Infinite retry | No maximum | Never gives up (common for critical systems) |
Client Implementation Challenges:
Different diskless workstation vendors implemented RARP clients with various quirks. Sun Microsystems workstations, which heavily promoted diskless computing, had well-optimized RARP implementations. Other vendors sometimes had bugs or non-standard behaviors that required careful server configuration. When troubleshooting RARP issues, consulting vendor-specific documentation was often essential.
Post-RARP Boot Process:
Once the client obtains its IP address via RARP, the boot process continues with additional steps that RARP cannot provide:
RARP provides only the IP address—it doesn't supply:
This limitation led diskless workstation vendors to combine RARP with other mechanisms, typically TFTP (Trivial File Transfer Protocol) for downloading boot images, with hard-coded or conventionally-derived server addresses.
While RARP elegantly solved the immediate problem of IP address discovery, it suffered from significant limitations that became increasingly problematic as networks grew in size and complexity. Understanding these limitations explains why RARP was superseded by BOOTP and eventually DHCP.
Fundamental Limitations of RARP:
Scalability Analysis:
Consider a large organization with 100 network segments:
| With RARP | Requirement |
|---|---|
| RARP Servers | At least 100 (one per segment), 200+ for redundancy |
| Configuration Files | 100+ copies of /etc/ethers to maintain |
| Database Sync | Manual synchronization across all servers |
| New Client Setup | Update every relevant server manually |
| IP Reclamation | Manual removal of stale entries |
| Audit Trail | None built-in |
This administrative burden made RARP impractical for large deployments, driving the development of more sophisticated solutions.
RARP's limitations weren't design flaws—they were intentional constraints. The protocol was designed for a specific use case (diskless workstations on local segments) in an era when networks were smaller and simpler. As networking evolved, these constraints became limitations. This is a common pattern in protocol evolution: what works perfectly in one era becomes inadequate as requirements change.
The Layer 2 Constraint:
Perhaps RARP's most significant limitation is its Layer 2 operation. By working at the Ethernet level:
Advantages:
Disadvantages:
This trade-off was acceptable in small networks but became untenable as organizations consolidated servers into central locations while users remained distributed across many segments.
| Feature | RARP | BOOTP | DHCP |
|---|---|---|---|
| Year Introduced | 1984 | 1985 | 1993 |
| Transport Layer | Ethernet (L2) | UDP/IP (L3) | UDP/IP (L3) |
| Crosses Routers | No | Yes (with relay) | Yes (with relay) |
| Configuration Scope | IP only | Full boot config | Full + dynamic |
| Address Allocation | Static only | Static only | Static + dynamic pools |
| Lease Management | None | None | Full lease lifecycle |
| Extensibility | None | Vendor options | Highly extensible |
| Current Status | Obsolete | Largely obsolete | Current standard |
We have covered the complete architecture and operation of Reverse ARP. Let's consolidate the key concepts before moving on to explore RARP's operational details:
What's Next:
In the next page, we will dive deep into RARP's operational mechanics. You will learn the precise sequence of events during a RARP transaction, timing considerations, error handling, and how RARP integrates with the complete diskless boot process. Understanding these operational details is essential for troubleshooting and for appreciating how BOOTP improved upon RARP's foundation.
You now understand the fundamental architecture and purpose of Reverse ARP. You can explain why the protocol was created, how it inverts the ARP concept, its frame format, server requirements, and the limitations that define its scope. Next, we explore the detailed operation of RARP in practice.