Network Layer

1
Address Mapping
 The physical address and the logical address are two different identifiers.

 We need both because a packet at a network layer (such as IP) may pass
through physical networks (such as Ethernet and LocalTalk (Apple)).

 That means the delivery of a packet to a host or a router requires two

levels of addressing: logical and physical.

 It is required to map a logical address to its corresponding physical address

and vice versa.

 This can be done by using either static or dynamic mapping.

126
Static mapping
 Each machine on the network stores a table that associates a logical
address with a physical address.

 Each machine that knows, for example, the IP address of another machine
but not its physical address can look it up in the table.

 This has some limitations because physical addresses may change in the
following ways:

1. A machine could change its NIC, resulting in a new physical address.

2. A mobile computer can move from one physical network to another, resulting
in a change in its physical address.

 To implement these changes, a static mapping table must be updated

periodically. This overhead could affect network performance.
127
Dynamic Address Mapping
 In dynamic mapping each time a machine knows one of the two addresses
(logical or physical), it can use a protocol to find the other one.

 We need protocols to create a mapping between physical and logical

addresses.

 IP packets use logical (host-to-host) addresses. These packets need to be

encapsulated in a frame, which needs physical addresses (node-to-node).

 The Address Resolution Protocol (ARP), is designed for this purpose.

 We sometimes need reverse mapping-mapping a physical address to a

logical address.

 For example, when booting a diskless network or leasing an IP address to a

host. Three protocols are designed for this purpose: RARP, BOOTp, and
DHCP (Dynamic Host Configuration Protocol).

128
Address Resolution Protocol (ARP)
 Anytime a host or a router has an IP datagram to send to another host or
router, it has the logical (IP) address of the receiver.

 The logical (IP) address is obtained from the DNS if the sender is the host
or it is found in a routing table if the sender is a router.

 But the IP datagram must be encapsulated in a frame to be able to pass

through the physical network.

 This means that the sender needs the physical address of the receiver.

 The host or the router sends an ARP query packet.

 The packet includes the physical and IP addresses of the sender and the IP
address of the receiver.

 Because the sender does not know the physical address of the receiver, the
query is broadcast over the network.
129
ARP Operation

6
ARP packet

7
ARP packet
 Hardware type: This is 16 bits field defining the type of the
network on which ARP is running. Ethernet is given type 1.

 Protocol type: This is 16 bits field defining the protocol. The

value of this field for the IPv4 protocol is 0800H.

 Hardware length: This is an 8 bits field defining the length of

the physical address in bytes. Ethernet is the value 6.

 Protocol length: This is an 8 bits field defining the length of the

logical address in bytes. For the IPv4 protocol, the value is 4.

 Operation (request or reply): This is a 16 bits field defining

the type of packet. Packet types are ARP request (1), and ARP
reply (2).
 ARP packet
 Sender hardware address: This is a variable length field defining
the physical address of the sender. For example, for Ethernet, this
field is 6 bytes long.
 Sender protocol address: This is also a variable length field
defining the logical address of the sender For the IP protocol, this
field is 4 bytes long.
 Target hardware address: This is a variable length field defining
the physical address of the target. For Ethernet, this field is 6 bytes
long. For the ARP request messages, this field is all Os because the
sender does not know the physical address of the target.
 Target protocol address: This is also a variable length field
defining the logical address of the target. For the IPv4 protocol, this
field is 4 bytes long.
Encapsulation of ARP Packet
 An ARP packet is encapsulated directly into a data link frame
(Ethernet frame).

 In the Ethernet protocol, the Type value 0x0806 indicates that

the frame contains an Address Resolution Protocol (ARP)
datagram / packet.

10
Operation: Steps involved in an ARP process
1. The sender knows the IP address of the target.

2. IP asks ARP to create an ARP request message, filling in the sender physical
address, the sender IP address, and the target IP address. The target physical
address field is filled with 0s.

3. The message is passed to the data link layer where it is encapsulated in a frame
by using the physical address of the sender as the source address and the
physical broadcast address as the destination address.

4. Every host or router receives the frame. All machines except the one targeted
drop the packet. The target machine recognizes its IP address.

5. The target machine replies with an ARP reply message that contains its physical
address. The message is unicast.

6. The sender receives the reply message. It now knows the physical address of
the target machine.

7. The IP datagram, which carries data for the target machine, is now encapsulated
11 in a frame and is unicast to the destination.
 There are four cases in which a host or router needs to use ARP

12
Example:
 A host with IP address 130.23.43.20 and physical address B2:34:55:10:22:10
has a packet to send to another host with IP address 130.23.43.25 and
physical address A4:6E:F4:59:83:AB. The two hosts are on the same
Ethernet network. Show the ARP request and reply packets encapsulated in
Ethernet frames.

13
Proxy ARP
 Proxy ARP is used to create a subnetting effect. Where ARP acts on behalf
of a set of hosts.

 Whenever a router running a proxy ARP receives an ARP request looking

for the IP address of one of these hosts, the router sends an ARP reply
announcing its own hardware (physical) address.

14
 RARP

15
Reverse Address Resolution Protocol
 There are occasions in which a host knows its physical address, but needs
to know its logical address. This may happen in two cases:

1. A diskless station is just booted. The station can find its physical address
by checking its interface, but it does not know its IP address.

2. An organization does not have enough IP addresses to assign to each

station; it needs to assign IP addresses on demand. The station can send
its physical address and ask for a short time lease.

 Reverse Address Resolution Protocol (RARP) is used for this purpose.

 The requesting machine must be running a RARP client program; the

responding machine must be running a RARP server program.

16
RARP
RARP Packet
 Same as that of ARP except operation field (3 for RARP
request and 4 for RARP reply)

18
Encapsulation of RARP Packet
 An ARP packet is encapsulated directly into a data link frame
(Ethernet frame).

 In the Ethernet protocol, the Type value 0x0805 indicates that

the frame contains an RARP datagram / packet.

19
 ICMP

20
Internet Control Message Protocol
 IP provides unreliable, connectionless datagram delivery

 The IP protocol has no error-reporting or error-correcting mechanism.

 It also lacks a mechanism for host and management queries.

 The Internet Control Message Protocol (ICMP) has been designed to

compensate for the above two deficiencies.

 It is a companion to the IP protocol.

21
Types of Messages
 Two broad categories:
 Error-reporting messages and
 Query messages.

 The error-reporting messages report problems that a router or a host

(destination) may encounter when it processes an IP packet.

 The query messages, which occur in pairs, help a host or a network

manager get specific information from a router or another host.
 For example, nodes can discover their neighbors.
 Hosts can discover and learn about routers on their network, and
 Routers can help a node redirect its messages.

22
General format of ICMP messages
 If there is no additional
data, there are 4 bytes
set to zero.
 Each ICMP messages is
at least 8 bytes long

 The message has an 8-byte header and a variable-size data section.

 The general format of the header is different for each message type but, the first
4 bytes are common to all.
 ICMP type, defines the type of the message.
 The code field is a subtype that specifies the reason for the particular message type.
 The checksum field similar to IP header checksum and it is calculated over entire ICMP
message.
 The rest of the header is specific for each message type.
 The data section
 In error messages carries information for finding the original packet that had the error.
23  In query messages carries extra information based on the type of the query.
Encapsulation of ICMP packet
 ICMP messages are not passed directly to the DLL as would be expected.

 Instead, the messages are first encapsulated inside IP datagrams before going
to the lower layer

 The value of the protocol field in the IP datagram is 1 to indicate

that the IP data is an ICMP message

24
Error Reporting Messages

 ICMP error messages report errors conditions. Typically sent when a

datagram is discarded.

 Error messages are always sent to the original source because the only
information available in the datagram about the route is the source and
destination IP addresses.

 ICMP uses the source IP address to send the error message to the source
(originator) of the datagram
25
Error Reporting Messages

Important points about ICMP error messages:

 No ICMP error message will be generated:

 In response to a datagram carrying an ICMP error message.

 For a fragmented datagram that is not the first fragment.

 For a datagram having a multicast address.

26  For a datagram having a special address such as 127.0.0.0 or 0.0.0.0.

Error Reporting Messages
Message type Description Generated by
Destination Packet could not be either a router or the
unreachable delivered destination host
Source quench Choke packet: designed to a router or host discards a
add a kind of flow control to datagram due to congestion,
the IP. it sends a source-quench
message to the sender of
the datagram
Time exceeded Time to live field hit 0 the router

Parameter Invalid header field: an a router or the destination

problem ambiguous or missing value host
in any field of the datagram
Redirect Teach a router about A router to a host on the
geography same local network
27
Redirection concept

 Host A sends a packet to a router R1 to reach a destination on host B

 Router R1 finds that router R2 is the next-hop to reach the destination.

 Router R1 sends an ICMP redirect message to the host, informing it that

the best route is to use router R2.

 The host A modifies its routing table to send future packets to the
destination via router R2.
Query messages
 ICMP can diagnose some network problems. This is accomplished through
the four query messages.
 In this type of ICMP message, a node sends a message that is answered in a
specific format by the destination node.
 A query message is encapsulated in an IP packet, which in tum is
encapsulated in a data link layer frame.

29
Query messages

Message type Description

Echo request and reply Check if a machine is alive
Timestamp request and reply Same as Echo, but with timestamp

Address-Mask Request and Reply Find a mask value if IP is known

Router solicitation /advertisement Find a nearby router

30
Echo request and reply
 Used by network managers and users for diagnosing network problems
 Tests for the “reachability” of a host
 Used to implement the PING command
 An echo-request message can be sent by a host or router.
 An echo-reply message is sent by the host or router which receives
 an echo-request message
 Echo-request and echo-reply messages can be used by network managers
to check the operation of the IP protocol..

• Optional Data must be returned

exactly as sent
• Identifier often Process ID of sender
• Sequence # keeps track of particular
request/reply

31
Timestamp request and reply
 Used by two machines to determine the roundtrip time for an IP datagram
to travel between them
 Also used to synchronize the clocks in two machines
 Format contains three timestamps, each 32-bits
 Represents time (in milliseconds) from midnight in Universal Time

32
Timestamp request and reply
Timestamp-request

 Original Timestamp receives UT shown by clock at departure time

 Receive/Transmit timestamps initialized to 0s

Timestamp-reply

 Original Timestamp receives value copied from request

 Receive timestamp contains UT time dest received packet

 Transmit timestamps contains UT time packet sent

Sending time = value of receive timestamp − value of original timestamp

Receiving time = time the packet returned − value of transmit timestamp

33 Round-Trip Time = Sending time + Receiving time

Mask request and reply message format
 Used by Host to obtain its IP address mask

 Host sends request to router if it knows IP of router

 If not, host broadcasts request and then router replies

 Diskless workstations use RARP to first get IP

 Then use ICMP Mask-request to get address mask

34
Router solicitation message format
 Hosts need to know addresses of routers

 Request broadcast by host to obtain the operating routers

 Routers reply with all routers they are aware of including themselves
(Sometimes reply without request)

35
Router advertisement message format
 Preference level is used to select default router

 If preference level is 0 then it is default. If level is 0x80000000 never

selected as default

36
 IGMP

37
Internet Group Management Protocol
Multicasting
 Processes may have to send the same message to a large numbers of
receivers simultaneously. This is called multicasting, which is a one-to-many
communication

 Examples:
 Distance learning and Video-on-demand

 Informing multiple stockbrokers about changes to a stock price

 Travel agents can be informed of a plane cancellation

 IGMP is one of the necessary but not sufficient protocol for multicasting

38
IGMP: Group Management
 For multicasting in the Internet we need routers that are able to route
multicast packets.

 Routing tables must be updated using a multicasting routing protocol

 IGMP is not a multicasting routing protocol

 It is a protocol that manages group membership

 Group membership: hosts and routers and the groups they are “interested” in
(subscribe to)

 In any network, there are one or more multicast routers that distribute
multicast packets to hosts or other routers.

 The IGMP protocol gives the information about the membership status of
hosts (routers) connected to the network to multicast routers

39
IGMP: Group Management
 A multicast router may receive thousands of multicast packets every day
for different groups.

 If a router has no knowledge about the membership status of the hosts, it

must broadcast all these packets.

 This creates a lot of traffic and consumes bandwidth.

 A better solution is to keep a list of groups in the network for which there
is at least one loyal member.

 IGMP helps the multicast router create and update this list.

IGMP is a group management protocol. It helps a multicast router create

and update a list of loyal members related to each router interface.

40
IGMP Message Types

IGMP messages are carried in bare IP packets with IP protocol number 2.​

41
IGMP Message Types
 There are several types of IGMP messages:
 Query:
 General membership queries: Sent by multicast routers to determine which
multicast addresses are of interest to systems attached to the network(s) they serve to
refresh the group membership state for all systems on its network.
 Special Query:
1. Group-specific membership queries: Used for determining the reception state for
a particular multicast address
2. Group-and-source-specific queries: Allow the router to determine if any systems
desire reception of messages sent to a multicast group from a source address specified
in a list of unicast addresses

 Membership reports: Sent by multicast receivers in response to a member-

ship query or asynchronously when first registering for a multicast group
 Leave group messages: Sent by multicast receivers when specified
multicast transmissions are no longer needed at the receiver
 IGMP messages are carried in bare IP packets with IP protocol number 2.
IGMP message format

 Type: This 8-bit field defines the type of message

Type Value
General or special query Ox11 or 00010001
Membership report Ox16 or 00010110
Leave report Ox17 or 00010111
 Maximum Response Time: This 8-bit field defines the amount of time in which
a query must be answered. The value is nonzero in the query message; it is set to
zero in the other two message types
 Checksum: The checksum is calculated over the 8-byte message.
 Group address: The value of this field is 0 for a general query message.
The value defines the groupid (multicast address of the group) in
43 the special query, and other two messages.
IGMP Operation
 IGMP operates locally, i.e., within a network
 For each group there is only one router connected to the network that has
the duty of distributing the multicast packets destined for that group
 A host or multicast router can have membership in a group.
 A host has “membership” if one of its processes receives multicast packets from
some group
 A router has “membership” means that there is a network attached to some
other interface that receives multicast packets for the group

• R is distributing router
• R1 & R2 are multicast routers
• Possibly receive packets from R
• Forward to other networks but
not on this network
44
Joining a Group
 A host or router can join a group
 Host Joining a group:
 The host receives requests from processes to join a group
 If no previous request from another process, a membership report message is sent
 Otherwise, no membership report need be sent as the host already receives
multicast packets for this group

 Router Joining a group:

 A router also maintains a list of groupids that show membership for the networks
connected to each interface
 If a multicasting router receives a membership report from a device attached to an
interface for a network where there was not already interest, the router will issue a
membership report message to a device on the network that supplies the multicast
packets for this group
 Router acts like host but group list is much broader (accumulation of all loyal
members that are connected to its interfaces)
Membership report

 The protocol requires that the membership report be sent twice, one after
the other within a few moments.

 In this way, if the first one is lost or damaged, the second one replaces it.

46
Leaving a Group
 When a host sees that no process is interested in a specific group, it sends a
leave report.
 Similarly, when a router sees that none of the networks connected to its
interfaces is interested in a specific group, it sends a leave report about that
group.
 When a multicast router receives a leave report, it cannot immediately purge
that group from its list because the report comes from just one host / router;
there may be other hosts or routers that are still interested in that group.
 To make sure, the router sends a special query message and inserts the
groupid, or multicast address, related to the group.
 The router allows a specified time for any host or router to respond.
 If, during this time, no interest (membership report) is received, the router
assumes that there are no loyal members in the network and purges the
group from its list.
Leave report

48
Query Router
 Query messages may create a lot of responses.

 To prevent unnecessary traffic, IGMP designates one router as the query

router for each network.

 Only this designated router sends the query message, and the other
routers are passive (they receive responses and update their lists)

49
Encapsulation at Network Layer

 The value of the protocol field is 2 for the IGMP protocol.

 The IP packet that carries an IGMP packet has a value of 1 in its TTL field.
 This is required because the domain of IGMP is the LAN. No IGMP message
must travel beyond the LAN.

50
Encapsulation at Data Link Layer
 The ARP protocol cannot find the corresponding MAC (physical) address
to forward the packet at the data link layer.

 Most LANs support physical multicast addressing.

 Ethernet is one of them. An Ethernet physical address (MAC address) is six

bytes (48 bits) long.

 If the first 25 bits in an Ethernet address are 000000100000000010111100,

this identifies a physical multicast address for the TCP/IP protocol.

 The remaining 23 bits can be used to define a group.

 To convert an IP multicast address into an Ethernet address, the multicast

router extracts the least significant 23 bits of a class D IP address and
inserts them into a multicast Ethernet physical address
51
Encapsulation at Data Link Layer
 Mapping class D to Ethernet physical address

 An Ethernet multicast physical address is in the range 01:00:5E:00:00:00 to

01:00:5E:7F:FF:FF.
52
Example 1
 Change the multicast IP address 230.43.14.7 to an Ethernet multicast
physical address.

 Solution: We can do this in two steps:

a. We write the rightmost 23 bits of the IP address in hexadecimal. This

can be done by changing the rightmost 3 bytes to hexadecimal and then
subtracting 8 from the leftmost digit if it is greater than or equal to 8. In
our example, the result is 2B:0E:07.

b. We add the result of part a to the starting Ethernet multicast address,

which is 01:00:5E:00:00:00. The result is

53
Example 2
 Change the multicast IP address 238.212.24.9 to an Ethernet multicast
address.

 Solution

a. The rightmost 3 bytes in hexadecimal is D4: 18:09. We need to subtract 8

from the leftmost digit, resulting in 54:18:09.

b. We add the result of part a to the Ethernet multicast starting address.

The result is

01:00:5E:54:18:09

54