Network Layer in OSI Model

• The Network Layer is the 5th Layer from

the top and the 3rd layer from the
Bottom of the OSI Model.
• It is one of the most important layers
which plays a key role in data
transmission.
• The main job of this layer is to maintain
the quality of the data and pass and
transmit it from its source to its
destination.
• It also handles routing, which means that
it chooses the best path to transmit the
data from the source to its destination,
not just transmitting the packet.
• There are several important protocols
that work in this layer.
Functions of Network Layer
1. Assigning Logical Address

• Network layer is solely responsible for assigning logical addresses to

devices which are either sending or receiving data packets.
• It is useful to uniquely identify each devices in a certain network. The data
packets sent or received consists the IP address of both the sender device
and the receiver device.
• It is useful to confirm that the packets are sent or received by the desired
parties. There are two part in an IP address, a Host ID and Network ID, using
the Host ID it can be confirmed that the packets were sent by the
authorized sender and it has successfully reached the desired receiver.

2. Routing

• Routing is the process of identifying the best path to transmit the packets,
Network Layer not only just sends packets from sender to receiver, but also
determines the best route to send them. Numerous routers are used to
find out the best and safest route to transmit the data packets.
3. Host-to-Host delivery

• Host-to-Host delivery also known as Forwarding is the process in which the

network layer transmits or forwards the data packets via routers, after
determining the best path/route.
• In some cases it takes more than one router to reach the destination, Network
Layer takes care of those too, it forwards packets from each router to the
another router until it reaches the destination securely.

4. Logical Subnetting

• Network Layer also allows a bigger network to be divided into smaller chunks
of network known as Logical Subnetting. It helps the IP addresses to be used
more efficiently and less amount of IP address will be wasted.
• It is also helpful to manage a larger network more efficiently. Due to smaller
networks, it would be easier to find the device if any troubleshooting is
needed.
5. Fragmentation and Reassembly

• Each device / node has a maximum capacity to receive data (it may differ from Node to
Node), which is called Maximum Transmission Unit (MTU).
• If the total size of data packets exceeds that size limit, then those data packets are
fragmented into more smaller packets / fragmented so that they can fit the MTU.
• After fragmentation those packets are being send to the receiver, and at the receiving
end all those fragmented packets are rearranged to create the actual data in order. The
fragmentation is taken care by the routers.

6. Error Handling

• Network Layer also check for errors and handles them. Network Layer uses various
error detection techniques like Cylic Redundancy Check (CRC) , Checksums etc.
• It also re-transmit the packets which are either erroneous or didn’t reach the receiver. It
uses the ACK messages to determine whether a packet has been successfully reached
the receiver or not, if there is a Negative ACK, then it means that there is some error
with the packet, and the receiver will ask the sender to resend that packet.
7. Network Address Translation (NAT)

Network Layer also takes care of the Network Address Translation (NAT), means
that it converts any private IP address into a public IP address which is required
to communicate between the sender and the receiver.

8. Congestion Control

• Just like MTU, if there is an excessive load on the network which it can’t
handle, the network become congested.
• Due to which the entire process of sending and receiving data comes to a
pause.
• Congestion can be dealt with using different algorithms like Leaky Bucket
Algorithm and Token Bucket Algorithm.
NetworkAddressing/Logical
Addressing/IP Addressing

•Network Addressing is one of the major

responsibilities of the network layer.
•Network addresses are always logical,
i.e., software-based addresses.
Each IP address is 32 bits long, and they
are represented in the form of "dot-
decimal notation" where each byte is
written in the decimal form, and they are
separated by the period. An IP address
would look like 193.32.216.9 where 193
represents the decimal notation of first 8
bits of an address, 32 represents the
decimal notation of second 8 bits of an
address.
Dotted Decimal Notation

Some points to be noted about dotted decimal notation:

•The value of any segment (byte) is between 0 and 255 (both included).
•No zeroes are preceding the value in any segment (054 is wrong, 54 is correct).

Hexadecimal Notation
IPv4 Datagram Header

• IPv4 datagram header is a critical component of the Internet Protocol

Version 4, allowing data to be routed and delivered across networks.
• The IPv4 header, which includes structured data such as version, header
length, type of service, and checksum, facilitates efficient and reliable
communication between devices. While optional fields provide
flexibility, its fixed and variable-length components adapt to a wide
range of networking requirements.
• Understanding the IPv4 datagram header is critical for network
engineers and administrators to effectively manage and optimize data
transfer in IPv4-based networks.
IPv4 Datagram Header

•VERSION: Version of the IP protocol (4 bits), which is 4 for

IPv4
•HLEN: IP header length (4 bits), which is the number of 32
bit words in the header. The minimum value for this field is 5
and the maximum is 15.
•Type of service: Low Delay, High Throughput, Reliability (8
bits)
•Total Length: Length of header + Data (16 bits), which has a
minimum value 20 bytes and the maximum is 65,535 bytes.
•Identification: Unique Packet Id for identifying the group of
fragments of a single IP datagram (16 bits)
•Flags: 3 flags of 1 bit each : reserved bit (must be zero), do
not fragment flag, more fragments flag (same order)
•Fragment Offset: Represents the number of Data Bytes ahead of
the particular fragment in the particular Datagram. Specified in
terms of number of 8 bytes, which has the maximum value of 65,528
bytes.
•Time to live: Datagram’s lifetime (8 bits), It prevents the datagram
to loop through the network by restricting the number of Hops
taken by a Packet before delivering to the Destination.
•Protocol: Name of the protocol to which the data is to be passed
(8 bits)
•Header Checksum: 16 bits header checksum for checking errors in
the datagram header
•Source IP address: 32 bits IP address of the sender
•Destination IP address: 32 bits IP address of the receiver
•Option: Optional information such as source route, record route.
Used by the Network administrator to check whether a path is
working or not.
•Due to the presence of options, the size of the datagram header
can be of variable length (20 bytes to 60 bytes).
Need For Classful Addressing

Initially in 1980’s IP address was divided into two fixed part i.e., NID(Network ID) =
8bit, and HID(Host ID) = 24bit.

So there are 28 that is 256 total network are created and 224 that is 16M Host per
network.

There are one 256 Networks and even a small organization must buy 16M
computer(Host) to purchase one network. That’s why we need classful addressing.
No. of Networks are very less and No. of IP addresses are very large.

Note:
•IP addresses are globally managed by Internet Assigned Numbers Authority(IANA)
and Regional Internet Registries(RIR).
•While finding the total number of host IP addresses, 2 IP addresses are not counted
and are therefore, decreased from the total count because the first IP address of any
network is the network number and whereas the last IP address is reserved for
broadcast IP.
Classful Addressing:
Classful IP addressing is a way of organizing
and managing IP addresses, which are used
to identify devices on a network

An IP address is 32-bit long. An IP address

is divided into sub-classes:
•Class A
•Class B
•Class C
•Class D
•Class E

An IP address is divided into two parts:

•Network ID: It represents the number of
networks.
•Host ID: It represents the number of hosts
per Network.
Class A

In Class A, an IP address is assigned to those networks that contain a large

number of hosts.

•The network ID is 8 bits long.

•The host ID is 24 bits long.
In Class A, the first bit in higher order bits of the first octet is always set to 0 and
the remaining 7 bits determine the network ID. The 24 bits determine the host
ID in any network.
The total number of networks in Class A = 27 = 128 network address
The total number of hosts in each network in Class A = 224 - 2 = 16,777,214 host
address
• Designed for big companies like NASA.
Class B

In Class B, an IP address is assigned to those networks that range from

small-sized to large-sized networks.

•The Network ID is 16 bits long.

•The Host ID is 16 bits long.
In Class B, the higher order bits of the first octet is always set to 10, and the
remaining14 bits determine the network ID. The other 16 bits determine
the Host ID.
The total number of networks in Class B = 214 = 16384 network address
The total number of hosts in Class B = 216 - 2 = 65534 host address
• Designed for MNCs like IBM, Wipro, TCS etc.
Class C

In Class C, an IP address is assigned to only small-sized networks.

•The Network ID is 24 bits long.

•The host ID is 8 bits long.
In Class C, the higher order bits of the first octet is always set to 110, and the
remaining 21 bits determine the network ID. The 8 bits of the host ID determine
the host in a network.
The total number of networks = 221 = 2097152 network address
The total number of hosts = 28 - 2 = 254 host address
• Designed for small organization like schools, colleges, startup companies etc.
Class D

In Class D, an IP address is reserved for multicast addresses. It does not

possess subnetting. The higher order bits of the first octet is always set
to 1110, and the remaining bits determines the host ID in any network.

Class E

In Class E, an IP address is used for the future use or for the research and
development purposes. It does not possess any subnetting. The higher
order bits of the first octet is always set to 1111, and the remaining bits
determines the host ID in any network.
Classful Network Architecture
Rules for assigning Host ID:

The Host ID is used to determine the host within any network. The Host ID is assigned
based on the following rules:

•The Host ID must be unique within any network.

•The Host ID in which all the bits are set to 0 cannot be assigned as it is used to
represent the network ID of the IP address.
•The Host ID in which all the bits are set to 1 cannot be assigned as it is reserved for
the multicast address.

Rules for assigning Network ID:

If the hosts are located within the same local network, then they are assigned with the
same network ID. The following are the rules for assigning Network ID:

•The network ID cannot start with 127 as 127 is used by Class A.

•The Network ID in which all the bits are set to 0 cannot be assigned as it is used to
specify a particular host on the local network.
•The Network ID in which all the bits are set to 1 cannot be assigned as it is reserved
for the multicast address.
What is a private IP address?

Private IP addresses are IP addresses reserved for use

within private networks and are not directly
accessible from the internet. They are used to allow
devices within a private network to communicate
with each other. Some common private IP address
ranges include 10.0.0.0 to 10.255.255.255, 172.16.0.0
to 172.31.255.255, and 192.168.0.0 to
192.168.255.255.
Problems With Classful Addressing

The problem with this classful addressing method is that

millions of class A addresses are wasted, many of the class B
addresses are wasted, whereas, the number of addresses
available in class C is so small that it cannot cater to the needs
of organizations.

Class D addresses are used for multicast routing and are

therefore available as a single block only. Class E addresses are
reserved.

Since there are these problems, Classful networking was

replaced by Classless Inter-Domain Routing (CIDR) in 1993.
Problems

For any given IP Address,

•IP Address of its network is obtained
by setting all its Host ID part bits to 0.

For any given IP Address,

•Direct Broadcast Address is obtained
by setting all its Host ID part bits to 1.

•For any given IP Address, limited

Broadcast Address is obtained by
setting all its bits to 1.
•For any network, its limited broadcast
address is always 255.255.255.255
PRACTICE PROBLEMS BASED ON IP ADDRESS IN
NETWORKING-

Problem-01:

For the following IP Addresses- Solution-

1.1.2.3.4
2.10.15.20.60 Part-A:
3.130.1.2.3
4.150.0.150.150 Given IP Address is-
5.200.1.10.100 1.2.3.4

Identify the Class, Network IP Address, Direct •IP Address belongs to class A
broadcast address and Limited broadcast address of •Network IP Address = 1.0.0.0
each IP Address. •Direct Broadcast Address = 1.255.255.255
•Limited Broadcast Address =
255.255.255.255
Problem-02:

Suppose that instead of using 16 bits for network part of a class B Address, 20
bits have been used. How many class B networks would have been possible?

Solution-

•Total 20 bits are used for Network ID of class B.

•The first two bits are always set to 10.
•Then, with 18 bits, number of networks possible = 218
Problem-10:

What is the default mask for 192.0.46.10?

Solution-

•Given IP Address belongs to class C.

•For class C, default mask = 255.255.255.0
Subnetting

When a bigger network is divided into smaller networks, to maintain security,

then that is known as Subnetting. So, maintenance is easier for smaller
networks. For example, if we consider a class A address, the possible number
of hosts is 224 for each network, it is obvious that it is difficult to maintain such
a huge number of hosts, but it would be quite easier to maintain if we divide
the network into small parts.

Uses of Subnetting

1.Subnetting helps in organizing the network in an efficient way which helps in

expanding the technology for large firms and companies.
2.Subnetting is used for specific staffing structures to reduce traffic and
maintain order and efficiency.
3.Subnetting divides domains of the broadcast so that traffic is routed
efficiently, which helps in improving network performance.
4.Subnetting is used in increasing network security.
Subnet ID
•Each sub-network has its unique network ID known as its Subnet ID.
•The subnet ID is created by borrowing some bits from the part of the
Host ID.
•The number of bits borrowed from hosts depends on the number of
subnets created.
Types of Subnetting
Subnetting of a network can be achieved through the following methods
The network can be divided into two parts: To divide a network into two
parts, you need to choose one bit for each Subnet from the host ID part.

Note: The process of borrowing bit from HID to generate SID is also called
Subnetting.
How Does Subnetting Work?

The working of subnets starts in such a way that firstly it divides the subnets into
smaller subnets. For communicating between subnets, routers are used. Each
subnet allows its linked devices to communicate with each other. Subnetting for a
network should be done in such a way that it does not affect the network bits.

In class C the first 3 octets are network bits so it remains as it is.

•For Subnet-1: The first bit which is chosen from the host id part is zero and the
range will be from (193.1.2.00000000 till you get all 1’s in the host ID part i.e,
193.1.2.01111111) except for the first bit which is chosen zero for subnet id part.

Thus, the range of subnet 1 is: 193.1.2.0 to 193.1.2.127

•For Subnet-2: The first bit chosen from the host id part is one and the
range will be from (193.1.2.100000000 till you get all 1’s in the host ID part
i.e, 193.1.2.11111111).
Thus, the range of subnet-2 is: 193.1.2.128 to 193.1.2.255

Finally, after using the subnetting the total number of usable hosts is
reduced from 254 to 252.
Note:

1.To divide a network into four (22) parts you need to choose two bits from
the host id part for each subnet i.e, (00, 01, 10, 11).

2.To divide a network into eight (23) parts you need to choose three bits
from the host id part for each subnet i.e, (000, 001, 010, 011, 100, 101, 110,
111) and so on.

3.We can say that if the total number of subnets in a network increases the
total number of usable hosts decreases.
Advantages of Subnetting Disadvantages of Subnetting
• Subnetting improves Point-01:
security because the Subnetting leads to the loss of IP Addresses. Two
administration and IP Addresses are always wasted for every sub-
maintenance of sub- network (subnet).In subnetting, One IP Address is
networks is easy. wasted for its network address and another for its
• In simple words, the direct broadcasting address.
management and Point-02:
maintenance of the Subnetting leads to a more complicated
entire university is tough communication process than communication
as compared to its without subnetting.
different departments. After subnetting, the communication is done
• To reduce wastage of IP through the following 4 steps
addresses. •First, Identifying the network
•Second, Identifying the sub-network
•Third, Identifying the host
•And in the last, Identifying the process
A subnet mask is a 32-bit number which is used to identify the subnet of an IP
address. The subnet mask is combination of 1’s and 0’s. 1’s represents network and
subnet ID while 0’s represents the host ID. For this case, subnet mask is,

So in order to get the network which the destination

address belongs to we have to bitwise & with subnet
mask.
The address belongs to,

Routing table
If the network id doesn’t matches with any then the packet will be sent to default
entry.
Default entry has network id as 0.0.0.0.
Supernetting in Network Layer

Supernetting is the opposite of Subnetting. In subnetting, a single big

network is divided into multiple smaller subnetworks. In Supernetting,
multiple networks are combined into a bigger network termed a
Supernetwork or Supernet.

More specifically,
•When multiple networks are combined to form a bigger network, it is termed
super-netting
•Super netting is used in route aggregation to reduce the size of routing
tables and routing table updates

Important Points for Supernetting

•All the Networks should be contiguous.
•The block size of every network should be equal and must be in form of 2n.
•First Network id should be exactly divisible by whole size of supernet.
Supernet Mask

Supernet Mask is a 32-bit number where all the fixed bits of the network are
represented by 1 and the variable part is represented by 0.
Overall, there are 252 usable hosts after subnetting. So, because of subnetting,
there is a loss in the number of IP addresses.

The bits to the left of the red line are fixed bits and the bits right of it represent the
variable bits.
Example: Suppose 4 small networks of class C:

Build a bigger network that has a single Network Id.

Explanation: Before Supernetting routing table will
look like as:
First, let’s check whether three conditions are satisfied or not:

•Contiguous: You can easily see that all networks are contiguous all having size 256 IP
Addresses( or 254 Hosts )..
Range of first Network from 200.1.0.0 to 200.1.0.255. If you add 1 in last IP address of first
network that is 200.1.0.255 + 0.0.0.1, you will get the next network id which is 200.1.1.0.
Similarly, check that all network are contiguous.

•Equal size of all network: As all networks are of class C, so all of them have a size of 256
which is in turn equal to 28.

•First IP address exactly divisible by total size: When a binary number is divided by
2n then last n bits are the remainder. Hence in order to prove that first IP address is
exactly divisible by while size of Supernet Network. You can check that if last n (n here
refers to the number of bits required to represent the Total Size of the Supernet) bits are
0 or not.
In the given example first IP is 200.1.0.0 and whole size of supernet is
4*28 = 210. If last 10 bits of first IP address are zero then IP will be
divisible.

Last 10 bits of first IP address are zero (highlighted by green color). So

3rd condition is also satisfied.
Difference between Subnetting and Supernetting

Subnetting Supernetting

Subnetting is the procedure to divide the While supernetting is the procedure of

network into sub-networks. combining small networks.

In subnetting, Network addresses’ bits are While in supernetting, Host addresses’ bits are
increased. increased.

In subnetting, The mask bits are moved towards While In supernetting, The mask bits are moved
the right. towards the left.

Subnetting is implemented via Variable-length While supernetting is implemented via Classless

subnet masking. interdomain routing.

In subnetting, Address depletion is reduced or While It is used for simplifying the routing
removed. process.
Problems With Classful Addressing

The problem with this classful addressing method is that millions of class A
addresses are wasted, many of the class B addresses are wasted, whereas, the
number of addresses available in class C is so small that it cannot cater to the
needs of organizations. Class D addresses are used for multicast routing and are
therefore available as a single block only. Class E addresses are reserved.
Since there are these problems, Classful networking was replaced by Classless
Inter-Domain Routing (CIDR) in 1993.

• The network ID is 24 bits long.

•The host ID is 8 bits long.
•2^21 = 2097152 network address
•2^8 – 2 = 254 host address
•Within any network, the host ID must be unique to that
network.
•Host ID in which all bits are set to 0 cannot be assigned
because this host ID is used to represent the network ID of the
IP address.
•Host ID in which all bits are set to 1 cannot be assigned
because this host ID is reserved as a broadcast address to
send packets to all the hosts present on that particular
network.
•The network ID cannot start with 127 because 127 belongs to
the class A address and is reserved for internal loopback
functions.
•All bits of network ID set to 1 are reserved for use as an
IP broadcast address and therefore, cannot be used.
•All bits of network ID set to 0 are used to denote a specific
host on the local network and are not routed and therefore,
aren’t used.
Classless Inter Domain Routing (CIDR)

Classless Inter-Domain Routing (CIDR) is a method of IP address

allocation and IP routing that allows for more efficient use of IP
addresses. CIDR is based on the idea that IP addresses can be allocated
and routed based on their network prefix rather than their class, which
was the traditional way of IP address allocation.

CIDR addresses are represented using a slash notation, which specifies

the number of bits in the network prefix. For example, an IP address of
192.168.1.0 with a prefix length of 24 would be represented as
192.168.1.0/24. This notation indicates that the first 24 bits of the IP
address are the network prefix and the remaining 8 bits are the host
identifier.
Classless Inter-Domain Routing. which is also known as Classless
addressing. In Classful addressing the no of Hosts within a network
always remains the same depending upon the class of the Network.

Now, let’s suppose an Organization requires 214 hosts, then it must have
to purchase a Class B network. In this case, 49150 Hosts will be wasted.
This is the major drawback of Classful Addressing.

In order to reduce the wastage of IP addresses a new concept

of Classless Inter-Domain Routing is introduced. Nowadays IANA is
using this technique to provide IP addresses. Whenever any user asks
for IP addresses, IANA is going to assign that many IP addresses to the
User.
Representation: It is as also a 32-bit address, which includes a special number
that represents the number of bits that are present in the Block Id.

Where n is the number of bits that are present in Block Id / Network Id.

Example:
Rules for forming CIDR Blocks:

1. All IP addresses must be contiguous.

2. Block size must be the power of 2 (2n). If the size of the block is the
power of 2, then it will be easy to divide the Network. Finding out the
Block Id is very easy if the block size is of the power of 2.

Example: If the Block size is 25 then, Host Id will contain 5 bits and
Network will contain 32 – 5 = 27 bits.
3. First IP address of the Block must be evenly divisible by the size of the block.
in simple words, the least significant part should always start with zeroes in Host
Id. Since all the least significant bits of Host Id is zero, then we can use it as
Block Id part.

Example: Check whether 100.1.2.32 to 100.1.2.47 is a valid IP address block or

not?

•All the IP addresses are contiguous.

•Total number of IP addresses in the Block = 16 = 24.
•1st IP address: 100.1.2.00100000 Since, Host Id will contains last 4 bits and all
the least significant 4 bits are zero. Hence, first IP address is evenly divisible by
the size of the block.

All three rules are followed by this Block. Hence, it is a valid IP address block.
IPv4 Classless Subnet equation

Problem – How to calculate Network Address, Broadcast Address, First and

Last IP address of a given IP Address in the CIDR(Classless Inter-Domain
Routing) Notation.

There is a simple equation to calculate the above mentioned Addresses

which is used and tested with Class C Networks.

Firstly, remember the No. of IP Addresses with respect to the Network

Prefix(the value after the Slash(/) in CIDR Notation) as shown in the Table
below.
Note that in the above table the Number of Hosts for mentioned Network
Prefixes will be 2 less than the No. of IP Addresses, because the First IP Address
is the Network Address and the Last IP Address is the Broadcast Address.
What is NAT?

NAT (Network Address Translation) connects two networks and maps the private
(inside local) addresses into public addresses (inside global). Inside local denotes that
the best address belonged to an internal network and was not assigned by a Network
Information Centre or service power.

The inside global signifies that the address is a valid address assigned by the NIC or
service provider, and one or more inside local addresses to the outside world.

NAT is a method of converting a private IP address or a local address into a public IP

address. NAT is a technique for reducing the rate at which available IP addresses are
depleted by translating a local IP or private IP address into a global or public IP address.
The NAT relation might be one-to-one or many-to-one.

NOTE:
Private IP addresses are IP addresses reserved for use within private networks and are not
directly accessible from the internet. They are used to allow devices within a private
network to communicate with each other. Some common private IP address ranges
include 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to
192.168.255.255.
NAT inside and outside addresses –

Inside refers to the addresses which must be translated. Outside refers to the addresses
which are not in control of an organization. These are the network Addresses in which
the translation of the addresses will be done.

•Inside local address – An IP address that is assigned to a host on the Inside (local)
network. The address is probably not an IP address assigned by the service provider i.e.,
these are private IP addresses. This is the inside host seen from the inside network.

•Inside global address – IP address that represents one or more inside local IP
addresses to the outside world. This is the inside host as seen from the outside
network.

•Outside local address – This is the actual IP address of the destination host in the
local network after translation.

•Outside global address – This is the outside host as seen from the outside network. It
is the IP address of the outside destination host before translation.
Network Address Translation (NAT) Types –
There are 3 ways to configure NAT:

• StaticNAT
In static NAT, a local address is mapped to a global address. In this type of
NAT, the relationship is one-to-one. Static NAT is used if a host needs a
consistent address that must be acceded from the internet. For example,
networking devices or enterprise servers.

• DynamicNAT
Unregistered private IP addresses can be converted to registered public IP
numbers from a pool of public IP addresses using dynamic NAT.

• PAT/NATOverloading/IPmasquerading
Among the three varieties, PAT is the most famous. It's a form of Dynamic
NAT that's comparable to it, but it uses ports to translate many private IP
addresses to a single public IP address.
ICMP Protocol

The ICMP stands for Internet Control Message Protocol. It is a

connection less network layer protocol. It is used for error handling
in the network layer, and it is primarily used on network devices such
as routers. As different types of errors can exist in the network layer,
so ICMP can be used to report these errors and to debug those
errors.

For example, some sender wants to send the message to some

destination, but the router couldn't send the message to the
destination. In this case, the router sends the message to the sender
that I could not send the message to that destination.

The IP protocol does not have any error-reporting or error-

correcting mechanism, so it uses a message to convey the
information.
Position of ICMP in the network layer

Messages
The ICMP messages are usually divided into two categories:
Uses of ICMP

ICMP is used for error reporting if two devices connect over the internet and some
error occurs, So, the router sends an ICMP error message to the source informing
about the error. For Example, whenever a device sends any message which is large
enough for the receiver, in that case, the receiver will drop the message and reply to
the ICMP message to the source.
Another important use of ICMP protocol is used to perform network diagnosis by
making use of traceroute and ping utility.

Traceroute: Traceroute utility is used to know the route between two devices
connected over the internet. It routes the journey from one router to another, and a
traceroute is performed to check network issues before data transfer.

Ping: Ping is a simple kind of traceroute known as the echo-request message, it is

used to measure the time taken by data to reach the destination and return to the
source, these replies are known as echo-replies messages.
ICMP Message Format
The message format has two things; one is a category that tells us which type of
message it is. If the message is of error type, the error message contains the type and
the code.
The type defines the type of message while the code defines the subtype of the
message.
The ICMP message contains the following fields:

•Type: It is an 8-bit field. It defines the ICMP message type. The values range from 0 to
127 are defined for ICMPv6, and the values from 128 to 255 are the informational
messages.
•Code: It is an 8-bit field that defines the subtype of the ICMP message
•Checksum: It is a 16-bit field to detect whether the error exists in the message or not.
Note: The ICMP protocol always reports the error messages to the original
source. For example, when the sender sends the message, if any error occurs in
the message then the router reports to the sender rather than the receiver as
the sender is sending the message.

Types of Error Reporting messages

The error reporting messages are broadly classified into the following
categories:
Source Quench Message

A source quench message is a request to decrease the traffic rate for messages
sent to the host destination) or we can say when receiving host detects that the
rate of sending packets (traffic rate) to it is too fast it sends the source quench
message to the source to slow the pace down so that no packet can be lost.
ICMP will take the source IP from the discarded packet and inform the source by
sending a source quench message. The source will reduce the speed of transmission
so that router will be free from congestion.

When the congestion router is far away from the source the ICMP will send a hop-
by-hop source quench message so that every router will reduce the speed of
transmission.
Parameter Problem

Whenever packets come to the router then the calculated header checksum
should be equal to the received header checksum then only the packet is
accepted by the router.

If there is a mismatch packet will be dropped by the router.

ICMP will take the source IP from the discarded packet and inform the source by
sending a parameter problem message.
Time Exceeded Message

A notification with the subject line “Time Exceeded” is typically generated by

routers or gateways. You need to know what an IP header is in a packet in order
to comprehend this ICMP message in its entirety. The IP protocol structure is
covered in great detail in the section on IP Protocol, which is freely available to
our readers.
Destination Un-reachable

The destination is unreachable and is generated by the host or its inbound

gateway to inform the client that the destination is unreachable for some
reason.

There is no necessary condition that only the router gives the ICMP error
message time the destination host sends an ICMP error message when any
type of failure (link failure, hardware failure, port failure, etc) happens in the
network.
Redirection Message

Redirect requests data packets are sent on an alternate route. The message informs
a host to update its routing information (to send packets on an alternate route).

Example: If the host tries to send data through a router R1 and R1 sends data on a
router R2 and there is a direct way from the host to R2. Then R1 will send a redirect
message to inform the host that there is the best way to the destination directly
through R2 available. The host then sends data packets for the destination directly
to R2. The router R2 will send the original datagram to the intended destination. But
if the datagram contains routing information then this message will not be sent
even if a better route is available as redirects should only be sent by gateways and
should not be sent by Internet hosts

Whenever a packet is forwarded in the wrong direction later it is re-directed in a

current direction then ICMP will send a re-directed message.
Address Resolution Protocol (ARP) –

Address Resolution Protocol is a

communication protocol used for
discovering physical address associated
with given network address. Typically,
ARP is a network layer to data link
layer mapping process, which is used to
discover MAC address for given Internet
Protocol Address. In order to send the
data to destination, having IP address is
necessary but not sufficient; we also
need the physical address of the
destination machine. ARP is used to get
the physical address (MAC address) of
destination machine.
Before sending the IP packet, the MAC address of destination must be known. If not so,
then sender broadcasts the ARP-discovery packet requesting the MAC address of
intended destination. Since ARP-discovery is broadcast, every host inside that network
will get this message but the packet will be discarded by everyone except that intended
receiver host whose IP is associated.
Now, this receiver will send a unicast packet with its MAC address (ARP-reply) to the
sender of ARP-discovery packet. After the original sender receives the ARP-reply, it
updates ARP-cache and start sending unicast message to the destination.
Proxy ARP

• Proxy ARP is the

technique in which one
host, usually a router,
answers ARP requests
intended for another
machine.
• If you fake its identity,
the router accepts
responsibility for
routing packets to the
"real" destination.
• Proxy ARP can help
machines on a subnet
reach remote subnets
without the need to
configure routing or a
default gateway.
Reverse Address Resolution Protocol
(RARP) –

Reverse ARP is a networking protocol used

by a client machine in a local area network to
request its Internet Protocol address (IPv4)
from the gateway-router’s ARP table.

The network administrator creates a table in

gateway-router, which is used to map the
MAC address to corresponding IP address.
When a new machine is setup or any
machine which don’t have memory to store
IP address, needs an IP address for its own
use.

So the machine sends a RARP broadcast

packet which contains its own MAC address
in both sender and receiver hardware
address field.
A special host configured inside the local area network, called as RARP-server is
responsible to reply for these kind of broadcast packets. Now the RARP server
attempt to find out the entry in IP to MAC address mapping table. If any entry
matches in table, RARP server send the response packet to the requesting device
along with IP address.

•LAN technologies like Ethernet, Ethernet II, Token Ring and Fiber Distributed Data
Interface (FDDI) support the Address Resolution Protocol.

•RARP is not being used in today’s networks. Because we have much great
featured protocols like BOOTP (Bootstrap Protocol) and DHCP( Dynamic Host
Configuration Protocol).
What is ARP poisoning (ARP spoofing) –

ARP spoofing is a type of network attack in which the attacker sends the
falsified ARP request over the LAN (say to the default gateway), which
results connecting attacker’s MAC address to the legitimate server on that
victim network.

Now, the attacker will start receiving the data which was intended for that
IP address. With the help of ARP Poisoning (or ARP Spoofing) attacker is
able to intercept data frames, modify traffic or even stop data in-transit.
Bootstrap Protocol (BOOTP)

Bootstrap Protocol (BOOTP) is a networking protocol which is used by networking

administration to give IP addresses to each member of that network for participating
with other networking devices by the main server.

Bootstrap (BOOTP) is primarily required to check the system on a network the first time
you start your computer. Records the BIOS cycle of each computer on the network to
allow the computer’s motherboard and network manager to efficiently organize the data
transfer on the computer as soon as it boots up.

1.BOOTP is mainly used in a diskless environment and requires no media as all data is
stored in the network cloud for efficient use.

2.BOOTP is the transfer of a data between a client and a server to send and receive
requests and corresponding responses by the networking server.

3.BOOTP supports the use of motherboards and network managers, so no external

storage outside of the cloud network is required.
When BOOTP client and BOOTP server on different network-
• The BOOTP request is broadcast because the client does not know the IP address of
the server. A broadcast IP datagram cannot pass through any router.
• Router discards this packet.
• To solve the problem, there is a need for an intermediary. One of the hosts (or a
router that can be configured to operate at the application layer) can be used as a
relay. The host in this case is called a relay agent.
• The relay agent knows the unicast address of a BOOTP server. When it receives this
type of packet, it encapsulates the message in a unicast datagram and sends the
request to the BOOTP server.
• The packet, carrying a unicast destination address, is routed by any router and
reaches the BOOTP server.
• The BOOTP server knows the message comes from a relay agent because one of the
fields in the request message defines the IP address of the relay agent. The relay
agent, after receiving the reply, sends it to the BOOTP client.
What is DHCP?

DHCP stands for Dynamic Host Configuration Protocol.

It is the critical feature on which the users of an
enterprise network communicate. DHCP helps
enterprises to smoothly manage the allocation of IP
addresses to the end-user clients’ devices such as
desktops, laptops, cellphones, etc. is an application layer
protocol.
DHCP is also used to configure the proper subnet mask,
default gateway and DNS server information on the
node or device.

Why Do We Use DHCP?

DHCP helps in managing the entire process

automatically and centrally. DHCP helps in maintaining a
unique IP Address for a host using the server. DHCP
servers maintain information on TCP/IP configuration
and provide configuration of address to DHCP-enabled
clients in the form of a lease offer.
Working of DHCP

• Dynamic Host Configuration Protocol(DHCP) uses the DORA. Dynamic

Host Configuration Protocol is the protocol of the application layer. It is
used to provide Subnet Mask, Router Address, DNS Address, and Vendor
Class Identifier. In fact, DHCP provides an automatic IP address to Hosts
which want to connect to a network.
• The DHCP port number for the server is 67 and for the client is 68.
• DORA is the process that is used by DHCP. DORA helps in providing an IP
address to hosts or client machines. DORA is the process that follows some
steps between the server and client. It gets the IP address from the
centralized server. It consists of four-stage:

•Discover
•Offer
•Request
•Acknowledge
Step 1: DHCP Discover Message
This is the first message in the DORA process which helps in finding the DHCP server of
the network. DHCP client will find the server by sending DHCP discover message. The
broadcast message is sent to the network.
Step 2: DHCP Offer Message
DHCP server receives the discover message and it replays the DHCP client with the DHCP
offer request. The server sends a DHCP offer message with filled information. It has
information about the IP address and duration of time that a host can use.
Step 3: DHCP Request Message
DHCP clients send the request message to the server when it receives a DHCP offer
message from the server. This message tells the server that it accepts the IP address given
by the server
Step 4: DHCP Acknowledge Message
This is the last step or message in the DORA process. The DHCP server sends Acknowledge
Message to the client when it receives the request message from the DHCP client. This message
will contain the IP address and subnet mask that the server assigns to the client.
DHCP Packet Format
•Hardware Length: This is an 8-bit field defining the length of the physical
address in bytes. e.g for Ethernet the value is 6.
•Hop count: This is an 8-bit field defining the maximum number of hops
the packet can travel.
•Transaction ID: This is a 4-byte field carrying an integer. The transcation
identification is set by the client and is used to match a reply with the
request. The server returns the same value in its reply.
•Number of Seconds: This is a 16-bit field that indicates the number of
seconds elapsed since the time the client started to boot.
•Flag: This is a 16-bit field in which only the leftmost bit is used and the rest
of the bit should be set to os. A leftmost bit specifies a forced broadcast
reply from the server. If the reply were to be unicast to the client, the
destination. IP address of the IP packet is the address assigned to the client.
•Client IP Address: This is a 4-byte field that contains the client IP address
. If the client does not have this information this field has a value of 0.
•Your IP Address: This is a 4-byte field that contains the client IP address.
It is filled by the server at the request of the client.
•Server IP Address: This is a 4-byte field containing the server IP address.
It is filled by the server in a reply message.
•Gateway IP Address: This is a 4-byte field containing the IP address of a
routers. IT is filled by the server in a reply message.
•Client Hardware Address: This is the physical address of the client
.Although the server can retrieve this address from the frame sent by the
client it is more efficient if the address is supplied explicity by the client in
the request message.
•Server Name: This is a 64-byte field that is optionally filled by the server
in a reply packet. It contains a null-terminated string consisting of the
domain name of the server. If the server does not want to fill this filed with
data, the server must fill it with all 0s.
•Boot Filename: This is a 128-byte field that can be optionally filled by the
server in a reply packet. It contains a null- terminated string consisting of
the full pathname of the boot file. The client can use this path to retrieve
other booting information. If the server does not want to fill this field with
data, the server must fill it with all 0s.
•Options: This is a 64-byte field with a dual purpose. IT can carry either
additional information or some specific vendor information. The field is
used only in a reply message. The server uses a number, called a magic
cookie, in the format of an IP address with the value of 99.130.83.99.
When the client finishes reading the message, it looks for this magic
cookie. If present the next 60 bytes are options.
Routing:-

• Routing is a process that is

performed by layer 3 (or network
layer) devices to deliver the packet
by choosing an optimal path from
one network to another. It is an
autonomous process handled by
the network devices to direct a
data packet to its intended
destination.

• The process of routing involves

making various routing decisions
to ensure reliable & efficient
delivery of the data packet by
finding the shortest path using
various routing metrics
1. Static Routing Configuration of Static Routing

Static routing is also

called as “non-adaptive
routing”. In this, routing
configuration is done
manually by the network
administrator. Let’s say
for example, we have 5
different routes to
transmit data from one
node to another, so the
network administrator
will have to manually
enter the routing
information by assessing
all the routes.
2. Default Routing

This is the method where the

router is configured to send
all packets toward a single
router (next hop). It doesn’t
matter to which network the
packet belongs, it is
forwarded out to the router
which is configured for
default routing. It is
generally used with stub
routers. A stub router is a
router that has only one
route to reach all other
networks.
3. Dynamic Routing

• Dynamic routing makes automatic adjustments of the routes according to the

current state of the route in the routing table.
• Dynamic routing uses protocols to discover network destinations and the routes
to reach them. RIP and OSPF are the best examples of dynamic routing protocols.
• Automatic adjustments will be made to reach the network destination if one
route goes down. A dynamic protocol has the following features:
•The routers should have the same dynamic protocol running in order to
exchange routes.
•When a router finds a change in the topology then the router advertises it
to all other routers.
 What is an IGP protocol?
An AS can contain multiple networks. To connect these networks, the administrator
can use a routing protocol. The routing protocol the administrator uses to connect
the networks within the autonomous system is known as an interior gateway
routing protocol. Since all networks in an autonomous system belong to the same
administrative entity, the administrator can configure any IGP protocol to connect
them.
RIPv1, IGRP, OSPF, EIGRP, RIPv2, and IS-IS are some examples of interior
gateway routing protocols.

What is an EGP protocol?

An EGP protocol provides connectivity between different autonomous systems.
Since different autonomous systems belong to different administrative entities,
administrators cannot use routing protocols of their choices to connect them. They
have to use a uniform routing protocol. A uniform routing protocol that connects
different autonomous systems is known as an exterior gateway routing protocol.
Nowadays, BGP is the only used exterior routing protocol. BGP connects all public
autonomous systems on the Internet.
OSPF:-

• Open Shortest Path First (OSPF) is one such dynamic routing protocol. It is
called a dynamic protocol as it is able to dynamically exchange routing
information between the routers that are the nearest neighbors.
• Open Shortest Path First (OSPF) is an Interior Gateway Protocol (IGP) that has
an algorithm type of Link-State.
• It uses the Shortest Path First algorithm which is also called Dijkstra’s
algorithm.
• The routers store information about networks in Link State
Advertisements (LSAs) which are organized in a structure called the Link State
Database (LSDB).
• These LSAs contain information about every router, subnet, and other
networking information. Once the LSAs have been flooded, the OSPF stores the
information in a link-state database known as LSDB. The main goal is to have
the same information about every router in an LSDBs.
This is how a link-state protocol functions:

•When we use a link-state routing protocol, every router creates a

‘connectivity map’ of the network.
•To make this happen, each router advertises information about its
interfaces (connected networks) to its neighbors. These advertisements
are passed along to other routers until all the other routers in the
network develop the same map of the network.
•Therefore, it is very important to note that each of the routers then uses
this same map to calculate the best routers for each destination.
•Since more information is shared, link-state protocols use more
resources on the router.
•The link-state routers react faster to the changes in the network than the
distance vector routers.
OSPF Areas

• OSPF divides the autonomous systems into areas where the area is a collection of networks, hosts,
and routers. Like internet service providers divide the internet into a different autonomous system
for easy management and OSPF further divides the autonomous systems into Areas.
• Routers that exist inside the area flood the area with routing information
• In Area, the special router also exists. The special routers are those that are present at the border of
an area, and these special routers are known as Area Border Routers. This router summarizes the
information about an area and shares the information with other areas.
How does OSPF work?

There are three steps that can explain the working of

OSPF:

Step 1: The first step is to become OSPF neighbors. The two

connecting routers running OSPF on the same link creates a
neighbor relationship.
Step 2: The second step is to exchange database
information. After becoming the neighbors, the two routers
exchange the LSDB information with each other.
Step 3: The third step is to choose the best route. Once the
LSDB information has been exchanged with each other, the
router chooses the best route to be added to a routing table
based on the calculation of SPF.
OSPF Packets

There are five different types of packets in OSPF:

•Hello
•Database Description
•Link state request
•Link state update
•Link state Acknowledgment

1. Hello packet
The Hello packet is used to create a neighborhood relationship and check the
neighbor's reachability. Therefore, the Hello packet is used when the connection
between the routers need to be established.

2. Database Description
After establishing a connection, if the neighbor router is communicating with the
system first time, it sends the database information about the network topology to
the system so that the system can update or modify accordingly.
3. Link state request
The link-state request is sent by the router to obtain the information of a
specified route. Suppose there are two routers, i.e., router 1 and router 2, and
router 1 wants to know the information about the router 2, so router 1 sends
the link state request to the router 2. When router 2 receives the link state
request, then it sends the link-state information to router 1.
4. Link state update
The link-state update is used by the router to advertise the state of its links. If
any router wants to broadcast the state of its links, it uses the link-state update.

5. Link state acknowledgment

The link-state acknowledgment makes the routing more reliable by forcing each
router to send the acknowledgment on each link state update. For example,
router A sends the link state update to the router B and router C, then in return,
the router B and C sends the link- state acknowledgment to the router A, so
that the router A gets to know that both the routers have received the link-state
update.
BGP

• The Border Gateway Protocol (BGP) is an Exterior Gateway Protocol!

To be precise, it is a Path-Vector Routing protocol.
• Border Gateway Protocol works on different autonomous systems
How Does the BGP Work?

The concept behind BGP is the best path selection. You can imagine the similarity of
BGP to Google Maps. You put in the destination and it knows your current location,
then, it tells you the best path. The BGP works in the same way but for the Internet.
•When a network router wants to connect to a network, it has to send data via the
best path.
•This is when the BGP considers all the different peering options the router has and it
chooses the shortest path to the router.
•The routing information is then communicated by each of the potential peers.
•This information is stored within a Routing Information Base (RIB).
•BGCP then receives this information, accesses it and chooses the best path.

What are the Different Types of Packets in BGP?

There are four different types of packets that are sent by the BGP:
•Open
•Update
•Keep Alive
•Notification
1. Open:
•When one router wants to connect to another router and wants to
create a neighborhood relation, it uses the open message.
2. Update:
•It is used in two situations:
• It is used to withdraw a destination that has been previously
advertised.
• It is also used to announce a route to a new destination.
3. Keep Alive:
•Such a message is exchanged regularly.
•It is used to tell other routers if they are alive or not.
•For example, ‘Hello’ packets.
4. Notification:
•It is sent by a router when there is an error condition.
•It is also sent by the router when it wants to close a connection.
Elements of BGP

Some elements of BGP are assigned to each path and these

elements help routers to select a path from multiple paths.Here
below are some elements of BGP:

•Weight: Weight is defined as a Cisco-specific attribute that tells a

router which path is preferred. The weight having a higher value is
preferred.
•Originate: This tells how a router choose routes and adds to BGP
itself.
•Local Preference: Local Preference is an element used to select
the outbound routing path. Greater local preference is preferred.
•Autonomous System Path: This element tells the router to select
a path having a shorter length.
•Next Hop: To reach the destination the next hop elements specify
the IP address that should be used as the next hop.
BGP's Loop prevention mechanism

There is a possibility that when you are connecting to the internet, then you may be
advertising route 10.0.0.0 to some autonomous system, then it is advertised to
some other autonomous system. Then there is a possibility that the same route is
coming back again. This creates a loop. But, in BGP, there is a rule that when the
router sees its own AS number for example, as shown in the above figure, the
network 180.10.0.0/16 is originating from the AS 100, and when it sends to the AS
200, it is going to carry its path information, i.e., 180.10.0.0/16 and AS 100. When
AS 200 sends to the AS 300, AS 200 will send its path information 180.10.0.0/16 and
AS path is 100 and then 200, which means that the route originates from AS 100,
then reaches 200 and finally reaches to 300. When AS 300 sends to the AS 500, it
will send the network information 180.10.0.0/16, and AS path is 100, 200, and then
300. If AS 500 sends to the AS 100, and AS 100 sees its own autonomous number
inside the update, it will not accept it. In this way, BGP prevents the loop creation.
There are two
types of neighbor
relationship:

IBGP (Internal
BGP): If all the
routers are
neighbors of each
other and belong
to the same
autonomous
number system,
the routers are
referred to as an
IBGP.
•EBGP (External BGP):
If all the routers are
neighbors of each
other and they
belong to the
different
autonomous number
systems, then the
routers are referred
to as an EBGP.
 Differences between IPv4 and IPv6
Ipv4 Ipv6

Address length IPv4 is a 32-bit address. IPv6 is a 128-bit address.

IPv6 is an alphanumeric
IPv4 is a numeric address that
address that consists of 8
Fields consists of 4 fields which are
fields, which are separated
separated by dot (.).
by colon.

IPv4 has 5 different classes of IP

address that includes Class A, IPv6 does not contain
Classes
Class B, Class C, Class D, and Class classes of IP addresses.
E.

IPv4 has a limited number of IP IPv6 has a large number of

Number of IP address
addresses. IP addresses.
 It supports VLSM (Virtual Length
Subnet Mask). Here, VLSM means
VLSM It does not support VLSM.
that Ipv4 converts IP addresses into
a subnet of different sizes.

It supports manual, DHCP,

It supports manual and DHCP
Address configuration auto-configuration, and
configuration.
renumbering.

It generates 4 billion unique It generates 340 undecillion

Address space
addresses unique addresses.
 In the case of IPv6, end-to-
End-to-end connection In IPv4, end-to-end connection
end connection integrity is
integrity integrity is unachievable.
achievable.

In IPv4, security depends on the

application. This IP address is In IPv6, IPSEC is developed
Security features
not developed in keeping the for security purposes.
security feature in mind.

In IPv6, the representation

In IPv4, the IP address is
Address representation of the IP address in
represented in decimal.
hexadecimal.

Fragmentation is done by the

Fragmentation is done by
Fragmentation senders and the forwarding
the senders only.
routers.
 The checksum field is available The checksum field is not
Checksum field
in IPv4. available in IPv6.

On the other hand, IPv6 is

Transmission scheme IPv4 is broadcasting. multicasting, which provides
efficient network operations.

Encryption and It does not provide encryption It provides encryption and

Authentication and authentication. authentication.

It consists of 8 fields, and each

field contains 2 octets.
Number of octets It consists of 4 octets.
Therefore, the total number of
octets in IPv6 is 16.