Regulation 2022(CBCS) BEC702-Computer Networks and Protocols
Module - 3 – Network Layer
Internet Protocols
The network layer in version 4 can be thought of as one main protocol and three auxiliary.
➢ Internet Protocol version 4 (IPv4), is responsible for packetizing, forwarding, and delivery
of a packet at the network layer.
➢ The Internet Control Message Protocol version 4 (ICMPv4) helps IPv4 to handle some
errors that may occur in the network-layer delivery.
➢ The Internet Group Management Protocol (IGMP) is used to help IPv4 in multicasting.
➢ The Address Resolution Protocol (ARP) is used to glue the network and data-link layers in
mapping network-layer addresses to link-layer addresses.
IPv4:
❖ The Interne Internet Protocol version 4 (IPv4) is the deliver delivery mechanism used by
the TCP/IP protocols.
❖ IPv4 is an unreliable and connectionless datagram protocol called as best-effort delivery
service.
❖ For reliability, IPv4 must be paired with a reliable protocol such as TCP.
❖ Each datagram is handled independently, and each datagram can follow a different route to
the destination.
❖ IPv4 relies on a higher-level protocol to take care of packet lost or corrupted during
transmission
Position of IPv4 in TCP/IP protocol suite
Datagram
Packets in the IPv4 layer are called datagram’s. The fig shows the IPv4 datagram format.
A datagram is a variable-length packet consisting of two parts: Header and Data. The header is 20
to 60 bytes in length, contains information to routing and delivery.
❖ Version (VER): This 4-bit field defines the version of the IPv4 protocol. This field tells the IPv4
software running in the processing machine that the datagram has the format of version 4.
Prepared by Dr Ahila A/ Prof. Manjunath.M, Dept. of ECE, Sri Sairam College of Engineering, Anekal. 1
� Regulation 2022(CBCS) BEC702-Computer Networks and Protocols
❖ Header length (HLEN): This 4-bit field defines the total length of the datagram header in 4-
byte words. This field is needed because the length of the header is variable (between 20 and 60
bytes). Minimum field size is 5 (5 × 4 = 20) and its maximum field size is 15 (15 × 4 = 60).
IPv4 datagram format
❖ Services: Name of this 8-bit field is previously called service type, and is renamed as
differentiated services.
Below shows the interpretation of both services:
Service Type: Differentiated Services:
➢ The first 3 bits are called precedence bits.
➢ The next 4 bits are called type of service ➢ The first 6 bits make up the code point
(TOS) bits, and subfield, and the last 2 bits are not used.
➢ The last bit is not used.
➢ The code point subfield can be used in two
➢ Precedence is a 3-bit subfield ranging from different ways.
0 (000 in binary) to 7 (111 in binary), defines
the priority of the datagram in issues such as ➢ Rightmost 3 bits are 0s and leftmost 3 bits
congestion. are precedence bits.
➢ During router congestion lowest priority ➢ The 6 bits define 64 services based on the
datagram’s are discarded first. priority assignment by the Internet or local
Prepared by Dr Ahila A/ Prof. Manjunath.M, Dept. of ECE, Sri Sairam College of Engineering, Anekal. 2
� Regulation 2022(CBCS) BEC702-Computer Networks and Protocols
authorities.
Type of Service (TOS) bits is a 4-bit subfield with
➢ The first category contains 32(numbers 0, 2,
each bit having a special meaning. Although a bit
4, . . . , 62) service types assigned by internet
can be either 0 or 1, one and only one of the bits authorities.
can have the value of 1 in each datagram and
have five different types of services. ➢ The second category contains 16 (3, 7, 11,
15,…, 63) can be used by local authorities.
➢ The third category contains 16 (1, 5, 9,….61)
is temporary and can be used for
experimental purposes.
➢ Application programs can request a specific
type of service.
➢ The defaults for some Applications ICMP,
BOOTP, NNTP, IGP, SNMP, TELNET, FTP,
TFTP, SMTP, DNS.
➢ Interactive activities need minimum delay
for immediate attention and response.
➢ Activities that send bulk data require
maximum throughput.
➢ Management activities need maximum
reliability.
➢ Background activities need minimum cost.
Prepared by Dr Ahila A/ Prof. Manjunath.M, Dept. of ECE, Sri Sairam College of Engineering, Anekal. 3
� Regulation 2022(CBCS) BEC702-Computer Networks and Protocols
❖ Total length: This is a 16-bit field that defines the total length (header plus data) of the IPv4
datagram in bytes.
❖ Length of data = total length − header length
Since the field length is 16 bits, the total length of the IPv4 datagram is limited to 65,535 (216 −
1) bytes, of which 20 to 60 bytes are the header and the rest is data from the upper layer.
Ethernet protocol has a minimum and maximum restriction on the size of data that can be
encapsulated in a frame (46 to 1500 bytes). If the size of an IPv4 datagram is less than 46 bytes,
some padding will be added to meet this requirement. The mechanism of decapsulation needs
to check the total length field to determine real data and padding.
❖ Identification: This field is used in fragmentation.
❖ Flags: This field is used in fragmentation.
❖ Fragmentation offset: This field is used in fragmentation.
❖ Time to live: A datagram has a limited lifetime in its travel through an internet. This field was
originally designed to hold a timestamp, which was decremented by each visited router. This
field is used mostly to control the maximum number of hops (routers) visited by the datagram.
This field limits the lifetime of a datagram which travel between two or more routers for a long
time without ever getting delivered to the destination host.
❖ Protocol: This 8-bit field defines the higher-level protocol that uses the services of the IPv4 layer
and specifies the final destination protocol to which the IPv4 datagram is delivered. An IPv4
datagram can encapsulate data from several higher-level protocols such as TCP, UDP, ICMP, and
IGMP.
❖ Checksum: The checksum concept is like error detection and correction.
❖ Source address: This 32-bit field defines the IPv4 address of the source. This field must
remain unchanged during travels from the source host to the destination host.
❖ Destination address: This 32-bit field defines the IPv4 address of the destination. This field
must remain unchanged during travels from the source host to the destination host.
Example: 1
Prepared by Dr Ahila A/ Prof. Manjunath.M, Dept. of ECE, Sri Sairam College of Engineering, Anekal. 4
� Regulation 2022(CBCS) BEC702-Computer Networks and Protocols
An IPv4 packet has arrived with the first 8 bits as (01000010)2. The receiver discards the packet.
Why?
Solution:
There is an error in this packet.
The 4 leftmost bits (0100)2 show the version, which is correct.
The next 4 bits (0010)2 show an invalid header length (2 × 4 = 8).
The minimum number of bytes in the header must be 20.
The packet has been corrupted in transmission.
Example: 2
In an IPv4 packet, the value of HLEN is (1000)2. How many bytes of options are being carried by
this packet?
Solution:
The HLEN value is 8, which means the total number of bytes in the header is 8 × 4, or 32 bytes.
The first 20 bytes are the base header; the next 12 bytes are the options.
Prepared by Dr Ahila A/ Prof. Manjunath.M, Dept. of ECE, Sri Sairam College of Engineering, Anekal. 5
� Regulation 2022(CBCS) BEC702-Computer Networks and Protocols
Example: 3
In an IPv4 packet, the value of HLEN is 5, and the value of the total length field is (0028)16. How
many bytes of data are being carried by this packet?
Solution:
The HLEN value is 5, which means the total number of bytes in the header is 5 × 4, or 20 bytes (no
options).
The total length is (0028)16 or 40 bytes, which means the packet is carrying 20 bytes of data (40 −
20).
Example: 4
An IPv4 packet has arrived with the first few hexadecimal digits as shown.
(45000028000100000102…) 16
How many hops can this packet travel before being dropped? The data belong to what upper-layer
protocol?
Solution:
To find the time-to-live field, we skip 8 bytes (16 hexadecimal digits).
(45000028000100000102…) 16
The time-to-live field is the ninth byte, which is (01)16. This means the packet can travel only one
hop.
The protocol field is the next byte (02)16, which means that the upper-layer protocol is IGMP.
Example: 5
Figure shows an example of a checksum calculation for an IPv4 header without options. The header
is divided into 16-bit sections. All the sections are added and the sum is complemented after
wrapping the leftmost digit.
The result is inserted in the checksum field.
Note that the calculation of wrapped sum and checksum can also be done as follows in hexadecimal:
Checksum = Complement of Sum.
Prepared by Dr Ahila A/ Prof. Manjunath.M, Dept. of ECE, Sri Sairam College of Engineering, Anekal. 6
� Regulation 2022(CBCS) BEC702-Computer Networks and Protocols
Fragmentation
A datagram can travel through different networks. Each router decapsulates the IPv4 datagram
from the frame it receives, processes it, and then encapsulates it in another frame. The format and
size of the sent frame depend on the protocol used by the physical network through which the frame
is going to travel.
Maximum Transfer Unit (MTU)
Each data link layer protocol has its own frame format in most protocols. One of the fields defined
in the format is the maximum size of the data field. In other words, when a datagram is encapsulated
in a frame, the total size of the datagram must be less than this maximum size, which is defined by
the restrictions imposed by the hardware and software used in the network. The value of the MTU
depends on the physical network protocol.
Table shows the values for some protocols.
Fields Related to Fragmentation
The fields that are related to fragmentation and reassembly of an IPv4 datagram are the
IDENTIFICATION, FLAGS, and FRAGMENTATION OFFSET fields.
Identification: This 16-bit field identifies a datagram originating from the source host. The
combination of the identification and source IPv4 address must uniquely define a datagram as it
leaves the source host.
Flags: This is a 3-bit field.
❖ The first bit is reserved.
❖ The second bit is called the do not fragment bit. If its value is 1, the machine must not fragment
the datagram; it discards the datagram and sends an ICMP error message to the source host. If
its value is 0, the datagram can be fragmented if necessary.
❖ The third bit is called the more fragment bit. If its value is 1, it means the datagram is not the last
fragment; there are more fragments after this one. If its value is 0, it means this is the last or
only fragment.
Prepared by Dr Ahila A/ Prof. Manjunath.M, Dept. of ECE, Sri Sairam College of Engineering, Anekal. 7
� Regulation 2022(CBCS) BEC702-Computer Networks and Protocols
Fragmentation offset:
❖ This 13-bit field shows the relative position of this fragment with respect to the whole datagram.
❖ The offset of the data in the original datagram measured in units of 8 bytes.
❖ Datagram with a data size of 4000 bytes fragmented into three fragments.
❖ The bytes in the original datagram are numbered 0 to 3999.
❖ The first fragment carries bytes 0 to 1399. The offset for this datagram is 0/8 = 0.
❖ The second fragment carries bytes 1400 to 2799; the offset value for this fragment is 1400/8 =
175.
❖ Finally, the third fragment carries bytes 2800 to 3999. The offset value for this fragment is
2800/8 = 350.
❖ Remember that the value of the offset is measured in units of 8 bytes. This is done because the
length of the offset field is only 13 bits and cannot represent a sequence of bytes greater than
8191. This forces hosts or routers that fragment datagram’s to choose a fragment size so that
the first byte number is divisible by 8.
The identification field is the same in all fragments and the value of the flags field with the more bit
set for all fragments except the last. Also, the value of the offset field for each fragment is shown.
The below figure shows a fragment itself is fragmented. In this case the value of the offset field is
always relative to the original datagram.
For example, in the figure, the second fragment is itself fragmented later to two fragments of 800
bytes and 600 bytes, but the offset shows the relative position of the fragments to the original data.
It is obvious that even if each fragment follows a different path and arrives out of order, the final
destination host can reassemble the original datagram from the fragments received (if none of them
is lost) by using the following strategy:
Prepared by Dr Ahila A/ Prof. Manjunath.M, Dept. of ECE, Sri Sairam College of Engineering, Anekal. 8
� Regulation 2022(CBCS) BEC702-Computer Networks and Protocols
1. The first fragment has an offset field value of zero.
2. Divide the length of the first fragment by 8. The second fragment has an offset value equal
to that result.
3. Divide the total length of the first and second fragments by 8. The third fragment has an
offset value equal to that result.
4. Continue the process. The last fragment has a more bit value of 0.
Prepared by Dr Ahila A/ Prof. Manjunath.M, Dept. of ECE, Sri Sairam College of Engineering, Anekal. 9
� Regulation 2022(CBCS) BEC702-Computer Networks and Protocols
Example: 6
A packet has arrived with an M bit value of 0. Is this the first fragment, the last fragment, or a
middle fragment? Do we know if the packet was fragmented?
Solution:
If the M bit is 0, it means that there are no more fragments; the fragment is the last one.
However, we cannot say if the original packet was fragmented or not. A non-fragmented packet is
considered the last fragment.
Example: 7
A packet has arrived with an M bit value of 1. Is this the first fragment, the last fragment, or a
middle fragment? Do we know if the packet was fragmented?
Solution:
If the M bit is 1, it means that there is at least one more fragment.
This fragment can be the first one or a middle one, but not the last one.
We don’t know if it is the first one or a middle one; we need more information (the value of the
fragmentation offset).
Example: 8
A packet has arrived with an M bit value of 1 and a fragmentation offset value of 0. Is this the first
fragment, the last fragment, or a middle fragment?
Solution:
Because the M bit is 1, it is either the first fragment or a middle one. Because the offset value is 0, it
is the first fragment.
Example: 9
A packet has arrived in which the offset value is 100. What is the number of the first byte? Do we
know the number of the last byte?
Solution:
To find the number of the first byte, we multiply the offset value by 8.
This means that the first byte number is 800.
We cannot determine the number of the last byte unless we know the length of the data.
Example: 10
A packet has arrived in which the offset value is 100, the value of HLEN is 5, and the value of the
total length field is 100. What are the numbers of the first byte and the last byte?
Solution:
The first byte number is 100 × 8 = 800. The total length is 100 bytes, and the header length is 20
bytes (5 × 4), which means that there are 80 bytes in this datagram.
If the first byte number is 800 and the last byte number must be 879.
Prepared by Dr Ahila A/ Prof. Manjunath.M, Dept. of ECE, Sri Sairam College of Engineering, Anekal. 10
� Regulation 2022(CBCS) BEC702-Computer Networks and Protocols
Options:
❖ The header of the IPv4 datagram is made of two parts: Fixed part and Variable part.
❖ The fixed part is 20 bytes long
❖ The variable part comprises the options that can be a maximum of 40 bytes.
❖ Options, as the name implies, are not required for a datagram. They can be used for
network testing and debugging.
No Operation
A no-operation option is a 1-byte option used as filler between options.
End of Option
An end-of-option option is a 1-byte option used for padding at the end of the option field. It,
however, can only be used as the last option.
Record Route
A record route option is used to record the Internet routers that handle the datagram. It can list up
to nine router addresses. It can be used for debugging and management purposes.
Strict Source Route
❖ A strict source route option is used by the source to predetermine a route for the datagram
as it travels through the Internet.
❖ Dictation of a route by the source can be useful for several purposes.
❖ The sender can choose a route with a specific type of service, such as minimum delay or
maximum throughput. Alternatively, it may choose a route that is safer or more reliable for
the sender’s purpose.
Example:
❖ If a datagram specifies a strict source route, all the routers defined in the option must be
visited by the datagram.
❖ A router must not be visited if its IPv4 address is not listed in the datagram.
❖ If the datagram visits a router that is not on the list, the datagram is discarded and an error
message is issued.
❖ If the datagram arrives at the destination and some of the entries were not visited, it will
also be discarded and an error message issued.
Loose Source Route
A loose source route option is similar to the strict source route, but it is less rigid. Each router in the
list must be visited, but the datagram can visit other routers as well.
Timestamp
A timestamp option is used to record the time of datagram processing by a router.
The time is expressed in milliseconds from midnight, Universal time or Greenwich meantime.
Knowing the time a datagram is processed can help users and managers track the behavior of the
routers in the Internet. We can estimate the time it takes for a datagram to go from one router to
another. We say estimate because, although all routers may use Universal time, their local clocks
may not be synchronized.
Prepared by Dr Ahila A/ Prof. Manjunath.M, Dept. of ECE, Sri Sairam College of Engineering, Anekal. 11
� Regulation 2022(CBCS) BEC702-Computer Networks and Protocols
Drawbacks of IPv4
IPv4 has some deficiencies that make it unsuitable for the fast-growing Internet.
➢ Despite all short-term solutions, such as subnetting, classless addressing, NAT, address
depletion is still a long-term problem in the Internet.
➢ Transmission requires minimum delay strategies and reservation of resources not provided in
the IPv4 design.
➢ No encryption or authentication is provided by IPv4.
Three security issues in IPv4 Datagrams
There are three security issues that are particularly applicable to the IP protocol:
➢ Packet sniffing
➢ Packet modification and
➢ IP spoofing
Packet Sniffing
Packet sniffing cannot be stopped, encryption of the packet can make the attacker’s effort useless.
The attacker may still sniff the packet, but the content is not detectable.
Packet Modification
This type of attack can be detected using a data integrity mechanism. The receiver, before opening
and using the contents of the message, can use this mechanism to make sure that the packet has not
been changed during the transmission.
IP Spoofing
An attacker can send an IP packet to a bank pretending that it is coming from one of the customers.
This type of attack can be prevented using an origin authentication mechanism.
Security of IPV4 Datagram: IPSec
The IP packets today can be protected from the previously mentioned attacks using a protocol
called IPSec (IP Security).
IPSec is used in conjunction with the IP protocol, creates a connection-oriented service between
two entities in which they can exchange IP packets.
IPSec provides the following four services:
❖ Defining Algorithms and Keys:
The two entities that want to create a secure channel between themselves can agree on
some available algorithms and keys to be used for security purposes.
Packet Encryption:
The packets exchanged between two parties can be encrypted for privacy using one of the
encryption algorithms and a shared key agreed upon in the first step. This makes the packet
sniffing attack useless.
❖ Data Integrity:
Data integrity guarantees that the packet is not modified during the transmission. If the
received packet does not pass the data integrity test, it is discarded. This prevents the second
attack, packet modification, described above.
❖ Origin Authentication:
IPSec can authenticate the origin of the packet to be sure that the packet is not created by
an imposter. This can prevent IP spoofing attacks as described above.
Prepared by Dr Ahila A/ Prof. Manjunath.M, Dept. of ECE, Sri Sairam College of Engineering, Anekal. 12
� Regulation 2022(CBCS) BEC702-Computer Networks and Protocols
Prepared by Dr Ahila A/ Prof. Manjunath.M, Dept. of ECE, Sri Sairam College of Engineering, Anekal. 13
