Introduction To Network

Layer
UNIT-3

2
 Introduction to Network Layer
NETWORK-LAYER SERVICES

3
Packetizing
One duty of the network layer is to carry a payload from the source to the destination
without changing it or using it

If the packet is fragmented at the source or at routers along the path, the network layer is
responsible for waiting until all fragments arrive, reassembling them, and delivering them to
the upper-layer protocol.

The routers in the path are not allowed to decapsulate the packets they received unless the
packets need to be fragmented.

The routers are not allowed to change source and destination addresses either.

They just inspect the addresses for the purpose of forwarding the packet to the next network
on the path.

However, if a packet is fragmented, the header needs to be copied to all fragments 4

 Routing and Forwarding
- There might be more than one route from the source to the destination.

- The network layer is responsible for finding the best one among these possible routes.

- The network layer needs to have some specific strategies for defining the best route.

- Routing protocols help the routers coordinate their knowledge about the neighborhood
and to come up with consistent tables to be used when a packet arrives

Forwarding - the action applied by each router when a packet arrives at one of its
interfaces.

The decision-making table a router normally uses for applying this action is sometimes
called the forwarding table and sometimes the routing table.
5
6
 Other Services
Error Control

Designers of the network layer in the Internet ignored this issue

Reason for this decision is the fact that the packet in the network layer may be fragmented at each router,
which makes error checking at this layer inefficient.

However, have added a checksum field to the datagram to control any corruption in the header, but not in the
whole datagram

Although NL does not directly provide error control, the Internet uses an auxiliary protocol, ICMP, that
provides some kind of error control if the datagram is discarded or has some unknown information in the
header

Flow Control:

No direct support
Taken care at higher layers –with buffers 7
 Other Services
Congestion Control:

Too many packets

May occur due to source transmitting too many packets

Some routers drop / increases congestion / mechanism discussed later

Quality of Service:

Multimedia communications- demand

Taken care by upper layer

Security:
To provide security for a connectionless network layer, we need to have another virtual level that changes the
connectionless service to a connection-oriented service. This is virtual layer, called IPSec

8
PACKET SWITCHING
18.2.1 Datagram Approach: Connectionless Service

9
10
Virtual-Circuit Approach: Connection-Oriented
Service

11
Setup Phase

12
Request packet

13
14
15
 NETWORK-LAYER PERFORMANCE
The performance of a network can be measured in terms of delay, throughput, and packet
loss.

Delay
Transmission Delay
Delaytr = (Packet length) / (Transmission rate).
Propagation Delay
Delaypg = (Distance) / (Propagation speed).
Processing Delay
Delaypr = Time required to process a packet in a router or a destination host
Queuing Delay
Delayqu = The time a packet waits in input and output queues in a router
Total Delay
Total delay = (n + 1) (Delaytr + Delaypg + Delaypr) + (n) (Delayqu) 16
NETWORK-LAYER PERFORMANCE
Throughput

Throughput = minimum {TR1, TR2, . . . TRn}.

17
NETWORK-LAYER PERFORMANCE - Throughput

18
NETWORK-LAYER PERFORMANCE

Packet Loss
At routers due to overflow of buffers
Depending on higher layers, retransmission may or may not occur
19
Congestion Control
Congestion at the network layer is related to two issues, throughput and delay

20
Congestion Control
We can divide congestion control mechanisms into two broad categories: open-loop congestion control
(prevention) and closed-loop congestion control (removal).

Open-Loop Congestion Control

Congestion control is handled by either the source or the destination

Retransmission Policy:
Retransmission in general may increase congestion in the network.
The retransmission policy and the retransmission timers must be designed to optimize efficiency and at the
same time prevent congestion.

Window Policy
The type of window at the sender (decision on retransmitted packets) may also affect congestion.
Go-back- N protocol- if among 1-10 pkts, 4th is lost, 4-10 are retransmitted. This duplication may make the
congestion worse
Selective Repeat - in the above scenario, only 4 is retransmitted
The Selective Repeat window is better than the Go-Back-N window for congestion control
21
 Congestion Control
Acknowledgment Policy:
Acknowledgments are also part of the load in a network. Sending fewer acknowledgments means imposing
less load on the network.
A receiver may decide to acknowledge only N packets at a time instead of each.

Discarding Policy:
A good discarding policy by the routers may prevent congestion and at the same time may not harm the
integrity of the transmission.
For ex: in audio transmission, if the policy is to discard less sensitive packets when congestion is likely to
happen, the quality of sound is still preserved and congestion is prevented or alleviated.

Admission Policy:
quality-of-service mechanism

Switches in a flow first check the resource requirement of a flow before admitting it to the network. A router
can deny establishing a virtual-circuit connection if there is congestion in the network or if there is a
possibility of future congestion.
22
 Closed-Loop Congestion
Control Closed-loop congestion control mechanisms try to alleviate congestion after it happens. Several
mechanisms have been used by different protocols.

Backpressure
• a node-to-node congestion control that starts with a node and propagates, in the opposite direction of
data flow, to the source.
• can be applied only to virtual circuit networks, in which each node knows the upstream node from which a
flow of data is coming.

23
Closed-Loop Congestion
Choke Packet

• a packet sent by a node to the source to inform it of congestion

• the warning is from the router, which has encountered congestion, directly to the source
station.
• When a router in the Internet is overwhelmed with IP datagrams, it may discard some of them,
but it informs the source host, using a source quench ICMP message.

24
Closed-Loop Congestion
Implicit Signaling

• there is no communication between the congested node or nodes and the source

• The source guesses that there is congestion somewhere in the network from other symptoms. Like lack of
ACK for long

• Used in TCP congestion control

Explicit Signaling

• The node that experiences congestion can explicitly send a signal to the source or destination.
• Diff:
• In the choke-packet method, a separate packet is used for this purpose;
• in the explicit-signaling method, the signal is included in the packets that carry data.
• Explicit signaling can occur in either the forward or the backward direction. This type of congestion
control can be seen in an ATM network
25
 IPV4 ADDRESSES
- An IPv4 address is a 32-bit address that uniquely and universally defines the
connection of a host or a router to the Internet-NOT HOST OR ROUTER
- IPv4 addresses are unique.
- If a device has two connections to the Internet, via two networks, it has two
IPv4 addresses.

Address Space: 32 BITS –2^32 or 4,294,967,296

Notation:
Dotted-decimal notation
Each number in the dotted-decimal notation is between 0 and 255
32-bit address has 8 hexadecimal digits
26
IPV4 ADDRESSES

27
 Hierarchy in Addressing
- In a postal network, the postal
address (mailing address) includes the
country, state, city, street, house
number and recipient name
- A telephone number is divided into
the country code, area code, local
exchange, and the connection
- A 32-bit IPv4 address is also
hierarchical, but divided only into two
parts. The first part of the address,
called the prefix, defines the
network; the second part of the
address, called the suffix, defines the
node (connection of a device to the
Internet).
28
ADDRESSING

Classful addressing –Fixed length prefixes

Classless addressing – Variable length prefixes

The whole address space was divided into five classes

(class A, B, C, D, and E).

This scheme is referred to as classful addressing.

29
CLASSFUL ADDRESSING

30
 Classful addressing-
Disadvantages/Problems
Address Depletion:

Classful addressing has become obsolete because of address depletion.

Since the addresses were not distributed properly, shortage of IP addresses

were faced by both organization and individuals

Ex. Class A – 8 + 24 -> 128 (2^7) organizations were given (2^24=16,777,216

nodes)

Same with Class B, reversed with Class C – very less IP address for each
network
31
 Solution-1:
Subnetting :
Divide a large block into smaller ones
In subnetting, a class A or class B block is divided into several subnets. Each
subnet has a larger prefix length than the original network.
This idea did not work because most large organizations were not happy about
dividing the block and giving some of the unused addresses to smaller
organizations.

Supernetting:
Supernetting was devised to combine several class C blocks into a larger block
organizations that need more than the 256 addresses available in a class C block.
This idea did not work either because it makes the routing of packets more
difficult. 32
 Solution-2: Classless Addressing
- The larger address space, however, requires that the length of IP addresses
also be increased, which means the format of the IP packets needs to be
changed.
- The short-term solution still uses IPv4 addresses, but it is called classless
addressing.
- Internet authorities announced a new architecture called classless
addressing.
In classless addressing, variable-length blocks are used that belong to no
classes.
The number of addresses in a block needs to be a power of 2.

The size of the network is inversely proportional to the length of the prefix.
A small prefix means a larger network; a large prefix means a smaller network.33
Classless Addressing

Prefix Length: Slash Notation or classless interdomain routing or CIDR

34
Classless Addressing
Extracting Information from an Address
N🡪 Number of addresses in the block, n 🡪 Prefix length

Three pieces of information are important

The number of addresses,
The first address in the block, and
The last address
1. The number of addresses in the block is found as N = 2^(32−n) .
2. To find the first address, we keep the n leftmost bits and set the (32 − n) rightmost bits
all to 0s.
3. To find the last address, we keep the n leftmost bits and set the (32 − n) rightmost bits
all to 1s.

A classless address is given as 167.199.170.82/27. We can find the above three pieces of
information as follows. The number of addresses in the network is 2^(32 − n) = 2^5 = 32
35
addresses.
36
 Classless Addressing
Address Mask
Another way to find the first and last addresses in the block is to use the
address mask.
The address mask is a 32-bit number in which the n leftmost bits are set to 1s
and the rest of the bits (32 − n) are set to 0s.
The reason for defining a mask in this way is that it can be used by a
computer program to extract the information in a block, using the three
bit-wise operations NOT, AND, and OR.
1. The number of addresses in the block N = NOT (mask) + 1.
2. The first address in the block = (Any address in the block) AND (mask).
3. The last address in the block = (Any address in the block) OR [(NOT
(mask)].
37
38
39
Sub-netting:
An organization (or an ISP) that is granted a range of addresses may divide the range into
several sub-ranges and assign each sub-range to a sub-network (or subnet).
A sub-network can be divided into several sub-sub-networks.

Designing Subnets
We assume the total number of addresses granted to the organization is N, the prefix
length is n, the assigned number of addresses to each sub-network is Nsub, and the prefix
length for each sub-network is nsub.

Then the following steps need to be carefully followed to guarantee the proper operation
of the sub-networks.

The number of addresses in each sub-network should be a power of 2.

The prefix length for each sub-network should be found using the following formula:
40
41
42
Address Aggregation One of the advantages of the CIDR strategy is address aggregation
(sometimes called address summarization or route summarization). When blocks of
addresses are combined to create a larger block, routing can be done based on the prefix
of the larger block. ICANN assigns a large block of addresses to an ISP. Each ISP in turn
divides its assigned block into smaller sub-blocks and grants the sub-blocks to its
customers

43
 Special Addresses
we need to mention five special addresses that are used for special purposes: this-host address, limited-broadcast
address, loopback address, private addresses, and multicast addresses.
This-host Address The address in the block 0.0.0.0/32 is called the this-host address. It is used whenever a host
needs to send an IP datagram but it does not know its own address to use as the source address.
Limited-broadcast Address The only address in the block 255.255.255.255/32 is called the limited-broadcast address. It is
used whenever a router or a host needs to send a datagram to all devices in a network. The routers in the network,
however, block the packet having this address as the destination; the packet cannot travel outside the network.

Loopback Address The address in the block 127.0.0.0/8 is called the loopback address. A packet with one of the
addresses in this block as the destination address never leaves the host; it will remain in the host. Any address in the
block is used to test a piece of software in the machine. For example, we can write a client and a server program in which
one of the addresses in the block is used as the server address. We can test the programs using the same host to see if
they work before running them on different computers.

Private Addresses Four blocks are assigned as private addresses: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, and
169.254.0.0/16. We will see the applications of these addresses when we discuss NAT later in the chapter.

Multicast Addresses The block 224.0.0.0/4 is reserved for multicast addresses

44
 Dynamic Host Configuration Protocol (DHCP)
- A large organization or an ISP can receive a block of addresses directly from ICANN (Internet Corporation for
Assigned Names and Numbers) and a small organization can receive a block of addresses from an ISP

- Address assignment in an organization can be done manually by network administrator or when huge
automatically using the Dynamic Host Configuration Protocol (DHCP).

- DHCP is an application-layer program, using the client-server paradigm, that actually helps TCP/IP at the
network layer.

- Often called a plug and-play protocol.

A network manager can configure DHCP to assign permanent IP addresses to the host and routers.

DHCP can also be configured to provide temporary, on demand, IP addresses to hosts. Ex. provide temporary
IP address to a traveller to connect her laptop to the Internet while she is staying in the hotel.

Four pieces of information are normally needed: the computer address, the prefix, the address of a router,
and the IP address of a name server. DHCP can be used to provide these pieces of information to the host.
45
Dynamic Host Configuration Protocol (DHCP)

46
Dynamic Host Configuration Protocol (DHCP)
The 64-byte option field has a dual purpose.
It can carry either additional information or some specific vendor information.
The server uses a number, called a magic cookie, in the format of an IP address with the value of 99.130.83.99.
When the client finishes reading the message, it looks for this magic cookie.
If present, the next 60 bytes are options.
An option is composed of three fields: a 1-byte tag field, a 1-byte length field, and a variable-length value field. There
are several tag fields that are mostly used by vendors. If the tag field is 53, the value field defines one of the 8 message
types shown in Figure 18.26. We show how these message types are used by DHCP.

47
48
 Dynamic Host Configuration Protocol (DHCP)
Two Well-Known Ports

Uses port 67 for server and 68 for the client.

Using FTP

In the DHCPACK message, the server defines the pathname of a file in which the client can find complete
information such as the address of the DNS server. The client can then use a file transfer protocol to obtain the
rest of the needed information.

Error Control
DHCP uses the service of UDP, which is not reliable. To provide error control, DHCP uses two strategies.
First, DHCP requires that UDP use the checksum- the use of the checksum in UDP is optional.
Second, the DHCP client uses timers and a retransmission policy if it does not receive the DHCP reply to a
request.

49
DHCP - Transition States

50
Network Address Resolution (NAT)
Assume that an ISP has granted a small range of addresses to a small business or a household.

If the business grows or the household needs a larger range, the ISP may not be able to grant the demand
because the addresses before and after the range may have already been allocated to other networks.

In most situations, however, only a portion of computers in a small network need access to the Internet
simultaneously.

The business can use 20 (or 25) addresses from the private block addresses (discussed before) for internal
communication; five addresses for universal communication can be assigned by the ISP.

A technology that can provide the mapping between the private and universal addresses, and at the same
time support virtual private networks is Network Address Translation (NAT).

The site must have only one connection to the global Internet through a NAT-capable router that runs NAT
software

51
Network Address Translation (NAT)

52
Network Address Translation (NAT)

NAT

53
54
Using a Pool of IP Addresses
The use of only one global address by the NAT router allows only one private-network host to access a given
external host. To remove this restriction, the NAT router can use a pool of global addresses.

Instead of using only one global address (200.24.5.8), the NAT router can use four addresses (200.24.5.8,
200.24.5.9, 200.24.5.10, and 200.24.5.11).

Four private-network hosts can communicate with the same external host at the same time because each pair
of addresses defines a separate connection.
Drawbacks:
No more than four connections can be made to the same destination.
No private-network host can access two external server programs (e.g., HTTP and TELNET) at the same
time.
two private-network hosts cannot access the same external server program (e.g., HTTP or TELNET) at the
same time.

55
Using Both IP Addresses and Port Addresses

56
INTERNET PROTOCOL (IP)
Functions: Packetization, Forwarding and delivery of a packet at the
network layer

IPv4 is an unreliable datagram protocol—a best-effort delivery service.

IPv4 is also a connectionless protocol that uses the datagram approach.

The term best-effort means that IPv4 packets can be corrupted, be lost,
arrive out of order, or be delayed, and may create congestion for the
network.

If reliability is important, IPv4 must be paired with a reliable

transport-layer protocol such as TCP 57
INTERNET PROTOCOL (IP)

58
59
- The protocol field in the IP header identifies the type of
protocol being used, as shown in the above table. This field helps
the destination to deliver the data to the respective higher layer
protocols. 60
Fragmentation
- Every packet travels through different networks while going from
source to destination.
- Each network uses different protocols and have different packet
formats and sizes.
- Hence, every network has a limit on the size of the payload that it
can transmit, which also depends on the hardware and software
used.
- If the IP packet is too large to be handled by the network, the
router fragments it into smaller fragments. This is called
fragmentation.
- The limit on the payload size is called Maximum Transfer Unit.
61
62
Fields related to fragmentation
- There are 3 fields related to fragmentation in the IP header.
1. Identification: This field is like a packet ID, that uniquely
identifies each IP packet. When it is fragmented, all fragments
have the same ID. This helps the destination in reassembling all
fragments having same ID.
2. Flags: There are 3 flag bits. The first bit is reserved. The second
bit is a D bit, called do not fragment. If set to 1, the IP packet will
not be fragmented. Otherwise, it can be fragmented. The third bit
is a M bit, called more fragment bit. If it is set to 1, then there are
more fragments to follow, if 0, then this is the last fragment of the
packet.
63
3. 13-bit fragmentation offset: Shows the relative position of the
fragment with respect to the whole datagram.
It is measured in terms of 8 bytes.

64
65
Reassembly
- A datagram may be fragmented either by source or by the
intermediate router.
- The fragments can travel through different paths, arrive out of
order.
- The reassembly of all the fragments belonging to a packet is done
at the receiver side.
- Reassembly is done based on the following strategy:

66
67
68
69
 OPTIONS
The header of the IPv4 datagram is made of two parts:
a fixed part and a variable part.

The fixed part is 20 bytes long and was discussed in the previous
section. The variable part comprises the options that can be a
maximum of 40 bytes (in multiples of 4-bytes) to preserve the
boundary of the header.

Options are divided into two broad categories: single-byte options

and multiple-byte options.

70
Single-Byte Options:
There are two single-byte options.
No Operation A no-operation option is a 1-byte option used as a filler
between options.
End of Option An end-of-option option is a 1-byte option used for padding
at the end of the option field.

71
Multiple-Byte Options
There are four multiple-byte options.

Record Route : A record route option is used to record the Internet routers that handle the datagram. It can list
up to nine router addresses. It can be used for debugging and management purposes.

Strict Source Route A strict source route option is used by the source to predetermine a route for the datagram
as it travels through the Internet. Dictation of a route by the source can be useful for several purposes. The
sender can choose a route with a specific type of service, such as minimum delay or maximum throughput.
Alternatively, it may choose a route that is safer or more reliable for the sender’s purpose. For example, a
sender can choose a route so that its datagram does not travel through a competitor’s network.

Loose Source Route A loose source route option is similar to the strict source route, but it is less rigid. Each
router in the list must be visited, but the datagram can visit other routers as well.

Timestamp A timestamp option is used to record the time of datagram processing by a router. The time is
expressed in milliseconds from midnight, Universal time or Greenwich mean time. Knowing the time a
datagram is processed can help users and managers track the behavior of the routers in the Internet. We can
estimate the time it takes for a datagram to go from one router to another. We say estimate because, although
all routers may use Universal time, their local clocks may not be synchronized.

72
 Security of IPv4 Datagrams
Packet Sniffing
- Encryption is needed to make it secure.
Packet Modification
- A data integrity mechanism.
IP Spoofing
- Masquerade as somebody else.
- Origin authentication mechanism.
IPSec
Defining Algorithms and Keys
Packet Encryption
Data Integrity - MD5, SHA
Origin Authentication

73
ICMPV4
• The IPv4 has no error-reporting or error-correcting mechanism
• The IP protocol also lacks a mechanism for host and management
queries
• Internet Control Message Protocol version 4 (ICMPV4), companion to
the IP protocol overcomes these two shortcomings
• messages are not passed directly to the data-link layer. First
encapsulated inside IP datagrams before going to the lower layer.
When an IP datagram encapsulates an ICMP message, the value of
the protocol field in the IP datagram is set to 1 to indicate that the IP
payroll is an ICMP message

74
ICMP
•ICMP messages are divided into two broad categories:
• error-reporting messages report problems that a router or a host
(destination) may encounter when it processes an IP packet.
• query messages- occur in pairs help a host or a network manager
get specific information from a router or another host
• An ICMP message has an 8-byte header and a variable-size data
section.
• Type- defines the type of the message.
• code - specifies the reason for the particular message type.
• The last common field is the checksum field
• The rest of the header is specific for each message type

75
ICMP

76
ICMP
• error messages -carries information for finding the original packet
that had the error.
• Query messages, the data section carries extra information based on
the type of query.
• Error Reporting Messages
• main responsibilities of ICMP is to report some errors that may occur during
the processing of the IP datagram.
• ICMP does not correct errors, it simply reports them.
• Are always sent to the original source because the only information available
in the datagram about the route is the source and destination IP addresses.

77
ICMP
• ICMP follows some rules in reporting messages.
• First, no error message will be generated for a datagram having a multicast
address or special address (such as this host or loopback).
• Second, no ICMP error message will be generated in response to a datagram
carrying an ICMP error message.
• Third, no ICMP error message will be generated for a fragmented datagram that is
not the first fragment.
• Note that all error messages contain a data section that includes the IP header of
the original datagram plus the first 8 bytes of data in that datagram. The original
datagram header is added to give the original source, which receives the error
message, information about the datagram itself. The 8 bytes of data are included
because the first 8 bytes provide information about the port numbers (UDP and
TCP) and sequence number (TCP). This information is needed so the source can
inform the protocols (TCP or UDP) about the error.

78
ICMP
ICMP forms an error packet, which is then encapsulated in an IP datagram

79
ICMP
• Destination Unreachable (type 3).
• This message uses different codes (0 to 15) to define the type of error message and the reason why a datagram
has not reached its final destination. For example, code 0 -when we use the HTTP protocol to access a web
page, but the server is down. The message “destination host is not reachable” is created and sent back to the
source.
• Source Quench (type 4)
• informs the sender that the network has encountered congestion and the datagram has been dropped; the
source needs to slow down sending more datagrams. In other words, ICMP adds a kind of congestion control
mechanism to the IP protocol by using this type of message.
• Redirection Message (type 5)
• used when the source uses a wrong router to send out its message. The router redirects the message to the
appropriate router, but informs the source that it needs to change its default router in the future. The IP
address of the default router is sent in the message.
• We discussed the purpose of the time-to-live (TTL) field in the IP datagram and explained that it prevents a
datagram from being aimlessly circulated in the Internet. When the TTL value becomes 0, the datagram is
dropped by the visiting router and a time exceeded message (type 11) with code 0 is sent to the source to
inform it about the situation. The time-exceeded message (with code 1) can also be sent when not all
fragments of a datagram arrive within a predefined period of time.
• Parameter Problem (type 12)
• when either there is a problem in the header of a datagram (code 0) or some options are missing or cannot be
interpreted (code 1).

80
ICMP
• Query Messages
• can be used independently without relation to an IP datagram.
• a query message needs to be encapsulated in a datagram, as a carrier.
• Query messages are used to probe or test the liveliness of hosts or routers in
the Internet, find the one-way or the round-trip time for an IP datagram
between two devices, or even find out whether the clocks in two devices are
synchronized.
• query messages come in pairs: request and reply. The echo request (type 8)
and the echo reply (type 0) pair of messages are used by a host or a router to
test the liveliness of another host or router. A host or router sends

81
ICMP
• an echo request message to another host or router; if the latter is alive, it
responds with an echo reply message.
• applications of this pair in two debugging tools: ping and traceroute.
• The timestamp request (type 13) and the timestamp reply (type 14) pair of
messages are used to find the round-trip time between two devices or to
check whether the clocks in two devices are synchronized.
• The timestamp request message sends a 32-bit number, which defines the time the
message is sent.
• The timestamp reply resends that number, but also includes two new 32-bit
numbers representing the time the request was received and the time the response
was sent. If all timestamps represent Universal time, the sender can calculate the
one-way and round-trip time.

82
Deprecated Messages
• Three pairs of messages are declared obsolete by IETF:
• 1. Information request and replay messages –done by Address
Resolution Protocol (ARP)
• 2. Address mask request and reply messages -done by the Dynamic
Host Configuration Protocol (DHCP)
• 3. Router solicitation and advertisement messages are not used
today- done by the Dynamic Host Configuration Protocol (DHCP)

83
Debugging Tools
• There are several tools that can be used in the Internet for debugging.
• To determine the viability of a host or router.
• We can trace the route of a packet.
• We introduce two tools that use ICMP for debugging: ping and traceroute.
• Ping-
• Program is used to find if a host is alive and responding.
• to see how it uses ICMP packets.
• The source host sends ICMP echo-request messages; the destination, if alive, responds with
ICMP echo-reply messages.
• The ping program sets the identifier field in the echo-request and echo-reply message and
starts the sequence number from 0; this number is incremented by 1 each time a new
message is sent.
• that ping can calculate the round-trip time. It inserts the sending time in the data section of
the message. When the packet arrives, it subtracts the arrival time from the departure time to
get the round-trip time (RTT).

84
Example
• The following shows how we send a
ping message to the auniversity.edu
site.
• We set the identifier field in the
echo request and reply message and
start the sequence number from 0;
this number is incremented by one
each time a new message is sent.
• Note that ping can calculate the
round-trip time. It inserts the
sending time in the data section of
the message.
• When the packet arrives, it subtracts
the arrival time from the departure
time to get the round-trip time (rtt).

85
Traceroute or Tracert
• The traceroute program in UNIX or tracert in Windows can be used to
trace the path of a packet from a source to the destination.
• It can find the IP addresses of all the routers that are visited along the
path.
• The program is usually set to check for the maximum of 30 hops
(routers) to be visited.
• The number of hops in the Internet is normally less than this. Since
these two programs behave differently in Unix and Windows, we
explain them separately

86
 Traceroute
• the traceroute program gets help from two error-reporting messages: time-exceeded and destination-unreachable.
• The traceroute is an application layer program, there is no traceroute server program but only the client program is needed, because,
as we can see, the client program never reaches the application layer in the destination host.
• The traceroute application program is encapsulated in a UDP user datagram, but traceroute intentionally uses a port number that is
not available at the destination.
• If there are n routers in the path, the traceroute program sends (n + 1) messages. The first n messages are discarded by the n routers,
one by each router; the last message is discarded by the destination host.
• The traceroute client program uses the (n + 1) ICMP error-reporting messages received to find the path between the routers.
• the value of n is found automatically.
• In Figure 19.10, the value of n is 3.
• The first traceroute message is sent with time-to-live (TTL) value set to 1; the message is discarded at the first router and a
time-exceeded ICMP error message is sent, from which the traceroute program can find the IP address of the first router (the source
IP address of the error message) and the router name (in the data section of the message).
• The second traceroute message is sent with TTL set to 2, which can find the IP address and the name of the second router.
• Similarly, the third message can find the information about router 3.
• The fourth message, however, reaches the destination host.
• This host is also dropped, but for another reason. The destination host cannot find the port number specified in the UDP user
datagram.
• This time ICMP sends a different message, the destination-unreachable message with code 3 to show the port number is not found.
After receiving this different ICMP message, the traceroute program knows that the final destination is reached. It uses the
information in the received message to find the IP address and the name of the final destination.
87
88
ICMP Checksum
• In ICMP the checksum is calculated
over the entire message (header
and data).
• Figure 19.11 shows an example of
checksum calculation for a simple
echo-request message. We
randomly chose the identifier to
be 1 and the sequence number to
be 9. The message is divided into
16-bit (2-byte) words. The words
are added and the sum is
complemented. Now the sender
can put this value in the checksum
field.

89