UNIT III - NETWORK LAYER

 The network layer in the TCP/IP protocol suite is responsible for the host-to-host
delivery of datagrams.
 It provides services to the transport layer and receives services from the data-link layer.
 The network layer translates the logical addresses into physical addresses
 It determines the route from the source to the destination and also manages the traffic
problems such as switching, routing and controls the congestion of datapackets.
 The main role of the network layer is to move the packets from sending host tothe
receiving host.

Services provided by network layer are

PACKETIZING
 The first duty of the network layer is definitely packetizing.
 This means encapsulating the payload (data received from upper layer) in anetwork-layer
packet at the source and decapsulating the payload from thenetwork-layer packet at the
destination.
 The network layer is responsible for delivery of packets from a sender to a
receiver without changing or using the contents.

ROUTING AND FORWARDING

Routing
 The network layer is responsible for routing the packet from its source to thedestination.
 The network layer is responsible for finding the best one among these possibleroutes.
 The network layer needs to have some specific strategies for defining the bestroute.
 Routing is the concept of applying strategies and running routing protocols tocreate the
decision-making tables for each router.
 These tables are called as routing tables.

Forwarding
 Forwarding can be defined as the action applied by each router when a packet arrives at one of its
interfaces.
 The decision-making table, a router normally uses for applying this action iscalled the forwarding
table.
 When a router receives a packet from one of its attached networks, it needs toforward the packet to
another attached network.

ERROR CONTROL
 The network layer in the Internet does not directly provide error control.
 It adds a checksum field to the datagram to control any corruption in theheader,
but not in the whole datagram.
 This checksum prevents any changes or corruptions in the header of thedatagram.
 The Internet uses an auxiliary protocol called ICMP, that provides some kind of error control if the
datagram is discarded or has some unknown informationin the header.

FLOW CONTROL
 Flow control regulates the amount of data a source can send withoutoverwhelming the receiver.
 The network layer in the Internet, however, does not directly provide any flowcontrol.
 The datagrams are sent by the sender when they are ready, without anyattention to the readiness of the
receiver.
 Flow control is provided for most of the upper-layer protocols that use theservices of the network
layer, so another level of flow control makes thenetwork layer more complicated and the whole system
less efficient.

CONGESTION CONTROL
 Another issue in a network-layer protocol is congestion control.
 Congestion in the network layer is a situation in which too many datagrams arepresent in an area of
the Internet.
 Congestion may occur if the number of datagrams sent by source computers isbeyond the capacity of
the network or routers.
 In this situation, some routers may drop some of the datagrams.

SECURITY
 Another issue related to communication at the network layer is security.
 To provide security for a connectionless network layer, we need to have another virtual level that
changes the connectionless service to a connection-oriented service. This virtual layer is called as
called IPSec (IP Security).
 The performance of a network can be measured in terms of
Delay, Throughput and Packet loss.
 Congestion control is an issue that can improve the performance.

DELAY
 A packet from its source to its destination, encounters delays.
 The delays in a network can be divided into four types:
Transmission delay, Propagation delay, Processing delay and Queuing delay.

Transmission Delay
 A source host or a router cannot send a packet instantaneously.
 A sender needs to put the bits in a packet on the line one by one.
 If the first bit of the packet is put on the line at time t 1 and the last bit is put on
the line at time t2, transmission delay of the packet is (t2 - t1).
 The transmission delay is longer for a longer packet and shorter if the
sendercan transmit faster.
 The Transmission delay is calculated using the formula
Delaytr = (Packet length) / (Transmission rate)

 Example :
In a Fast Ethernet LAN with the transmission rate of 100 million bits per
second and a packet of 10,000 bits, it takes (10,000)/(100,000,000) or 100
microseconds for all bits of the packet to be put on the line.
Propagation Delay
 Propagation delay is the time it takes for a bit to travel from point A to point
Bin the transmission media.
 The propagation delay for a packet-switched network depends on the
propagation delay of each network (LAN or WAN).
 The propagation delay depends on the propagation speed of the media, which is
3X108 meters/second in a vacuum and normally much less in a wired medium.
 It also depends on the distance of the link.
 The Propagation delay is calculated using the formula
Delaypg = (Distance) / (Propagation speed)
 Example
If the distance of a cable link in a point-to-point WAN is 2000 meters and the
propagation speed of the bits in the cable is 2 X10 8 meters/second,then the
propagation delay is 10 microseconds.

Processing Delay
 The processing delay is the time required for a router or a destination host to
receive a packet from its input port, remove the header, perform an error
detection procedure, and deliver the packet to the output port (in the case of a

router) or deliver the packet to the upper-layer protocol (in the case of the
destination host).
 The processing delay may be different for each packet, but normally is
calculated as an average.

Delaypr = Time required to process a packet in a router or a destination host

Queuing Delay
 Queuing delay can normally happen in a router.
 A router has an input queue connected to each of its input ports to store packets
waiting to be processed.
 The router also has an output queue connected to each of its output ports to
store packets waiting to be transmitted.
 The queuing delay for a packet in a router is measured as the time a packet
waits in the input queue and output queue of a router.
Delayqu = The time a packet waits in input and output queues in a router

Total Delay
 Assuming equal delays for the sender, routers and receiver, the total delay
(source-to-destination delay) of a packet can be calculated if we know the
number of routers, n, in the whole path.
Total delay = (n + 1) (Delaytr + Delaypg + Delaypr) + (n) (Delayqu)
 If we have n routers, we have (n +1) links.
 Therefore, we have (n +1) transmission delays related to n routers and the
source, (n +1) propagation delays related to (n +1) links, (n +1) processing
delays related to n routers and the destination, and only n queuing delays
related to n routers.
THROUGHPUT
 Throughput at any point in a network is defined as the number of bits passing
through the point in a second, which is actually the transmission rate of data at
that point.
 In a path from source to destination, a packet may pass through several links
(networks), each with a different transmission rate.
 Throughput is calculated using the formula
Throughput = minimum{TR1 , TR2, . . . TRn}
 Example:
Let us assume that we have three links, each with a different transmission
rate.
The data can flow at the rate of 200 kbps in Link1, 100 kbps in Link2 and
150kbps in Link3.
Throughput = minimum{200,100,150} = 100.

PACKET LOSS
 Another issue that severely affects the performance of communication is the
number of packets lost during transmission.
 When a router receives a packet while processing another packet, the received
packet needs to be stored in the input buffer waiting for its turn.
 A router has an input buffer with a limited size.
 A time may come when the buffer is full and the next packet needs to be
dropped.
 The effect of packet loss on the Internet network layer is that the packet needs
to be resent, which in turn may create overflow and cause more packet loss.

CONGESTION CONTROL
 Congestion at the network layer is related to two issues, throughput and delay.

Based on Delay
 When the load is much less than the capacity of the network, the delay is at a
minimum.
 This minimum delay is composed of propagation delay and processing delay,
both of which are negligible.
 However, when the load reaches the network capacity, the delay increases
sharply because we now need to add the queuing delay to the total delay.
 The delay becomes infinite when the load is greater than the capacity.

Based on Throughout
 When the load is below the capacity of the network, the throughput increases
proportionally with the load.
 We expect the throughput to remain constant after the load reaches the
capacity, but instead the throughput declines sharply.
 The reason is the discarding of packets by the routers.
 When the load exceeds the capacity, the queues become full and the routers
have to discard some packets.
 Discarding packets does not reduce the number of packets in the network
because the sources retransmit the packets, using time-out mechanisms, when
the packets do not reach the destinations.
 Congestion Control Mechanisms
 Congestion control is a mechanism for improving performance.
 It refers to techniques and mechanisms that can either prevent congestion
before it happens or remove congestion after it has happened.
 In general, we can divide congestion control mechanisms into two broad
categories:

 Open-loop Congestion control (prevention)

 Closed-loop Congestion control (removal)

OPEN-LOOP CONGESTION CONTROL

 In open-loop congestion control, policies are applied to prevent congestion
before it happens.
 In these mechanisms, congestion control is handled by either the source or the
destination.

Retransmission Policy
 Retransmission is sometimes unavoidable.
 If the sender feels that a sent packet is lost or corrupted, the packet
needs to be retransmitted.
 Retransmission in general may increase congestion in the network.
 However, a good retransmission policy can prevent congestion.
 The retransmission policy and the retransmission timers must be designed to
optimize efficiency and at the same time prevent congestion.

Window Policy
 The type of window at the sender may also affect congestion.
 The Selective Repeat window is better than the Go-Back-N window forcongestion
control.
  In the Go-Back-N window, when the timer for a packet times out, several packets
may be resent, although some may have arrived safe andsound at the receiver.
 This duplication may make the congestion worse.
 The Selective Repeat window, on the other hand, tries to send thespecific packets
that have been lost or corrupted.

Acknowledgment Policy
 The acknowledgment policy imposed by the receiver may also affectcongestion.
 If the receiver does not acknowledge every packet it receives, it mayslow down
the sender and help prevent congestion.
 Several approaches are used in this case.
 A receiver may send an acknowledgment only if it has a packet to besent or a
special timer expires.

 A receiver may decide to acknowledge only N packets at a time.

 Sending fewer acknowledgments means imposing less load on the
network.

Discarding Policy
 A good discarding policy by the routers may prevent congestion and atthe same
time may not harm the integrity of the transmission.
 For example, in audio transmission, if the policy is to discard less
sensitive packets when congestion is likely to happen, the quality of
sound is still preserved and congestion is prevented or alleviated.

Admission Policy
 An admission policy, which is a quality-of-service mechanism can
alsoprevent congestion in virtual-circuit networks.
 Switches in a flow first check the resource requirement of a flow
beforeadmitting it to the network.
 A router can deny establishing a virtual-circuit connection if there
is congestion in the network or if there is a possibility of future
congestion.

CLOSED-LOOP CONGESTION CONTROL

 Closed-loop congestion control mechanisms try to alleviate congestion after ithappens.
 Several mechanisms have been used by different protocols.

Backpressure
 The technique of backpressure refers to a congestion control mechanism in which a
congested node stops receiving data from the immediateupstream node or nodes.
 This may cause the upstream node or nodes to become congested, andthey, in turn, reject
data from their upstream node or nodes, and so on.
 Backpressure is a node-to- node congestion control that starts with a node and
propagates, in the opposite direction of data flow, to thesource.
 The backpressure technique can be applied only to virtual circuit networks, in which each
node knows the upstream node from which aflow of data is coming.
 Choke Packet
 A choke packet is a packet sent by a node to the source to inform it ofcongestion.
 In backpressure, the warning is from one node to its upstream node,although the
warning may eventually reach the source station.

 In the choke-packet method, the warning is from the router, which has
encountered congestion, directly to the source station.
 The intermediate nodes through which the packet has traveled are not
warned.
 The warning message goes directly to the source station; the
intermediate routers do not take any action.

Implicit Signaling
 vb In implicit signaling, there is no communication between the congestednode or
nodes and the source.
 The source
guesses that there is congestion somewhere in the networkfrom other symptoms.
 For example,
when a source sends several packets and there is no acknowledgment for a while, one assumption
is that the network is congested.
 The delay in
receiving an acknowledgment is interpreted as congestionin the network; the source
should slow down.

Explicit Signaling
 The node that
experiences congestion can explicitly send a signal to thesource or destination.
 The explicit-
signaling method is different from the choke-packetmethod.
 In the choke-
packet method, a separate packet is used for this purpose; in the explicit-signaling method,
the signal is included in the packetsthat carry data.
 Explicit
signaling can occur in either the forward or the backwarddirection.

4.IPV4 ADDRESSES
 The identifier used in the IP layer of the TCP/IP protocol suite to identify the
connection of each device to the Internet is called the Internet address or IPaddress.
 Internet Protocol version 4 (IPv4) is the fourth version in the development of
the Internet Protocol (IP) and the first version of the protocol to be widelydeployed.

 IPv4 is described in IETF publication in September 1981.

 The IP address is the address of the connection, not the host or the router. An
IPv4 address is a 32-bit address that uniquely and universally defines the
connection .
 If the device is moved to another network, the IP address may be changed.
 IPv4 addresses are unique in the sense that each address defines one, and only
one, connection to the Internet.
 If a device has two connections to the Internet, via two networks, it has two
IPv4 addresses.
 Pv4 addresses are universal in the sense that the addressing system must be
accepted by any host that wants to be connected to the Internet.

IPV4 ADDRESS SPACE

 IPv4 defines addresses has an address space.
 An address space is the total number of addresses used by the protocol.
 If a protocol uses b bits to define an address, the address space is 2 b because
each bit can have two different values (0 or 1).
 IPv4 uses 32-bit addresses, which means that the address space is 2 32 or
4,294,967,296 (more than four billion).
 4 billion devices could be connected to the Internet.

IPV4 ADDRESS NOTATION

There are three common notations to show an IPv4 address:
(i) binary notation (base 2), (ii) dotted-decimal notation (base 256), and
(ii) hexadecimal notation (base 16).

In binary notation, an IPv4 address is displayed as 32 bits. To make the address more
readable, one or more spaces are usually inserted between bytes (8 bits).

In dotted-decimal notation,IPv4 addresses are usually written in decimal form with a

decimal point (dot) separating the bytes. Each number in the dotted-decimal notation
is between 0 and 255.

In hexadecimal notation, each hexadecimal digit is equivalent to four bits. This means
that a 32-bit address has 8 hexadecimal digits. This notation is often used in network
programming.

HIERARCHY IN IPV4 ADDRESSING

 In any communication network that involves delivery, the addressing system is
hierarchical.
 A 32-bit IPv4 address is also hierarchical, but divided only into two parts.

 The first part of the address, called the prefix, defines the network(Net ID); the
second part of the address, called the suffix, defines the node (Host ID).
 The prefix length is n bits and the suffix length is (32-n) bits.

 A prefix can be fixed length or variable length.

 The network identifier in the IPv4 was first designed as a fixed-length prefix.
 This scheme is referred to as classful addressing.
 The new scheme, which is referred to as classless addressing, uses a variable-
length network prefix.

CATEGORIES OF IPV4 ADDRESSING

 There are two broad categories of IPv4 Addressing techniques.
 They are
 Classful Addressing
 Classless Addressing

CLASSFUL ADDRESSING
 An IPv4 address is 32-bit long(4 bytes).
 An IPv4 address is divided into sub-classes:
Classful Network Architecture

Class A
  In Class A, an IP address is assigned to those networks that contain a large
number of hosts.
 The network ID is 8 bits long.
 The host ID is 24 bits long.
 In Class A, the first bit in higher order bits of the first octet is always set to 0
and the remaining 7 bits determine the network ID.
 The 24 bits determine the host ID in any network.
 The total number of networks in Class A = 2 7 = 128 network address
 The total number of hosts in Class A = 2 24 - 2 = 16,777,214 host address

Class B
 In Class B, an IP address is assigned to those networks that range from small-
sized to large-sized networks.
 The Network ID is 16 bits long.
 The Host ID is 16 bits long.
 In Class B, the higher order bits of the first octet is always set to 10, and the
remaining14 bits determine the network ID.
 The other 16 bits determine the Host ID.
 The total number of networks in Class B = 2 14 = 16384 network address
 The total number of hosts in Class B = 2 16 - 2 = 65534 host address

Class C
 In Class C, an IP address is assigned to only small-sized networks.
 The Network ID is 24 bits long.
 The host ID is 8 bits long.
 In Class C, the higher order bits of the first octet is always set to 110, and the
remaining 21 bits determine the network ID.
 The 8 bits of the host ID determine the host in a network.
 The total number of networks = 2 21 = 2097152 network address
 The total number of hosts = 2 8 - 2 = 254 host address

Class D
 In Class D, an IP address is reserved for multicast addresses.
 It does not possess subnetting.
 The higher order bits of the first octet is always set to 1110, and the remaining
bits determines the host ID in any network.
Class E
 In Class E, an IP address is used for the future use or for the research and
development purposes.
 It does not possess any subnetting.
 The higher order bits of the first octet is always set to 1111, and the remaining
bits determines the host ID in any network.

Address Depletion in Classful Addressing

 The reason that classful addressing has become obsolete is address depletion.
 Since the addresses were not distributed properly, the Internet was faced with
the problem of the addresses being rapidly used up.
 This results in no more addresses available for organizations and individuals
that needed to be connected to the Internet.
 To understand the problem, let us think about class A.
 This class can be assigned to only 128 organizations in the world, but each
organization needs to have a single network with 16,777,216 nodes .
 Since there may be only a few organizations that are this large, most of the
addresses in this class were wasted (unused).
 Class B addresses were designed for midsize organizations, but many of the
addresses in this class also remained unused.
 Class C addresses have a completely different flaw in design. The number of
addresses that can be used in each network (256) was so small that most
companies were not comfortable using a block in this address class.
 Class E addresses were almost never used, wasting the whole class.

Advantage of Classful Addressing

 Although classful addressing had several problems and became obsolete, it had
one advantage.
 Given an address, we can easily find the class of the address and, since the
prefix length for each class is fixed, we can find the prefix length immediately.
 In other words, the prefix length in classful addressing is inherent in the
address; no extra information is needed to extract the prefix and the suffix.

Subnetting and Supernetting

 To alleviate address depletion, two strategies were proposed and implemented:
(i) Subnetting and (ii) Supernetting.

Subnetting
 In subnetting, a class A or class B block is divided into several subnets.
 Each subnet has a larger prefix length than the original network.
 For example, if a network in class A is divided into four subnets, each subnet
has a prefix of nsub = 10.
 At the same time, if all of the addresses in a network are not used, subnetting
allows the addresses to be divided among several organizations.

CLASSLESS ADDRESSING
 In 1996, the Internet authorities announced a new architecture called classless
 addressing.
 In classless addressing, variable-length blocks are used that belong to no
classes.
 We can have a block of 1 address, 2 addresses, 4 addresses, 128 addresses, and
so on.
 In classless addressing, the whole address space is divided into variable length
blocks.
 The prefix in an address defines the block (network); the suffix defines the
node (device).
 Theoretically, we can have a block of 2 0, 21, 22, 232 addresses.
 The number of addresses in a block needs to be a power of 2. An organization
can be granted one block of addresses.

 The prefix length in classless addressing is variable.

 We can have a prefix length that ranges from 0 to 32.
 The size of the network is inversely proportional to the length of the prefix.
 A small prefix means a larger network; a large prefix means a smaller network.
 The idea of classless addressing can be easily applied to classful addressing.
 An address in class A can be thought of as a classless address in which the
prefix length is 8.
 An address in class B can be thought of as a classless address in which the
prefix is 16, and so on. In other words, classful addressing is a special case of
classless addressing.

Notation used in Classless Addressing

 The notation used in classless addressing is informally referred to as slash
notation and formally as classless interdomain routing or CIDR.

 For example , 192.168.100.14 /24 represents the IP address 192.168.100.14

and, its subnet mask 255.255.255.0, which has 24 leading 1-bits.

Address Aggregation
 One of the advantages of the CIDR strategy is address aggregation
(sometimes called address summarization or route summarization).
 When blocks of addresses are combined to create a larger block, routing can be
done based on the prefix of the larger block.
 ICANN assigns a large block of addresses to an ISP.
 Each ISP in turn divides its assigned block into smaller subblocks and grants
the subblocks to its customers.

Special Addresses in IPv4

 There are five special addresses that are used for special purposes:
 this-host address, limited-broadcastaddress, loopback address,
private addresses, and multicast addresses.

This-host Address
 The only address in the block 0.0.0.0/32 is called the this-host address.
 It is used whenever a host needs to send an IP datagram but it does not know its
own address to use as the source address.

Limited-broadcast Address
 The only address in the block 255.255.255.255/32 is called the limited-
broadcast address.
 It is used whenever a router or a host needs to send a datagram to all devices in
a network.
 The routers in the network, however, block the packet having this address as
the destination;the packet cannot travel outside the network.

Loopback Address
 The block 127.0.0.0/8 is called the loopback address.
 A packet with one of the addresses in this block as the destination address
never leaves the host; it will remain in the host.

Private Addresses
 Four blocks are assigned as private addresses: 10.0.0.0/8, 172.16.0.0/12,
192.168.0.0/16, and 169.254.0.0/16.

Multicast Addresses
 The block 224.0.0.0/4 is reserved for multicast addresses.

5. DHCP – DYNAMIC HOST CONFIGURATION PROTOCOL

 The dynamic host configuration protocol is used to simplify the installation and
maintenance of networked computers.
 DHCP is derived from an earlier protocol called BOOTP.
 Ethernet addresses are configured into network by manufacturer and they are
unique.
 IP addresses must be unique on a given internetwork but also must reflect the
structure of the internetwork
 Most host Operating Systems provide a way to manually configure the IP
information for the host
 Drawbacks of manual configuration :
1. A lot of work to configure all the hosts in a large network
2. Configuration process is error-prune
 It is necessary to ensure that every host gets the correct network number and that
no two hosts receive the same IP address.
 For these reasons, automated configuration methods are required.
 The primary method uses a protocol known as the Dynamic Host Configuration
Protocol (DHCP).
 The main goal of DHCP is to minimize the amount of manual configuration
required for a host.
 If a new computer is connected to a network, DHCP can provide it with all the
necessary information for full system integration into the network.
 DHCP is based on a client/server model.
 DHCP clients send a request to a DHCP server to which the server responds with
an IP address
 DHCP server is responsible for providing configuration information to hosts.
 There is at least one DHCP server for an administrative domain.
 The DHCP server can function just as a centralized repository for host
configuration information.
 The DHCP server maintains a pool of available addresses that it hands out to hosts
on demand.

 A newly booted or attached host sends a DHCPDISCOVER message to a special IP

address (255.255.255.255., which is an IP broadcast address.
 This means it will be received by all hosts and routers on that network.
 DHCP uses the concept of a relay agent. There is at least one relay agent on each
network.
 DHCP relay agent is configured with the IP address of the DHCP server.
 When a relay agent receives a DHCPDISCOVER message, it unicasts it to the DHCP
server and awaits the response, which it will then send back to the requesting client.
DHCP Message Format

 A DHCP packet is actually sent using a protocol called the User Datagram
Protocol (UDP).

6. NETWORK ADDRESS TRANSLATION (NAT)

 A technology that can provide the mapping between the private and universal
(external)addresses, and at the same time support virtual private networks is
called as Network Address Translation (NAT).
 The technology allows a site to use a set of private addresses for internal
communication and a set of global Internet addresses (at least one) for
communication with the rest of the world.
 The site must have only one connection to the global Internet through a NAT-
capable router that runs NAT software.

 The private network uses private addresses.

 The router that connects the network to the global address uses one private
address and one global address.
 The private network is invisible to the rest of the Internet; the rest of the
Internet sees only the NAT router with the address 200.24.5.8.
Types of NAT
 Two types of NAT exists .
(a) One-to-one translation of IP addresses
(b) One-to-many translation of IP addresses
Address Translation
 All of the outgoing packets go through the NAT router, which replaces the
source address in the packet with the global NAT address.
 All incoming packets also pass through the NAT router, which replaces the
destination address in the packet (the NAT router global address) with the
appropriate private address.

Translation Table
 There may be tens or hundreds of private IP addresses, each belonging to one
specific host.
 The problem arises when we want to translate the source address to an external
address. This is solved if the NAT router has a translation table.

Translation table with two columns

 A translation table has only two columns: the private address and the external
address (destination address of the packet).
 When the router translates the source address of the outgoing packet, it also
makes note of the destination address—where the packet is going.
 When the response comes back from the destination, the router uses the source
address of the packet (as the external address) to find the private address of the
packet.

Translation table with five columns

 To allow a many-to-many relationship between private-network hosts and
external server programs, we need more information in the translation table.
 If the translation table has five columns, instead of two, that include the source
and destination port addresses and the transport-layer protocol, the ambiguity is
eliminated.
 7. FORWARDING OF IP PACKETS

 Forwarding means to deliver the packet to the next hop (which can be the final
destination or the intermediate connecting device).
 Although IP protocol was originally designed as a connectionless protocol,
today the tendency is to use IP as a connection-oriented protocol based on the
label attached to an IP datagram .
 When IP is used as a connectionless protocol, forwarding is based on the
destination address of the IP datagram.
 When the IP is used as a connection-oriented protocol, forwarding is based on
the label attached to an IP datagram.

FORWARDING BASED ON DESTINATION ADDRESS

 This is a traditional approach.
 In this case, forwarding requires a host or a router to have a forwarding table.
 When a host has a packet to send or when a router has received a packet to be
forwarded, it looks at this table to find the next hop to deliver the packet to.

 The main points in forwarding of IP Packets(datagram) are the following:

 Every IP Packets contains the IP address of the destination host.
 The network part of an IP address uniquely identifies a single physical
network that is part of the larger Internet.
 All hosts and routers that share the same network part of their address
are connected to the same physical network and can thus communicate
with each other by sending frames over that network.
 Every physical network that is part of the Internet has at least one router
that, by definition, is also connected to at least one other physical
network; this router can exchange packets with hosts or routers on either
network.

 Forwarding IP Packets can therefore be handled in the following way.

 A Packets is sent from a source host to a destination host, possibly
passing through several routers along the way.
 Any node, whether it is a host or a router, first tries to establish whether
it is connected to the same physical network as the destination.

 To do this, it compares the network part of the destination address with the
network part of the address of each of its network interfaces. (Hosts normally
have only one interface, while routers normally have two or more, since they
are typically connected to two or more networks.)
 If a match occurs, then that means that the destination lies on the same physical
network as the interface, and the packet can be directly delivered over that
network that has a reasonable chance of getting the packet closer to its
destination.
 If there is no match, then the node is not connected to the same physical
network as the destination node, then it needs to send the packet to a router.
  In general, each node will have a choice of several routers, and so it needs to
pick the best one, or at least one that has a reasonable chance of getting the
datagram closer to its destination.
 The router that it chooses is known as the next hop router.
 The router finds the correct next hop by consulting its forwarding table. The
forwarding table is conceptually just a list of (NetworkNum, NextHop) pairs.
 There is also a default router that is used if none of the entries in the table
matches the destination’s network number.
 All Packets destined for hosts not on the physical network to which the sending
host is attached will be sent out through the default router.

Forwarding Algorithm

Simplified Forwarding Module

 The job of the forwarding module is to search the table, row by row.
 In each row, the n leftmost bits of the destination address (prefix) are kept and
the rest of the bits (suffix) are set to 0s.
 If the resulting address ( network address), matches with the address in the first
column, the information in the next two columns is extracted; otherwise the
search continues. Normally, the last row has a default value in the first column,
which indicates all destination addresses that did not match the previous rows.
 Routing in classless addressing uses another principle, longest mask
matching.
 This principle states that the forwarding table is sorted from the longest mask
to the shortest mask.
 In other words, if there are three masks, /27, /26, and /24, the mask /27 must be
the first entry and /24 must be the last.
  Let us make a forwarding table for router R1 using the configuration as given
in the figure above

 When a packet arrives whose leftmost 26 bits in the destination address match
the bits in the first row, the packet is sent out from interface m2.
 When a packet arrives whose leftmost 25 bits in the address match the bits in
the second row, the packet is sent out from interface m0, and so on.
 The table clearly shows that the first row has the longest prefix and the fourth
row has the shortest prefix.
 The longer prefix means a smaller range of addresses; the shorter prefix means
a larger range of addresses.

FORWARDING BASED ON LABEL

 In a connection-oriented network (virtual-circuit approach), a switch forwards a
packet based on the label attached to the packet.
 Routing is normally based on searching the contents of a table; switching can
be done by accessing a table using an index.
 In other words, routing involves searching; switching involves accessing.
  The Figure below shows a simple example of using a label to access a
switching table.
 Since the labels are used as the index to the table, finding the information in the
table is immediate.

Multi-Protocol Label Switching (MPLS)

 During the 1980s, several vendors created routers that implement switching
technology.
 Later IETF approved a standard that is called Multi-Protocol Label Switching.
 In this standard, some conventional routers in the Internet can be replaced by
MPLS routers, which can behave like a router and a switch.
 When behaving like a router, MPLS can forward the packet based on the
destination address; when behaving like a switch, it can forward a packet based
on the label.

8.NETWORK LAYER PROTOCOLS : IP, ICMPV4

 The main protocol Internet Protocol is responsible for packetizing, forwarding,
and delivery of a packet at the network layer.
 The Internet Control Message Protocol version 4 (ICMPv4) helps IPv4 to
handle some errors that may occur in the network-layer delivery.

IP - INTERNET PROTOCOL
 The Internet Protocol is the key tool used today to build scalable,
heterogeneous internetworks.
 IP runs on all the nodes (both hosts and routers) in a collection of networks
  IP defines the infrastructure that allows these nodes and networks to function
as a single logical internetwork.

IP SERVICE MODEL
 Service Model defines the host-to-host services that we want to provide
 The main concern in defining a service model for an internetwork is that we can
provide a host-to-host service only if this service can somehow be provided over
each of the underlying physical networks.
 The Internet Protocol is the key tool used today to build scalable, heterogeneous
internetworks.
 The IP service model can be thought of as having two parts:
 A GLOBAL ADDRESSING SCHEME - which provides a way to
identify all hosts in the internetwork
 A DATAGRAM DELIVERY MODEL – A connectionless model of data
delivery.

IP PACKET FORMAT / IP DATAGRAM FORMAT

 A key part of the IP service model is the type of packets that can be carried.
 The IP datagram consists of a header followed by a number of bytes of data.

FIELD DESCRIPTION

Version Specifies the version of IP. Two versions exists – IPv4 and IPv6.
HLen Specifies the length of the header
TOS An indication of the parameters of the quality of service
(Type of Service) desired such as Precedence, Delay, Throughput and Reliability.
Length Length of the entire datagram, including the header. The maximum
size of an IP datagram is 65,535(210 )bytes
Ident Uniquely identifies the packet sequence number.
(Identification) Used for fragmentation and re-assembly.
Flags Used to control whether routers are allowed to fragment a packet.
If a packet is fragmented , this flag value is 1.If not, flag value is
0.
Offset Indicates where in the datagram, this fragment belongs.
(Fragmentation The fragment offset is measured in units of 8 octets
offset) (64 bits). The first fragment has offset zero.
TTL Indicates the maximum time the datagram is allowed to
(Time to Live) remain in the network. If this field contains the value zero, then
the datagram must be destroyed.
Protocol Indicates the next level protocol used in the data portion of the
datagram
Checksum Used to detect the processing errors introduced into the packet

Source Address The IP address of the original sender of the packet.

Destination The IP address of the final destination of the packet.
Address
Options This is optional field. These options may contain values for
options such as Security, Record Route, Time Stamp, etc
Pad Used to ensure that the internet header ends on a 32 bit boundary.
The padding is zero.

IP DATAGRAM - FRAGMENTATION AND REASSEMBLY

Fragmentation :
 Every network type has a maximum transmission unit (MTU), which is the
largest IP datagram that it can carry in a frame.

 Fragmentation of a datagram will only be necessary if the path to the

destination includes a network with a smaller MTU.
 When a host sends an IP datagram,it can choose any size that it wants.
 Fragmentation typically occurs in a router when it receives a datagram that it
wants to forward over a network that has an MTU that is smaller than the
received datagram.
 Each fragment is itself a self-contained IP datagram that is transmitted over a
sequence of physical networks, independent of the other fragments.
 Each IP datagram is re-encapsulated for each physical network over which it
travels.
  For example , if we consider an Ethernet network to accept packets up to 1500
bytes long.
 This leaves two choices for the IP service model:
 Make sure that all IP datagrams are small enough to fit inside one packet
on any network technology
 Provide a means by which packets can be fragmented and reassembled
when they are too big to go over a given network technology.
 Fragmentation produces smaller, valid IP datagrams that can be readily
reassembled into the original datagram upon receipt, independent of the order
of their arrival.

Example:

 The original packet starts at the client; the fragments are reassembled at the
server.
 The value of the identification field is the same in all fragments, as is the value
of the flags field with the more bit set for all fragments except the last.
 Also, the value of the offset field for each fragment is shown.
 Although the fragments arrived out of order at the destination, they can be
correctly reassembled.
  The value of the offset field is always relative to the original datagram.
 Even if each fragment follows a different path and arrives
out of order, the final destination host can reassemble the
original datagram from thefragments received (if none of
them is lost) using the following strategy:
1) The first fragment has an offset field value of zero.
2) Divide the length of the first fragment by 8. The second
fragment has anoffset value equal to that result.
3) Divide the total length of the first and second fragment
by 8. The thirdfragment has an offset value equal to
that result.
4) Continue the process. The last fragment has its M bit set to 0.
5) Continue the process. The last fragment has a more bit value of 0.

Reassembly:
 Reassembly is done at the receiving host and not at each router.
 To enable these fragments to be reassembled at the
receiving host, they allcarry the same identifier in the Ident
field.
 This identifier is chosen by the sending host and is intended to
be uniqueamong all the datagrams that might arrive at the
destination from this sourceover some reasonable time period.
 Since all fragments of the original datagram contain this
identifier, thereassembling host will be able to recognize
those fragments that go together.
 For example, if a single fragment is lost, the receiver will still
attempt to reassemble the datagram, and it will eventually
give up and have to garbage-collect the resources that were
used to perform the failed reassembly.
 Hosts are now strongly encouraged to perform “path MTU
discovery,” a process by which fragmentation is avoided by
sending packets that are smallenough to traverse the link
with the smallest MTU in the path from sender toreceiver.

IP SECURITY
There are three security issues that are particularly applicable to the IP
protocol:
(1) Packet Sniffing (2) Packet Modification and (3) IP Spoofing.

Packet Sniffing
 An intruder may intercept an IP packet and make a copy of it.
 Packet sniffing is a passive attack, in which the attacker
does not change thecontents of the packet.
 This type of attack is very difficult to detect because the sender
and the receivermay never know that the packet has been
 copied.
 Although packet sniffing cannot be stopped, encryption of the
packet can makethe attacker’s effort useless.
 The attacker may still sniff the packet, but the content is not detectable.

Packet Modification
 The second type of attack is to modify the packet.
 The attacker intercepts the packet,changes its contents, and
sends the newpacket to the receiver.
 The receiver believes that the packet is coming from the original sender.
 This type of attack can be detected using a data integrity mechanism.
 The receiver, before opening and using the contents of the
message, can use this mechanism to make sure that the
packet has not been changed during thetransmission.

IP Spoofing
 An attacker can masquerade as somebody else and create
an IP packet thatcarries the source address of another
computer.
 An attacker can send an IP packet to a bank pretending that it
is coming fromone of the customers.
 This type of attack can be prevented using an origin
authenticationmechanism
IP Sec
 The IP packets today can be protected from the previously
mentioned attacksusing a protocol called IPSec (IP Security).
 This protocol is used in conjunction with the IP protocol.
 IPSec protocol creates a connection-oriented service between
two entities in which they can exchange IP packets without
worrying about the three attackssuch as Packet Sniffing,
Packet Modification and IP Spoofing.
 IP Sec provides the following four services:
1) Defining Algorithms and Keys : The two entities that
want to create a secure channel between themselves can
agree on some available algorithms and keys to be used
for security purposes.
2) Packet Encryption : The packets exchanged between
two parties can be encrypted for privacy using one of the
encryption algorithms and a shared key agreed upon in
the first step. This makes the packet sniffing attack
useless.
3) Data Integrity : Data integrity guarantees that the
packet is not modified during the transmission. If the
received packet does not passthe data integrity test, it
is discarded.This prevents the second attack,packet
modification.
 4) Origin Authentication : IPSec can authenticate the
origin of the packet to be sure that the packet is not
created by an imposter. This canprevent IP spoofing
attacks.

ICMPV4 - INTERNET CONTROL MESSAGE PROTOCOL VERSION 4

 ICMP is a network-layer protocol.
 It is a companion to the IP protocol.
 Internet Control Message Protocol (ICMP) defines a
collection of error messages that are sent back to the source
host whenever a router or host isunable to process an IP
datagram successfully.

ICMP MESSAGE TYPES

 ICMP messages are divided into two broad categories:
error-reportingmessages and query messages.
 The error-reporting messages report problems that a router
or a host(destination) may encounter when it processes an IP
packet.
 The query messages help a host or a network manager get
specific informationfrom a router or another host.

ICMP Error – Reporting Messages

 Destination Unreachable―When a router cannot route a

datagram, the datagramis discarded and sends a destination
unreachable message to source host.
 Source Quench―When a router or host discards a datagram due
 to congestion, it sends a source-quench message to the source
host. This message acts as flowcontrol.
 Time Exceeded―Router discards a datagram when TTL field
becomes 0 and atime exceeded message is sent to the source
host.
 Parameter Problem―If a router discovers ambiguous or missing
value in any field of the datagram, it discards the datagram and
sends parameter problemmessage to source.
 Redirection―Redirect messages are sent by the default router to
inform the sourcehost to update its forwarding table when the
packet is routed on a wrong path.

ICMP Query Messages

 Echo Request & Reply―Combination of echo request and

reply messagesdetermines whether two systems
communicate or not.
 Timestamp Request & Reply―Two machines can use the
timestamp requestand reply messages to determine the
round-trip time (RTT).
 Address Mask Request & Reply―A host to obtain its subnet
mask, sends an address mask request message to the router,
which responds with an addressmask reply message.
 Router Solicitation/Advertisement―A host broadcasts a router
solicitation message to know about the router. Router
broadcasts its routing informationwith router advertisement
message.

ICMP MESSAGE FORMAT

  An ICMP message has an 8-byte header and a variable-size data section. 

Type Defines the type of the message

Code Specifies the reason for the particular message type
Checksum Used for error detection
Rest of the header Specific for each message type
Data Used to carry information
Identifier Used to match the request with the reply
Sequence Number Sequence Number of the ICMP packet

ICMP DEBUGGING TOOLS

Two tools are used for debugging purpose. They are (1) Ping (2) Traceroute

Ping
 The ping program is used to find if a host is alive and responding. 
 The source host sends ICMP echo-request messages; the
destination, if alive,responds with ICMP echo-reply
messages.
 The ping program sets the identifier field in the echo-request
and echo-reply message and starts the sequence number from
0; this number is incremented by1 each time a new message is
sent.
 The ping program can calculate the round-trip time.
 It inserts the sending time in the data section of the message. 
 When the packet arrives, it subtracts the arrival time from the
departure time toget the round-trip time (RTT).
$ ping google.com

Traceroute or Tracert
 The traceroute program in UNIX or tracert in Windows can
be used to tracethe path of a packet from a source to the
destination.
 It can find the IP addresses of all the routers that are visited along the
path.
 The program is usually set to check for the maximum of 30
hops (routers) to bevisited.
  The number of hops in the Internet is normally less than this.
$ traceroute google.com

9. UNICAST ROUTING

12. IPV6 - NEXT GENERATION IP

 IPv6 was evolved to solve address space problem and offers
rich set ofservices.
 Some hosts and routers will run IPv4 only, some will run
IPv4 and IPv6 andsome will run IPv6 only.
DRAWBACKS OF IPV4
 Despite subnetting and CIDR, address depletion is still a long-term
problem.
 Internet must accommodate real-time audio and video
transmission thatrequires minimum delay strategies and
reservation of resources.
 Internet must provide encryption and authentication
of data for someapplications

FEATURES OF IPV6
1. Better header format - IPv6 uses a new header format in
which options are separated from the base header and
inserted, when needed, between the baseheader and the data.
This simplifies and speeds up the routing process because
most of the options do not need to be checked by routers.
2. New options - IPv6 has new options to allow for additional
functionalities. 3.Allowance for extension - IPv6 is designed
to allow the extension of the
protocol if required by new technologies or applications.
4. Support for resource allocation - In IPv6, the type-of-service
field has been removed, but two new fields, traffic class and
flow label, have been added toenable the source to request
special handling of the packet. This mechanismcan be used to
support traffic such as real-time audio and video.

Additional Features :
1. Need to accommodate scalable routing and addressing
2. Support for real-time services
3. S
ecurit
y
supp
 ort
4.Aut
ocon
figura
tion -
The ability of hosts to automatically configure
themselves with suchinformation as their own IP
address and domain name.
5. Enhanced routing functionality, including support for mobile hosts
6. Transition from ipv4 to ipv6

ADDRESS SPACE ALLOCATION OF IPV6

IPv6 provides a 128-bit address space to handle up to 3.4 × 10 38 nodes.
IPv6 uses classless addressing, but classification is based on MSBs.
The address space is subdivided in various ways based on the leading bits.
The current assignment of prefixes is listed in Table

A node may be assigned an “IPv4-compatible IPv6 address”

by zero-extendinga 32-bit IPv4 addressto128 bits.
A node that is only capable of understanding IPv4 can be
assigned an “IPv4- mapped IPv6 address” by prefixing the 32-
bit IPv4 address with 2 bytes of all 1s and then zero-extending
the result to 128 bits.
GLOBAL UNICAST
Large chunks (87%) of address space are left unassigned for future use.
IPv6 defines two types of local addresses for private networks.
oLink local - enables a host to construct an address
that need not beglobally unique.
oSite local - allows valid local address for use in a
isolated site withseveral subnets.
Reserved addresses start with prefix of eight 0's.
oUnspecified address is used when a host does not
know its addressoLoopback address is used for
testing purposes before connecting oCompatible
address is used when IPv6 hosts uses IPv4
network
o Mapped address is used when a IPv6 host communicates with a
 IPv4 host
IPv6 defines anycast address, assigned to a set of interfaces.
Packet with anycast address is delivered to only one of the nearest
interface.

ADDRESS NOTATION OF IPV6

Standard representation of IPv6 address is x : x : x : x : x : x : x
: x where x is a16-bit hexadecimal address separated by colon
(:).
For example,
47CD : 1234 : 4422 : ACO2 : 0022 : 1234 : A456 : 0124

IPv6 address with contiguous 0 bytes can be written compactly.

For example,
47CD : 0000 : 0000 : 0000 : 0000 : 0000 : A456 : 0124 → 47CD : : A456
: 0124

IPv4 address is mapped to IPv6 address by prefixing the 32-

bit IPv4 addresswith 2 bytes of 1s and then zero-extending
the result to 128 bits.
For example,
128. 96.33.81 → : : FFFF : 128.96.33.81
This notation is called as CIDR notation or slash notation.

ADDRESS AGGREGATION OF IPV6

IPv6 provides aggregation of routing information to reduce
the burden onrouters.
Aggregation is done by assigning prefixes at continental level.
For example, if all addresses in Europe have a common prefix,
then routers in other continents would need one routing table
entry for all networks in Europe.

 Prefix - All addresses in the same continent have a common prefix

 RegistryID ― identifies the continent
 ProviderID ― identifies the provider for Internet access, i.e., ISP.
 SubscriberID ― specifies the subscriber identifier
 SubnetID ― contains subnet of the subscriber.
 InterfaceID ―contains link level or physical address.

PACKET FORMAT OF IPV6

IPv6 base header is 40 bytes long.
  Version — specifies the IP version, i.e., 6.
 Traffic Class — defines priority of the packet with respect
to trafficcongestion. It is either congestion-controlled or non-
congestion controlled
 Flow Label — provides special handling for a particular
flow of data. Routerhandles different flows with the help of a
flow table.
 Payload Len — gives length of the packet, excluding IPv6 header.
 Next Header — Options are specified as a header following
IP header.NextHeader contains a pointer to optional headers.
 Hop Limit — Gives the TTL value of a packet.
 Source Address / Destination Address — 16-byte
addresses of source anddestination host

Extension Headers
Extension header provides greater functionality to IPv6.
Base header may be followed by six extension headers.
Each extension header contains a NextHeader field to
identify the headerfollowing it.

 Hop-by-Hop — source host passes information to all routers visited by

the
packet
Destination — source host information is passed to the destination only.
 Source Routing — routing information provided by the source host.
 Fragmentation — In IPv6, only the source host can fragment.
Source uses a path MTU discovery technique to
find smallest MTU on the path.
 Authentication — used to validate the sender and ensures data integrity.
  ESP (Encrypted Security Payload) — provides confidentiality against
eavesdropping.

ADVANCED CAPABILITIES OF IPV6

Auto Configuration — Auto or stateless configuration of IP
address to hostswithout the need for a DHCP server, i.e., plug
and play.
Advanced Routing — Enhanced routing support for mobile hosts is
provided.
Additional Functions ― Enhanced routing functionality
with support formobile hosts.
Security ― Encryption and authentication options provide
confidentiality andintegrity.
Resource allocation ― Flow label enables the source to
request specialhandling of real-time audio and video
packets

ADVANTAGES OF IPV6
Address space ― IPv6 uses 128-bit address whereas IPv4 uses
32-bit address. Hence IPv6 has huge address space whereas IPv4
faces address shortageproblem.
Header format ― Unlike IPv4, optional headers are
separated from base header in IPv6. Each router thus
need not process unwanted additioninformation.
Extensible ― Unassigned IPv6 addresses can accommodate needs of
futuretechnologies.

Dual-Stack Operation and Tunneling

In dual-stack, nodes run both IPv6 and IPv4, uses Version field to
decide whichstack should process an arriving packet.
IPv6 packet is encapsulated with an IPv4 packet as it travels
through an IPv4 network. This is known as tunneling and packet
contains tunnel endpoint as itsdestination address.

Network Address Translation

NAT enables hosts on a network to use Internet with local addresses.
Addresses reserved for internal use range from 172.16.0.0 to
172.31.255.255
Organization must have single connection to the Internet through
a router thatruns the NAT software.