Chapter 4

Network Layer
Introduction
The role of the network layer is simple—to move packets from a sending host to a
receiving host. To do so, two important network-layer functions can be identified:
• Forwarding: When a packet arrives at a router’s input link, the router must
move the packet to the appropriate output link. For example, a packet arriving
from Host H1 to Router R1 must be forwarded to the next router on a path to H2.
• Routing: The network layer must determine the route or path taken by packets
as they flow from a sender to a receiver. The algorithms that calculate these paths
are referred to as routing algorithms. A routing algorithm would determine, for
example, the path along which packets flow from H1 to H2.
The network layer has mainly three components:
1. IP Protocol: The Internet Protocol (IP) is the method or protocol by which data
is sent from one computer to another on the Internet.
2. Routing Component: The second major component is the routing component,

which determines the path a datagram follows from source to destination. This is
done by using appropriate internet routing protocols such as RIP, OSPF etc.
3. Error and Information reporting component: The final component of the

network layer is a facility to report errors in datagrams and respond to requests
for certain network-layer information. Internet Control Message Protocol (ICMP)
is the protocol used for this purpose.
Internetworking:
Internetworking is the process of connecting different networks by using

intermediate devices such as routers or gateway devices. Internetworking ensures
data communication using different routing protocols.
By: Er. Saurav Raj Pant, IOE – TU

Internetworking Devices:
Repeaters:
Repeaters are the devices that amplify and regenerate the signals to ensure
that the data is not lost during the transmission. A repeater receives a signal and
before it becomes too weak or corrupted, regenerates the original bit pattern.
Repeater is not an amplifier because an amplifier simply amplifies the entire
signal along with noise. Repeater regenerates the original signals and removes the
noise. A repeater operates at physical layer of OSI model.
Hub (Multiport Repeater):
Hub is a connecting device that allows connecting 2 or more hosts (clients)

in a network. It is basically used for connecting stations in a physical star topology.
A hub has multiple input and output ports. Whenever a signal is sent by any
station to the hub, it simply forwards the signals to all the other remaining ports
except the original incoming port. Hub is a physical layer devices of the OSI
model.
Types:
 Passive Hub
o A passive hub simply combines the signals of the network
segments.
o There is no signal processing or regeneration.
 Active Hub:
o They are like passive hub but they have electronic components
for regeneration and amplification of signals.
o Active hubs have their own power supply and are expensive
than passive hub.
 Intelligent Hub:
o It work like active hubs and include remote management
capabilities.

o They also provide flexible data rates to network devices.
o It also enables an administrator to monitor the traffic passing
through the hub and to configure each port in the hub.
Fig: Use of Hub in a star topology
Bridges:
A device used to connect similar LANs is a bridge. A router can also do that
but it is a more general- purpose device, capable of interconnecting a variety of
LANs and WANs. The bridge is designed to use between local area networks that
use identical protocols for the physical and link layers. Because the devices all use
the same protocols, the amount of processing required at the bridge is minimal.
By use of a bridge between two (or more) LANs, it appears to all stations on
the two or more LANs that there is a single LAN on which each station has a
unique address.

Classification of bridges:
 Transparent Bridge:
Transparent bridge is the bridge in which the stations are not

at all aware of the existence of the bridges. Transparent bridge
keeps a table of addresses in memory to determine where to
send data.
 Routing Bridge:
In routing bridge, a sending station defines the bridge that
must be visited by the frame. The addresses of these bridges
are included in the frame. Hence a frame contains not only the
source and destination addresses but also the bridge address.
Thus we see that, in the general case, the bridge must be equipped with a
routing capability. When a bridge receives a frame, it must decide whether or not
to forward it. If the bridge is attached to two or more networks, then it must
decide whether or not to forward the frame and, if so, on which LAN the frame
should be transmitted.
Fig: Bridge Operation

Switches:
A switch is a device which provides bridging functionality with greater

efficiency. A switch acts as a multiport bridge to connect devices or segments in a
LAN. A large network may include multiple switches which connect different
groups of computer system together. These switches are typically connected to a
router that allows connected devices to access the internet.
 Switches forward frames selectively i.e. forward frames

only on segments that need them.
 Unlike Hubs that broadcast the data frames to all
connected hosts, a switch can transmit data frames to
any no. of specified host.
 Normally a switch is a layer 2 device that transmits
frames based on MAC address. Switches may also
operate at higher layers of OSI models, including the
network layer and above. These switches are known as a
multilayer switch.

Router:
A router is a networking device that forwards data packets between

computer networks. A router performs the traffic directing functions on the
internet. A router is connected to two or more data lines from different IP
networks. Router is a layer 3 device.
 Routers can listen to a network and identify its busiest

part
 Will select the most cost effective path for transmitting
packets.
 Routing table is formed based on communications
between routers using “Routing Protocols”
 Routing protocols collect data about current network
status and contribute to selection of the best path.
Gateway:
A gateway is a network node used in telecommunications that connects

two networks with different transmission protocols together. Gateways serve as
an entry and exit point for a network as all data must pass through or
communicate with the gateway prior to being routed. In most IP-based networks,
the only traffic that does not go through at least one gateway is traffic flowing
among nodes on the same local area network (LAN) segment. A gateway is often
characterized as being the combination of a router and a modem.
The gateway is implemented at the edge of a network and manages all data
that is directed internally or externally from that network. When one network
wants to communicate with another, the data packet is passed to the gateway
and then routed to the destination through the most efficient path.
 At enterprise level, a gateway can also act as a proxy

server or a firewall.

IPv4 Addressing:
To transfer data to the particular host, the sending host must need
an address specified to that host called as IP address. Each IP address is 32 bits
long (equivalently, 4 bytes), and there are thus a total of 232 possible IP
addresses.
These addresses are typically written in so-called dotted-decimal

notation, in which each byte of the address is written in its decimal form and is
separated by a period (dot) from other bytes in the address. For example,
consider the IP address 193.32.216.9. Thus, the address 193.32.216.9 in binary
notation is: 11000001 00100000 11011000 00001001
IPv4 Supports 3 Types of Addressing Modes:
1. Unicast:
In this mode, data is sent only to one destined host. The Destination
Address field contains 32- bit IP address of the destination host. In short it is ONE-
TO –ONE transmission.
2. Broadcast:
In this mode, the packet is addressed to all the hosts in a network

segment. In short it is ONE-TO-ALL transmission. The Destination Address field
contains a special broadcast address, i.e. 255.255.255.255.
3. Multicast:
A multicast is similar to a broadcast in the sense that its target is a

number of machines on a network, but not all. Where a broadcast is directed to
all hosts on the network, a multicast is directed to a group of hosts. Destination
Address contains a special address which starts with 224.x.x.x i.e. Class D.

IPv4 Classes:
Internet Protocol hierarchy contains several classes of IP Addresses to be

used efficiently in various situations as per the requirement of hosts per network.
Broadly, the IPv4 Addressing system is divided into five classes of IP Addresses. All
the five classes are identified by the first octet of IP Address.
The first octet referred here is the left most of all. The octets numbered as
follows depicting dotted decimal notation of IP Address.
Classful Addressing contain 5 classes:
Class A Address (N.H.H.H): The first bit of the first octet is always set to 0 (Zero).
Thus the first octet ranges from 1-127, i.e
00000001 – 01111111
1 – 127
Class A addresses only include IP starting from 1.x.x.x to 126.x.x.x only. The IP
range 127.x.x.x is reserved for loopback IP addresses.
The default subnet mask for class A IP address is 255.0.0.0 which implies that class
A addressing can have 126 networks (2^7-2) and 16777214 (2^24-2).

Class B Address (N.N.H.H):
An ip address which belongs to class B has the first two bits in the first octet set to
10, i.e.
10000000 – 10111111
128 – 191
Class B IP addresses range from 128.x.x.x to 191.255.x.x. The default subnet mask
for class B is 255.255.x.x.
Class B has 16354 (2^14) Network addresses and 65534(2^16-2) Host addresses.
Class B IP address format is: 10NNNNNN.NNNNNNNN.HHHHHHHH.HHHHHHHH
Class C Address (N.N.N.H):
The first octet of class C IP address has its first 3 bits set to 110, that is
11000000 – 11011111
192 – 223
Class C IP addresses range from 192.0.0.x to 223.255.255.x. The default subnet

mask for class C is 255.255.255.x.
Class C gives 2^21 network addresses and 254 (2^8-2) host addresses.
Class C IP address format is: 110NNNNN.NNNNNNNN.NNNNNNNN.HHHHHHHH
Class D address (N.N.N.N):
Very first four bits of the first octet in class D ip addresses are set to 1110, giving a
range of 11100000 – 11101111
224 – 239

Class D has ip address range from 224.0.0.0 – 239.255.255.255. Class D is reserved
for multicasting. In multicasting data is not destined for a particular host, that is
why there is no need to extract host address from the ip address, and class D does
not have any subnet mask.
Class E Address:
This IP Class is reserved for experimental purposes only. IP addresses in this

class ranges from 240.0.0.0 to 255.255.255.254. Like Class D, this class too is not
equipped with any subnet mask.
Classless Addressing:
Classless Addressing is an improved IP Addressing system. It makes the

allocation of IP Addresses more efficient. It replaces the older classful addressing
system based on classes. It is also known as Classless Inter Domain Routing
(CIDR).
CIDR Block-
When a user asks for specific number of IP Addresses,
• CIDR dynamically assigns a block of IP Addresses based on certain rules.
• This block contains the required number of IP Addresses as demanded by

the user.
• This block of IP Addresses is called as a CIDR block.
CIDR Notation-
CIDR IP Addresses look like-
a.b.c.d / n
• They end with a slash followed by a number called as IP network prefix.

• IP network prefix tells the number of bits used for the identification of
network.
• Remaining bits are used for the identification of hosts in the network.
Example-
An example of CIDR IP Address is-
182.0.1.2 / 22  11111111.1111111.11111100.00000000
It suggests-
• 28 bits are used for the identification of network.
• Remaining 4 bits are used for the identification of hosts in the network.
Problem:
Given the CIDR representation 20.10.30.35 / 27. Find the range of IP

Addresses in the CIDR block.
Solution-
• Given CIDR representation is 20.10.30.35 / 27.
It suggests-
• Given CIDR IP Address may be represented as-
• 00010100.00001010.00011110.00100011 / 27

So,
• First IP Address = 00010100.00001010.00011110.00100000

= 20.10.30.32/27
• Last IP Address = 00010100.00001010.00011110.00111111

= 20.10.30.63/27
• Thus, Range of IP Addresses = [ 20.10.30.32/27 , 20.10.30.63/27 ]
192.168.1.1/
Problem-02:
Given the CIDR representation 100.1.2.35 / 20. Find the range of IP

Addresses in the CIDR block.
Solution-
• Given CIDR representation is 100.1.2.35 / 20.
It suggests-
• Given CIDR IP Address may be represented as-
• 01100100.00000001.00000010.00100011 / 20
So,
• First IP Address = 01100100.00000001.00000000.00000000 = 100.1.0.0
• Last IP Address = 01100100.00000001.00001111.11111111 = 100.1.15.255
• Thus, Range of IP Addresses = [ 100.1.0.0/20 , 100.1.15.255/20 ]

Private IP Addresses:
 Range of IP address, which are not routable to internet commonly

used for home, office, and enterprise local area networks (LANs)
 If such a private network needs to connect to the Internet, it must
use either a network address translator (NAT) gateway, or a proxy
server.
Subnetting:
• The process of dividing a single network into multiple sub networks is called
as subnetting.
• Subnetting is the process of stealing bits from the HOST part of an IP

address in order to divide the larger network into smaller sub-networks
called subnets.
• The sub networks so created are called as subnets.
• A subnet, or sub-network, is a network inside a network.
Advantages-
The main advantages of subnetting a network are-
• It improves the security.
• The maintenance and administration of subnets is easy.

• Through subnetting, network traffic can travel a shorter distance without
passing through unnecessary routers to reach its destination.
What is a subnet mask?
A subnet mask is like an IP address, but for only internal usage within a network.
Routers use subnet masks to route data packets to the right place.
Two types of subnetting:
1. Fixed Length Subnetting- (Fixed Length subnet mask)
Fixed length subnetting also called as classful subnetting divides the

network into subnets where-
• All the subnets are of same size.
• All the subnets have equal number of hosts.
• All the subnets have same subnet mask.
2. Variable Length Subnetting- (Variable length subnet mask)
Variable length subnetting also called as classless subnetting divides the

network into subnets where-
• All the subnets are not of same size.
• All the subnets do not have equal number of hosts.
• All the subnets do not have same subnet mask.
Example:
Consider-
• We have a big single network having IP Address 200.1.2.0.
• We want to do subnetting and divide this network into 4 subnets.

Solution:
• Clearly, the given network belongs to class C.
• For creating four subnets and to represent their subnet IDs, we require 2
bits.
So, We borrow two bits from the Host ID part.
• After borrowing two bits, Host ID part remains with only 6 bits.
• If borrowed bits = 00, then it represents the 1st subnet.
• If borrowed bits = 01, then it represents the 2nd subnet.
• If borrowed bits = 10, then it represents the 3rd subnet.
• If borrowed bits = 11, then it represents the 4th subnet.

IP Address of the four subnets are-
• 200.1.2.00000000 = 200.1.2.0
• 200.1.2.01000000 = 200.1.2.64
• 200.1.2.10000000 = 200.1.2.128
• 200.1.2.11000000 = 200.1.2.192
For 1st Subnet-
• IP Address of the subnet = 200.1.2.0 = network address
• Total number of IP Addresses = 2 6 = 64
• Total number of hosts that can be configured = 64 – 2 = 62
• Range of IP Addresses = [200.1.2.00000000, 200.1.2.00111111] =

[200.1.2.0, 200.1.2.63]
• Range of host ip address = 200.1.2.1 – 200.1.2.62
• Broadcast Address = 200.1.2.00111111 = 200.1.2.63
• Subnet mask = 255.255.255.192
For 2nd Subnet-

[200.1.2.64, 200.1.2.127]

• Subnet mask = 255.255.255.192
For 3rd Subnet-

[200.1.2.128, 200.1.2.191]
• Subnet mask = 255.255.255.192
For 4th Subnet-

[200.1.2.192, 200.1.2.255]
Q. Divide the network address 192.168.1.0/24 into 4 subnets.
Solution:

Given the ip address is 192.168.1.0/24, it is a class C ip address so it has 24
network bits and 8 host bits.
Now,
No. of subnets = 2n,
where n = no. of host bits that are shifted from the host bit to
the network bits.
According to the question,
No. of subnets = 4
2n = 4
n = 2 i.e. 2 bits will be shifted from host bit to the network

bits. (/26)
Thus, subnet mask for the subnets will be:
11111111.11111111.11111111.11000000
= 255.255.255.192
Also, no. of host bits = 6
IP address per subnet = 26 = 64
No. of host per subnet = 2 6-2 = 62
For subnet 1,
Network address = 192.168.1.0/26
Range of Host address = 192.168.1.1 – 192.168.1.62/26
Broadcast address = 192.168.1.63/26

Subnet mask = 255.255.255.192
For subnet 2,
Range of host address = 192.168.1.65 – 192.168.1.126/26
Subnet mask = 255.255.255.192
For subnet 3,
Range of host address =192.168.1.129 – 192.168.1.190/26
Subnet mask = 255.255.255.192
For subnet 4,
Subnet mask = 255.255.255.192
Q. Banijya bank needs to allocate 15 IPs in HR department, 30 in finance

department, 24 in customer care unit and 11 in ATM machines. If you have one
network of class C range public IP address, describe how you will manage it.
Solution:
Let class C ip address that is allocated to the bank starts from

192.168.0.0/24.

Using variable length subnetting,
For HR department:
Total no. of IP addresses required = 15+2 = 17
i.e. 2n ≥ 17
=> 25≥ 17 so, n = 5 (host id bits)
Therefore, no. of bit in network id = 32-5 = 27
Thus, Network address = 192.168.0.0/27
Subnet mask = 255.255.255.224
For finance department:
Total required ip addresses = 30+2 = 32
i.e. 2n ≥ 32
=> 25 ≥ 32, n = 5 (host id bits)
Thus, network address = 192.168.0.32/27
Subnet mask = 255.255.255.224
For customer care:
Total ip addresses required = 24+2 = 26
i.e. 2n ≥ 26

=> 25 ≥ 26, n = 5 (host id bits)
Subnet mask = 255.255.255.224
For ATMs:
Total ip address required = 11+2 =13
i.e. 2n ≥ 13
=> 24 ≥ 13, n = 4 (host id bits)
Subnet mask = 255.255.255.240
Supernetting:
Supernetting is the process of combining two or more small networks into a larger
network. In subnetting, network address bits are increased. On the other hand, in
supernetting, host address bits are increased. Supernetting is generally done to
reduce the size of the routing table. If there are too many small networks, the size
the routing table increases and this cause more processing delay.

IPv4 Datagram Structure:
IP packets are called as Datagrams. The IPv4 datagram structure is shown in

below figure.
• Version number (4-bit): These 4 bits specify the IP protocol version of the
datagram. By looking at the version number, the router can determine how to
interpret the remainder of the IP datagram.
• Header length (4-bit). Because an IPv4 datagram can contain a variable number
of options (which are included in the IPv4 datagram header), these 4 bits are
needed to determine where in the IP datagram the data actually begins.
• Type of service (8-bit). The type of service (TOS) bits was included in the IPv4
header to specify datagram priority and request a route for low latency, high
throughput or highly-reliable service.
• Datagram length (16-bit). This is the total length of the IP datagram (header
plus data), measured in bytes. It is 16 bit long.

• Identifier, flags, fragmentation offset. These three fields are used in IP
datagram fragmentation.
• Time-to-live (8-bit). The time-to-live (TTL) field is included to ensure that

datagrams do not circulate forever (due to, for example, a long-lived routing loop)
in the network. This field is decremented by one each time the datagram is
processed by a router. If the TTL field reaches 0, the datagram must be dropped.
•Upper-layer protocol (8-bit) : Tells network layer in destination about to which

protocol the packet belongs to. i.e. whether TCP or UDP.
• Header checksum (16-bit). The header checksum aids a router in detecting bit
errors in a received IP datagram.
• Source and destination IP addresses. When a source creates a datagram, it

inserts its IP address into the source IP address field and inserts the address of the
ultimate destination into the destination IP address field.
• Options. The options fields allow an IP header to be extended. E.g. timestamp,

record route taken, specify list of routers to visit etc.
• Data (Payload): The data field of the IP datagram contains the transport-layer
segment (TCP or UDP) to be delivered to the destination. However, the data field
can carry other types of data, such as ICMP messages.
IP Datagram Fragmentation:
Fragmentation occurs when an IP datagram travels into a network which

has a maximum transmission unit (MTU) that is smaller than the size of the
datagram. The second row in the IPv4 header is used for the fragmentation of the
datagram. i.e.
• 16-bit Identifier: It is used to identify the fragments that are of same

datagram.

• Flags: It is of 3-bit. MSB is reserved and not used.
– DF flag: Do not Fragment flag if set (1), then the network is not
allowed to fragment the datagram.
– MF flag: More Fragment, is used to determine if more fragments are

to follow
– 13-bit Fragmentation offset: is used to identify the fragments

position within the original datagram. i.e. How many data bytes are
ahead of the fragment.
Example:
Consider-
• There is a host A present in network X having MTU = 520 bytes.
• There is a host B present in network Y having MTU = 200 bytes.
• Host A wants to send a message to host B.
Solution:
Here, Host A is sending MTU of 520 i.e. 500 byte of actual data and 20 byte
of IP header.
NOW,
Router examines the datagram and finds-
– Size of the datagram = 520 bytes
– Destination is network Y having MTU = 200 bytes
– DF bit is set to 0
Router concludes-
– Size of the datagram is greater than MTU.

– So, it will have to divide the datagram into fragments.
– DF bit is set to 0.
– So, it is allowed to create fragments of the datagram.
Router decides the amount of data that it should transmit in each

fragment.
Router knows-
– MTU of the destination network = 200 bytes.
– So, maximum total length of any fragment can be only 200 bytes.
– Out of 200 bytes, 20 bytes will be taken by the header.
– So, maximum amount of data that can be sent in any fragment = 180
bytes.
Rules:
The amount of data sent in one fragment is chosen such that-
– It is as large as possible but less than or equal to MTU.
– It is a multiple of 8 so that pure decimal value can be obtained for the

fragment offset field.
Following the above rule,
– Router decides to send maximum 176 bytes of data in one fragment.
– This is because it is the greatest value that is a multiple of 8 and less

than MTU.
Router creates three fragments of the original datagram where-
– First fragment contains the data = 176 bytes
– Second fragment contains the data = 176 bytes

– Third fragment contains the data = 148 bytes
Header Information Of 1st Fragment-
• Total length field value = 176 + 20 = 196
• MF bit = 1
• Fragment offset field value = 0
• Identification number is same as that of original datagram.
Header Information Of 2nd Fragment-
• MF bit = 1
• Fragment offset field value = 176 / 8 = 22

Header Information Of 3rd Fragment-
• MF bit = 0
• Fragment offset field value = (176 + 176) / 8 = 44
Routing:
• When a device has multiple paths to reach a destination, it always selects

one path by preferring it over others. This selection process is termed as
Routing. Routing is done by special network devices called routers.
• So for a packet to be forwarded to the destination needs to be transmitted

from multiple routers using some routing algorithms. The selection of best
path is done by considering certain factors such as no. of hops, delay,
bandwidth etc.
• Distance vector routing algorithm and link-state routing algorithm are the
popular routing algorithms.
Exterior Gateway Protocols (EGP) and Interior Gateway Protocols (IGP):
• An autonomous system (AS) is a collection of routers under a common

administration such as a company or an organization. An AS is also known
as a routing domain. Typical examples of an AS are a company’s internal
network and an ISP’s network.
• The Internet is based on the AS concept; therefore, two types of routing

protocols are required:

• Interior Gateway Protocols (IGP): Used for routing within an AS. It is also
referred to as intra-AS routing. Companies, organizations, and even service
providers use an IGP on their internal networks. IGPs include RIP, EIGRP and
OSPF.
• Exterior Gateway Protocols (EGP): Used for routing between autonomous

systems. It is also referred to as inter-AS routing. Service providers and
large companies may interconnect using an EGP. The Border Gateway
Protocol (BGP) is the only currently viable EGP and is the official routing
protocol used by the Internet.
Types of Routing:
To forward incoming data packets, a router learns all available routes in the
network and stores them in a table known as the routing table.
There are two types of routes: static route and dynamic route. A router can learn
these routes through two types of routing: static routing and dynamic routing.
Static Routing – This is the method by which an administrator manually

adds routes to the routing table of a router. i.e. routing tables are not

automatically updated but are updated manually. This is a method for small
networks but it is not scalable for larger networks.
Dynamic routing – is when protocols, called routing protocols, are used to

build the routing tables across the network. Using a routing protocol is easier than
static routing, but it is more expensive in terms of CPU and bandwidth usage.
Every routing protocol defines its own rules for communication between routers
and selecting the best route.
Routing Algorithm:
• The main function of the network layer is routing packets from the source
machine to the destination machine.
• The routing algorithm is responsible for deciding which output line an incoming
packet should be transmitted on.
Shortest Path Routing: (Static)
This is the simple routing technique that computes the optimal path from the
source to the destination from a complete picture of the network. There could be
multiple paths from the source to destination and routers may not have all the
details of the network. So a distributed routing algorithm needs to these paths
and pick the shortest path among them.
The idea is to build a graph of the network, with each node of the graph
representing a router and each edge of the graph representing a communication
line, or link. To choose a route between a given pair of routers, the algorithm just
finds the shortest path between them on the graph.
There are multiple ways of measuring the cost of a link. In general case, the cost is
computed as hop count, function of distance, bandwidth, average traffic, delay
etc. Once the criteria for measuring the cost is finalized, Dijkstra’s algorithm is

implemented to find the shortest paths between a source and all destinations in
the network.
Dijkstra’ shortest path algorithm:
Example:
Step 1: start with a weighted graph
Step 2: choose a starting vertex and assign infinity path values to all other devices
Step 3: go to each vertex and update its path length

Step 4: if the path length of the adjacent vertex is lesser than new path length,
don’t update it
Step 5: Avoid updating path lengths of already visited vertices
Step 6: After each iteration, we pick the unvisited vertex with the least path
length. So we choose 5 before 7

Step 7: Notice how the rightmost vertex has its path length updated twice
Step 8: Repeat until all the vertices have been visited
Flooding:
 It is a static routing algorithm

 Every incoming packet is sent out on every outgoing line except the one it
arrived on.
 Generates vast numbers of duplicate packets, in fact, an infinite number
unless some measures are taken to damp the process.
 One such measure is to have a hop counter contained in the header of each
packet, which is decremented at each hop, with the packet being discarded
when the counter reaches zero

o Flooding with a hop count can produce an exponential number of
duplicate packets as the hop count grows and routers duplicate
packets they have seen before
 A better technique for damming the flood is to have routers keep track of
which packets have been flooded, to avoid sending them out a second
time.
o One way to achieve this goal is to have the source router put a
sequence number in each packet it receives from its hosts.
o Each router then needs a list per source router telling which
sequence numbers originating at that source have already been seen.
o If an incoming packet is on the list, it is not flooded.
 Used in peer to peer system(file sharing)
Distance Vector Routing Algorithm:
A distance vector routing algorithm is a dynamic algorithm that operates by

having each router maintain a table (i.e., a vector) giving the best known distance
to each destination and which link to use to get there. These tables are updated
by exchanging information with the neighbors. Eventually, every router knows
the best link to reach each destination.
The distance vector routing algorithm is sometimes called by other names, most
commonly the distributed Bellman-Ford routing algorithm, after the researchers
who developed it. It was the original ARPANET routing algorithm and was also
used in the Internet under the name RIP.
In distance vector routing, each router maintains a routing table indexed by, and
containing one entry for each router in the network. This entry has two parts:
distance (cost) to reach the destination node and next hope (preferred node to
use to reach that destination).
As like shortest path algorithm, distance can be measured as the no. of hops, or
other metrics like propagation delay, bandwidth etc.

Note: Each router exchanges its distance vector with its neighboring routers. Each
router prepares a new routing table using the distance vectors it has obtained
from its neighbor. This is repeated until the routing tables converges/ become
stable.
Example:
Consider,
 There is a network consisting of 4 routers.

 The weights are mentioned on the edges.
 Weights could be distances or costs or delays.
Step 1: Each router prepares its routing table using its local knowledge.
At Router A:
Destination Distance Next Hop
A 0 A
B 2 B
C ∞ –
D 1 D

At Router B:
A 2 A
B 0 B
C 3 C
D 7 D
At Router C-
A ∞ –
B 3 B
C 0 C
D 11 D
At Router D-
A 1 A
B 7 B
C 11 C
D 0 D

Step 2:
 Each router exchanges its distance vector obtained in Step-01 with its
neighbors.
 After exchanging the distance vectors, each router prepares a new routing
table.
For Router A:
 Router A receives distance vector from its neighbors B and D.
 Router A prepares a new routing table
 Cost of reaching destination B from router A = min { 2+0 , 1+7 } = 2 via B.

 Cost of reaching destination C from router A = min { 2+3 , 1+11 } = 5 via B.
 Cost of reaching destination D from router A = min { 2+7 , 1+0 } = 1 via D.
Thus, the new routing table at router A is-

A 0 A
B 2 B
C 5 B
D 1 D

For Router B:
 Router B receives distance vectors from its neighbors A, C and D.

 Router B prepares a new routing table as-
 Cost of reaching destination A from router B = min { 2+0 , 3+∞ , 7+1 } = 2

via A.
 Cost of reaching destination C from router B = min { 2+∞ , 3+0 , 7+11 } = 3
via C.
 Cost of reaching destination D from router B = min { 2+1 , 3+11 , 7+0 } = 3
via A.
Thus, the new routing table at router B is-

A 2 A
B 0 B
C 3 C
D 3 A

For Router C:
 Router C receives distance vectors from its neighbors B and D.

 Router C prepares a new routing table as-
 Cost of reaching destination A from router C = min { 3+2 , 11+1 } = 5 via B.

 Cost of reaching destination B from router C = min { 3+0 , 11+7 } = 3 via B.
 Cost of reaching destination D from router C = min { 3+7 , 11+0 } = 10 via B.
Thus, the new routing table at router C is-
A 5 B
B 3 B
C 0 C
D 10 B

For Router D:
 Router D receives distance vectors from its neighbors A, B and C.

 Router D prepares a new routing table as-
 Cost of reaching destination A from router D = min { 1+0 , 7+2 , 11+∞ } = 1

via A.
 Cost of reaching destination B from router D = min { 1+2 , 7+0 , 11+3 } = 3
via A.
 Cost of reaching destination C from router D = min { 1+∞ , 7+3 , 11+0 } = 10
via B.
Thus, the new routing table at router D is-
A 1 A
B 3 A
C 10 B
D 0 D

Step-03:
 Each router exchanges its distance vector obtained in Step-02 with its
neighboring routers.
 After exchanging the distance vectors, each router prepares a new routing
table.
At Router A-
 Router A receives distance vectors from its neighbors B and D.

 Router A prepares a new routing table as-
 Cost of reaching destination B from router A = min { 2+0 , 1+3 } = 2 via B.

 Cost of reaching destination C from router A = min { 2+3 , 1+10 } = 5 via B.
 Cost of reaching destination D from router A = min { 2+3 , 1+0 } = 1 via D.
Thus, the new routing table at router A is-

A 0 A
B 2 B
C 5 B
D 1 D
At Router B-
 Router B receives distance vectors from its neighbors A, C and D.

 Router B prepares a new routing table as-
 Cost of reaching destination A from router B = min { 2+0 , 3+5 , 3+1 } = 2 via
A.
 Cost of reaching destination C from router B = min { 2+5 , 3+0 , 3+10 } = 3
via C.
 Cost of reaching destination D from router B = min { 2+1 , 3+10 , 3+0 } = 3
via A.

Thus, the new routing table at router B is-
A 2 A
B 0 B
C 3 C
D 3 A
At Router C-
 Router C receives distance vectors from its neighbors B and D.

 Router C prepares a new routing table as-
 Cost of reaching destination A from router C = min { 3+2 , 10+1 } = 5 via B.

 Cost of reaching destination B from router C = min { 3+0 , 10+3 } = 3 via B.
 Cost of reaching destination D from router C = min { 3+3 , 10+0 } = 6 via B.

Thus, the new routing table at router C is-
A 5 B
B 3 B
C 0 C
D 6 B
At Router D-
 Router D receives distance vectors from its neighbors A, B and C.

 Router D prepares a new routing table as-
 Cost of reaching destination A from router D = min { 1+0 , 3+2 , 10+5 } = 1

via A.

 Cost of reaching destination B from router D = min { 1+2 , 3+0 , 10+3 } = 3
via A.
 Cost of reaching destination C from router D = min { 1+5 , 3+3 , 10+0 } = 6
via A.
Thus, the new routing table at router D is-
A 1 A
B 3 A
C 6 A
D 0 D
These will be the final routing tables at each router.
In Distance Vector Routing,
 Only distance vectors are exchanged.

 “Next hop”values are not exchanged.
 This is because it results in exchanging the large amount of data which
consumes more bandwidth
 It suffers from count to infinity problem.

Link State Routing Algorithm:
Distance vector routing faces problem like count to infinity problem and slower
convergence whenever there is a topology change. Link state routing is used to
overcome those limitations.
Link state routing has full knowledge of the network i.e. each node maintains the
full graph by collecting the updates from all other nodes. Each node then
independently calculates the next best logical path from it to every possible
destination in the network using dijkstra’s shortest path algorithm.
In link state routing, each nodes send small HELLO message to their neighbor
routers to know if they are still alive.
The idea behind link state routing is fairly simple and can be stated in five parts.
Each router must do the following:
a. Discover its neighbors state
b. Measure the cost to each of its neighbors. (based on geographical
distance, bandwidth, delay etc.)
c. Construct a link state packet telling all it has just learned. (this is a
link state table which has cost to reach its neighbors, sequence
number and TTL).
d. Send this packet to all other routers i.e. flooding
e. Compute shortest path for every other router using dijkstra’s
algorithm.
Fig: building link state packets

 As these packets needs to be sent to all other routers (i.e. flooding ) and its
size is also increased as it has two extra field sequence number and TTL, the
bandwidth of the links are mode consumed.
 After receiving all the link state packets from all the routers, each router
will now have information of whole network.
 To find optimal path for every possible destination, each router will built a
routing table using dijkstra’s algorithm.
 As compared to distance vector routing, link state routing requires more
memory and computation.
Routing Table:
- Routing table is a set of rules in a table format which is used to determine where
data packets traveling over an IP network will be directed.
- It contains all the information necessary to forward a packet along the best path
toward its destination.
- A basic routing table includes following informations:
a) Destination IP address
b) Next hop IP address
c) Outgoing network interface used
d) Cost metric to each available route
e) Routes
- Routing table can be maintained manually or dynamically.
- Dynamic routing tables allow devices to respond to device failures and network
congestion.

Routing Protocols:
Adaptive Routing:
 Adaptive routing protocols can easily adapt to network changes

 Adaptive routing protocols are also called dynamic routing protocols
o OSPF
o IGRP
o EIGRP
o RIP
o BGP
Non-Adaptive Routing:
 Non adaptive routing protocols doesn’t respond to change in topology

 Non adaptive routing protocols are also called as static routing protocols
 Non adaptive routing protocols are more secure than adaptive routing
protocols as they don’t advertise the routing table unnecessarily
 Network administrator is responsible for configuring the static routing in
the router
 Static routes are fixed and do not change if the network is changed or
reconfigured.
Routing Information Protocol (RIP):
 RIP is a protocol that defines a way for routers, which connect networks
using IP, to share information about how to route traffic among networks.
 Each router maintains a routing table which consists of a list of all
destinations it knows how to reach and the distance to that destination.
 It uses distance vector algorithm to decide the route of packet to its
destination.
 It uses hop count as a metric to find best path to the destination.
o RIP has maximum hop count of 15.
o A route with a hop count greater than 15 is considered unreachable.

 If it receives update on a route with shorter path, it will update its routing
table with length and next hop address of the shorter path.
 Each router sends its entire routing table to its closest neighbors every 30
seconds.
 RIP also performs load balancing. i.e. if the hop count to reach the
destination of two or more path is same, then it will transfer packets
through all the routes so that there is no traffic congestion.
 There are 3 versions or variations on the RIP routing protocol
o RIPv1
 RIP v1 uses what is known classful routing.
 routing updates are broadcasted
 RIP v1 does not support authentication of update messages
 RIP v1 is an older, no longer much used routing protocol.
o RIPv2
 It is a classless routing protocol and it supports classful,
variable length subnet masking (VLSM) and CIDR
 RIPv2 supports authentication of RIPv2 update messages.
Authentication helps in confirming that the updates are
coming from authorized sources.
 It also supports multicast routing updates to reduce resource
consumption (as opposed to using broadcasting in RIP v1).
o RIPng
 Same as RIPv2 with only one difference. i.e. it can only run on
IPv6 networks.
 All three versions of RIP fall under the category of “distance vector
protocols”.

Open Shortest Path First (OSPF):
 OSPF is developed by Internet Engineering Task Force (IETF) as one of the

interior gateway protocols i.e. the protocol which aim is to move packets
within a large autonomous system.
 It is classless routing protocol.
 OSPF is a link state routing protocol which is used to find the shortest path
between source and destination routers.
 The cost of the link is based on the metrics such as bandwidth, delay and
load.
 OSPF uses the concept of triggered updates, i.e. updates are multicasted to
other OSPF hosts only if there is change in the database. Unlike RIP where
each router sends its entire routing table every 30 seconds.
 Instead of sending entire table, it only sends the part that has changed. This
helps in faster convergence.
OSPF messages:
Hello message: These are keep alive messages used for neighbor discovery. These
are exchanged in every 10 seconds. If a hello message is not sent within four time
of hello interval by the neighbor, router will terminate adjacency with the
neighbor.
Database Description: With the help of this message, the router announces what
updates it has.
Link State Request: when a router receives database description message, it

compares it with its own database description. If the database description
received has some more updates than its own database description, then LSR is
being sent to its neighbor.
Link State update: when a router receives LSR, it responds with LSU message
containing the details requested.
Link State ACK: It is sent as ACK of Link state update.

OSPF Advanced Features (Not in RIP):
 Security: All OSPF messages are authenticated (to prevent malicious

intrusion)
 Multiple same-cost paths allowed (only one path must be chosen to carry
all traffic in RIP)
 Multiple cost metrics for different TOS for each link
 Integrated uni- and multicast support: Multicast OSPF (MOSPF) uses the
same topology database as OSPF
 Hierarchical OSPF in single AS (large routing domain)
IGRP and EIGRP:
 Interior Gateway Routing Protocol and Enhanced Interior Gateway Routing

Protocol
 Cisco created Interior Gateway Routing Protocol (IGRP) in response to the
limitations in Routing Information Protocol (RIP), which handles a maximum
hop count of 15.
 IGRP is ideal for larger networks because it broadcasts updates every 90
seconds and has a maximum hop count of 255.
 The costs of the different routes are calculated using different parameters
such as delay, bandwidth, reliability, load and maximum transmission unit
(MTU). It used distance vector routing.
 Enhanced Interior Gateway Routing Protocol (EIGRP) is a hybrid protocol
based on distance vector routing and link-state routing protocol.
 EIGRP is a successor to the Interior Gateway Routing Protocol (IGRP). Both
are owned by Cisco and operate only on their devices
 Cisco introduced EIGRP because it needed a protocol with faster converging
abilities, route selection and calculation and the ability to record
information from neighboring devices.
 EIGRP uses partial updates if there is any change in the topology occurs i.e.
updates are triggered only if any event occurs therefore consuming the
bandwidth when needed.

 The main difference between the IGRP and EIGRP is that, Interior Gateway
Routing Protocol is Classful routing technique, while Enhanced Interior
Gateway Routing Protocol is a classless routing technique.
Border Gateway Protocol (BGP):
 Border Gateway Protocol (BGP) is a routing protocol used to transfer data

and information between different gateways, the Internet or autonomous
systems. i.e. it is an exterior routing protocol.
 Border Gateway Protocol version 4 (BGP4), is the standard inter-AS routing
protocol used in internet today.
 The protocol is often classified as a path vector routing protocol, but
sometimes also classed as a distance-vector routing protocol.
 As different autonomous systems are managed by different organization so
the metric used to measure the cost of the route is done as per their rules.
i.e. BGP makes routing decisions based on paths, defined by rules or
network policies set by network administrators.
 Two Types:
o Internal BGP
 Autonomous systems can also use an internal version of BGP
to route through their internal networks, which is known as
internal BGP, or iBGP for short.
o External BGP
 Routes are exchanged and traffic is transmitted over the
Internet using external BGP or eBGP.
 The protocol operates in terms of messages, which are sent over TCP
connections.
o OPEN: opens a TCP connection to peer and authenticates sender
o UPDATE: Used to (1) transmit information about a single route
and/or (2) list multiple routes to be withdrawn.
o KEEPALIVE: Used to (1) acknowledge an Open message and (2)
periodically confirm the neighbor relationship.

o NOTIFICATION: reports errors in previous message; also used to close
a connection
 Three functional procedures are involved in BGP:
o Neighbor Acquisition:
 Neighbor acquisition occurs when two neighboring routers in different
autonomous systems agree to exchange routing information regularly.
 To perform neighbor acquisition, two routers send Open messages to
each other after a TCP connection is established. If each router accepts
the request, it returns a Keepalive message in response.
o Neighbor Reachability:
 Each partner needs to be assured that the other partner still exists and is
still engaged in the neighbor relationship. For this purpose, the two
routers periodically issue Keepalive messages to each other.
o Network Reachability:
 Each router maintains a database of the networks that it can reach and
the preferred route for reaching each network. When a change is made
to this database, the router issues an Update message that is broadcast
to all other routers implementing BGP.
Fig: Border Gateway Protocol

Unicast Routing:
 In unicasting there is a single sender (source) and a single receiver

(destination)
 The destination is already known.
 The router just has to look up the routing table and forward packet to next
hop towards destination.
 Examples of Unicast Routing are
o OSPF
o RIP
o BGP
Multicast Routing Protocols:
 In multicasting there is at least one sender and several receivers (group of

receivers called multicast group)
 In multicast routing, the router may forward the received packet through
several of its interfaces.
 M-cast group address “delivered” to all receivers in the group.
 Internet uses Class D for m-cast.
 M-cast address distribution, etc. managed by IGMP Protocol.
 The router must know that there are nodes, which wish to receive multicast
packets (or stream) then only it should forward.
 Multicast routing works spanning tree protocol to avoid looping.
 E.g. Multicast OSPF, BGP etc.

Internet Control Message Protocol (ICMP):
The operation of the internet is maintained closely by the routers. When

something unexpected occurs during packet processing at a router, the event is
reported to the sender by the ICMP. There are a number of ICMP messages that
are encapsulated in an IP packet.
1. Destination Unreachable: This message is used when the router

cannot locate the destination.
2. Time Exceeded: This message is sent when a packet is dropped
because its (TTL) counter has reached to zero.
3. Parameter Problem: This message indicates that an illegal value has
been detected in a header field.
4. Source Quench: To announce source that there is network
congestion.
5. Redirect: This message is used when a router notices that a packet
seems to be routed incorrectly.
6. Echo and Echo Reply: Check if a machine is alive.
7. Router Advertisement: Find a nearby router.
The main Problem associated with ICMP is that, these messages can be
used in DDOS attack. A bot host can send continuous ICMP eco messages
(ICMP flood) to the target host resulting denial of a service.

To make sure that ICMP won’t flood the network, they are given no
special priority, and their messages are treated as normal traffic.
Also to avoid ICMP flood, most firewall don’t accept these messages and
drop them out. This causes poor performance but makes network secure
from ICMP flood.
Network Address Translation (NAT):
Network Address Translation (NAT) is a process in which one or more local IP

address is translated into one or more Global IP address and vice versa in order to
provide Internet access to the local hosts. Also, it does the translation of port
numbers i.e. masks the port number of the host with another port number, in the
packet that will be routed to destination.
When a packet traverse outside the local (inside) network, then NAT converts
that local (private) IP address to a global (public) IP address. When a packet enters
the local network, the global (public) IP address is converted to local (private) IP
address.
The router will have a NAT table with the help of which it will translate the Private
IP addresses of the organization to the public IP addresses provided by the
internet and vice-versa.
Fig: Network Address Translation

Address Resolution Protocol (ARP):
In ARP, 32-bit IP address is mapped into 48-bit MAC address to find the physical
address of another host or router in its network. For this, the sending host needs
to send an ARP request message. The ARP request contains:
1. The physical address and IP address of the sender

2. The IP address of the receiver.
The intended recipient send back an ARP reply message packet containing the
MAC address of the recipient.
Fig: ARP Operation

 ARP resolves IP addresses only for hosts and router interfaces on the same
subnet. If a node in California were to try to use ARP to resolve the IP address for
a node in Mississippi, ARP would return with an error.
Each host and router maintains an ARP table that contains information about IP
addresses of different host their corresponding MAC addresses and TTL.
Fig: A possible ARP table in a host with IP 222.222.222.220
If a host does not find the MAC address of the intended recipient in its ARP
table, it broadcasts the ARP request packet. In response, it receives ARP response
with the MAC address of the recipient.
Fig: ARP packet

Reverse Address Resolution Protocol (RARP):
In RARP, IP address is fetched through server. Through RARP, 48-bit MAC address
is mapped into 32-bit IP-address. To find the IP address of host/router on a
network it sends an RARP request message to the RARP server.
Reverse ARP is a networking protocol used by a client machine in a local area

network to request its Internet Protocol address (IPv4) from the gateway-router’s
ARP table. The network administrator creates a table in gateway-router, which is
used to map the MAC address to corresponding IP address.
 RARP is not used today and is replaced by latest DHCP

protocol.

Chapter 4

Uploaded by

Copyright:

Available Formats

Chapter 4

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Chapter 4

Uploaded by

Copyright:

Available Formats

Network Layer

The network layer has mainly three components:

2. Routing Component: The second major component is the routing component,

3. Error and Information reporting component: The final component of the

Internetworking is the process of connecting different networks by using

By: Er. Saurav Raj Pant, IOE – TU

Hub (Multiport Repeater):

Hub is a connecting device that allows connecting 2 or more hosts (clients)

By: Er. Saurav Raj Pant, IOE – TU

Fig: Use of Hub in a star topology

By: Er. Saurav Raj Pant, IOE – TU

Transparent bridge is the bridge in which the stations are not

Fig: Bridge Operation

By: Er. Saurav Raj Pant, IOE – TU

A switch is a device which provides bridging functionality with greater

 Switches forward frames selectively i.e. forward frames

By: Er. Saurav Raj Pant, IOE – TU

A router is a networking device that forwards data packets between

 Routers can listen to a network and identify its busiest

A gateway is a network node used in telecommunications that connects

 At enterprise level, a gateway can also act as a proxy

By: Er. Saurav Raj Pant, IOE – TU

These addresses are typically written in so-called dotted-decimal

IPv4 Supports 3 Types of Addressing Modes:

In this mode, the packet is addressed to all the hosts in a network

A multicast is similar to a broadcast in the sense that its target is a

By: Er. Saurav Raj Pant, IOE – TU

Internet Protocol hierarchy contains several classes of IP Addresses to be

Classful Addressing contain 5 classes:

By: Er. Saurav Raj Pant, IOE – TU

Class B IP address format is: 10NNNNNN.NNNNNNNN.HHHHHHHH.HHHHHHHH

Class C Address (N.N.N.H):

Class C IP addresses range from 192.0.0.x to 223.255.255.x. The default subnet

Class C IP address format is: 110NNNNN.NNNNNNNN.NNNNNNNN.HHHHHHHH

Class D address (N.N.N.N):

By: Er. Saurav Raj Pant, IOE – TU

This IP Class is reserved for experimental purposes only. IP addresses in this

Classless Addressing is an improved IP Addressing system. It makes the

When a user asks for specific number of IP Addresses,

• CIDR dynamically assigns a block of IP Addresses based on certain rules.

• This block contains the required number of IP Addresses as demanded by

• This block of IP Addresses is called as a CIDR block.

CIDR IP Addresses look like-

• They end with a slash followed by a number called as IP network prefix.

By: Er. Saurav Raj Pant, IOE – TU

An example of CIDR IP Address is-

• 28 bits are used for the identification of network.

Given the CIDR representation 20.10.30.35 / 27. Find the range of IP

• Given CIDR representation is 20.10.30.35 / 27.

• 27 bits are used for the identification of network.

• Given CIDR IP Address may be represented as-

By: Er. Saurav Raj Pant, IOE – TU

• First IP Address = 00010100.00001010.00011110.00100000

• Last IP Address = 00010100.00001010.00011110.00111111

• Thus, Range of IP Addresses = [ 20.10.30.32/27 , 20.10.30.63/27 ]

Given the CIDR representation 100.1.2.35 / 20. Find the range of IP

• Given CIDR representation is 100.1.2.35 / 20.

• 20 bits are used for the identification of network.

• Given CIDR IP Address may be represented as-