Unit – I Network Layer and Protocols

IP (INTERNET PROTOCOL) Addressing

“IP address is a logical address, 32 bit address having netid & hostid that
uniquely & universally identified over TCP/IP network or local network or to
internet. Messages are routed in a TCP/IP network based on destination IP
address.”
Address Space and Notation:
A protocol like IPv4 that defines addresses has an address space If a protocol
uses b bits to define an address, the address space is 2b because each bit can
have two different values (0 or 1). IPv4 uses 32-bit addresses, which means that
the address space is 232 or 4,294,967,296 (more than four billion). If there were
no restrictions, more than 4 billion devices could be connected to the Internet.
Classful Addressing
The IPv4 addresses are classified into 5 types as follows:
1 Class A
2 Class B
3 Class C
4 Class D
5 Class E

Class A addresses only include IP starting from 1.x.x.x to 126.x.x.x only. The
IP range 127.x.x.x is reserved for loopback IP addresses.
IP Address is divided in to Network Portion and Host Portion

Class A is written as N.H.H.H

Class B is written as N.N.H.H

Class C is written as N.N.N.H

Number
Firs First Netwo Host
Cla of Number of
t Byte rk ID ID
ss Network Hosts
Bits Values Bits Bits
s
 A 0 1 - 126 8 24 126 1,67,77,214
128
B 10 16 16 16,384 65,534
-191
192 - 2,097,15
C 110 24 8 254
223 2
NOH= 2n where n= host ID bits
NON= 2m-i where m = no of network ID bits, i= no of first bits

Private IP Address Range

Clas
Network Address
s
10.0.0.0 through
A
10.255.255.255
172.16.0.0 through
B
172.31.255.255
192.168.0.0 through
Classless C Addressing
192.168.255.255
There are three main problems
with “classful” addressing, which are somewhat related to each other (making
them a bit harder to explain).
1 Lack of Internal Address Flexibility: Big organizations are assigned large,
“monolithic” blocks of addresses that don't match well the structure of their
underlying internal networks. 
2 Inefficient Use of Address Space: The existence of only three block sizes
(classes A, B and C) leads to waste of limited IP address space. 
3 Proliferation of Router Table Entries: As the Internet grows, more and
more entries are required for routers to handle the routing of IP datagrams,
which causes performance problems for routers. Attempting to reduce
inefficient address space allocation leads to even more router table entries.
The Internet authorities announced a new architecture called classless
addressing. In classless addressing, variable-length blocks are used that belong
to no classes.
In classful addressing the whole address space was divided into five classes.
Although each organization was granted one block in class A, B, or C, the size
of the blocks was predefined; the organization needed to choose one of the three
block sizes. The only block in class D and the only block in class E were
reserved for a special purpose.
In classless addressing, the whole address space is divided into variable length
blocks. Theoretically, we can have a block of 20, 21, 22, . . . , 232 addresses. The
only restriction is that the number of addresses in a block needs to be a power of
2. An organization can be granted one block of addresses. Figure shows the
division of the whole address space into nonoverlapping blocks.

Figure: Variable-length blocks in classless addressing

Network Address Translation (NAT)
A technology that can provide the mapping between the private and universal
addresses, and at the same time support virtual private networks, is Network
Address Translation (NAT).
Network Address Translation (NAT) is a process in which one or more local IP
address is translated into one or more Global IP address and vice versa in order
to provide Internet access to the local hosts. Also, it does the translation of port
numbers i.e. masks the port number of the host with another port number, in the
packet that will be routed to destination. It then makes the corresponding entries
of ip address and port number in the NAT table. NAT generally operates on
router or firewall.

Internet Protocol (IP): Datagram Format

IPv4 defines the format of a packet in which the data coming from the upper
layer or other protocols are encapsulated. Packets used by the IP are called
datagrams. Figure shows the IPv4 datagram format. A datagram is a variable-
length packet consisting of two parts: header and payload (data). The header is
20 to 60 bytes in length and contains information essential to routing and
delivery.
Version: The 4-bit version number (VER) field defines the version of
Internet Protocol. (e.g. IPv4).
HLEN: The 4-bit header length (HLEN) field defines the total length of
the datagram header in 4-byte words.
Service Type: The Service Type field is used to set priorities or
precedence for data transmission. The size of the field is 8 bits. This field is
also used to determine the type of service that is required for a particular
application. The priority is set using the first three bits and the service type
is set using the next three bits. The last two bits are reserved for future use.
The Service Type field has two components, Precedence and Types of
Service.
Total Length: This 16-bit field defines the total length (header plus data)
of the IP datagram in bytes. A 16-bit number can define a total length of up
to 65,535.
Total length of the datagram = Length of the header + Length of the data
Identification: If IP packet is fragmented during the transmission, all the
fragments contain same identification number. To identify original IP
packet they belong to.
Flags: As required by the network resources, if IP Packet is too large to
handle, these ‘flags’ tells if they can be fragmented or not. In this 3-bit flag,
the MSB is always set to ‘0’.
Fragment Offset: This offset tells the exact position of the fragment in
the original IP Packet.
Time to Live: To avoid looping in the network, every packet is sent with
some TTL value set, which tells the network how many routers (hops) this
packet can cross. At each hop, its value is decremented by one and when
the value reaches zero, the packet is discarded.
 Protocol: Tells the Network layer at the destination host, to which
Protocol this packet belongs to, i.e. the next level Protocol. For example
protocol number of ICMP is 1, TCP is 6 and UDP is 17.
Header Checksum: This field is used to keep checksum value of entire
header which is then used to check if the packet is received error-free.
Source Address: 32-bit address of the Sender (or source) of the packet.
Destination Address: 32-bit address of the Receiver (or destination) of
the packet.
Options: A datagram header can have up to 40 bytes of options. Options
can be used for network testing and debugging. These options may contain
values for options such as Security, Record Route, Time Stamp, etc.

Fragmentation
IP fragmentation is an Internet Protocol (IP) process that breaks packets into
smaller pieces (fragments), so that the resulting pieces can pass through a link
with a smaller MTU (maximum transmission unit) than the original packet size.
The fragments are reassembled by the receiving host.
Maximum Transfer Unit (MTU)
Each data link layer protocol has its own frame format in most protocols. One
of the fields defined in the format is the maximum size of the data field. In other
words, when a datagram is encapsulated in a frame, the total size of the
datagram must be less than this maximum size, which is defined by the
restrictions imposed by the hardware and
software used in the network (see Figure).

The value of the MTU differs from one physical network protocol to another.
Options.

Protocol MTU
Hyperchannel 65,535
Token
17,914
Ring(16Mbps)
Token
4,464
Ring(4Mbps)
FDDDI 4,352
Ethernet 1,500
X.25 576
PPP 296
Fields Related to Fragmentation
The fields that are related to fragmentation and reassembly of an IP datagram
are the identification, flags, and fragmentation offset fields.
Identification
i. This 16-bit field identifies a datagram originating from the source host. The
combination of the identification and source IP address must uniquely define a
datagram as it leaves the source host.
ii. To guarantee uniqueness, the IP protocol uses a counter to label the
datagrams. The counter is initialized to a positive number.
iii. When the IP protocol sends a datagram, it copies the current value of the
counter to the identification field and increments the counter by one.
iv. As long as the counter is kept in the main memory, uniqueness is guaranteed.
When a datagram is fragmented, the value in the identification field is copied
into all fragments.
v. In other words, all fragments have the same identification number, which is
also the same as the original datagram.
vi. The identification number helps the destination in reassembling the
datagram. It knows that all fragments having the same identification value
should be assembled into one datagram.
Flags
i. This is a three-bit field. The first bit is reserved (not used). The second bit is
called the do not fragment bit.
ii. If its value is 1, the machine must not fragment the datagram. If it cannot
pass the datagram through any available physical network, it discards the
datagram and sends an ICMP error message to the source host. If its value is 0,
the datagram can be fragmented if necessary.
iii. The third bit is called the more fragment bit.
iv. If its value is 1, it means the datagram is not the last fragment; there are
more fragments after this one. If its value is 0, it means this is the last or only
fragment.

Fragmentation offset
i. This 13-bit field shows the relative position of this fragment with respect to
the whole datagram.
ii. It is the offset of the data in the original datagram measured in units of 8
bytes. Figure shows a datagram with a data size of 4000 bytes fragmented into
three fragments. The bytes in the original datagram are numbered 0 to 3999.
The first fragment carries bytes 0 to 1399.
iii. The offset for this datagram is 0/8= 0. The second fragment carries bytes
1400 to 2799; the offset value for this fragment is 1400/8= 175.
iv. Finally, the third fragment carries bytes 2800 to 3999. The offset value for
this fragment is 2800/8= 350.

Options
The header of the IP datagram is made of two parts: a fixed part and a variable
part. The
fixed part is 20 bytes long. The variable part comprises the options, which can
be a maximum of 40 bytes.
Options are not required for a datagram. They can be used for network testing
and debugging. Although options are not a required part of the IP header, option
processing is required of the IP software. This means that all implementations
must be able to handle options if they are present in the header.

Type
The type field is 8 bits long and contains three subfields: copy, class, and
number.
❑ Copy. This 1-bit subfield controls the presence of the option in
fragmentation.
When its value is 0, it means that the option must be copied only to the first
fragment.
If its value
is 1, it means the option must be copied to all fragments.
❑ Class. This 2-bit subfield defines the general purpose of the option. When its
value
is 00, it means that the option is used for datagram control. When its value is 10,
it
means that the option is used for debugging and management. The other two
possible
values (01 and 11) have not yet been defined.
❑ Number. This 5-bit subfield defines the type of option. Although 5 bits can
define
up to 32 different types, currently only 6 types are in use.
0 - Special case indicating the end of the option list, in this case the option field
is just one octet as no length or data fields are present.
1 - No Operation, again the option field is just one octet with no length or data
fields.
3 - Loose Source Routing which is IP routing based on information supplied by
the source station where the routers can forward the datagram to any number of
intermediate routers in order to get to the destination.
4 - Internet Timestamp. A timestamp option is used to record the time of
datagram processing by a router.
7 - Record Route records the route that a datagram takes.
9 - Strict Source Routing which is IP routing based on information supplied by
the source station where the routers can only forward the datagram to a directly
connected router in order to get to the next hop indicated in the source route
path.
Length
The length field defines the total length of the option including the type field and
the length field itself. This field is not present in all of the option types.
Value
The value field contains the data that specific options require. Like the length
field, this
field is also not present in all option types.
ICMPv4:
ICMP (Internet Control Message Protocol) is an error-reporting protocol
network devices like routers use to generate error messages to the source IP
address when network problems prevent delivery of IP packets. ICMP creates
and sends messages to the source IP address indicating that a gateway to the
Internet that a router, service or host cannot be reached for packet delivery. Any
IP network device has the capability to send, receive or process ICMP
messages.
The value of the protocol field in the IP datagram is 1 to indicate that the IP data
is an ICMP message.

Figure: ICMP encapsulation

Messages
ICMP messages are divided into two broad categories: error-reporting messages
and query messages.
The error-reporting messages report problems that a router or a host
(destination) may encounter when it processes an IP packet. The query
messages, which occur in pairs, help a host or a network manager get specific
information from a router or another host.
For example, nodes can discover their neighbours. Also, hosts can discover and
learn about routers on their network and routers can help a node redirect its
messages.

Table: ICMP messages

An ICMP message has an 8-byte header and a variable-size data section.
Although the
general format of the header is different for each message type, the first 4 bytes
are common to all. As Figure shows, the first field, ICMP type, defines the type
of the message. The code field specifies the reason for the particular message
type. The last common field is the checksum field. The rest of the header is
specific for each message type.
The data section in error messages carries information for finding the original
packet that had the error. In query messages, the data section carries extra
information based on the type of the query.

Figure: General format of ICMP messages

Debugging Tools
There are several tools that can be used in the Internet for debugging. We can
find if a host or router is alive and running. We can trace the route of a packet.
We introduce two tools that use ICMP for debugging: ping and traceroute

Ping:
Ping is a computer network administration software utility used to test the
reachability of a host on an Internet Protocol (IP) network.
Ping operates by sending Internet Control Message Protocol (ICMP) echo
request packets to the target host and waiting for an ICMP echo reply. The
program reports errors, packet loss, and a statistical summary of the results,
typically including the minimum, maximum, the mean round-trip times, and
standard deviation of the mean.
Traceroute:
The traceroute program in UNIX or tracert in Windows can be used to trace the
route
of a packet from the source to the destination.
The traceroute command uses ICMP Time Exceeded messages to trace a
network route. As the Time to Live field is used in IP to avoid routing loops:
every time a packet passes through a router, the router decrements the TTL
field. If the TTL reaches zero, the router drops the packet and sends an ICMP
Time Exceeded message to the original sender.
The client then sends a packet with a TTL of 2 to the server. Router A
decrements the TTL to 1 and passes the packet to router B. Router B
decrements the TTL to 0, drops it, and sends an ICMP Time Exceeded message
to the client. Router B is now identified. This process continues until the server
is reached, as shown in Figure, identifying all routers along the route.
 Figure: Traceroute
ICMP Checksum
The error detection method used by most TCP/IP protocols is called the
checksum.
The checksum protects against the corruption that may occur during the
transmission of a packet. It is redundant information added to the packet.
The checksum is calculated at the sender and the value obtained is sent with the
packet. The receiver repeats the same calculation on the whole packet including
the checksum. If the result is satisfactory, the packet is accepted; otherwise, it is
rejected.
In ICMP the checksum is calculated over the entire message (header and data).
Checksum Calculation
The sender follows these steps using one’s complement arithmetic:
1. The checksum field is set to zero.
2. The sum of all the 16-bit words (header and data) is calculated.
3. The sum is complemented to get the checksum.
4. The checksum is stored in the checksum field.
Checksum Testing
The receiver follows these steps using one’s complement arithmetic:
1. The sum of all words (header and data) is calculated.
2. The sum is complemented.
3. If the result obtained in step 2 is 16 0s, the message is accepted; otherwise, it
is rejected.

Figure: Example of checksum calculation

Mobile IP:
A. Addressing
 Mobile IP is a communication protocol (created by extending Internet Protocol,
IP) that allows the users to move from one network to another with the same IP
address. It ensures that the communication will continue without user’s sessions
or connections being dropped.
a) Stationary Hosts
The original IP addressing was based on the assumption that a host is stationary,
attached to one specific network. A router uses an IP address to route an IP
datagram.
b)Mobile Hosts
When a host moves from one network to another, the IP addressing structure
needs to
be modified. Several solutions have been proposed.
i. Changing the Address
One simple solution is to let the mobile host change its address as it goes to the
new
network. The host can use DHCP to obtain a new address to associate it with the
new network.
This approach has several drawbacks.
First, the configuration files would need to be changed.
Second, each time the computer moves from one network to another, it must be
rebooted. Third, the DNS tables need to be revised so that every other host in
the Internet is aware of the change.
Fourth, if the host roams from one network to another during a transmission, the
data exchange will be interrupted. This is because the ports and IP addresses of
the client and the server must remain constant for the duration of the
connection.
ii. Two Addresses
The approach that is more feasible is the use of two addresses. The host has its
original
address, called the home address, and a temporary address, called the care-of
address.
The home address is permanent; it associates the host to its home network, the
network
that is the permanent home of the host. The care-of address is temporary. When
a host moves from one network to another, the care-of address changes; it is
associated with the foreign network, the network to which the host moves.
Figure shows the concept.
 Figure: - Home address and care-of address

B.Agents,
To make the change of address transparent to the rest of the Internet requires a
Home Agent and a Foreign Agent.
Figure shows the position of a Home Agent relative to the Home Network and a
Foreign Agent relative to the Foreign Network.

Figure: - Home agent and foreign agent

Home Agent
The home agent is usually a router attached to the home network of the mobile
host.
The home agent acts on behalf of the mobile host when a remote host sends a
packet to
the mobile host. The home agent receives the packet and sends it to the foreign
agent.
Foreign Agent
The foreign agent is usually a router attached to the foreign network. The
foreign agent receives and delivers packets sent by the home agent to the mobile
host.
The mobile host can also act as a foreign agent. In other words, the mobile host
and the foreign agent can be the same.
When the mobile host and the foreign agent are the same, the care-of address is
called a colocated care-of address.
C. Three Phases
To communicate with a remote host, a mobile host goes through three phases:
agent discovery, registration, and data transfer, as shown in Figure.
The first phase, agent discovery, involves the mobile host, the foreign agent, and
the home agent. The second phase, registration, also involves the mobile host
and the two agents. Finally, in the third phase, the remote host is also involved.
 Figure: - Remote host and mobile host communication
a) Agent Discovery
The first phase in mobile communication, agent discovery, consists of two
subphases. A mobile host must discover (learn the address of) a home agent
before it leaves its home network. A mobile host must also discover a foreign
agent after it has moved to a foreign network. This discovery consists of
learning the care-of address as well as the foreign agent’s address. The
discovery involves two types of messages: advertisement and solicitation.

Agent Advertisement
When a router advertises its presence on a network using an ICMP router
advertisement, it can append an agent advertisement to the packet if it acts as an
agent.
Mobile IP does not use a new packet type for agent advertisement; it uses the
router advertisement packet of ICMP, and appends an agent advertisement
message.
Agent Solicitation
When a mobile host has moved to a new network and has not received agent
advertisements, it can initiate an agent solicitation. It can use the ICMP
solicitation message to inform an agent that it needs assistance.
Mobile IP does not use a new packet type for agent solicitation; it uses the
router solicitation packet of ICMP.
b)Registration
Mobile node after discovering the foreign agent, sends registration request
(RREQ) to the foreign agent. Foreign agent in turn, sends the registration
request to the home agent with the care-of-address. Home agent sends
registration reply (RREP) to the foreign agent. Then it forwards the registration
reply to the mobile node and completes the process of registration.
c) Data transfer
The Mobile Node sends packets using its home IP address, effectively
maintaining the appearance that it is always on its home network. Even while
the Mobile Node is roaming on foreign networks, its movements are transparent
to correspondent nodes.
Data packets addressed to the Mobile Node are routed to its home network,
where the Home Agent now intercepts and tunnels them to the care-of address
toward the Mobile Node. Tunneling has two primary functions: encapsulation
of the data packet to reach the tunnel endpoint, and decapsulation when the
packet is delivered at that endpoint. The default tunnel mode is IP
Encapsulation within IP Encapsulation. Optionally, Generic Routing
Encapsulation (GRE) and minimal encapsulation within IP may be used.
Typically, the Mobile Node sends packets to the Foreign Agent, which routes
them to their final destination, the Correspondent Node, as shown in Figure.

Figure: - Data transfer

D. Inefficiency in Mobile IP
Communication involving mobile IP can be inefficient. The inefficiency can be
severe
or moderate. The severe case is called double crossing or 2X. The moderate
case is called triangle routing or dog-leg routing.
Double Crossing
Double crossing occurs when a remote host communicates with a mobile host
that has
moved to the same network (or site) as the remote host (see Figure).

Figure: - Double crossing

When the mobile host sends a packet to the remote host, there is no inefficiency;
the communication is local. However, when the remote host sends a packet to
the mobile host, the packet crosses the Internet twice. Since a computer usually
communicates with other local computers (principle of locality), the inefficiency
from double crossing is significant.
Triangle Routing
Triangle routing, the less severe case, occurs when the remote host
communicates with a mobile host that is not attached to the same network (or
site) as the mobile host. When the mobile host sends a packet to the remote
host, there is no inefficiency. However, when the remote host sends a packet to
the mobile host, the packet goes from the remote host to the home agent and
then to the mobile host. The packet travels the two sides of a triangle, instead of
just one side (see Figure).

Figure: -Triangle routing

Virtual Private Network: VPN Technology
One of the applications of IPsec is in virtual private networks. A virtual private
network (VPN) is a technology that is gaining popularity among large
organizations that use the global Internet for both intra- and inter-organization
communication, but require privacy
in their intra-organization communication. VPN is a network that is private but
virtual. It
is private because it guarantees privacy inside the organization. It is virtual
because it
does not use real private WANs; the network is physically public but virtually
private.
Figure shows the idea of a virtual private network. Routers R1 and R2 use VPN
technology to guarantee privacy for the organization. VPN technology uses ESP
protocol of IPSec in the tunnel mode. A private datagram, including the header,
is encapsulated in an ESP (Encapsulating Security Payload) packet. The router
at the border of the sending site uses its own IP address and the address of the
router at the destination site in the new datagram. The public network (Internet)
is responsible for carrying the packet from R1 to R2. Outsiders cannot decipher
the contents of the packet or the source and destination addresses. Deciphering
takes place at R2, which finds the destination address of the packet and delivers
it.

Fig: - Virtual private network

Additional Notes
 Figure: - Mobile IP supports the ability of nodes to change their point of
network attachment and keep network connections operating. The mobile
node’s home agent helps to forward traffic for mobiles it serves and also plays a
role in route optimization, which can substantially improve routing performance
by allowing mobile and correspondent nodes to communicate directly.

Mobile Node (MN):

It is the hand-held communication device that the user caries e.g. Cell phone.
Home Network:
It is a network to which the mobile node originally belongs to as per its assigned
IP address (home address).
Home Agent (HA):
It is a router in home network to which the mobile node was originally
connected
Home Address:
It is the permanent IP address assigned to the mobile node (within its home
network).
Foreign Network:
It is the current network to which the mobile node is visiting (away from its
home network).
Foreign Agent (FA):
It is a router in foreign network to which mobile node is currently connected.
The packets from the home agent are sent to the foreign agent which delivers it
to the mobile node.
Correspondent Node (CN):
It is a device on the internet communicating to the mobile node.
Care of Address (COA):
It is the temporary address used by a mobile node while it is moving away from
its home network.