CHAPTER 4: NETWORK LAYER
Functions:
 Path determination: route taken by packets from source to
destination (Routing Algorithms)
 Forwarding: move packets from router’s input to appropriate
router output
 Call setup: some n/w architectures require router call setup
along the path before data flows
Local Area Network (LAN) - A network of computers and devices
located close to each other. Local Area Network - A computer
communications system limited to no more than a few miles and
using high-speed connections (2 to 100 megabits per second). A
short-haul communications system that connects network devices
in a building or group of buildings within a few square kilometers,
including workstations, front-end processors, controllers, switches,
and gateways.
Network Server and Workstation
A central computer in a network that contains the programs the
various workstations share is called Network Server. A program
which provides service to a user (human being) by responding to
requests from other programs (clients) is called server. This term is
also used to refer to the actual computer system on which the
server program runs. An end system that run applications and relies
on the servers for files, devices, and sometimes processing power is
Workstation.
Fig: Client-Server architecture
So server is a powerful computer that manages network resources.
There are many types of servers:
 File server - Stores files.
 Print server - Manages printers.
 Network server - Manages network traffic.
 Database server - Manages data queries.
 Proxy server - A server that manages traffic between a
client application, such as a web browser, and a real
server. It looks at requests from the client application
and either fulfills them or forwards them to the real
server. Proxy servers can be used to save time in
fulfilling certain requests and to filter network traffic.
 Secure server - A web server that uses a web security
protocol, such as SSL.
All of the computers connected to the server on a network are
called workstations. A typical workstation is a computer that is
configured with a network interface card, networking software, and
the appropriate cables. Workstations do not necessarily need floppy
disk drives or hard drives because files can be saved on the file
server. Almost any computer can serve as a network workstation.
Hub
A Hub connects all the nodes of a network using Twisted Pair (UTP
or STP) cables. In a Hub, the signals received on one port are
transmitted to all other ports, and vice versa. All nodes (work
stations) connected using a Hub can listen to one another all the
time. The advantage of using a Hub is low cost, and easy
integration. The disadvantage is reduced bandwidth, and data
security. The reduction in bandwidth comes due to the fact that all
workstations are in the same collision domain. If two or more
workstations try to transmit during the same time, it results in
collision of signals, and the signals are lost altogether. As a result,
the available bandwidth of the Ethernet network is reduced. Hub is
layer 1 device and sometimes treated as multiport repeater.
A 4-port Hub
Switch
A Switch, on the other hand, does not distribute signals without
verifying whether it really needs to propagate to a given port or
ports. It decides it based on its internal configuration settings. We
can say that a Switch is a Hub with some intelligence. Normally
switch is layer 2 device and works based on physical (MAC) address.
Switch provides one to one path between each port, so date send
by one device in one port is transmitted only to port that is
connected to destination device. So it breaks collision domain and
provides full bandwidth to each host, not like dividing bandwidth as
Hub.
48-port Switch
Bridge:
A Bridge functions very similar to a Switch, sometimes also called 2-
port switch. It segments a given network according to the
requirements. Segmentation using a Bridge enables keeping un-
intended traffic from entering different segments of a network.
Both Bridge and Switch are OSI layer-2 devices. Bridges filter traffic
based on the destination address of the frame. If a frame's
destination is a node on the same segment where it originated, it is
not forwarded. If it is destined for a node on another LAN, it is
connected to corresponding bridge port and forwarded to that port.
Types of Bridges:
 Fixed point bridge:
It is the primitive type of bridge in which the lookup tables for
each port on the bridges are defined previously before setting
connection to the network. The lookup table will contain the
address of each computer in the LAN that will be posted at the
corresponding ports. So, when data packet arrives at a port on a
bridge, it will search for the destination address that will be
provided by the incoming packet. When the bridge figures out
the matching destination MAC address and the port it is located
at, the incoming packets are forwarded through the destination
ports.
Since the lookup table are defined manually prior to the network
connection, the bridge cannot identify the new addresses that
come online when the connection us operating. So the new
computers that are added later cannot communicate through
the bridge. The bridge cannot update the lookup table whenever
a computer on the network goes down.
 Transparent Bridge:  Remote Access Bridge:
These are the advancement over fixed point bridges. They can These are the bridges that are used in multiple connection and
update the lookup table dynamically. At first, the lookup tables they connect two LANs that are geographically distant away.
are empty. So, whenever first data packet comes into the bridge, There is point-to-point link between two bridges rather than a
it stores the source address at the incoming port and forwards LAN connecting them as in case of routing bridges.
the packet to all other ports. Doing so, when the destination
address matches to a host in the network, it will receive the
message and all other hosts will simply discard it. The process
keeps on continuing, and the bridge keeps on updating the
lookup table. So once all the addresses are defined on the table,
the bridge needs only to search for destination address on the
table and soon as it determines the port, the incoming data
packets are forwarded to that port only.
This bridge overcomes the demerits of fixed point bridge. When
the new computer comes online, its address can’t be found on
any lookup table. Then it will forward packets to all the ports.
New address addition process is same as explained above.
Moreover, when a host is down in the network, its address gets
removed from the table, when it doesn’t reply for the echo
packets sent by bridges for a long time.
Router
 Routing Bridge:
These bridges are useful for multiple bridge connection. There A Router connects multiple networks, and uses routing to forward
are multiple bridges between source and destination. The routes packets. It is an OSI Layer-3 device and works on the logical address
for packets will be chosen the path that is optimum. There may of a host or a node. Compare this with a Switch which works on the
be different LANs in between source and destination. physical address (such as MAC address) of a host or a node. A
When any bridge goes down between the LANs, still simple DSL router is shown in the figure below.
communication is possible.
 Header (20-60 bytes) data
0-65536 bytes
Fig: IP Datagram

VER HLEN DS (8) Total length (16)

(4) (4)
Identification (16) Flags Fragmentation offset
(3) (13)
TTL (8) Protocol (8) Header checksum (16)
Source address (32)
Destination address (32)
Fig: DSL Router Options (16) Padding (16)

Gateways: Fig: IPV4 header format

Gateways are the most complex devices with respect to the VER: version number-4
functionality. They typically work at the upper most layers of OSI HLEN: header length
model. A gateway is used to connect two different environments, DS: differentiated service
such as a Frame-Relay network and an X.25 network. TTL: time to live
Fragmentation offset: relative positioning of fragments
Repeater - Regenerates signals between similar networks. It works Total length: total size of packet including header length
at the Physical Layer of the OSI model.

Internet Protocol (IPV4):

IP Classes:
 Unreliable and connectionless datagram protocol.
 A best effort delivery service: best effort means no error and
flow control but it has error detection mechanism.
 Host-to-host network layer protocol for the internet.
 If reliability is important, IPV4 must be paired with a reliable
protocol such as TCP.
 Class B:
The class B address was designed to support the needs of moderate
to large sized networks.
Network bits: 14
Total number of networks: 214=16384
Host bits: 16
Total number of hosts: 216=65536
Total number of computers that can be connected:
16384*65536=1073741824

Class C:
The class C address space is the most commonly used of the original
address classes. This address space was intended to support small
networks with a maximum of 254 hosts.
Network bits: 21
Total number of networks: 221=2097152
Host bits: 8
Total number of hosts: 28=256
Total number of computers that can be connected:
2097152*256=536870912

Class D:
The class D address was created to enable multicasting in an IP
address. A multicast address is a unique network that directs
packets with that destination address to predefined groups of IP
Class A: addresses. Thus, a single station can simultaneously transmit a
The class A address was designed to support extremely large single stream of data to multiple recipients.
networks.
Network bits: 7 Class E:
Total number of networks: 27=128 Class E address has been defined. However, the IETF has reserved
Host bits: 24 these addresses for its own research. Thus, no class E address has
Total number of hosts: 224=16777216 been released for use in internet.
Total number of computers that can be connected:
128*16777216=2147483648
Netid Hostid b) 192.168.1.0/25:
Specific All 0s Network Address 11111111 11111111 11111111 10000000
Specific All 1s Direct broadcast Address No. of usable IP addresses: 27-2=126
All 1s Limited broadcast address
Loop back Address c) 192.168.1.0/31:
127.anything
11111111 11111111 11111111 11111110
No. of usable IP addresses: 21-2=0 (No hosts possible)
Subnetting: Subnet mask:
 A subnetwork, or subnet, is a logically visible subdivision of an IP A subnet mask is a 32-bit number that masks an IP address, and
Network. The practice of dividing a network into two or more divides the IP address into network address and host address.
networks is called subnetting. Subnet mask is made by setting network bits to all 1’s and setting
 All computers that belong to a subnet are addresses with a host bit to all 0’s. Within a given network, two host addresses are
common, identical, most significant bit group in their IP address. reserved for special purpose. The ‘0’ address is assigned a network
This results in the logical division of an IP address into two fields, address, and ‘255’ is assigned to a broadcast address, and they
a network or routing prefix and the rest field or host identifier. cannot be assigned to hosts.
The rest field is an identifier for specific host or network
interface. CIDR (Classless Inter Domain Routing):
CIDR was introduced in 1993 replacing the previous generation of IP
Address Bits for subnet mask n/w prefix address syntax- classful networks. CIDR allowed for more efficient
Class use of IPV4 address space and prefix aggregation, known as route
A 11111111 00000000 00000000 00000000 /8 summarization or supernetting.
B 11111111 11111111 00000000 00000000 /16 CIDR allows routers to group routes together to reduce the bulk of
C 11111111 11111111 11111111 00000000 /24 routing information carried by core routers. With CIDR, IP addresses
Benefits of subnetting: and their subnet mask are written as four octets, separated by
 Reduced network traffic periods, followed by a forward slash and a two-digit number that
 Simplified management represents the network mask.
 Smaller broadcast domains Example:
 10.1.1.0/30
Q. Calculate subnet mask and number of usable IP addresses.  172.16.1.16/28
a) 192.168.1.0/24:  192.168.1.32/27
11111111 11111111 11111111 00000000
No. of usable IP addresses: 28-2=254
NAT (Network Address Translation): The routing decisions change to reflect changes in the topology, and
NAT is the process where a network device, usually a firewall, usually the traffic as well. Adaptive algorithms differ in where they
assigns a public address to a computer (or group of computers) get their information (e.g. locally, from adjacent routers, or from all
inside a private network. The main use of NAT is to limit the number routers).
of public IP address and organization or company must use, for both
economy and security purpose. Routing Algorithms:
 The Optimality Principle
 Shortest Path Algorithm
 Flooding
 Distance Vector Routing
 Link State Routing
 Hierarchical Routing
 Broadcast Routing
 Multicast Routing
 Routing for Mobile Hosts
 Routing in Ad Hoc Networks

Fig: placement and operation of NAT box Routing Algorithms Goals:

Example:
The packet having the private address is passed through a
NAT box that converts the internal IP source address 10.10.0.1 into
company’s true IP address 202.213.76.5.
Routing Algorithm:
The routing algorithm is the part of the network layer software
responsible for deciding which output line an incoming packet
should be transmitted on. There are two techniques of routing:
 Static routing:
The choice of the route to use to get from I to J (for all I and J) is
computed in advance, off-line, and downloaded to the routers when
the network is booked.
 Dynamic routing:
 Optimization
This is the capability of routing algorithm to select the best route.
 Simplicity and Low Overhead
The simpler the algorithm, the more efficiently it will be processed
by the CPU and memory in the router.
 Robustness and Stability
A routing algorithm should work correctly when confronted by
unusual or unforeseen circumstances, such as hardware failures,
high load conditions, and implementation errors.
 Flexibility
A routing algorithm should quickly adapt to a variety of network
changes which include router availability, router memory, changes
in bandwidth and network delay.
 Rapid Convergence
Convergence is the process of agreement by all routers on available
routes. When a network event causes changes in router availability,
updates are needed to reestablish network connectivity. Routing
algorithms that converge slowly can cause data to be undeliverable.

The Optimality Principle:

It states that if router J is on the optimal path from router I to router
K, then the optimal path from J to K also falls along the same route.

Fig: The first 5 steps used in computing the shortest path from A to
D. The arrows indicate the working node.

Flooding:
 A static algorithm.
A subnet A sink tree for router B  Every incoming packet is sent out on every outgoing line except
the one it arrived on.
 Generates vast numbers of duplicate packets, in fact, an infinite
number unless some measures are taken to damp the process.
 One such measure is to have a hop counter contained in the
Shortest Path Routing: header of each packet, which is decremented at each hop, with
the packet being discarded when the counter reaches zero.
 Used in peer to peer system (file sharing).

Distance Vector Routing:

 It operates by having each router maintain a table (i.e. a vector)
giving the best known distance to each destination and which
line to use to get there.
 These tables are updated by exchanging information with the
neighbors.
 Also called Bellman-Ford routing algorithm.
 The router is assumed to know the distance to each of its
neighbors. If the metric is hops, the distance is just one hop.
Link State Routing:
 Link state routing has full knowledge of network.
 Each node maintains the full graph by collecting the updates
from all other nodes.
 Each node the independently calculates the next best logical
path from it to every possible destination in the network.
 Routers receive topology information from their neighbor router
via link state advertisements (LSA).
 Use Dijkstra’s shortest path algorithm to determine the optimal
paths.
 Link state protocols don’t have to constantly resend their entire
LSAs instead they can send small hello LSAs to let their neighbor
routers know they are still alive.
 Each routers must do the following:
 Discover its neighbors, learn their network address.
 Measure the delay or cost to each of its neighbors.
 Construct a packet telling all it has just learned.
 Send this packet to all other routers.
 Compute the shortest path to every other router.
Routing Protocols:
1. ARP (Address Resolution Protocol):
Fig: three interconnected /24 networks: 2 ethernets and an FDDI ring
ARP is the protocol for mapping IP to MAC addresses. It can
automatically obtain MAC addresses for local transmission. Some
devices keep tables that contain MAC addresses and IP addresses
 of other devices that are connected to the same LAN. These are  The ICMP message types are:
 Destination unreachable: to announce n/w errors

Error reporting
called ARP tables. These tables are stored in RAM, where cached
information is maintained automatically on each of the devices.  Time exceeded: to announce timeouts
Each device on a network maintains its own ARP table. When a  Parameter problems: missing part of datagram
network device wants to send data across the network, it uses  Source quench: to announce n/w congestion
information provided by the ARP table.  Redirect
 ECHO and ECHO REPLY: to assist troubleshooting
When a source determines the IP address for a destination, it  Timestamp request and reply
then consults the ARP table in order to locate the MAC address  Address mask request and reply
for the destination. If the source locates the entry in its table,
destination IP address to destination MAC address, it will
associate the IP address to the MAC address and then uses it to
encapsulate the data. The data packet is then sent out over the
networking media to be picked up by the destination device.

2. RARP (Reverse Address Resolution Protocol):

It associates the known MAC address with an IP address, which
allows network devices to encapsulate data before sending data Fig: ICMP header format
out on the network. RARP allows the device that knows its MAC Type: type of message
address but not its IP address, to make a request to learn its IP Code: subtype of message
address. Devices using RARP require that a RARP server be Checksum: 1’s complement computed over entire ICMP message
present on the network to answer RARP requests. (except for the checksum field itself, which is set to
0)
3. ICMP (Internet Control Message Protocol): Data: depends on the type and code
 The ICMP provides a means for transferring message from Type Code description
routers and other hosts to a host. 0 0 echo reply (ping)
3 0 dest. network unreachable
 ICMP provides feedback about problems in the communication 3 1 dest host unreachable
environment. 3 2 dest protocol unreachable
 It sends messages and these messages are divided into two 3 3 dest port unreachable
types: Error reporting and Query message. 3 6 dest network unknown
3 7 dest host unknown
 The ICMP is design to compensate for the above two deficiencies 4 0 source quench (congestion
of IP. control - not used)
8 0 echo request (ping)
9 0 route advertisement
10 0 router discovery
11 0 TTL expired
12 0 bad IP header
4.RIP (Routing Information Protocol): D’s table after A’s advertisement
 Distance vector type scheme Dest. Net. Next router N hops
 Included in BSD-UNIX Distribution in 1982 1 A 2
 Distance metric: # of hops (max. 15 hops) 20 B 2
 Distance vector: exchanged every 30 sec via a Response Message 30 A 5
(also called Advertisement) … … …
 Each Advertisement contains up to 25 destination nets
RIP: Link failure and recovery
Example:  If no advertisement heard after 180 sec, neighbor/link is
Routers labeled A, B, C, D, … assumed to be dead
Networks labeled 1, 10, 20, 30, ….  Routes via the neighbor are invalidated; new
advertisements sent to neighbors
 Neighbors in turn send out new ads if their tables are
changed
 Link failure info quickly propagates to the entire net

4. OSPF (Open Shortest Path First):

 Open: publicly available protocol (IETF)
 Uses the link state algorithm, i.e.
D’s table before A’s advertisement  Link state packet dissemination
Dest. Net. Next router N hops  Topology map at each node
 Route computation using the Dijkstra’s algorithm
1 A 2
20 B 2  OSPF advertisement carries one entry per neighbor router (gives
link state)
30 B 7
 Ads disseminated to the entire Autonomous Systems (via
10 -- 1
flooding)
… … …
OSPF advanced features (not in RIP)
A’s advertisement
 Security: all OSPF message are authenticated; TCP connections
Dest. Net. Next router N hops
used
30 C 4
 Multiple same-cost paths allowed
1 -- 1
 Multiple cost metrics for different TOS for each link
10 -- 1
 Integrated uni- and multicast support: Multicast OSPF (MOSPF)
… … …
uses the same topology database as OSPF
 Hierarchical OSPF in single AS (large routing domain)

5. BGP (Border Gateway Protocol):

 Peers exchange BGP messages using TCP
 BGP defines four types of messages:
 OPEN: opens a TCP connection to peer and authenticates
sender
 UPDATE: advertises new path (or withdraws old)
 KEEP ALIVE: keeps connection alive in absence of UPDATES;
also serves as ACK to an OPEN request
 NOTIFICATION: reports errors in previous message; also used
to close a connection

6. DHCP (Dynamic Host Configuration Protocol):

Fig: operation of DHCP