UEEN2013/UEEN2423

TCP/IP Network Fundamentals

(Topic 07)

IP Protocols
 IP Service
• Delivery service of IP is minimal
• IP provides an unreliable connectionless best effort
service (also called: “datagram service”).
– Unreliable: IP does not make an attempt to recover
lost packets
– Connectionless: Each packet (“datagram”) is handled
independently. IP is not aware that packets between
hosts may be sent in a logical sequence
– Best effort: IP does not make guarantees on the
service (no throughput guarantee, no delay
guarantee,…)
• Consequences:
• Higher layer protocols have to deal with losses or with duplicate
packets

• Packets may be delivered out-of-sequence

 IP Datagram Format
bit # 0 7 8 15 16 23 24 31
header
version DS ECN total length (in bytes)
length
D M
Identification 0 Fragment offset
F F
time-to-live (TTL) protocol header checksum

source IP address

destination IP address

options (0 to 40 bytes)

payload

4 bytes
 Fields of the IP Header

• Version (4 bits): current version is 4, next version will be 6.

• Header length (4 bits): length of IP header, in multiples of 4 bytes
• DS/ECN field (1 byte)
– This field was previously called as Type-of-Service (TOS) field. The
role of this field has been re-defined.
– Differentiated Service (DS) (6 bits):
• Used to specify service level (currently not supported in the
Internet)
– Explicit Congestion Notification (ECN) (2 bits):
• New feedback mechanism used by TCP
 Fields of the IP Header
• Identification (16 bits): Unique identification of a datagram from a
host. Incremented whenever a datagram is transmitted
• Flags (3 bits):
– First bit always set to 0
– DF bit (Do not fragment)
– MF bit (More fragments)
Will be explained later Fragmentation
 Fields of the IP Header
• Time To Live (TTL) (1 byte):
– Specifies longest paths before datagram is dropped
– Role of TTL field: Ensure that packet is eventually dropped when a
routing loop occurs
Used as follows:
– Sender sets the value (e.g., 64)
– Each router decrements the value by 1
– When the value reaches 0, the datagram is dropped
 Fields of the IP Header
• Protocol (1 byte):
• Specifies the higher-layer protocol.
• Used for demultiplexing to higher layers.
4 = IP-in-IP
encapsulation

6 = TCP 17 = UDP

1 = ICMP 2 = IGMP

IP

• Header checksum (2 bytes): A simple 16-bit long checksum which is

computed for the header of the datagram.
 Fields of the IP Header
• Options:
• Security restrictions
• Record Route: each router that processes the packet adds its IP
address to the header.
• Timestamp: each router that processes the packet adds its IP
address and time to the header.
• (loose) Source Routing: specifies a list of routers that must be
traversed.
• (strict) Source Routing: specifies a list of the only routers that
can be traversed.
• Padding: Padding bytes are added to ensure that header ends on a 4-
byte boundary
 Maximum Transmission Unit
• Maximum size of IP datagram is 65535, but the data link layer protocol
generally imposes a limit that is much smaller
• For example:
– Ethernet frames have a maximum payload of 1500 bytes
IP datagrams encapsulated in Ethernet frame cannot be longer than
1500 bytes
• The limit on the maximum IP datagram size, imposed by the data link
protocol is called maximum transmission unit (MTU)

• MTUs for various data link layers:

Ethernet: 1500 FDDI: 4352
802.3: 1492 ATM AAL5: 9180
802.5: 4464 PPP: 296
 IP Fragmentation
• What if the size of an IP datagram exceeds the MTU?
IP datagram is fragmented into smaller units.

• What if the route contains networks with different MTUs?

Ethernet
FDDI
Ring
Host A Router Host B

MTUs: FDDI: 4352 Ethernet: 1500

• Fragmentation:
• IP router splits the datagram into several datagram
• Fragments are reassembled at receiver
 Where is Fragmentation done?

• Fragmentation can be done at the sender or at

intermediate routers
• The same datagram can be fragmented several times.
• Reassembly of original datagram is only done at
destination hosts.

IP datagram H Fragment 2 H2 Fragment 1 H1

Router
 What’s involved in Fragmentation?
• The following fields in the IP
header are involved:
header
version
length
DS ECN total length (in bytes)
DM
Identification 0 Fragment offset
F F
time-to-live (TTL) protocol header checksum

Identification When a datagram is fragmented, the

identification is the same in all fragments
Flags
DF bit is set: Datagram cannot be fragmented and must
be discarded if MTU is too small
MF bit set: This datagram is part of a fragment and an
additional fragment follows this one
 What’s involved in Fragmentation?
• The following fields in the IP
header are involved:
header
version
length
DS ECN total length (in bytes)
DM
Identification 0 Fragment offset
F F
time-to-live (TTL) protocol header checksum

Fragment offset It is this fields that tells the receiving device

which order to reassemble fragments.
Total length Total length of the current fragment
 Example of Fragmentation
• A datagram with size 2400 bytes must be
fragmented according to an MTU limit of 1000
bytes
Header length: 20 Header length: 20 Header length: 20 Header length: 20
Total length: 2400 Total length: 448 Total length: 996 Total length: 996
Identification: 0xa428 Identification: 0xa428 Identification: 0xa428 Identification: 0xa428
DF flag: 0 DF flag: 0 DF flag: 0 DF flag: 0
MF flag: 0 MF flag: 0 MF flag: 1 MF flag: 1
Fragment offset: 0 Fragment offset: 244 Fragment offset: 122 fragment offset: 0

IP datagram Fragment 3 Fragment 2 Fragment 1

MTU: 4000 MTU: 1000

Router
 Example of Fragmentation
• A datagram with size 2400 bytes must be
fragmented according to an MTU limit of 1000
bytes
First Fragment:
MTU = 1000
Header=length:
Datagram 2400 = 2020 header +Header length: 20
2380 payload Header length: 20 Header length: 20
Totalcan
MTU length: 2400
carry 1000 Total =
– 20 (Header) length: 448
980 data bytes Total length: 996 Total length: 996
Identification:
Fragments have 0xa428 Identification:
to be multiple of 8 in size. 0xa428 Identification: 0xa428 Identification: 0xa428
DF flag:
So 980/8=122R4 0 DF flag: 0 DF flag: 0 DF flag: 0
MF flag:payload
Therefore carried 0 will be 980-4=976MF flag:
bytes0 MF flag: 1 MF flag: 1
Fragment
The first offset:
fragment will0be 20 (Header)
Fragment + offset: 244
976 data = 996 inFragment
length. offset: 122 fragment offset: 0
Fragment offset will be 0 bytes.
Data remaining to be transmitted = 2380 – 976.
Offset of next datagram will be 976/8 = 122
IP datagram Fragment 3 Fragment 2 Fragment 1

MTU: 4000 MTU: 1000

Router
 Example of Fragmentation
• A datagram with size 2400 bytes must be
fragmented according to an MTU limit of 1000
bytes
Header length: 20 Header length: 20 Header length: 20
Total length: 2400 Total length: 996 Total length: 996
Identification: 0xa428 Identification: 0xa428 Identification: 0xa428
DF flag: 0 DF flag: 0 DF flag: 0
MF flag: 0 MF flag: 1 MF flag: 1
Fragment offset: 0 Fragment offset: 122 fragment offset: 0

Second Fragment:
Data remaining to be carried: 2380 – 976 = 1404 >Fragment
IP datagram 980 -->3 976 Fragment 2 Fragment 1

The second fragment will be 20 (Header) + 976 data = 996 in length.

Fragment offset willMTU:
be4000 MTU: 1000
122 bytes (size of 1st fragment payload).
Offset of next datagram will be 122 Router
+ 976/8 = 244
 Example of Fragmentation
• A datagram with size 2400 bytes must be
fragmented according to an MTU limit of 1000
bytes
Header length: 20 Header length: 20 Header length: 20 Header length: 20
Total length: 2400 Total length: 448 Total length: 996 Total length: 996
Identification: 0xa428 Identification: 0xa428 Identification: 0xa428 Identification: 0xa428
DF flag: 0 DF flag: 0 DF flag: 0 DF flag: 0
MF flag: 0 MF flag: 0 MF flag: 1 MF flag: 1
Fragment offset: 0 Fragment offset: 244 Fragment offset: 122 fragment offset: 0

Third Fragment:
Data remaining to be transmitted = 2380 – 976 – 976 = 428Fragment 3
IP datagram Fragment 2 Fragment 1

The 3rd fragment will be 20 (Header) + 428 data = 448 in length.

Fragment offset will be 244 MTU: 4000(size of 1st + 2nd fragment
bytes MTU: 1000
payloads).
Router
 Private Network
• Private IP network is an IP network that is not directly connected to the
Internet

• Generally, private networks use addresses from the following

experimental address ranges (non-routable addresses):
– 10.0.0.0 – 10.255.255.255
– 172.16.0.0 – 172.31.255.255
– 192.168.0.0 – 192.168.255.255
 Private Addresses

H1 H2 H3 H4

10.0.1.2 10.0.1.3 10.0.1.2 10.0.1.3

10.0.1.1 10.0.1.1
Private network 1 Private network 1
Internet
R1 128.195.4.119 128.143.71.21 R2

213.168.112.3

H5
 Network Address Translation (NAT)

• NAT is a router function where IP addresses (and possibly

port numbers) of IP datagrams are replaced at the
boundary of a private network

• NAT is a method that enables hosts on private networks to

communicate with hosts on the Internet

• NAT is run on routers that connect private networks to the

public Internet, to replace the IP address-port pair of an IP
packet with another IP address-port pair.
 Basic operation of NAT

• NAT device has address translation table

• One to one address translation
 Port Address Translation

With Port Address Translation (PAT), a single public IP address is used for all
internal private IP addresses, but a different port is assigned to each private
IP address. This type of NAT is also known as NAT Overload and is the typical
form of NAT used in today’s networks.
Dynamic Host Configuration
Protocol (DHCP)
Dynamic Assignment of IP addresses

• Dynamic assignment of IP addresses is

desirable for several reasons:
– IP addresses are assigned on-demand
– Avoid manual IP configuration
– Support mobility of laptops
 DHCP
• Dynamic Host Configuration Protocol (DHCP)
– Uses UDP Port 67 (server) and 68 (host)
– Supports temporary allocation (“leases”) of IP
addresses
– DHCP client can acquire all IP configuration
parameters needed to operate
– DHCP is the preferred mechanism for dynamic
assignment of IP addresses
 DHCP Operation
DHCP Client
00:a0:24:71:e4:44 DHCP Server
• DCHP
DISCOVER
DHCPDISCOVER
Sent to 255.255.255.255

Sent by a client, which is

a broadcast frame

DHCP Server

DHCP Client
• DCHP OFFER
00:a0:24:71:e4:44 DHCPOFFER DHCP Server
Sent by the server, which
DHCPOFFER
is also a broadcast frame
since the client who
requested it does not
have an IP address yet.
DHCP Server
 DHCP Operation

• Clients accept the first

offer received by
broadcasting a DHCP DHCP Client
00:a0:24:71:e4:44 DHCP Server
Request message for DHCPREQUEST

the offered. DHCPACK

• The server accepts the

request by sending the
client a DHCP DHCP Server

Acknowledgment
message.
 DHCP Operation

• DCHP RELEASE DHCP Client

00:a0:24:71:e4:44 DHCP Server
DHCPRELEASE

Sent by the client to the

server to give up an IP
address lease
DHCP Server
Internet Control Mesage
Protocol (ICMP)
 Overview
• The Internet Control Message Protocol (ICMP) is a
helper protocol that supports IP with facility for
– Error reporting
– Simple queries

• ICMP messages are encapsulated as IP datagrams:

IP header ICMP message

IP payload
 ICMP message format
bit # 0 7 8 15 16 23 24 31

type code checksum

additional information
or
0x00000000

4 byte header:
• Type (1 byte): type of ICMP message
• Code (1 byte): subtype of ICMP message
• Checksum (2 bytes): similar to IP header checksum.
Checksum is calculated over entire ICMP message
If there is no additional data, there are 4 bytes set to zero.
 each ICMP messages is at least 8 bytes long
 ICMP Query message

ICMP query:
• Request sent by host to a router or host
• Reply sent back to querying host
 Example of ICMP Queries
Type/Code: Description
The ping command
8/0 Echo Request uses Echo Request/
0/0 Echo Reply Echo Reply

13/0 Timestamp Request

14/0 Timestamp Reply

10/0 Router Solicitation

9/0 Router Advertisement
 Example of a Query:
ICMP Timestamp
• A system (host or router) asks
another system for the current Timestamp
Sender Request
time.
• Time is measured in milliseconds Receiver

after midnight UTC (Universal

Coordinated Time) of the current Timestamp
Reply
day
• Sender sends a request, receiver Type Code
responds with reply Checksum
(= 17 or 18) (=0)
• TIMESTAMP REQUEST and identifier sequence number
TIMESTAMP REPLY are pretty
32-bit sender timestamp
rare, and many sites simply don't
answer, as many systems 32-bit receive timestamp
managers believe it to be a
32-bit transmit timestamp
security issue
 ICMP Error message

• ICMP error messages report error conditions

• Typically sent when a datagram is discarded
• Error message is often passed from ICMP to the
application program
 ICMP Error message
ICMP Message

from IP datagram that triggered the error

IP header ICMP header IP header 8 bytes of payload

type code checksum

Unused (0x00000000)

• ICMP error messages include the complete IP header and

the first 8 bytes of the payload (typically: UDP, TCP)
 Frequent ICMP Error message

Type Code Description

3 0–15 Destination Notification that an IP datagram could not be
unreachable forwarded and was dropped. The code field
contains an explanation.
5 0–3 Redirect Informs about an alternative route for the
datagram and should result in a routing table
update. The code field explains the reason for
the route change.
11 0, 1 Time Sent when the TTL field has reached zero
exceeded (Code 0) or when there is a timeout for the
reassembly of segments (Code 1)
12 0, 1 Parameter Sent when the IP header is invalid (Code 0) or
problem when an IP header option is missing (Code 1)
 Some subtypes of the “Destination
Unreachable”
Code Description Reason for Sending
0 Network No routing table entry is available for the
Unreachable destination network.
1 Host Destination host should be directly reachable, but
Unreachable does not respond to ARP Requests.
2 Protocol The protocol in the protocol field of the IP header is
Unreachable not supported at the destination.
3 Port The transport protocol at the destination host cannot
Unreachable pass the datagram to an application.
4 Fragmentation IP datagram must be fragmented, but the DF bit in
Needed the IP header is set.
and DF Bit Set
 Example: ICMP Port Unreachable

• If, in the destination host, the IP module cannot deliver the datagram
because the process port is not active, the destination host may send a
destination unreachable message to the source host.
• Scenario:

No process
is waiting
at port 80
Client Server
 Wireshark Example of Host Unreachable

• Display of the Command Prompt at PC0