2/6/2015

Internet Protocol (IP)

IPv4 (Internet Protocol version 4)

Internet Protocol is layer three protocol used to identify host ,

intermediate devices and different networks uniquely all over the
world during packet transmission.

Need of Network layer addressing ?

IPv4
Allocation techniques
IPv4 header

OPM

The internet layer facilitates internetworking, which is the concept of

connecting
i multiple
l i l networks
k with
i h eachh other
h through
h
h networkk
gateways.

OPM

Core protocols of IP layer

Basic functions of Internet layer

Internet protocol implemented in form of IPv4 and IPv6.

For outgoing packets, select the next-hop device (router or

gateway) and transmit the packet to link layer.
For incoming packets, capture packets and pass the packet payload
to the appropriate transport-layer protocol.

The Internet Control Message Protocol (ICMP) is primarily used

for error and diagnostic functions of a network. Different
implementations exist for IPv4 and IPv6.
The Internet Group Management Protocol (IGMP) is used by IPv4
hosts and adjacent multicast routers to establish multicast group
memberships.

In addition it provides error detection in network and diagnostic

capability (ICMP).

Internet Protocol Security (IPsec) is a suite of protocols for

securing Internet Protocol (IP) communications by authenticating
and/or encrypting each IP packet in a data stream. IPsec also
includes protocols for cryptographic key establishment
OPM

OPM

IPv4

IPv4 (cont.)

IPv4 was described in RFC 791 (September 1981).

IPv4 uses 32 bits addresses, which limits the address space

to 4294967296 (232) addresses.

IPv4 is a connectionless protocol for use on Packet switched

networks.

IPv4 address exhaustion (occurred on February 3, 2011)

significantly delayed by following addressing changes such as

It operates on a best effort service model, in that it does not

guarantee delivery, nor does it assure proper sequencing or
avoidance of duplicate delivery. These aspects are addressed by
an transport protocol, such as TCP and UDP.

OPM

Classful network design,

Classless network design (Classless Inter Domain Routing CIDR),
Network Address Translation (NAT).
Dynamic Host Configuration Protocol (DHCP)

OPM

2/6/2015

Classful IP allocation Technique

Dotted-decimal notation and binary notation for an IPv4 address

OPM

OPM

Netid and hostid

Number of blocks and block size in classful IPv4 addressing

OPM

OPM

10

Each IP address contains information of Network & Host number

Classless IP allocation Technique (CIDR)

The leftmost n bits (prefix) define the network Number.

The total number of Networks in the block can be found by using the formula 2n.
The rightmost 32 n bits define the host number.

InIPv4addressing,ablockof
addressescanbedefinedas
x.y.z.t /n
/
inwhichx.y.z.t definesoneoftheaddressesandthe/n definesthemask.

OPM

The total number of host addresses in the block can be found byy usingg the
formula 232n.

11

OPM

12

2/6/2015

Configuration and addresses in a subnetted network

OPM

Three-level hierarchy in an IPv4 address

13

NAT implementation

OPM

14

OPM

16

Addresses in a NAT

OPM

15

NAT address translation

Example: Five-column translation table

OPM

17

OPM

18

2/6/2015

Some special address blocks

Private Network IP address

The following three blocks of IP addresses are reserved for use in private networks.
These IP addresses are not routable outside of private networks, and private
machines cannot directly communicate with public networks.
They can, however, do so through network address translation (NAT).

Link-local addressing
special address block 169.254.0.0/16 for link-local addressing, only valid on
links connected to a host . These addresses are not routable so cannot be the source
or destination of packets traversing the internet (public network). These addresses
are primarily used when a host cannot obtain an IP address from a DHCP server or
other internal configuration methods.
Loopback
The class A network 127.0.0.0 (classless network 127.0.0.0/8) is reserved for
l
loopback.
b k IP packets
k t with
ith source addresses
dd
belong
b l
to
t this
thi network
t
k never appear
outside a host.
IP packets with source and destination addresses belong to the network (or
subnetwork) of the same loopback interface are returned back to that interface,
hence can be used to check network interface port of a host device.

OPM

19

Addresses ending in 0 or 255

Class C networks in classful networking, and networks with CIDR prefixes /24
to /32 (255.255.255.0255.255.255.255) can not have an address ending in 0 or
255.
OPM
20
In networks except class C, the IP addresses
ending with 0 and 255 can be used.

IP Datagram Format (with header)

bit # 0

7 8
version

header
length

15 16
ECN

DS

Identification
time-to-live (TTL)

23

24

IPv4 header fields

31

Version:- 4 bits field, for IPv4 field value is 4 .

total length (in bytes)

0

D M
F F

protocol

Fragment offset

IHL (Internet Header Length):- 4 bits field, which is the number of

32-bit word in the header. this field specifies the size of the header
(this also coincides with the offset to the data).
data) The minimum value
for this field is 5 (RFC 791), which is a length of 532 = 160 bits =
20 bytes. Being a 4-bit value, the maximum length is 15 words
(1532 bits) or 480 bits = 60 bytes.

header checksum

source IP address
destination IP address
options (0 to 40 bytes)
payload

4 bytes

20 bytes Header Size < 24 x 4 bytes = 60 bytes

20 bytes Total Length < 216 bytes = 65535 bytes
OPM
21

OPM

IPv4 header fields (cont.)

22

IPv4 header fields (cont.)

Type of Service (originally defined ):- 8-bits field

DifferentiatedServices(DS 6bitsdefines type of services like control, data,
real-time streaming etc.
ExplicitCongestionNotification(ECN2bits allowsendtoendnotification
ofnetworkcongestion withoutdroppingpackets).

Total length : 16-bits field defines the entire packet (fragment) size, including header
and data, in bytes (octet).
The minimum-length packet is 20 bytes (20-byte header + 0 bytes
data) and the maximum is 65,535 bytes the maximum value of a 16bit word.

Identification : uniquely identifies a datagram or must be copied in fragments.

Retransmission of a packet carries the same identification number.
Some experimental work has suggested using the ID field for other
purposes, such as for adding packet-tracing information to help trace
datagrams with spoofed source addresses

OPM

23

OPM

24

2/6/2015

IPv4 header fields (cont.)

IPv4 header fields (cont.)

Flags:- 3-bits field,

used to control or identify fragments. They are (in order, from high order to

low order).
bit 0: Reserved; must be zero.
bit 1: Don't Fragment (DF), set (1) for dont fragment, clear (0) for fragment
bit 2: More Fragments (MF), set (1) for more fragment follows, clear (0) for
no fragment and last fragment.
fragment

Fragment Offset:- 13-bits long field,

measured in units of eight-byte blocks,
specifies the offset of a particular fragment relative to the beginning of the
original un-fragmented IP datagram.
The first fragment has an offset of zero. This allows a maximum offset of
(213 1) 8 = 65,528 bytes, which would exceed the maximum IP packet
length of 65,535 bytes with the header length included (65,528 + 20 = 65,548
bytes).
OPM

Th
The field
fi ld has
h become
b
a hop-countwhen
h
t
h the
th datagram
d t
arrives
i
att a router,
t the
th
router decrements the TTL field by one.
When the TTL field hits zero, the router discards the packet and typically
sends a ICMP time exceeded message to the sender.
The program traceroute uses these ICMP Time Exceeded messages to print
the routers used by packets to go from the source to the destination.
OPM

26

IPv4 header fields (cont.)

Protocol :- 8-bit field

Source address:-

This field defines the protocol (TCP or UDP) used in the data portion of the
IP datagram.

Checksum :- 16-bit field (checksum of 16-bit blocks)

used for error
error-check
check of the header
header.

OPM

27

IPv4 header fields (cont.)

OPM

28

Sender can put any source address in packets he sends:

Can be used to send undesired return traffic to the spoofed address
Can be used to bypass filters to send undesired traffic to the destination

Option Number (5 bits)

OptionNumber(5bits)

Copy : Set to 1 if the options need to be copied into all fragments of a fragmented packet.
Option Class : options category. 0 is for datagram or network control" options, and 2 is
for "debugging and measurement". 1, and 3 are reserved.

Option Number : value 0 for end of option list, 3 for loose source route, 7 for record
route, 9 for strict source route, 11 for MTU probe, 18 for traceroute program to find
routers along a path etc.

OPM

This field is the IPv4 address of the receiver of the packet

packet. As with the
source address, this may be changed in transit by a Network Address
Translation device.

Address spoofing

Options: The options field is not often used.

The list of options may be terminated with an EOL (End Of Option list, 0x00)
option; this is only necessary if there is any option entries in header.
The possible options that can be put in the header are as follows:

Option class (2 bits)

Optionclass(2bits)

This field is the IPv4 address of the sender of the packet. This address may
be changed in transit by a Network Address Translation device.

Destination address:-

Checksum is calculated as 1s complement of sum of 1s complement of all

16-bit blocks of IP header.
When a packet arrives at a router, the router calculates the checksum of the
header and compares it to the checksum field. If the values do not match, the
router discards the packet.
Errors in the data field must be handled by the encapsulated protocol.
When a packet arrives at a router, the router decreases the TTL field.
Consequently, the router must calculate a new checksum.

Copy (1 bit)
Copy(1bit)

helps prevent datagram from persisting (e.g. going in circles) on an internet.

This field limits a datagram's lifetime.

25

IPv4 header fields (cont.)

Time To Live (TTL):- 8-bits field

29

Reverse Path verification can be used by routers to broadly

catch some spoofers using option field.

OPM

30

2/6/2015

Basic IPv4 Routing

Fragmentation

Static routing. Used by hosts and some firewalls and routers.

May need to fragment an IP packet if one data link along the way
cannot handle the packet size
Perhaps path is a mix of different Hardwares.
Perhaps unexpected encapsulation makes the packet larger than the source
expected
Hosts try to understand Maximum Transmission Unit (MTU) to avoid the
need
d for
f fragmentation
f
t ti (which
( hi h causes a performance
f
hit)

Identification field identifies all elements of the same fragment

Fragmentation stored in the MF (more fragments) and fragment offset fields
Devices can reassemble too
But generally the destination does the reassembly

OPM

31

Networks gateways, Next hop addresses, other routers information etc.

May have routing table per incoming interface

To route a packet, take the destination address and find the best match
network in the table
table. In case of a tie look at the metric

Any device along the way can fragment (in IPv4 only)

Routing table consists of entries of

Use the corresponding next hop address and interface to send the packet on.
The next hop address is on the same link as this device, so you use the next
hops data-link address, e.g. ethernet MAC address

Decrement time to live field in IP header at each hop. Drop packet when
it reaches 0

Attempt to avoid routing loops

TTL fields maximum value is 255.

OPM

32

Dynamic Routing Protocols

Source Based Routing

In the IP Options field, can specify a source route
Was conceived of as a way to ensure some traffic could be delivered through
predefined path irrespective of routing tables.

Can be used by the network attacker to avoid security enforcing

devices

For scaling, discover topology and routing rather than

statically constructing routing tables
Open Shortest Path First (OSPF): Used for routing within an
administrative domain
Traffic diversion by considering current status of a particular path
Border Gateway Protocol (BGP): Used for routing between
administrative domains.

OPM

33

OPM

34