NETWORK LAYER

INTERNET PROTOCOL
(IP)
MUKESH CHINTA
ASSISTANT PROFESSOR, CSE, VRSEC
 The main protocol of the network layer, is responsible for
packetizing, forwarding, and delivery of a packet at the network layer.
The helps IPv4 to handle some errors that
may occur in the network-layer delivery.
The is used to help IPv4 in multicasting.
The is used to glue the network and data-link layers in mapping
network-layer addresses to link-layer addresses. Mukesh Chinta, Asst Prof, CSE
2
 Internet Protocol version 4 (IPv4) is the fourth version in the development of the Internet Protocol
(IP) and the first version of the protocol to be widely deployed. IPv4 is described in IETF publication
RFC 791 (September 1981), replacing an earlier definition (RFC 760, January 1980).
IP is the waist of the hourglass of the Internet protocol architecture.
IPv4 is an unreliable datagram protocol-a best-effort delivery service

IPv4 is also a connectionless protocol that uses the datagram

approach. This means that each datagram is handled
independently, and each datagram can follow a different route to
the destination.

IP is the highest layer protocol which is implemented at both

routers and hosts

IP supports unicast, broadcast and multicast services

Mukesh Chinta, Asst Prof, CSE 3
 IPv4 defines the format of a packet in which
the data corning from the upper layer or other
protocols are encapsulated. Packets used by
the IP are called datagrams.

A datagram is a variable-length packet

consisting of two parts: header and payload
(data). The header is 20 to 60 bytes in length
and contains information essential to routing
and delivery.
Mukesh Chinta, Asst Prof, CSE 4
 The 4-bit version number (VER) field defines the version of the IPv4 protocol, which,
obviously, has the value of 4.
The 4-bit header length (HLEN) field defines the total length of the datagram header in 4-byte
(32-bit) words. This field is required as the IPv4 header is of variable length and the receiver needs to know
where the header ends and data starts. The minimum value of this field is 5.
: In the original design of the IP header, this field was previously called type of service (TOS),
was redefined by IETF to provide differentiated services (DiffServ).

In Service type interpretation, the first 3 bits are called precedence bits. The next 4 bits are called type of
service (TOS) bits, and the last bit is not used. The precedence defines the priority of the datagram in issues
such as congestion. If a router is congested and needs to discard some datagrams, those datagrams with
lowest precedence are discarded first. TOS bits is a 4-bit subfield with each bit having a special meaning.
In Differentiated services interpretation, the first 6 bits make up the codepoint subfield, and the last 2 bits are
not used.
Mukesh Chinta, Asst Prof, CSE 5
 The DSCP is defined in RFC 2474 and 2475. It is a
method that classifies the way an IP packet is queued
Precedence Values while waiting to be forwarded within a router.
A router or end host assigns one of 64 possible
forwarding behaviors known as Per Hop Behaviors
(PHBs). A PHB provides a particular service level
(bandwidth, queuing, and dropping decisions) in
accordance with network policy.
Using DSCP, a system (or router) can assign Assured
forwarding (AF) codepoints, using one of four AF
classes and one of three drop precedence values. It is
also allowed to enter your own non-standard
codepoints. 6
 This 16-bit field defines the total length (header plus data) of the IP datagram in bytes. This
field allows the length of a datagram to be up to 65,535 octets. This field helps the receiving device to know
when the packet has completely arrived.
Length of data = total length - (HLEN) X 4
If IP packet is fragmented during the transmission, all the fragments contain same
identification number to identify original IP packet they belong to.

As required by the network resources, if IP Packet is too large to handle, these flags tells if they can
be fragmented or not. In this 3-bit flag, the MSB is always set to 0.
This field tells the exact position of
the fragment in the original IP Packet. The fragment offset is
measured in units of 8 octets (64 bits). The first fragment has offset
zero.

To avoid looping in the network, every

packet is sent with some TTL value set, which tells the network how
many routers (hops) this packet can cross. At each hop, its value is
decremented by one and when the value reaches zero, the packet is
discarded.

Tells the Network layer at the destination host,

to which Protocol this packet belongs to, i.e. the next level Protocol.
For example protocol number of ICMP is 1, TCP is 6 and UDP is 17. 7
Mukesh Chinta, Asst Prof, CSE
 A checksum on the header only. Since some header fields change (e.g., time to
live), this is recomputed and verified at each point that the internet header is processed. checksum in the
Internet normally uses a 16-bit field, which is the complement of the sum of other fields calculated using 1s
complement arithmetic.
: 32-bit address of the Sender (or source) of the packet.
: 32-bit address of the Receiver (or destination) of the packet.
: A datagram header can have up to 40 bytes of options. These options may contain values for
options such as Security, Record Route, Time Stamp, etc. used for network testing and debugging. Though
options are not a required part of the IP header, option processing is required of the IP software. One-byte
and multi-byte options are present.
Payload, or data, is the main reason for creating a datagram. Payload is the packet coming from
other protocols that use the service of IP.

Here is a IP header from an IP packet received at destination

4500 003c 1c46 4000 4006 b1e6 ac10 0a63 ac10 0a0c
Identify the components of the header and find which is the
checksum
Mukesh Chinta, Asst Prof, CSE 8
Mukesh Chinta, Asst Prof, CSE 9
 In order to send messages using IP we encapsulate the higher-layer data into IP datagrams. These
datagrams must then be sent down to the data link layer, where they are further encapsulated into
the frames of whatever technology is going to be used to physically convey them, either directly to
their destination, or indirectly to the next intermediate step in their journey to their intended
recipient.

The data link layer implementation puts the entire IP datagram into the data portion (the payload) of
its frame format, just as IP puts transport layer messages, transport headers and all, into its IP Data
field.
Maximum size of IP datagram is 65535, but the data link layer protocol generally imposes a limit
that is much smaller. For example, Ethernet frames have a maximum payload of 1500 bytes - IP
datagrams encapsulated in Ethernet frame cannot be longer than 1500 bytes.

The limit on the maximum IP datagram size, imposed by the data link protocol is called maximum
transmission unit (MTU). The value of the MTU differs from one physical network protocol to
another.

IP datagram is fragmented into smaller units if the size of an IP datagram exceeds the MTU
Mukesh Chinta, Asst Prof, CSE 10
 A datagram can be fragmented by the source host or any router in the path. The reassembly
of the datagram, however, is done only by the destination host, because each fragment
becomes an independent datagram.
The 16-bit identification field identifies a datagram originating from the source host. The
combination of the identification and source IP address must uniquely define a datagram as it
leaves the source host. The identification number helps the destination in reassembling the
datagram. It knows that all fragments having the same identification value should be
assembled into one datagram.
The 3-bitflags field defines three flags.
The leftmost bit is reserved (not used).
The second bit (D bit) is called the do not fragment bit. If its value is 1, the machine must not
fragment the datagram. If it cannot pass the datagram through any available physical network, it
discards the datagram and sends an ICMP error message to the source host. If its value is 0, the
datagram can be fragmented if necessary.
The third bit (M bit) is called the more fragment bit. If its value is I, it means the datagram is not
the last fragment; there are more fragments after this one. If its value is 0, it means this is the last
or only fragment. Mukesh Chinta, Asst Prof, CSE 11
The 13-bit fragmentation offset field shows the relative position of this fragment with
respect to the whole datagram. It is the offset of the data in the original datagram
measured in units of 8 bytes.
The example shows a datagram with a data size of 4000 bytes fragmented into three
fragments. The bytes in the original datagram are numbered 0 to 3999.
The first fragment carries bytes 0 to 1399. The offset for this datagram is 0/8 = O.
The second fragment carries bytes 1400 to 2799; the offset value for this fragment is 1400/8 = 175.
Finally, the third fragment carries bytes 2800 to 3999. The offset value for this fragment is 2800/8 = 350.

Mukesh Chinta, Asst Prof, CSE 12

 An example of detailed fragmentation is given below. The value of the identification field is the same in all
fragments, as is the value of the flags field with the more bit set for all fragments except the last. Also, the value of
the offset field for each fragment is shown. Note that although the fragments arrive out of order at the destination,
they can be correctly reassembled.
It is obvious that even if each fragment follows a
different path and arrives out of order, the final
destination host can reassemble the original
datagram from the fragments received (if none of
them is lost) using the following strategy:
a) The first fragment has an offset field value of
zero.
b) Divide the length of the first fragment by 8.
The second fragment has an offset value
equal to that result.
c) Divide the total length of the first and second
fragment by 8. The third fragment has an
offset value equal to that result.
d) Continue the process. The last fragment has
its M bit set to o.

Mukesh Chinta, Asst Prof, CSE 13

 The variable part of the IPv4 datagram comprises the options that can be a maximum of 40 bytes.
Options, as the name implies, are not required for a datagram
Options are divided into two broad categories:
single-byte options and multiple-byte options.

No Operation It is used as a filler between options

End of Option Used for padding at the end of the option field. Can only be used as the last option

Record Route Used to record the Internet routers that handle the datagram. It can list upto nine router
addresses. Useful for debugging and management purposes.

Strict Source Route Used by the source to predetermine a route for the datagram as it travels through the
internet. This serves several purposes such as selecting a route which provides specific service or even safer or
reliable. With this option, all the routers defined must be visited by the datagram. No other listed router should be
visited and if it happens, the datagram must be discarded and error message is issued.

Loose Source Route Similar to the above option, but is less rigid. Every router on the list must be visited, but
other routers can also be visited.

Timestamp Used to record the time of datagram processing by a router expressed in milliseconds. Useful for
tracking the behavior of the routers in the internet.
14
 Three Main Security Issues applicable to the IP protocol:
: It involves interception of the packet by an intruder. It is an passive attack and very difficult to
detect. Can be over overcome by encrypting the packet making the content unintelligible.
Attacker intercepts the packet, changes its contents and sends the new packet to the
receiver. The receiver believes that the packet is coming from the original sender. Data integrity mechanisms can
be used to thwart this attack
An attacker can masquerade as someone else and create an IP packet that carries the source address
of another computer. It can be prevented using an origin authentication mechanism.

IPSec is a protocol, used in conjunction with IP creates a connection-oriented service between the two entities in
which they can exchange IP packets without being subjected to any of the above three attacks. IPSec provides the
following four services
Defining algorithms and keys
Packet encryption
Data Integrity
Origin Authentication
Mukesh Chinta, Asst Prof, CSE 15
 Examples

Q) An IPv4 packet has arrived with the first few hexadecimal digits as shown.
(45000028000100000102 ... )16.
How many hops can this packet travel before being dropped? To which upper-layer
protocol does the data belong to?

A) To find the time-to-live field, we skip 8 bytes (16 hexadecimal digits). The time-to-live field is
the ninth byte, which is (01)16. This means the packet can travel only one hop. The protocol
field is the next byte (02)16, which means that the upper-layer protocol is IGMP.

Q) In an IPv4 packet, the value of HLEN is 5, and the value of the total length
field is (0028)16. How many bytes of data are being carried by this packet?

A. The HLEN value is 5, which means the total number of bytes in the header is 5 x 4, or 20
bytes (no options). The total length is (0028)16 or 40 bytes, which means the packet is
carrying 20 bytes of data (40 - 20).
Mukesh Chinta, Asst Prof, CSE 16
 Examples

Q) A packet has arrived with an M bit value of 1 and a fragmentation

offset value of 0. Is this the first fragment, the last fragment, or a middle
fragment?

A) Because the M bit is 1, it is either the first fragment or a middle one. Because the offset value
is 0, it is the first fragment.

Q) A packet has arrived in which the offset value is 100, the value of HLEN is
5, and the value of the total length field is 100. What are the numbers of the
first byte and the last byte?

A) The first byte number is 100 x 8 = 800. The total length is 100 bytes, and the header length is
20 bytes (5 x 4), which means that there are 80 bytes in this datagram. If the first byte number
is 800, the last byte number must be 879.

Mukesh Chinta, Asst Prof, CSE 17

 Homework

Protocol Data Unit (PDU): A PDU is a message exchanged between two instances of a layer to coordinate their behavior.
It represents the basic element of horizontal communication. A PDU consists of the following two elements:
The Protocol Control Information (PCI) contains control information used to coordinate the two protocol instances
and is also called the packet header. A PCI carries protocol-specific data and is created by the sending instance,
depending on its state. The information is then evaluated and removed from the PDU in the receiver instance.
The Service Data Unit (SDU) contains the payload to be transmitted at the order of the higher-level layer. The SDU
of layer N normally consists of the PCI of layer (N + 1) and an SDU of layer (N + 1) (i.e., of the (N + 1) PDU).
Mukesh Chinta, Asst Prof, CSE 18
 Home Work RFC (Requests for Comments)
https://www.ietf.org/rfc.html

A Request for Comments (RFC) is a type of publication from the Internet Engineering Task Force (IETF) and the
Internet Society (ISOC), the principal technical development and standards-setting bodies for the Internet.

An Internet Document can be submitted to the IETF by anyone, but the IETF decides if the document becomes an
RFC. Eventually, if it gains enough interest, it may evolve into an Internet standard.

Each RFC is designated by an RFC number. Once published, an RFC never changes. Modifications to an original
RFC are assigned a new RFC number

19