5

THE NETWORK LAYER

The network layer is concerned with getting packets from the source all the
way to the destination. Getting to the destination may require making many hops
at intermediate routers along the way. This function clearly contrasts with that of
the data link layer, which has the more modest goal of just moving frames from
one end of a wire to the other. Thus, the network layer is the lowest layer that
deals with end-to-end transmission.
To achieve its goals, the network layer must know about the topology of the
network (i.e., the set of all routers and links) and choose appropriate paths through
it, even for large networks. It must also take care when choosing routes to avoid
overloading some of the communication lines and routers while leaving others
idle. Finally, when the source and destination are in different networks, new
problems occur. It is up to the network layer to deal with them. In this chapter
we will study all these issues and illustrate them, primarily using the Internet and
its network layer protocol, IP.

5.1 NETWORK LAYER DESIGN ISSUES

In the following sections, we will give an introduction to some of the issues
that the designers of the network layer must grapple with. These issues include
the service provided to the transport layer and the internal design of the network.

355
356 THE NETWORK LAYER CHAP. 5

5.1.1 Store-and-Forward Packet Switching

Before starting to explain the details of the network layer, it is worth restating
the context in which the network layer protocols operate. This context can be
seen in Fig. 5-1. The major components of the network are the ISP’s equipment
(routers connected by transmission lines), shown inside the shaded oval, and the
customers’ equipment, shown outside the oval. Host H1 is directly connected to
one of the ISP’s routers, A, perhaps as a home computer that is plugged into a
DSL modem. In contrast, H2 is on a LAN, which might be an office Ethernet,
with a router, F, owned and operated by the customer. This router has a leased
line to the ISP’s equipment. We have shown F as being outside the oval because
it does not belong to the ISP. For the purposes of this chapter, however, routers
on customer premises are considered part of the ISP network because they run the
same algorithms as the ISP’s routers (and our main concern here is algorithms).
Router ISP’s equipment
Process P1 P2

B
D

A E F

Host H1 LAN H2

C
Packet

Figure 5-1. The environment of the network layer protocols.

This equipment is used as follows. A host with a packet to send transmits it to

the nearest router, either on its own LAN or over a point-to-point link to the ISP.
The packet is stored there until it has fully arrived and the link has finished its
processing by verifying the checksum. Then it is forwarded to the next router
along the path until it reaches the destination host, where it is delivered. This
mechanism is store-and-forward packet switching, as we have seen in previous
chapters.

5.1.2 Services Provided to the Transport Layer

The network layer provides services to the transport layer at the network
layer/transport layer interface. An important question is precisely what kind of
services the network layer provides to the transport layer. The services need to be
carefully designed with the following goals in mind:
SEC. 5.1 NETWORK LAYER DESIGN ISSUES 357

1. The services should be independent of the router technology.

2. The transport layer should be shielded from the number, type, and
topology of the routers present.
3. The network addresses made available to the transport layer should
use a uniform numbering plan, even across LANs and WANs.

Given these goals, the designers of the network layer have a lot of freedom in
writing detailed specifications of the services to be offered to the transport layer.
This freedom often degenerates into a raging battle between two warring factions.
The discussion centers on whether the network layer should provide connection-
oriented service or connectionless service.
One camp (represented by the Internet community) argues that the routers’
job is moving packets around and nothing else. In this view (based on 40 years of
experience with a real computer network), the network is inherently unreliable, no
matter how it is designed. Therefore, the hosts should accept this fact and do
error control (i.e., error detection and correction) and flow control themselves.
This viewpoint leads to the conclusion that the network service should be con-
nectionless, with primitives SEND PACKET and RECEIVE PACKET and little else.
In particular, no packet ordering and flow control should be done, because the
hosts are going to do that anyway and there is usually little to be gained by doing
it twice. This reasoning is an example of the end-to-end argument, a design
principle that has been very influential in shaping the Internet (Saltzer et al.,
1984). Furthermore, each packet must carry the full destination address, because
each packet sent is carried independently of its predecessors, if any.
The other camp (represented by the telephone companies) argues that the net-
work should provide a reliable, connection-oriented service. They claim that 100
years of successful experience with the worldwide telephone system is an excel-
lent guide. In this view, quality of service is the dominant factor, and without
connections in the network, quality of service is very difficult to achieve, espe-
cially for real-time traffic such as voice and video.
Even after several decades, this controversy is still very much alive. Early,
widely used data networks, such as X.25 in the 1970s and its successor Frame
Relay in the 1980s, were connection-oriented. However, since the days of the
ARPANET and the early Internet, connectionless network layers have grown
tremendously in popularity. The IP protocol is now an ever-present symbol of suc-
cess. It was undeterred by a connection-oriented technology called ATM that was
developed to overthrow it in the 1980s; instead, it is ATM that is now found in
niche uses and IP that is taking over telephone networks. Under the covers, how-
ever, the Internet is evolving connection-oriented features as quality of service be-
comes more important. Two examples of connection-oriented technologies are
MPLS (MultiProtocol Label Switching), which we will describe in this chapter,
and VLANs, which we saw in Chap. 4. Both technologies are widely used.
358 THE NETWORK LAYER CHAP. 5

5.1.3 Implementation of Connectionless Service

Having looked at the two classes of service the network layer can provide to
its users, it is time to see how this layer works inside. Two different organizations
are possible, depending on the type of service offered. If connectionless service is
offered, packets are injected into the network individually and routed indepen-
dently of each other. No advance setup is needed. In this context, the packets are
frequently called datagrams (in analogy with telegrams) and the network is call-
ed a datagram network. If connection-oriented service is used, a path from the
source router all the way to the destination router must be established before any
data packets can be sent. This connection is called a VC (virtual circuit), in an-
alogy with the physical circuits set up by the telephone system, and the network is
called a virtual-circuit network. In this section, we will examine datagram net-
works; in the next one, we will examine virtual-circuit networks.
Let us now see how a datagram network works. Suppose that the process P1
in Fig. 5-2 has a long message for P2. It hands the message to the transport layer,
with instructions to deliver it to process P2 on host H2. The transport layer code
runs on H1, typically within the operating system. It prepends a transport header
to the front of the message and hands the result to the network layer, probably just
another procedure within the operating system.
Router ISP’s equipment
Process P1 P2

B
D
4
1
A E F
3 2
Host H1 LAN H2

C
Packet

A’s table (initially) A’s table (later) C’s table E’s table
A – A – A A A C
B B B B B A B D
C C C C C – C C
D B D B D E D D
E C E B E E E –
F C F B F E F F
Dest. Line

Figure 5-2. Routing within a datagram network.

Let us assume for this example that the message is four times longer than the
maximum packet size, so the network layer has to break it into four packets, 1, 2,
SEC. 5.1 NETWORK LAYER DESIGN ISSUES 359

3, and 4, and send each of them in turn to router A using some point-to-point pro-
tocol, for example, PPP. At this point the ISP takes over. Every router has an in-
ternal table telling it where to send packets for each of the possible destinations.
Each table entry is a pair consisting of a destination and the outgoing line to use
for that destination. Only directly connected lines can be used. For example, in
Fig. 5-2, A has only two outgoing lines—to B and to C—so every incoming packet
must be sent to one of these routers, even if the ultimate destination is to some
other router. A’s initial routing table is shown in the figure under the label ‘‘ini-
tially.’’
At A, packets 1, 2, and 3 are stored briefly, having arrived on the incoming
link and had their checksums verified. Then each packet is forwarded according
to A’s table, onto the outgoing link to C within a new frame. Packet 1 is then for-
warded to E and then to F. When it gets to F, it is sent within a frame over the
LAN to H2. Packets 2 and 3 follow the same route.
However, something different happens to packet 4. When it gets to A it is
sent to router B, even though it is also destined for F. For some reason, A decided
to send packet 4 via a different route than that of the first three packets. Perhaps it
has learned of a traffic jam somewhere along the ACE path and updated its rout-
ing table, as shown under the label ‘‘later.’’ The algorithm that manages the tables
and makes the routing decisions is called the routing algorithm. Routing algo-
rithms are one of the main topics we will study in this chapter. There are several
different kinds of them, as we will see.
IP (Internet Protocol), which is the basis for the entire Internet, is the dom-
inant example of a connectionless network service. Each packet carries a destina-
tion IP address that routers use to individually forward each packet. The addresses
are 32 bits in IPv4 packets and 128 bits in IPv6 packets. We will describe IP in
much detail later in this chapter.

5.1.4 Implementation of Connection-Oriented Service

For connection-oriented service, we need a virtual-circuit network. Let us see

how that works. The idea behind virtual circuits is to avoid having to choose a
new route for every packet sent, as in Fig. 5-2. Instead, when a connection is es-
tablished, a route from the source machine to the destination machine is chosen as
part of the connection setup and stored in tables inside the routers. That route is
used for all traffic flowing over the connection, exactly the same way that the
telephone system works. When the connection is released, the virtual circuit is
also terminated. With connection-oriented service, each packet carries an identi-
fier telling which virtual circuit it belongs to.
As an example, consider the situation shown in Fig. 5-3. Here, host H1 has
established connection 1 with host H2. This connection is remembered as the first
entry in each of the routing tables. The first line of A’s table says that if a packet
360 THE NETWORK LAYER CHAP. 5

bearing connection identifier 1 comes in from H1, it is to be sent to router C and

given connection identifier 1. Similarly, the first entry at C routes the packet to E,
also with connection identifier 1.

P3

Router ISP’s equipment

P2

B
H3 D

Process P1 1
A 4 E F
2
3 LAN H2

C
Packet

Host H1
A’s table C’s table E’s table
H1 1 C 1 A 1 E 1 C 1 F 1
H3 1 C 2 A 2 E 2 C 2 F 2
In Out

Figure 5-3. Routing within a virtual-circuit network.

Now let us consider what happens if H3 also wants to establish a connection

to H2. It chooses connection identifier 1 (because it is initiating the connection
and this is its only connection) and tells the network to establish the virtual circuit.
This leads to the second row in the tables. Note that we have a conflict here be-
cause although A can easily distinguish connection 1 packets from H1 from con-
nection 1 packets from H3, C cannot do this. For this reason, A assigns a different
connection identifier to the outgoing traffic for the second connection. Avoiding
conflicts of this kind is why routers need the ability to replace connection identi-
fiers in outgoing packets.
In some contexts, this process is called label switching. An example of a
connection-oriented network service is MPLS (MultiProtocol Label Switching).
It is used within ISP networks in the Internet, with IP packets wrapped in an
MPLS header having a 20-bit connection identifier or label. MPLS is often hid-
den from customers, with the ISP establishing long-term connections for large
amounts of traffic, but it is increasingly being used to help when quality of service
is important but also with other ISP traffic management tasks. We will have more
to say about MPLS later in this chapter.
SEC. 5.1 NETWORK LAYER DESIGN ISSUES 361
5.1.5 Comparison of Virtual-Circuit and Datagram Networks

Both virtual circuits and datagrams have their supporters and their detractors.
We will now attempt to summarize both sets of arguments. The major issues are
listed in Fig. 5-4, although purists could probably find a counterexample for
everything in the figure.

Issue Datagram network Virtual-circuit network

Circuit setup Not needed
Addressing Each packet contains the full
source and destination address
State information Routers do not hold state
information about connections
Routing Each packet is routed
independently
Effect of router failures None, except for packets
lost during the crash
Quality of service Difficult
Congestion control Difficult
Required
Each packet contains a
short VC number
Each VC requires router
table space per connection
Route chosen when VC is
set up; all packets follow it
All VCs that passed
through the failed
router are terminated
Easy if enough resources
can be allocated in
advance for each VC
Easy if enough resources
can be allocated in
advance for each VC

Figure 5-4. Comparison of datagram and virtual-circuit networks.

Inside the network, several trade-offs exist between virtual circuits and data-
grams. One trade-off is setup time versus address parsing time. Using virtual cir-
cuits requires a setup phase, which takes time and consumes resources. However,
once this price is paid, figuring out what to do with a data packet in a virtual-cir-
cuit network is easy: the router just uses the circuit number to index into a table to
find out where the packet goes. In a datagram network, no setup is needed but a
more complicated lookup procedure is required to locate the entry for the destina-
tion.
A related issue is that the destination addresses used in datagram networks are
longer than circuit numbers used in virtual-circuit networks because they have a
global meaning. If the packets tend to be fairly short, including a full destination
address in every packet may represent a significant amount of overhead, and
hence a waste of bandwidth.
Yet another issue is the amount of table space required in router memory. A
datagram network needs to have an entry for every possible destination, whereas a
virtual-circuit network just needs an entry for each virtual circuit. However, this
362 THE NETWORK LAYER CHAP. 5

advantage is somewhat illusory since connection setup packets have to be routed

too, and they use destination addresses, the same as datagrams do.
Virtual circuits have some advantages in guaranteeing quality of service and
avoiding congestion within the network because resources (e.g., buffers, band-
width, and CPU cycles) can be reserved in advance, when the connection is estab-
lished. Once the packets start arriving, the necessary bandwidth and router capac-
ity will be there. With a datagram network, congestion avoidance is more diffi-
cult.
For transaction processing systems (e.g., stores calling up to verify credit card
purchases), the overhead required to set up and clear a virtual circuit may easily
dwarf the use of the circuit. If the majority of the traffic is expected to be of this
kind, the use of virtual circuits inside the network makes little sense. On the other
hand, for long-running uses such as VPN traffic between two corporate offices,
permanent virtual circuits (that are set up manually and last for months or years)
may be useful.
Virtual circuits also have a vulnerability problem. If a router crashes and
loses its memory, even if it comes back up a second later, all the virtual circuits
passing through it will have to be aborted. In contrast, if a datagram router goes
down, only those users whose packets were queued in the router at the time need
suffer (and probably not even then since the sender is likely to retransmit them
shortly). The loss of a communication line is fatal to virtual circuits using it, but
can easily be compensated for if datagrams are used. Datagrams also allow the
routers to balance the traffic throughout the network, since routes can be changed
partway through a long sequence of packet transmissions.

5.2 ROUTING ALGORITHMS

The main function of the network layer is routing packets from the source ma-
chine to the destination machine. In most networks, packets will require multiple
hops to make the journey. The only notable exception is for broadcast networks,
but even here routing is an issue if the source and destination are not on the same
network segment. The algorithms that choose the routes and the data structures
that they use are a major area of network layer design.
The routing algorithm is that part of the network layer software responsible
for deciding which output line an incoming packet should be transmitted on. If
the network uses datagrams internally, this decision must be made anew for every
arriving data packet since the best route may have changed since last time. If the
network uses virtual circuits internally, routing decisions are made only when a
new virtual circuit is being set up. Thereafter, data packets just follow the already
established route. The latter case is sometimes called session routing because a
route remains in force for an entire session (e.g., while logged in over a VPN).