IPv4 (Internet Protocol version 4)

Need of Network layer addressing ?

IPv4
Allocation techniques
IPv4 header

OPM

Internet Protocol (IP)

Internet Protocol is layer three protocol used to identify host ,
intermediate devices and different networks uniquely all over the
world during packet transmission.

The internet layer facilitates internetworking, which is the concept of

connecting multiple networks with each other through network
gateways.

OPM

Basic functions of Network layer

For outgoing packets, select the next-hop device (router or
gateway) and transmit the packet to link layer.
For incoming packets, capture packets and pass the packet payload
to the appropriate transport-layer protocol.

OPM

IPv4
IPv4 was described in RFC 791 (September 1981).
IPv4 is a connectionless protocol for use on Packet switched
networks.

It operates on a best effort service model, in that it does not

guarantee delivery, nor does it assure proper sequencing or
avoidance of duplicate delivery. These aspects are addressed by
an transport protocol, such as TCP and UDP.

OPM

IPv4 (cont.)
IPv4 uses 32 bits addresses, which limits the address space
to 4294967296 (232) addresses.
IPv4 address exhaustion (occurred on February 3, 2011)
significantly delayed by following addressing changes such as

Classful network design,

Classless network design (Classless Inter Domain Routing CIDR),
Network Address Translation (NAT).
Dynamic Host Configuration Protocol (DHCP)

OPM

Dotted-decimal notation and binary notation for an IPv4 address

OPM

Private Network IP address

The following three blocks of IP addresses are reserved for use in private networks.

These IP addresses are not routable outside of private networks, and private
machines cannot directly communicate with public networks.
They can, however, do so through network address translation (NAT).

OPM

Some special address blocks

Link-local addressing
special address block 169.254.0.0/16 for link-local addressing, only valid on
links connected to a host . These addresses are not routable so cannot be the source
or destination of packets traversing the internet (public network). These addresses
are primarily used when a host cannot obtain an IP address from a DHCP server or
other internal configuration methods.
Loopback
The class A network 127.0.0.0 (classless network 127.0.0.0/8) is reserved for
loopback. IP packets with source addresses belong to this network never appear
outside a host.
IP packets with source and destination addresses belong to the network (or
subnetwork) of the same loopback interface are returned back to that interface,
hence can be used to check network interface port of a host device.

Addresses ending in 0 or 255

Class C networks in classful networking, and networks with CIDR prefixes /24
to /32 (255.255.255.0255.255.255.255) can not have an address ending in 0 or
255.
OPM
8
In networks except class C, the IP addresses
ending with 0 and 255 can be used.

Classful IP allocation Technique

OPM

Netid and hostid

OPM

10

Number of blocks and block size in classful IPv4 addressing

OPM

11

Classless IP allocation Technique (CIDR)

In IPv4 addressing, a block of

addresses can be defined as
x.y.z.t /n
in which x.y.z.t defines one of the addresses and the /n defines the mask.

OPM

12

Each IP address contains information of Network & Host number

The leftmost n bits (prefix) define the network Number.
The total number of Networks in the block can be found by using the formula 2 n.
The rightmost 32 n bits define the host number.
The total number of host addresses in the block can be found by using the
formula 232n.

OPM

13

Configuration and addresses in a subnetted network

OPM

14

Three-level hierarchy in an IPv4 address

OPM

15

NAT implementation

OPM

16

Addresses in a NAT

OPM

17

NAT address translation

OPM

18

Example: Five-column translation table

OPM

19

IP Datagram Format (with header)

bit # 0

7 8
version

header
length

15 16
ECN

DS

Identification
time-to-live (TTL)

23

total length (in bytes)

0

D M
F F

protocol

Fragment offset
header checksum

source IP address
destination IP address
options (0 to 40 bytes)
payload

4 bytes

24

20 bytes Header Size < 24 x 4 bytes = 60 bytes

20 bytes Total Length < 216 bytes = 65536 bytes
OPM
20

31

IPv4 header fields

Version:- 4 bits field, for IPv4 field value is 4 .
IHL (Internet Header Field):- 4 bits field, which is the number of
32-bit word in the header. this field specifies the size of the header
(this also coincides with the offset to the data). The minimum value
for this field is 5 (RFC 791), which is a length of 532 = 160 bits =
20 bytes. Being a 4-bit value, the maximum length is 15 words
(1532 bits) or 480 bits = 60 bytes.

OPM

21

IPv4 header fields (cont.)

Type of Service (originally defined ):- 8-bits field
Differentiated Services (DS 6-bits defines type of services like control, data,
real-time streaming etc.
Explicit Congestion Notification (ECN 2-bits allows end-to-end notification
of network congestion without dropping packets).

OPM

22

IPv4 header fields (cont.)

Total length : 16-bits field defines the entire packet (fragment) size, including header
and data, in bytes (octet).
The minimum-length packet is 20 bytes (20-byte header + 0 bytes
data) and the maximum is 65,535 bytes the maximum value of a 16bit word.

Identification : uniquely identifies a datagram or must be copied in fragments.

Retransmission of a packet carries the same identification number.
Some experimental work has suggested using the ID field for other
purposes, such as for adding packet-tracing information to help trace
datagrams with spoofed source addresses

OPM

23

IPv4 header fields (cont.)

Flags:- 3-bits field,
used to control or identify fragments. They are (in order, from high order to
low order).
bit 0: Reserved; must be zero.
bit 1: Don't Fragment (DF), set (1) for dont fragment, clear (0) for fragment
bit 2: More Fragments (MF), set (1) for more fragment follows, clear (0) for
no fragment and last fgagment.

Fragment Offset:- 13-bits long field,

measured in units of eight-byte blocks,
specifies the offset of a particular fragment relative to the beginning of the
original un-fragmented IP datagram.
The first fragment has an offset of zero. This allows a maximum offset of
(213 1) 8 = 65,528 bytes, which would exceed the maximum IP packet
length of 65,535 bytes with the header length included (65,528 + 20 = 65,548
bytes).
OPM

24

IPv4 header fields (cont.)

Time To Live (TTL):- 8-bits field
helps prevent datagram from persisting (e.g. going in circles) on an internet.
This field limits a datagram's lifetime.
The field has become a hop-countwhen the datagram arrives at a router, the
router decrements the TTL field by one.
When the TTL field hits zero, the router discards the packet and typically
sends a ICMP time exceeded message to the sender.
The program traceroute uses these ICMP Time Exceeded messages to print
the routers used by packets to go from the source to the destination.
OPM

25

IPv4 header fields (cont.)

Protocol :- 8-bit field
This field defines the protocol (TCP or UDP) used in the data portion of the
IP datagram.

Checksum :- 16-bit field (checksum of 16-bit blocks)

used for error-checking of the header.
Checksum is calculated as 1s complement of sum of 1s complement of all
16-bit blocks of IP header.
When a packet arrives at a router, the router calculates the checksum of the
header and compares it to the checksum field. If the values do not match, the
router discards the packet.
Errors in the data field must be handled by the encapsulated protocol.
When a packet arrives at a router, the router decreases the TTL field.
Consequently, the router must calculate a new checksum.
OPM

26

IPv4 header fields (cont.)

Source address: This field is the IPv4 address of the sender of the packet. This address may
be changed in transit by a Network Address Translation device.

Destination address: This field is the IPv4 address of the receiver of the packet. As with the
source address, this may be changed in transit by a Network Address
Translation device.

OPM

27

IPv4 header fields (cont.)

Options: The options field is not often used.

The list of options may be terminated with an EOL (End Of Option list, 0x00)
option; this is only necessary if there is any option entries in header.
The possible options that can be put in the header are as follows:
Copy (1 bit)

Option class (2 bits)

Option Number (5 bits)

Copy : Set to 1 if the options need to be copied into all fragments of a fragmented packet.
Option Class : options category. 0 is for datagram or network control" options, and 2 is
for "debugging and measurement". 1, and 3 are reserved.

Option Number : value 0 for end of option list, 3 for loose source route, 7 for record
route, 9 for strict source route, 11 for MTU probe, 18 for traceroute program to find
routers along a path etc.

OPM

28

Address spoofing
Sender can put any source address in packets he sends:
Can be used to send undesired return traffic to the spoofed address
Can be used to bypass filters to send undesired traffic to the destination

Reverse Path verification can be used by routers to broadly

catch some spoofers using option field.

OPM

29

Fragmentation
May need to fragment an IP packet if one data link along the way
cannot handle the packet size
Perhaps path is a mix of different Hardwares.
Perhaps unexpected encapsulation makes the packet larger than the source
expected
Hosts try to understand Maximum Transmission Unit (MTU) to avoid the
need for fragmentation (which causes a performance hit)

Any device along the way can fragment (in IPv4 only)

Identification field identifies all elements of the same fragment

Fragmentation stored in the MF (more fragments) and fragment offset fields
Devices can reassemble too
But generally the destination does the reassembly

OPM

30

Basic IPv4 Routing

Static routing. Used by hosts and some firewalls and routers.

Routing table consists of entries of

Networks gateways, Next hop addresses, other routers information etc.

May have routing table per incoming interface

To route a packet, take the destination address and find the best match
network in the table. In case of a tie look at the metric

Use the corresponding next hop address and interface to send the packet on.
The next hop address is on the same link as this device, so you use the next
hops data-link address, e.g. ethernet MAC address

Decrement time to live field in IP header at each hop. Drop packet when
it reaches 0

Attempt to avoid routing loops

TTL fields maximum value is 255.

OPM

31

Source Based Routing

In the IP Options field, can specify a source route
Was conceived of as a way to ensure some traffic could be delivered through
predefined path irrespective of routing tables.

Can be used by the network attacker to avoid security enforcing

devices

OPM

32

Dynamic Routing Protocols

For scaling, discover topology and routing rather than
statically constructing routing tables
Open Shortest Path First (OSPF): Used for routing within an
administrative domain
Traffic diversion by considering current status of a particular path
Border Gateway Protocol (BGP): Used for routing between
administrative domains.

OPM

33