Course 3 IP Protocol

is the most widely used Layer 3

protocol

IP it provides services that are

roughly equivalent to the OSI
Protocol network layer - delivery of data.

provides a datagram
(connectionless) transport
service across a network.
Key characteristics
• universally addressed:
• IP defines the addressing mechanism for the network
• uses these addresses for delivery purposes.
• underlying protocol-independent:
• IP allows the transmission of data across any type of underlying network that is designed to work with a TCP/IP stack
• it adapts to the requirements of various lower-level protocols, run on the special data link protocols
• has the ability to fragment large blocks of data into smaller ones in order to match the size limitations of physical networks, and then have
the recipient reassemble the pieces again as needed
• connectionless protocol:
• when a device A wants to send data to a device B, it doesn’t set up a connection to device B before sending the data, it just makes the
datagram and sends it
• unreliable delivery
• when device A sends datagrams to device B, it just sends each one and then moves on to the next; IP doesn’t keep track of the ones it
sent.
• unacknowledged delivery
• IP doesn’t use acknowledgements
IP functions

Addressing: IP includes a mechanism for host addressing;

Data encapsulation and formatting/packaging: IP accepts data from the transport layer protocols UDP and TCP and it
encapsulates it into an IP datagram using a special format prior to transmission

Fragmentation and reassembly: IP has the ability to fragment IP datagrams into pieces, so that they can each be carried on the
local network, since the maximum frame size of each physical and data link network using IP may be different; at the destination,
the receiving device uses the reassembly function to recreate the original IP datagram.

Routing and indirect delivery: if the final destination is on a distant network that isn’t directly attached to the source, the
datagram must be delivered indirectly; this is done by routing the datagram through intermediate devices (routers)
IP version 4
(IPv4)
The IP Header
 IP Header Fields (1)
• Version—is set to the value 4, which is the IPv4 version of IP (version 6 IP has a different header.)
• IHL (IP Header Length)—a 4-bit field that contains the number of binary words (a word is 32 bits or 4 bytes)
forming the header.
• ToS (Type of Service)—also known as DSCP (Differential Services Code Point); the ToS is an 8-bit field,
usually set to 0, but that may indicate particular QoS needs from the network; defines the way routers
should queue packets while they are waiting to be forwarded and in some cases provides for packets to be
forwarded along different paths based on priority.
• Total Length—A 16-bit field specifying the total length of the packet, including the header, in octets (bytes).
The combined length of the header and the data can be at most 65,535 octets because this is the largest
possible decimal number that can be described by 16 bits in binary.
• Identification—A 16-bit number that, together with the source address, uniquely identifies this packet;
used during the reassembly of fragmented datagrams.
• Flags—sequence of two flags (one of the 3 bits is unused) that controls whether routers are allowed to
fragment a packet (i.e., the Don’t Fragment, or DF flag), and to indicate the parts of a packet to the receiver
via the More Fragment (MF) flag.
 IP Header Fields (2)
• Fragmentation Offset—offset from the start of the original sent packet, set by any router that performs IP
fragmentation; unused if fragmentation is not performed.
• Time to Live (TTL)—number of hops/links that the packet may be routed over, decremented by most
routers (used to prevent accidental routing loops); TTL ensures that all IP packets have a limited lifetime.
• Protocol—a 8-bit field that indicates the type of transport data being carried.
• Header Checksum—is used for detecting errors in the IP header;
• it is calculated by the transmitting router based on the contents of the IP header;
• it is calculated again by the receiver and compared with the value in the header: if they are different, the packet is
discarded;
• the checksum is updated whenever the packet header is modified by a router.
• Source Address—32-bit IP address of the original sender of the packet.
• Destination Address—32-bit IP address of the final destination of the packet.
• Options—not normally used, but when used, the IP header length is greater than five 32-bit words to
indicate the size of the options field. Originally one of the most common was the strict source route or
loose source route.
IP Addressing
• an address is 32 bits long in binary format.
• it is normally expressed as four decimal numbers as a simpler representation for
humans.
• each decimal number is separated by a dot.
• this format is called dotted-decimal notation.
• the dotted-decimal format divides the 32-bit IP address into four octets of 8 bits each
(1 octet = 8 bits).
• these octets specify the value of each field as a decimal number;
• the range of each octet (byte) is from 0 to 255 decimal, or 00000000 - 11111111 binary.
IP address

• an IP address uniquely identifies a device on a network.

• a device’s IP address actually consists of two separate parts:

• Network ID: identifies the specific network on which the device is

located.

• Host ID: identifies a specific device (host) on that network.

Examples of
conversions
Class-Based
IP
Addressing

• the first part of an IP address identifies the network that a host will reside in.
• this is sometimes called a network prefix.
• the second part of an IP address identifies an individual host inside that network.
• all hosts in a given network share the same network prefix, while the host numbers must be unique to each host.
• it is exactly like a phone number.
Types of IP Addresses
• Unicast-refers to a specific IP address; a packet sent from a source to a
specific destination address is referred to as a unicast packet; this packet is
delivered to a single host or a single interface on the router;
• Broadcast - refers to all IP addresses in the broadcast domain; a packet sent
from a source to all hosts in a broadcast domain (such as Ethernet) is referred
to as a broadcast packet.
• Multicast - is reserved for group membership applications; multicast
technology is an efficient way to deliver traffic to a group of destinations that
want to receive that particular traffic.
Class-Based
IP
Addressing

• IP address space is divided into classes.

• the classes were defined as Class A, Class B, Class C, Class D and Class E.
• this is referred to as classful addressing because the address space is split
into predefined sizes.
 Class A (1 to 127)
• the network has an 8-bit network prefix and the highest-order bit is
always set to 0, so the first octet always looks like 0xxxxxxx, where
x can be either 0 or 1.
• this allows for a maximum of 128 networks that can be defined:
1.0.0.0 - 127.255.255.255.
• two of the 128 networks are reserved: the 0.0.0.0 network is
reserved for default routes, and the 127.0.0.0 network is reserved
for loopback functions.

Classes • Class B (128 to 191)

• the network has a 16-bit network prefix and the two highest-order
bits are always set to 10 like 10xxxxxx, where x can be either 0 or 1.
• a maximum of 16,384 networks can be defined: 128.0.0.0 -
191.255.255.255
• the first 2 bits of the first octet MUST be 10, leaving 6 bits in the
first octet that can be either 0 or 1.
• the next octet is also part of the network address (remember that it
is a 16-bit prefix), which gives you another 8 bits that can be
whatever value you want.
 Class C (192 to 223):

• The network has a 24-bit network prefix (3 octets) and

the three highest-order bits are always set to 110 like
110xxxxx.
• a maximum of 2,097,152 networks can be defined (you
have 21 bits that can be any value - a 24-bit network
Classes prefix minus the first 3 bits that are required to be 110):
192.0.0.0 - 223.255.255.255.
Class D (224 to 239: is used for multicast
addresses (used in applications such as OSPF);
1100xxxx

Class E (240 to 255): is reserved .

Private IP Addressing
• the following three blocks of IP address space are reserved for private intranets (local networks):
• 10.0.0.0 to 10.255.255.255
• 172.16.0.0 to 172.31.255.255
• 192.168.0.0 to 192.168.255.255
• any organization can use these private addresses in whatever way they want;
• they just cannot advertise them on the Internet or expect to send or receive traffic from other
organizations using these addresses.
• these addresses are private and are expected to remain within a particular organization.
• in addition, IP addresses in the range of 169.254.0.0 to 169.254.255.255 are reserved for automatic
private IP addressing.
• these IP addresses should NOT be used on the Internet.
Network Masks

• A network mask helps you know which

portion of the address identifies the
network and which portion of the
address identifies the node.
• Class A, B, and C networks have default
masks, also known as natural masks:
• Class A: 255.0.0.0
• Class B: 255.255.0.0
• Class C: 255.255.255.0
Subnetting
• Subnetting is the practice of dividing a network into two or more networks.
• A subnet mask is a 32-bit binary number that accompanies an IP address.
• The subnet mask defines the network address, host addresses, and broadcast address
for the network.
• Another notation for subnet masking is using /x, where x represents the number of
ones in the subnet mask.
• The mask is used by the router to derive the network address from a given IP address.
• network address = a logical AND between the host address and the mask
• broadcast address = XNOR the network address and the mask.
Example
 How Many Subnets?

• (2^x) where x = number of masked bits.

How to How Many Hosts per Subnet?

create • (2^y - 2) where y = number of remaining
Subnets? bits in host side or unmasked bits.

What Are The Valid Subnets?

• Block size = 2^y

 Example: 192.168.10.15/26

• This IP belongs to class C, [24 bits

for network and 8 for host]
• So masked bits = 26 – 24 = 2.
• Subnets = 2^2 = 4.
• Host bits = 8 - 2 = 6
• Another way: 32 – 26 = 6.
• Block size = 2^6 = 64.
• Hosts per block = 64 – 2 = 62
• Subnets: 0, 64, 128, 192
Variable Length Subnet Masking
(VLSM)
• 1987
• is a technique that allows network administrators to divide an IP address
space into subnets of different sizes, unlike simple same-size subnetting.
• subnetting a subnet
• VLSM is the breaking down of IP addresses into subnets (multiple levels)
and allocating it according to the individual need on a network.
• It can also be called a classless IP addressing.
 Determine the class of the network

Order the networks from the largest size to

the smallest

VLSM steps Start from the biggest network

Determine the mask, the number of masked

bits, the number of subnets, hosts per subnet

Subnetting
Address Resolution Protocol
(ARP)
• is a network-specific standard protocol.
• is responsible for converting the higher-level protocol addresses (IP
addresses) to physical network addresses.
• it is described in RFC 826.
• layer 3 devices need ARP to map IP network addresses to MAC
hardware addresses so that IP packets can be sent across networks.
• the protocol can be used for any broadcast network.
ARP operation
• Anytime a host, or a router, needs to find the physical address of another host or router on
its network, it sends an ARP query packet that includes the physical and IP addresses of the
sender and the IP address of the receiver.
• The sender does not know the physical address of the receiver and thus the query is
broadcast over the network.
• Every host or router on the network receives and processes the ARP query packet, but only
the intended recipient recognizes its IP address and sends back an ARP response packet.
• The response packet contains the recipient’s IP and physical addresses.
• The packet is unicast directly to the inquirer using the physical address received in the query
packet.
ARP operation: ARP request is multicast, ARP reply is
unicast
ARP packet
format
ARP request message – fields:
• HLN (Hardware address length) - specifies how long the hardware addresses are in the message.
• PLN (Protocol address length) - specifies how long the protocol (Layer 3) addresses are in the message. For IPv4, the
value is 4.
• OP (Opcode) - specifies the nature of the message by code:
• 1—ARP request.
• 2—ARP reply.
• 3 through 9—RARP and Inverse ARP requests and replies
• SHA (Sender hardware address) - specifies the Layer 2 hardware address of the device sending the message.
• SPA (Sender protocol address) - specifies the IP address of the sending device.
• THA (Target hardware address) -specifies the Layer 2 hardware address of the receiving device.
• TPA (Target protocol address) – specifies the IP address of the receiving device.
Encapsulation of ARP packet
Reverse Address Resolution
Protocol (RARP)
• defined by RFC 903
• works the same way as the ARP, except that the RARP request packet requests
an IP address instead of a media access control (MAC) address.
• is often used by diskless workstations because this type of device has no way
to store IP addresses to use when they boot.
• RARP requires a RARP server on the same network segment as the device
interface.
• because of the limitations with RARP, most businesses use Dynamic Host
Configuration Protocol (DHCP) to assign IP addresses dynamically.
 RARP

RARP is used by Device A to

ARP allows Device A to say,
say, “I am Device A, and I am
“I am Device A, and I have
sending this broadcast using
Device B’s IP address. Device
my hardware address; can
B please tell me your
someone please tell me my
hardware address.”
IP address?”
The Bootstrap Protocol
(BOOTP)
• is a client/server protocol designed to overcome the limitations of the RARP protocol.
• the BOOTP server can be anywhere in the Internet.
• it can provide the following information:
• the IP address and the subnet mask of the computer,
• the IP address of a router and the IP address of a name server.
• BOOTP is a static configuration protocol.
• when a client requests its IP address, the BOOTP server consults a table that matches the physical
address of the client with its IP address - the binding between the physical address and the IP address
of the client already exists and it is predetermined.
• there are some situations in which we need a dynamic configuration protocol and DHCP has been
designed to handle these problems.
Dynamic Host Configuration
Protocol (DHCP)
• is a client/server service that is an extension of the BOOTP protocol.
• it simplifies the configuration of a client workstation since no IP addresses, subnet masks, default
gateways, domain names, or DNSs must be programmed.
• with DHCP, this information is dynamically leased from the DHCP server for a predefined amount of
time.
• it centralizes IP address management, reduces the number of IP addresses to be used, and
simplifies maintenance.
• RFC 2131
• DHCP consists of two components:
• A protocol that delivers host-specific configuration parameters from a DHCP server to a host
• A mechanism for the allocation of temporary or permanent network addresses to hosts
 DHCP
message
format
 DHCP message format (1)
• Code - indicates a request (1) or a reply (2):
• HWtype - the type of hardware, for example: 1 Ethernet, 6 IEEE 802 Networks
• Length - hardware address length in bytes
• Hops - the client sets this to 0; it is incremented by a router that relays the request to
another server and is used to identify loops; RFC 951 suggests that a value of 3 indicates
a loop.
• Transaction ID - a random number used to match this boot request with the response it
generates.
• Seconds - the elapsed time in seconds since the client started its boot process; set by
the client.
• Flags field - the most significant bit of the flags field is used as a broadcast flag; all other
bits must be set to zero, and are reserved for future use.
 DHCP message format (2)
• Client IP address - set by the client either its known IP address, or 0.0.0.0.
• Your IP address - set by the server if the client IP address field was 0.0.0.0.
• Server IP address - set by the server.
• Router IP address - the address of a BOOTP relay agent, not a general IP router to
be used by the client.
• Client hardware address - set by the client; DHCP defines a client identifier
option that is used for client identification: if this option is not used, the client is
identified by its MAC address.
• Server host name - optional server host name terminated by X'00'.
• Boot file name - the client either leaves this null or specifies a generic name,
such as router, indicating the type of boot file to be used.
DHCP message types
• DHCPDISCOVER: Broadcast by a client to find available DHCP servers.
• DHCPOFFER: Response from a server to a DHCPDISCOVER and offering IP address and other parameters.
• DHCPREQUEST: Message from a client to servers that does one of the following:
• Requests the parameters offered by one of the servers and declines all other offers.
• Verifies a previously allocated address after a system or network change (a reboot for example).
• Requests the extension of a lease on a particular address.
• DHCPACK: Acknowledgement from server to client with parameters, including IP address.
• DHCPNACK: Negative acknowledgement from server to client, indicating that the client's lease has expired or that a requested IP address
is incorrect.
• DHCPDECLINE: Message from client to server indicating that the offered address is already in use.
• DHCPRELEASE: Message from client to server if the client no longer requires use of its assigned network address.
• DHCPINFORM: Message from a client that already has an IP address (manually configured, for example), requesting further configuration
parameters from the DHCP server.
Internet Control Message
Protocol (ICMP)
• network layer protocol
• provides a means for transferring messages from routers and other hosts to a host.
• provides feedback about problems in the communication environment
• ICMP can be characterized as follows:
• ICMP messages are encapsulated in IP datagrams;
• ICMP is an integral part of IP and must be implemented by every IP module
• is used to report errors, not to make IP reliable; datagrams can still be undelivered without any
report on their loss.
• ICMP messages are never sent in response to datagrams with a broadcast or a multicast destination
address
• ICMP messages are never sent in response to a datagram that does not have a source IP address
representing a unique host
ICMP messages
• allow different types of communication to occur between IP devices
• ICMP messages are described in RFC 792 and RFC 950 and are mandatory.
• ICMP messages are sent in IP datagrams.
• use a common general format
• The IP header has a protocol number of 1 (ICMP) and a type of service of zero (routine).
• They are divided into different categories, and each type has a specific use and internal
field format
• ICMP message starts with a 64-bit header
ICMP messages format
ICMP Message Formats
• An ICMP message starts with a 64-bit header consisting of the following:
• Type (8 bits): specifies the type of ICMP message.
• Code (8 bits): used to specify parameters of the message that can be
encoded in one or a few bits.
• Checksum (16 bits): checksum of the entire ICMP message; it is the same
checksum algorithm used for IP.
• Parameters (32 bits): used to specify more lengthy parameters.
• These fields are generally followed by additional information fields that further
specify the content of the message.
ICMP messages
• ICMP messages are divided into two broad categories:
• error-reporting messages
• provide feedback to a source device about an error that has occurred
• query (informational) messages that
• help a host or a network manager get specific information from a router or
another host;
• they do not indicate errors and are typically not sent in response to a regular
datagram transmission,
• are generated to provide information to other devices or in reply to another
informational ICMP message.
 Category Type Message
3 Destination
unreachable
4 Source quench
Error-reporting 11 Time exceeded
messages
12
5
Parameter problem
Redirection
ICMP
8 or 0 Echo request or reply messages
13 or 14 Timestamp request or
reply
Informational 9 or 10 Router Advertisement
messages or Solicitation
17 or 18 Address Mask request
or reply
ICMP Message
Formats
ICMP applications

1. Ping
• Ping uses the ICMP Echo and Echo Reply messages to
determine whether a host is reachable;
• The word ping, which is used as a noun and a verb, is taken
from the sonar operation to locate an underwater object.
• It is also an abbreviation for Packet InterNet Groper.
• the first test of reachability for a host is to attempt to ping
it; if you can successfully ping a host, other applications
such as Telnet or FTP should be able to reach that host.
2. Traceroute.
• is used to determine the route IP datagrams follow through
the network.
• Traceroute is based on ICMP and UDP.