4.4.

1 The IP Protocol
• An IP datagram consists of a header part and a text part. The header has
a 20-byte fixed part and a variable length optional part.

 The Version field keeps track of which version of the protocol the datagram belongs to.
 The header length is not constant, a field in the header, IHL, is provided to tell
how long the header is, in 32-bit words.
 The Type of service field is one of the few fields that have changed its meaning
(slightly) over the years. It was and is still intended to distinguish between
different classes of service.
  The Total length includes everything in the datagram—both header and data.
The maximum length is 65,535 bytes.
 The Identification field is needed to allow the destination host to determine
which datagram a newly arrived fragment belongs to. All the fragments of a
datagram contain the same Identification value. Next comes an unused bit and
then two 1- bit fields.
 DF stands for Don't Fragment. It is an order to the routers not to fragment the
datagram because the destination is incapable of putting the pieces back
together again.
 MF stands for More Fragments. All fragments except the last one have this bit
set. It is needed to know when all fragments of a datagram have arrived.
 The Fragment offset tells where in the current datagram this fragment belongs.
All fragments except the last one in a datagram must be a multiple of 8 bytes, the
elementary fragment unit. Since 13 bits are provided, there is a maximum of
8192 fragments per datagram, giving a maximum datagram length of 65,536
bytes, one more than the Total length field.
 The Time to live field is a counter used to limit packet lifetimes. It is supposed to
count time in seconds, allowing a maximum lifetime of 255 sec.
 When the network layer has assembled a complete datagram, it needs to know
what to do with it. The Protocol field tells it which transport process to give it to.
TCP is one possibility, but so are UDP and some others. The numbering of
protocols is global across the entire Internet.
 The Header checksum verifies the header only.
 The Source address and Destination address indicate the network number and
host number.
 The Options field was designed to provide an escape to allow subsequent
versions of the protocol to include information not present in the original design,
to permit experimenters to try out new ideas, and to avoid allocating header bits
to information that is rarely needed.
 The options are variable length.
4.4.2 IP Address
IP addresses were divided into the five categories listed in Fig. This allocation has come to be
called classful addressing. It is no longer used, but references to it in the literature are still
common.
 The class A, B, C, and D formats allow for up to 128 networks with 16 million hosts
each, 16,384 networks with up to 64K hosts, and 2 million networks (e.g., LANs) with up to
256 hosts each (although a few of these are special). Also supported is multicast, in which a
datagram is directed to multiple hosts. Addresses beginning with 1111 are reserved for future
use.
Network addresses, which are 32-bit numbers, are usually written in dotted decimal
notation. In this format, each of the 4 bytes is written in decimal, from 0 to 255. For example,
the 32-bit hexadecimal address C0290614 is written as 192.41.6.20. The lowest IP address is
0.0.0.0 and the highest is 255.255.255.255.

Subnets:
As we have seen, all the hosts in a network must have the same network number. This
property of IP addressing can cause problems as networks grow. The solution is to allow a
network to be split into several parts for internal use but still act like a single network to the
outside world.
In the Internet literature, the parts of the network (in this case, Ethernets) are called
subnets.
To implement subnetting, the main router needs a subnet mask that indicates the split
between network + subnet number and host, as shown in Fig. Subnet masks are also written
in dotted decimal notation, with the addition of a slash followed by the number of bits in the
network + subnet part. For the example of Fig. the subnet mask can be written as
255.255.252.0. An alternative notation is /22 to indicate that the subnet mask is 22 bits long.

CIDR—Classless Inter Domain Routing:

The basic idea behind CIDR, which is described in RFC 1519, is to allocate the
remaining IP addresses in variable-sized blocks, without regard to the classes. If a site
needs, say, 2000 addresses, it is given a block of 2048 addresses on a 2048-byte boundary.
Using CIDR, each IP address has a network prefix that identifies either one or several
network gateways. The length of the network prefix in IPv4 CIDR is also specified as part of
 the IP address and varies depending on the number of bits needed, rather than any arbitrary
class assignment structure. A destination IP address or route that describes many possible
destinations has a shorter prefix and is said to be less specific. A longer prefix describes a
destination gateway more specifically.
CIDR notation: a.b.c.d/n
Where n = number of network IDs
Host ID = 32-n
IP = 2(32-n)

Example: 20.10.20.100/20
Network ID = 20.
Host ID = 32-20 = 12.
IP = 2(32-20) = 4096.

NAT—Network Address Translation:

IP addresses are scarce. An ISP might have a /16 (formerly class B) address, giving it
65,534 host numbers. If it has more customers than that, it has a problem. This quick fix
came in the form of NAT (Network Address Translation), which is described in RFC 3022
and which we will summarize below.
The basic idea behind NAT is to assign each company a single IP address (or at most, a
small number of them) for Internet traffic. Within the company, every computer gets a
unique IP address, which is used for routing intramural traffic. However, when a packet exits
the company and goes to the ISP, an address translation takes place. To make this scheme
possible, three ranges of IP addresses have been declared as private.
10.0.0.0 – 10.255.255.255/8 (16,777,216 hosts)
172.16.0.0 – 172.31.255.255/12 (1,048,576 hosts)
192.168.0.0 – 192.168.255.255/16 (65,536 hosts)
The operation of NAT is shown in Fig. Within the company premises, every machine has
a unique address of the form 10.x.y.z. However, when a packet leaves the company premises,
it passes through a NAT box that converts the internal IP source address, 10.0.0.1 in the
figure, to the company's true IP address, 198.60.42.12 in this example.

4.4.3 IP Version 6
Internet Protocol version 6 is a new addressing protocol designed to incorporate
all the possible requirements of future Internet. This protocol as its predecessor IPv4, works
on the Network Layer (Layer-3). Along with its offering of an enormous amount of logical
address space, this protocol has ample features to address the shortcoming of IPv4.
The major goals of IPV6 are:
1. Support billions of hosts, even with inefficient address allocation.
 2. Reduce the size of the routing tables.
3. Simplify the protocol, to allow routers to process packets faster.
4. Provide better security (authentication and privacy).
5. Pay more attention to the type of service, particularly for real-time data.
6. Aid multicasting by allowing scopes to be specified.
7. Make it possible for a host to roam without changing its address.
8. Allow the protocol to evolve in the future.
9. Permit the old and new protocols to coexist for years.

First and foremost, IPv6 has longer addresses than IPv4. They are 128 bits long, which
solves the problem that IPv6 set out to solve: providing an effectively unlimited supply of
Internet addresses.
The second major improvement of IPv6 is the simplification of the header. It contains
only seven fields (versus 13 in IPv4). This change allows routers to process packets faster and
thus improves throughput and delay.
The third major improvement is better support for options. This change was essential
with the new header because fields that previously were required are now optional (because
they are not used so often). In addition, the way options are represented is different, making it
simple for routers to skip over options not intended for them. This feature speeds up packet
processing time.
A fourth area in which IPv6 represents a big advance is in security. Authentication and
privacy are key features of the new IP.

The Main IPv6 Header

The IPv6 header is shown in Fig. 5-56. The Version field is always 6 for IPv6 (and 4 for
IPv4). During the transition period from IPv4, which has already taken more than a decade,
routers will be able to examine this field to tell what kind of acket they have.

The Differentiated services field (originally called Traffic class) is used to distinguish the
class of service for packets with different real-time delivery requirements. It is used with the
differentiated service architecture for quality of service in the same manner as the field of the
same name in the IPv4 packet.
 The Flow label field provides a way for a source and destination to mark groups of packets
that have the same requirements and should be treated in the same way by the network,
forming a pseudo connection. The flow can be set up in advance and given an identifier.
The Payload length field tells how many bytes follow the 40-byte header of Fig. 5-56. The
name was changed from the IPv4 Total length field because the meaning was changed
slightly: the 40 header bytes are no longer counted as part of the length (as they used to be).
This change means the payload can now be 65,535 bytes instead of a mere 65,515 bytes.
The Next header field lets the cat out of the bag. The reason the header could be simplified is
that there can be additional (optional) extension headers. This field tells which of the
(currently) six extension headers, if any, follow this one.
The Hop limit field is used to keep packets from living forever. It is, in practice, the same as
the Time to live field in IPv4, namely, a field that is decremented on each hop.
Next the Source address and Destination address fields which contains 1228 bit address.
A new notation has been devised for writing 16-byte addresses. They are written as eight
groups of four hexadecimal digits with colons between the groups, like this:
8000:0000:0000:0000:0123:4567:89AB:CDEF
Since many addresses will have many zeros inside them, three optimizations have been
authorized. First, leading zeros within a group can be omitted, so 0123 can be written as 123.
Second, one or more groups of 16 zero bits can be replaced by a pair of colons. Thus, the
above address now becomes
8000::123:4567:89AB:CDEF

Transition from IPV4 to IPV6:

Because of the huge number of systems on the Internet, the transition from IPv4 to IPv6
cannot happen suddenly. It takes a considerable amount of time before every system in the
Internet can move from IPv4 to IPv6. The transition must be smooth to prevent any problems
between IPv4 and IPv6 systems. Three strategies have been devised by the IETF to help the

transition.

1. Dual Stack
It is recommended that all hosts, before migrating completely to version 6, have a dual
stack of protocols. In other words, a station must run IPv4 and IPv6 simultaneously until all
the Internet uses IPv6. See below Figure for the layout of a dual-stack configuration.
To determine which version to use when sending a packet to a destination, the source host
queries the DNS. If the DNS returns an IPv4 address, the source host sends an IPv4 packet.
If the DNS returns an IPv6 address, the source host sends an IPv6 packet.
 2. Tunneling
Tunneling is a strategy used when two computers using IPv6 want to communicate with
each other and the packet must pass through a region that uses IPv4. To pass through this
region, the packet must have an IPv4 address. So the IPv6 packet is encapsulated in an
IPv4 packet when it enters the region, and it leaves its capsule when it exits the region. It
seems as if the IPv6 packet goes through a tunnel at one end and emerges at the other end.
To make it clear that the IPv4 packet is carrying an IPv6 packet as data.

3. Header Translation
Header translation is necessary when the majority of the Internet has moved to IPv6 but
some systems still use IPv4. The sender wants to use IPv6, but the receiver does not
understand IPv6. Tunneling does not work in this situation because the packet must be in
the IPv4 format to be understood by the receiver.

Comparison of IPV4 & IPV6

IPv4 Address IPv6 Address
Address Length – 32 bits 128 bits
Address Representation - decimal hexadecimal

Internet address classes Not applicable in IPv6

Multicast addresses (224.0.0.0/4) IPv6 multicast addresses (FF00::/8)
Broadcast addresses Not applicable in IPv6
Unspecified address is 0.0.0.0 Unspecified address is ::
Loopback address is 127.0.0.1 Loopback address is ::1
Public IP addresses Global unicast addresses
Private IP addresses (10.0.0.0/8, Site-local addresses (FEC0::/10)
172.16.0.0/12, and 192.168.0.0/16)
Autoconfigured addresses (169.254.0.0/16) Link-local addresses (FE80::/64)
4.4.4 Internet Control Protocols:
In addition to IP, which is used for data transfer, the Internet has several companion
control protocols that are used in the network layer. They include ICMP, ARP, and DHCP.

1. IMCP—The Internet Control Message Protocol

The operation of the Internet is monitored closely by the routers. When something
unexpected occurs during packet processing at a router, the event is reported to the sender by
the ICMP (Internet Control Message Protocol). ICMP is also used to test the Internet.
About a dozen types of ICMP messages are defined. Each ICMP message type is carried
encapsulated in an IP packet. The most important ones are listed in Fig. 5-60.

The DESTINATION UNREACHABLE message is used when the router cannot locate
the destination or when a packet with the DF bit cannot be delivered because a ‘‘small-packet’’
network stands in the way.
The TIME EXCEEDED message is sent when a packet is dropped because it’s TTL
(Time to live) counter has reached zero. This event is a symptom that packets are looping, or that
the counter values are being set too low.
The PARAMETER PROBLEM message indicates that an illegal value has been detected
in a header field. This problem indicates a bug in the sending host’s IP software or possibly in
the software of a router transited.
The SOURCE QUENCH message was long ago used to throttle hosts that were sending
too many packets. When a host received this message, it was expected to slow down. It is rarely
used anymore because when congestion occurs, these packets tend to add more fuel to the fire
and it is unclear how to respond to them.
The REDIRECT message is used when a router notices that a packet seems to be routed
incorrectly. It is used by the router to tell the sending host to update to a better route.
The ECHO and ECHO REPLY messages are sent by hosts to see if a given destination is
reachable and currently alive. Upon receiving the ECHO message, the destination is expected to
send back an ECHO REPLY message. These messages are used in the ping utility that checks if
a host is up and on the Internet.
The TIMESTAMP REQUEST and TIMESTAMP REPLY messages are similar, except
that the arrival time of the message and the departure time of the reply are recorded in the reply.
This facility can be used to measure network performance.
The ROUTER ADVERTISEMENT and ROUTER SOLICITATION messages are
used to let hosts find nearby routers. A host needs to learn the IP address of at least one router to
be able to send packets off the local network.
2. ARP—The Address Resolution Protocol
Although every machine on the Internet has one or more IP addresses, these addresses are
not sufficient for sending packets. Data link layer NICs (Network Interface Cards) such as
Ethernet cards do not understand Internet addresses. In the case of Ethernet, every NIC ever
manufactured comes equipped with a unique 48-bit Ethernet address. Manufacturers of Ethernet
NICs request a block of Ethernet addresses from IEEE to ensure that no two NICs have the same
address. The NICs send and receive frames based on 48-bit Ethernet addresses. They know
nothing at all about 32-bit IP addresses.
The question now arises, how do IP addresses get mapped onto data link layer addresses,
such as Ethernet? To explain how this works, let us use the example of Fig. 5-61, in which a
small university with two /24 networks is illustrated. One network (CS) is a switched Ethernet in
the Computer Science Dept. It has the prefix 192.32.65.0/24. The other LAN (EE), also switched
Ethernet, is in Electrical Engineering and has the prefix 192.32.63.0/24. The two LANs are
connected by an IP router. Each machine on an Ethernet and each interface on the router has a
unique Ethernet address, labeled E1 through E6, and a unique IP address on the CS or EE
network.

Let us start out by seeing how a user on host 1 sends a packet to a user on host 2 on the
CS network. Let us assume the sender knows the name of the intended receiver, possibly
something like eagle.cs.uni.edu. The first step is to find the IP address for host 2. This lookup
is performed by DNS.
. The upper layer software on host 1 now builds a packet with 192.32.65.5 in the
Destination address field and gives it to the IP software to transmit. The IP software can look
at the address and see that the destination is on the CS network, (i.e., its own network).
However, it still needs some way to find the destination’s Ethernet address to send the frame.
One solution is to have a configuration file somewhere in the system that maps IP addresses
onto Ethernet addresses. While this solution is certainly possible, for organizations with
thousands of machines keeping all these files up to date is an error-prone, time-consuming job.
A better solution is for host 1 to output a broadcast packet onto the Ethernet asking who
owns IP address 192.32.65.5. The broadcast will arrive at every machine on the CS Ethernet,
 and each one will check its IP address. Host 2 alone will respond with its Ethernet address
(E2). In this way host 1 learns that IP address 192.32.65.5 is on the host with Ethernet address
E2. The protocol used for asking this question and getting the reply is called ARP (Address
Resolution Protocol).
At this point, the IP software on host 1 builds an Ethernet frame addressed to E2, puts the
IP packet (addressed to 192.32.65.5) in the payload field, and dumps it onto the Ethernet. The
IP and Ethernet addresses of this packet are given in Fig. 5-61.
Now let us look at Fig. 5-61 again, only this time assume that host 1 wants to send a
packet to host 4 (192.32.63.8) on the EE network. Host 1 will see that the destination IP
address is not on the CS network. It knows to send all such off-network traffic to the router,
which is also known as the default gateway. By convention, the default gateway is the lowest
address on the network (198.31.65.1). To send a frame to the router, host 1 must still know the
Ethernet address of the router interface on the CS network. It discovers this by sending an
ARP broadcast for 198.31.65.1, from which it learns E3. It then sends the frame. The same
lookup mechanisms are used to send a packet from one router to the next over a sequence of
routers in an Internet path. When the Ethernet NIC of the router gets this frame, it gives the
packet to the IP software.
It knows from the network masks that the packet should be sent onto the EE network where it
will reach host 4. If the router does not know the Ethernet address for host 4, then it will use
ARP again. The table in Fig. 5-61 lists the source and destination Ethernet and IP addresses
that are present in the frames as observed on the CS and EE networks. Observe that the
Ethernet addresses change with the frame on each network while the IP addresses remain
constant.
It is also possible to send a packet from host 1 to host 4 without host 1 knowing that host
4 is on a different network. The solution is to have the router answer ARPs on the CS network
for host 4 and give its Ethernet address, E3, as the response. It is not possible to have host 4
reply directly because it will not see the ARP request (as routers do not forward Ethernet-level
broadcasts). The router will then receive frames sent to 192.32.63.8 and forward them onto the
EE network. This solution is called proxy ARP.

3. DHCP—The Dynamic Host Configuration Protocol

With DHCP, every network must have a DHCP server that is responsible for
configuration. When a computer is started, it has a built-in Ethernet or other link layer address
embedded in the NIC, but no IP address. Much like ARP, the computer broadcasts a request for
an IP address on its network. It does this by using a DHCP DISCOVER packet. This packet must
reach the DHCP server. If that server is not directly attached to the network, the router will be
configured to receive DHCP broadcasts and relay them to the DHCP server, wherever it is
located.
When the server receives the request, it allocates a free IP address and sends it to the host
in a DHCP OFFER packet (which again may be relayed via the router). To be able to do this
work even when hosts do not have IP addresses, the server identifies a host using its Ethernet
address (which is carried in the DHCP DISCOVER packet)
An issue that arises with automatic assignment of IP addresses from a pool is for how
long an IP address should be allocated. If a host leaves the network and does not return its IP
address to the DHCP server, that address will be permanently lost. After a period of time, many
addresses may be lost. To prevent that from happening, IP address assignment may be for a fixed
period of time, a technique called leasing. Just before the lease expires, the host must ask for a
DHCP renewal. If it fails to make a request or the request is denied, the host may no longer use
the IP address it was given earlier.