 INTER Networking Devices: Layer 1 connections- Repeater, Hubs, Layer 2

connections- Bridges, Switches, Layer 3 connections- Routers, Gateways.

 Unicast Routing Protocols: Distance Vector Routing, Link State Routing.
Internet Protocols: Class A, B, C, D, E traffic, IPV4, IPV6. Address
Mapping: ARP, RARP- ICMP- IGMP.
 The main function of the network layer is routing packets from the
source machine to the destination machine.
 In most subnets, packets will require multiple hops to make the
journey.
 The routing algorithm is that part of the network layer software which
is responsible for deciding on which output line the incoming packet
should be transmitted .
 This decision has to be made for each packet in case of Connectionless
Packet Switching and once per session for Connection Oriented
Service.
 Regardless of whether routers are chosen independently for each
packet or only when new connections are established, there are certain
properties which are desirable in a routing algorithm : correctness,
simplicity, robustness, stability, fairness and optimality.
 Robustness implies that the routing algorithm should be able to cope
with the changes in the topology and traffic without requiring all jobs
in all hosts to be aborted and the network be rebooted every time any
router crashes
 Routing algorithms have used many different metrics to determine the best
route.
 Path length is the most common routing metric. Some routing protocols
allow network administrators to assign arbitrary costs to each network link.
 hop count, a metric that specifies the number of passes through
internetworking products, such as routers, that a packet must pass through in
a route from a source to a destination.
 Routing delay refers to the length of time required to move a packet from
source to destination through the internet. Delay depends on many factors,
including the bandwidth of intermediate network links, the port queues at
each router along the way, network congestion on all intermediate network
links, and the physical distance to be traveled.
 Reliability: After a network fails, certain network links might be repaired
more easily or more quickly than other links.
 Bandwidth refers to the available traffic capacity of a link
 Load refers to the degree to which a network resource, such as a router, is
busy. Load can be calculated in a variety of ways, including CPU utilization
and packets processed per second.
 Communication cost is another important metric.
Fig: Routing example in packet switched network
 In fixed routing a route is selected for each source-destination pair of nodes
in the network.
 The routes are fixed; they may only change if there is a change in the
topology of the network.
 A central routing matrix is created based on least-cost path, which is stored
at a network control centre.
Fixed or Static Routing

2
A 1 2
1
4
6 C
2 4 2
4
B 5
3 2
5 D
 A cost is associated with each link
 A simple criterion is to choose minimum hop route through the
network-easily measured criterion.
 For any pair of attached stations the least cost route through the
network is looked for.
 For either case several well known algorithm exists
 Bellman ford algo
 Dijkstra’s algo
 It finds the shortest path from a given source node to all other nodes in the
order of increasing path lengths,
 By the kth stage, the shortest paths to the k nodes closest to (least cost away
from) the source node have been determined; these nodes are in a set T. At
stage the node not in T that has the shortest path from the source node is
added to T. As each node is added to T, its path from the source is defined.
 N : set of nodes in the network
 s : source node
 T :set of nodes so far incorporated by the algorithm
 w(i, j) : cost from node i to node j; w(i, i) 0; w(i, j)if the two nodes are not
directly connected; w(i, j) >=0 if the two nodes are directly connected.
 L(n) cost of the least-cost path from node s to node n that is currently known
to the algorithm; at termination, this is the cost of the least-cost path in the
graph from s to n.
 The algorithm has three steps; steps 2 and 3 are repeated until T=N
 (1).Initialization (2)[Get next node] (3)Update least cost paths
 Procedure
 1. The node chooses itself as the root of the tree, creating a tree
with a single node, and sets the total cost of each node based on
the information in the LSDB.
 2. The node selects one node, among all nodes not in the tree,
which is closest to the root, and adds this to the tree. After this
node is added to the tree, the cost of all other nodes not in the
tree needs to be updated because the paths may have been
changed.
 3. The node repeats step 2 until all nodes are added to the tree.

Dijkstra’s algorithm

2
A 1 2
1
4
6 C
2 4 2
4
B 5
3 2
6 5 D
 Dijkstra’s algorithm
Iterati M C(2) path C(3) C(4) path C(5) path C(6) path
on path

1 {1} 2 1-2 2 1-3

2 {1,2} 2 1-2 2 1-3 6 1-2-4 3 1-2-6

3 {1,2,3} 2 1-2 2 1-3 6 1-2-4 8 1-3-5 3 1-2-6

4 {1,2,3,4} 2 1-2 2 1-3 5 1-2-6-4 7 1-2-6-4-5 3 1-2-6

5 {1,2,3,4.5} 2 1-2 2 1-3 5 1-2-6-4 7 1-2-6-4-5 3 1-2-6

6 {1,2,3,4.5,6} 2 1-2 2 1-3 5 1-2-6-4 7 1-2-6-4-5 3 1-2-6

2
A 1 2
1
4
6 C
2 4 2
4
B 5
3 2
6 5 D

Q.1.Apply Dijkstra’s algorithm to compute least cost tree for
given weighted graph?
 Solution
 Q.2. Use Dijkstra’s algorithm to find the shortest path tree and
the forwarding table for node A.
 A distance vector, a one-dimensional array to represent the tree.
 The concept of a distance vector is the rationale for the name
distance-vector routing.
 A distance vector can represent least-cost paths in a least-cost
tree.
 A least-cost tree is a combination of least-cost paths from the
root of the tree to all destinations.
 The distance vector defines the root, the indexes define the
destinations, and the value of each cell defines the least cost
from the root to the destination.
 Bellman-Ford equation: is used to find the least cost (shortest
distance) between a source node and destination node.
 The heart of distance-vector routing is the famous
Bellman-Ford equation.
 This equation is used to find the least cost (shortest
distance) between a source node, x, and a destination node,
y, through some intermediary nodes (a, b, c, . . .) when the
costs between the source and the intermediary nodes and
the least costs between the intermediary nodes and the
destination are given.
Bellman ford equation
Graphical idea behind Bellman-Ford equation
 A distance vector can represent least-cost paths in a least-
cost tree, but the question is how each node in an internet
originally creates the corresponding vector.
 Each node in an internet, when it is booted, creates a very
rudimentary distance vector with the minimum information
the node can obtain from its neighbourhood.
 The node sends some messages out of its interfaces and
discovers the identity of the immediate neighbours and the
distance between itself and each neighbours.
 It then makes a simple distance vector by inserting the
discovered distances in the corresponding cells and leaves
the value of other cells as infinity.
 Do these distance vectors represent least-cost paths?
 The distance vector corresponding to a tree
The first distance vector for an internet
 These rudimentary vectors cannot help the internet to
effectively forward a packet.
 For example, node A thinks that it is not connected to node
G because the corresponding cell shows the least cost of
infinity.
 To improve these vectors, the nodes in the internet need to
help each other by exchanging information.
 After each node has created its vector, it sends a copy of
the vector to all its immediate neighbours.
 After a node receives a distance vector from a neighbour,
it updates its distance vector using the Bellman-Ford
equation.
 We need to update, not only one least cost, but N of them
in which N is the number of the nodes in the internet.
Updating distance vectors
 Distance vector Algorithm
 Example 2
 Initial state
D sends vector to E
B sends vector to A
E sends vector to A
Until convergence
 Count to Infinity
 A problem with distance-vector routing is that any decrease
in cost (good news) propagates quickly, but any increase in
cost (bad news) will propagate slowly.
 For a routing protocol to work properly, if a link is broken
(cost becomes infinity), every other router should be aware
of it immediately, but in distance-vector routing, this takes
some time.
 The problem is referred to as count to infinity.
 It sometimes takes several updates before the cost for a
broken link is recorded as infinity by all routers.
Count to Infinity
Two-node instability
One example of count to infinity is the two-node loop
problem.
 Two-node instability
 At the beginning, both nodes A and B know how to reach node X.
 But suddenly, the link between A and X fails. Node A changes its table.
If A can send its table to B immediately, everything is fine.
 However, the system becomes unstable if B sends its forwarding table
to A before receiving A’s forwarding table. Node A receives the update
and, assuming that B has found a way to reach X, immediately updates
its forwarding table.
 Now A sends its new update to B.
 Now B thinks that something has been changed around A and updates
its forwarding table.
 The cost of reaching X increases gradually until it reaches infinity.
 At this moment, both A and B know that X cannot be reached.
However, during this time the system is not stable.
 Split Horizon
 One solution to instability is called split horizon.
 In this strategy, instead of flooding the table through each interface,
each node sends only part of its table through each interface.
 If, according to its table, node B thinks that the optimum route to reach
X is via A, it does not need to advertise this piece of information to A;
the information has come from A (A already knows).
 Taking information from node A, modifying it, and sending it back to
node A is what creates the confusion.
 In our scenario, node B eliminates the last line of its forwarding table
before it sends it to A.
 In this case, node A keeps the value of infinity as the distance to X.
Later, when node A sends its forwarding table to B, node B also
corrects its forwarding table.
 The system becomes stable after the first update: both node A and node
B know that X is not reachable.
  Q.1.How the distance vector algorithm works for given graph?

Q.2.Consider a network shown in the following

diagram. All the routers use the distance vector
based routing algorithm to update their routing
tables. After all the routing tables stabilize, how
many links in the network will never be used
for carrying any data?
 Exercise
 Q.1.Assume that the network in uses distance vector routing with the
forwarding table as shown for each node. If each node periodically
announces their vectors to the neighbour using the split-horizon
strategy, what is the distance vector advertised in the appropriate
period:
 a. from A to B? b. from C to D? c. from D to B? d. from C to A?
 This method uses the term link-state to define the characteristic of
a link (an edge) that represents a network in the internet.
 In this algorithm the cost associated with an edge defines the state
of the link.
 Links with lower costs are preferred to links with higher costs; if
the cost of a link is infinity, it means that the link does not exist or
has been broken.
 Link-State Database (LSDB)
 To create a least-cost tree with this method, each node needs to
have a complete map of the network, which means it needs to
know the state of each link.
 The collection of states for all links is called the link-state
database (LSDB).
 There is only one LSDB for the whole internet; each node needs to
have a duplicate of it to be able to create the least-cost tree.
 Link-State Routing

(a) (b)

Fig: Example of a link-state database(a) the Weighted graph(b)Link state database

 How each node can create this LSDB that contains information
about the whole internet.
 This can be done by a process called flooding.
 Each node can send some greeting messages to all its immediate
neighbours (those nodes to which it is connected directly) to
collect two pieces of information for each neighbouring node:
the identity of the node and the cost of the link.
 The combination of these two pieces of information is called the
LS packet (LSP); the LSP is sent out of each interface.
 When a node receives an LSP from one of its interfaces, it
compares the LSP with the copy it may already have.
 When a node receives an LSP from one of its interfaces, it
compares the LSP with the copy it may already have.
 There is only one LSDB for the whole internet; each node
needs to have a duplicate of it to be able to create the least-
cost tree.
 If the newly arrived LSP is older than the one it has (found by
checking the sequence number), it discards the LSP.
 If it is newer or the first one received, the node discards the
old LSP (if there is one) and keeps the received one.
 It then sends a copy of it out of each interface except the one
from which the packet arrived.
 This guarantees that flooding stops somewhere in the network
(where a node has only one interface).
 After receiving all new LSPs, each node creates the
comprehensive LSDB as shown in Fig.
Link-State Routing

Fig: LSPs created and sent out by each node to build LSDB
 We can compare the link-state routing algorithm with the
distance-vector routing algorithm.
 In the distance-vector routing algorithm, each router tells its
neighbours what it knows about the whole internet;
 in the link-state routing algorithm, each router tells the whole
internet what it knows about its neighbours.
 To create a least-cost tree for itself, using the shared LSDB,
each node needs to run the famous Dijkstra Algorithm.
 This Dijkstra Algorithm iterative algorithm uses the following
steps:
1. The node chooses itself as the root of the tree, creating a tree
with a single node, and sets the total cost of each node based on
the information in the LSDB.
2. The node selects one node, among all nodes not in the tree,
which is closest to the root, and adds this to the tree. After this
node is added to the tree, the cost of all other nodes not in the
tree needs to be updated because the paths may have been
changed.
3. The node repeats step 2 until all nodes are added to the tree.
Least-cost tree
Least-cost tree
Exercise
Q.1. Using Link state routing protocol what will be routing
table information for node D and E for the following given
network.
Three categories of connecting
devices
 A single Ethernet segment can have a maximum length of 500
meters with a maximum of 100 stations.
 To extend the length of the network, a repeater may be used.
 Functionally, a repeater can be considered as two transceivers
joined together and connected to two different segments of
coaxial cable.
 A repeater connects different segments of a LAN
• A repeater forwards every frame it receives
• A repeater is a regenerator, not an amplifier
• It can be used to create a single extended LAN

Fig: Repeater connecting two LAN segments

Repeater

Fig: Operation of a repeater as a level-1 relay

 Hub is a generic term, but commonly refers to a multiport
repeater.
 It can be used to create multiple levels of hierarchy of
stations.

Fig:3 Hub as a multi-port repeater can be connected in a hierarchical

manner to form a single LAN with many nodes
 A hub forwards the packet from all outgoing ports except the
one from which the signal was received.
 All stations in the LAN receive the frame, but only station B
keeps it. The rest of the stations discard it.
 A repeater has no filtering capability.
 They do not have a link-layer address and they do not check
the link-layer address of the received frame.
 They just regenerate the corrupted bits and send them out
from every port.
Layer 1 devices: Hub
 A hub is a device that operates only in the physical layer.
Signals that carry information within a network can travel a
fixed distance before attenuation endangers the integrity of the
data.
 In the past, when Ethernet LANs were using bus topology, a
repeater was used to connect two segments of a LAN to
overcome the length restriction of the coaxial cable.
 Today, however, Ethernet LANs use star topology. In a star
topology, a repeater is a multiport device, often called a hub,
that can be used to serve as the connecting point and at the
same time function as a repeater.
 A switch is essentially a fast bridge having additional sophistication that allows
faster processing of frames.
Some of important functionalities are:
 Ports are provided with buffer
 Switch maintains a directory: #address - port#
 Each frame is forwarded after examining the #address and forwarded to the
proper port#
 Three possible forwarding approaches: Cut-through, Collision-free and Fully
buffered as briefly explained below.
 Cut-through: A switch forwards a frame immediately after receiving the
destination address. As a consequence, the switch forwards the frame without
collision and error detection.
 Collision-free: In this case, the switch forwards the frame after receiving 64
bytes, which allows detection of collision. However, error detection is not
possible because switch is yet to receive the entire frame.
 Fully buffered: In this case, the switch forwards the frame only after receiving
the entire frame. So, the switch can detect both collision and error free frames
are forwarded.
 A link-layer switch (or switch) operates in both the physical
and the data-link layers.
 As a physical-layer device, it regenerates the signal it
receives.
 As a link-layer device, the link-layer switch can check the
MAC addresses (source and destination) contained in the
frame.
 A link-layer switch has filtering capability. It can check the
destination address of a frame and can decide from which
outgoing port the frame should be sent.
 A link-layer switch has a table used in filtering decisions.
 A link-layer switch does not change the link-layer (MAC)
addresses in a frame.
Link layer Switches
 If a frame destined for station 71:2B:13:45:61:42 arrives at port 1, the link-layer
switch consults its table to find the departing port.
 According to its table, frames for 71:2B:13:45:61:42 should be sent out only
through port 2; therefore, there is no need for forwarding the frame through other
ports.
 A transparent switch is a switch in which the stations are
completely unaware of the switch’s existence.
 Frames must be forwarded from one station to another.
 The forwarding table is automatically made by learning frame
movements in the network.
 Loops in the system must be prevented.
 Systems administrators, however, like to have redundant
switches (more than one switch between a pair of LANs) to
make the system more reliable.
 If a switch fails, another switch takes over until the failed one
is repaired or replaced. Redundancy can create loops in the
system, which is very undesirable. Loops can be created only
when two or more broadcasting LANs (those using hubs, for
example) are connected by more than one switch.
 Advantages of switches
 A link-layer switch has several advantages over a hub
1.Collision Elimination
 A link-layer switch eliminates the collision. This means increasing the
average bandwidth available to a host in the network.
 In a switched LAN, there is no need for carrier sensing and collision
detection; each host can transmit at any time.
2.Connecting Heterogeneous Devices
 A link-layer switch can connect devices that use different protocols at
the physical layer (data rates) and different transmission media.
 As long as the format of the frame at the data-link layer does not
change, a switch can receive a frame from a device that uses twisted-
pair cable and sends data at 10 Mbps and deliver the frame to another
device that uses fiber-optic cable and can receive data at 100 Mbps.
 There is a need to expand beyond the confines of a single LAN,
to provide interconnection to other LANs and to wide are
networks.
 Two general approaches are used for this purpose: bridges an
routers.
 The bridge is the simpler of the two devices and provides means
of interconnecting similar LANs.
 The router is a more general-purpose device, capable of
interconnecting a variety of LANs and WANs.
 The bridge is designed for use between local area networks
(LANs) that use identical protocols for the physical and link
layers (e.g., all conforming to IEEE 802.3)
 The amount of processing required at the bridge is minimal.
 Why not simply have one large LAN?
 Reliability: The danger in connecting all data processing devices
in an organization to one network is that a fault on the network
may disable communication for all devices. By using bridges, the
network can be partitioned into self-contained units.
 The bridge is the simpler of the two devices and provides means
of interconnecting similar LANs.
 Performance: In general, performance on a LAN declines with
an increase in the number of devices or the length of the wire. A
number of smaller LANs will often give improve performance.
 Security: It is desirable to keep different types of traffic that have
different security needs on physically separate media.
 The functions of the bridge are few and simple:
 The bridge makes no modification to the content or format of
the frames it receives, nor does it encapsulate them with an
additional header. Each frame to be transferred is simply copied
from one LAN and repeated with exactly the same bit pattern on
the other LAN.
 The bridge should contain enough buffer space to meet peak
demands
 The bridge must contain addressing and routing intelligence. At
a minimum, the bridge must know which addresses are on each
network to know which frames to pass.
 A bridge may connect more than two LANs.
 Ethernet to become compatible with other high-data-rate LANs
some changes are introduced to the 10-Mbps Standard Ethernet.
 Bridged Ethernet
 Ethernet evolution was done by division of a LAN by bridges.
 Bridges have two effects on an Ethernet LAN:
 They raise the bandwidth and they separate collision domains.
 Raising the Bandwidth
 In an unbridged Ethernet network, the total capacity (10 Mbps) is
shared among all stations with a frame to send; the stations
share the bandwidth of the network.
 If only one station has frames to send, it benefits from the total
capacity (10 Mbps). But if more than one station needs to use
the network, the capacity is shared.
 Each station on average sends at a rate of 5 Mbps
 A bridge divides the network into two or more networks.
Bandwidth-wise, each network is independent.
 The 10-Mbps capacity in each segment is now shared between 6
stations (actually 7 because the bridge acts as a station in each
segment), not 12 stations.
 The 10-Mbps capacity in each segment is now shared between 6
stations. In a network with a heavy load, each station theoretically
is offered 10/7 Mbps instead of 10/12 Mbps.
 If we further divide the network, we can gain more bandwidth for
each segment.
 For example, if we use a four-port bridge, each station is now
offered 10/4 Mbps, which is 3 times more than an unbridged
network.
 Separating Collision Domains
 Another advantage of a bridge is the separation of the
collision domain.
 The collision domain becomes much smaller and the
probability of collision is reduced tremendously.
 Without bridging, 12 stations contend for access to the
medium; with bridging only 3 stations contend for access to
the medium.
Collision domains in an unbridged network and
a bridged network
 A router is a three-layer device; it operates in the physical, data-
link, and network layers.
 As a physical-layer device, it regenerates the signal it receives. As
a link-layer device, the router checks the physical addresses
(source and destination) contained in the packet.
 As a network-layer device, a router checks the network-layer
addresses.
 A router can connect networks.
 In other words, a router is an internetworking device; it connects
independent networks to form an internetwork.
 A router is considered as a layer-3 relay that operates in the
network layer, that is it acts on network layer frames.
 It can be used to link two dissimilar LANs.
 A router isolates LANs in to subnets to manage and control
network traffic.
 However, unlike bridges it is not transparent to end stations.
 It consists of:
 Input port :performs physical and data-link layer functions of the
router. The ports are also provided with buffer to hold the packet
before forwarding to the switching fabric.
 Output ports: perform the same functions as the input ports, but
in the reverse order.
 The routing processor performs the function of the network
layer. The process involves table lookup.
 Input port :performs physical and data-link layer functions of the
router. The ports are also provided with buffer to hold the packet
before forwarding to the switching fabric.
 Output ports: perform the same functions as the input ports, but
in the reverse order.
 The routing processor performs the function of the network
layer. The process involves table lookup.
 The switching fabric: moves the packet from the input queue to
the output queue by using specialized mechanisms. The switching
fabric is realized with the help of multistage interconnection
networks.
Routers

Fig: Schematic diagram of a router

Routers

Fig: Switching Fabric

Router

Fig: Communication through a router

There are three major differences between a router and a repeater
or a switch.
1. A router has a physical and logical (IP) address for each of its
interfaces.
2. A router acts only on those packets in which the link-layer
destination address matches the address of the interface at which
the packet arrives.
3. A router changes the link-layer address of the packet (both
source and destination) when it forwards the packet.
A router changes the link-layer addresses in a packet.
Routing example
 A gateway works above the network layer, such as application layer.
 As a consequence, it is known as a Layer-7 relay.
 The application level gateways can look into the content application layer
packets such as email before forwarding it to the other side.
 This property has made it suitable for use in Firewalls.

Fig: Communication through a gateway

Position of IP and other network-layer
protocols in TCP/IP protocol suite
 IPv4 is an unreliable connectionless datagram protocol—a best-
effort delivery service.
 An IPv4 datagram consists of a header part and a body or
payload part. The header has a 20-byte fixed part and a variable-
length optional part.
 The bits are transmitted from left to right and top to bottom, with
the high-order bit of the Version field going first.
 The Version field keeps track of which version of the protocol
the datagram belongs to. Version 4 dominates the Internet today.
 Header Length: Since the header length is not constant, a field in
the header, IHL, is provided to tell how long the header is, in 32-
bit words.
 The minimum value is 5:No options present
 Maximum value of this 4-bit field is 15, which limits the header
to 60 bytes.
Fig. The IP datagram
 Services Type: Type of service
 For digitized voice, fast delivery beats accurate delivery. For
file transfer, error-free transmission
 The Type of service field provided 3 bits to signal priority and 3
bits to signal whether a host cared more about delay, throughput,
or reliability.
 Now, the top 6 bits are used to mark the packet with its service
class, The bottom 2 bits are used to carry explicit congestion
notification information, such as whether the packet has
experienced congestion.
 The Total length includes everything in the datagram—both
header and data. The maximum length is 65,535 bytes.
 The Identification field is needed to allow the destination host
to determine which packet a newly arrived fragment belongs to.
All the fragments of a packet contain the same Identification
value
 DF stands for Don’t Fragment. It is an order to the routers not to
fragment the packet. Originally, it was intended to support hosts
incapable of putting the pieces back together again.
 MF :stands for More Fragments. All fragments except the last one
have this bit set. It is needed to know when all fragments of a datagram
have arrived.
 The Fragment offset tells where in the current packet this fragment
belongs. Working together, the Identification, MF, and Fragment offset
fields are used to implement fragmentation.
 The TtL (Time to live) field is a counter used to limit packet lifetimes.
It was originally supposed to count time in seconds, allowing a
maximum lifetime of 255 sec.
 It must be decremented on each hop and is supposed to be decremented
multiple times when a packet is queued for a long time in a router.
 In practice, it just counts hops. When it hits zero, the packet is
discarded and a warning packet is sent back to the source host.
 Protocol: When the network layer has assembled a complete packet, it needs
to know what to do with it. The Protocol field tells it which transport process
to give the packet to. TCP is one possibility, but so are UDP and some others.

Fig. Multiplexing and de-multiplexing using the value of

the protocol field
 Fragmentation
 To divide the datagram into multiple fragments when payload size is greater
than MTU.
 Maximum transfer unit (MTU):when a datagram is encapsulated in a frame, the
total size of the datagram must be less than this maximum size, which is defined
by the restrictions imposed by the hardware and software used in the network.
 A datagram can be fragmented by the source host or any router in the path. The
reassembly of the datagram, however, is done only by the destination host.
 Three fields in an IP datagram: identification, flags, and fragmentation offset

Fig. MTU: Maximum size of frame payload

 When the network layer has assembled a complete packet, it needs to know
what to do with it. The Protocol field tells it which transport process to give
the packet to. TCP is one possibility, but so are UDP and some others.
 Header checksum
 Errors in the IP header can be a disaster. For example, if the destination IP
address is corrupted, the packet can be delivered to the wrong host. If the fields
related to the fragmentation are corrupted, the datagram cannot be reassembled
correctly at the destination.
 Such a checksum is useful for detecting errors while the packet travels through
the network. It must be recomputed at each hop because at least one field
always changes.
 The Source address and Destination address indicate the IP address of the
source and destination network interfaces.
 The Options field was designed to provide an escape to allow subsequent
versions of the protocol to include information not present in the original
design, to permit experimenters to try out new ideas, and to avoid allocating
header bits to information that is rarely needed.
 The Source address and Destination address indicate the IP address of the
source and destination network interfaces..
 The Options field was designed to provide an escape to allow subsequent
versions of the protocol to include information not present in the original
design, to permit experimenters to try out new ideas, and to avoid allocating
header bits to information that is rarely needed.
 The change of the IPv6 address size requires the change in the IPv4 packet
format. The following shows other changes implemented in the protocol in
addition to changing address size and format.
 Better header format. IPv6 uses a new header format in which options are
separated from the base header and inserted speeds up the routing process
because most of the options do not need to be checked by routers.
 Allowance for extension. IPv6 is designed to allow the extension of the
protocol if required by new technologies or applications.
 Support for resource allocation. In IPv6, the type-of-service field has been
removed, but two new fields, traffic class and flow label, have been added to
enable the source to request special handling of the packet. This mechanism
can be used to support traffic such as real-time audio and video.
 Support for more security. The encryption and authentication options in IPv6
provide confidentiality and integrity of the packet.
IPv6 datagram
 Version. The 4-bit version field defines the version number of the IP For
IPv6, the value is 6.
 Traffic class. The 8-bit traffic class field is used to distinguish different
payloads with different delivery requirements. It replaces the type-of-service
field in IPv4.
 Flow label. The flow label is a 20-bit field that is designed to provide special
handling for a particular flow of data.
 Payload length. The 2-byte payload length field defines the length of the IP
datagram excluding the header.
 Note that IPv4 defines two fields related to the length: header length and
total length.
 In IPv6, the length of the base header is fixed (40 bytes); only the length of
the payload needs to be defined.
 Next header.
 This field is similar to the protocol field in IPv4,
 The next header is an 8-bit field defining the type of the first extension
header (if present) or the type of the data that follows the base header in the
datagram.
 Hop limit. The 8-bit hop limit field serves the same purpose as the TTL
field in IPv4.
 Source and destination addresses. The source address field is a 16-
byte (128-bit) Internet address that identifies the original source of the
datagram.
 The destination address field is a 16-byte (128-bit) Internet address that
identifies the destination of the datagram.
 Payload length. The payload in IPv6 means a combination of zero or
more extension headers (options) followed by the data from other
protocols (UDP, TCP, and so on). In IPv6, options, which are part of
the header in IPv4, are designed as extension headers.
 ESP: Encrypted security payload (ESP)
 The hop-by-hop option is used when the source needs to pass information to
all routers visited by the datagram.
 The destination option is used when the source needs to pass information to
the destination only.
 Fragmentation.
 In IPv4, the source or a router is required to fragment if the size of the
datagram is larger than the MTU of the network over which the datagram
travels. In IPv6, only the original source can fragment.
 MTU: Maximum size of frame payload
 Authentication
 The authentication extension header has a dual purpose: it validates the
message sender and ensures the integrity of data.
 Encrypted Security Payload
 The encrypted security payload (ESP) is an extension that provides
confidentiality and guards against eavesdropping.
 LINK-LAYER ADDRESSING
 In a connectionless internetwork such as the Internet we cannot
make a datagram reach its destination using only IP addresses.
The reason is that each datagram in the Internet, from the same
source host to the same destination host, may take a different
path.
 The source and destination IP addresses define the two ends but
cannot define which links the datagram should pass through.
 Need another addressing mechanism in a connectionless
internetwork: the link-layer addresses of the two nodes. A link-
layer address is sometimes called a link address, sometimes a
physical address, and sometimes a MAC address.
 Since a link is controlled at the data-link layer, the addresses need
to belong to the data-link layer. When a datagram passes from the
network layer to the data-link layer, the datagram will be
encapsulated in a frame and two data-link addresses are added to
the frame header.
ARP

Fig: Position of ARP in TCP/IP protocol suite

IP addresses and link-layer
addresses in a small internet
 Anytime a node has an IP datagram to send to another node in a link, it has the
IP address of the receiving node. The source host knows the IP address of the
default router. Each router except the last one in the path gets the IP address of
the next router by using its forwarding table.
 The last router knows the IP address of the destination host. However, the IP
address of the next node is not helpful in moving a frame through a link; we
need the link-layer address of the next node.
 Address Resolution Protocol (ARP) becomes helpful in that case.
 The ARP protocol is one of the auxiliary protocols defined in the network layer,
it maps an IP address to a logical-link address.
 ARP accepts an IP address from the IP protocol, maps the address to the
corresponding link-layer address, and passes it to the data-link layer.
ARP

Fig: Position of ARP in TCP/IP protocol suite

 Anytime a host or a router needs to find the link-layer address of another host
or router in its network, it sends an ARP request packet.
 The packet includes the link-layer and IP addresses of the sender and the IP
address of the receiver.
 Because the sender does not know the link-layer address of the receiver, the
query is broadcast over the link using the link-layer broadcast address,
 Every host or router on the network receives and processes the ARP request
packet, but only the intended recipient recognizes its IP address and sends back
an ARP response packet.
 The response packet contains the recipient’s IP and link-layer addresses. The
packet is unicast directly to the node that sent the request packet.
ARP operation
 Anytime a host or a router needs to find the link-layer address of another host
or router in its network, it sends an ARP request packet.
 The packet includes the link-layer and IP addresses of the sender and the IP
address of the receiver.
 Because the sender does not know the link-layer address of the receiver, the
query is broadcast over the link using the link-layer broadcast address,
 Every host or router on the network receives and processes the ARP request
packet, but only the intended recipient recognizes its IP address and sends back
an ARP response packet.
 The response packet contains the recipient’s IP and link-layer addresses. The
packet is unicast directly to the node that sent the request packet.
ARP: Packet Format

Fig: ARP packet

 The hardware type field defines the type of the link-layer protocol; Ethernet is
given the type 1.
 The protocol type field defines the network-layer protocol: IPv4 protocol is
(0800)16.
 The source hardware and source protocol addresses are variable-length fields
defining the link-layer and network-layer addresses of the sender.
 The destination hardware address and destination protocol address fields define
the receiver link-layer and network-layer addresses.
 An ARP packet is encapsulated directly into a data-link frame.
The frame needs to have a field to show that the payload belongs to the ARP and
not to the network-layer datagram.
ARP Example
ARP Example
Flow of activities at router
R1
Activities at router R2.
 RARP does the reverse of ARP, i.e. it helps to find a
corresponding IP address given an Ethernet address.
 RARP is a protocol by which a physical machine in a local area
network can request to learn its IP address from a gateway
server's Address Resolution Protocol table or cache.
 This protocol allows a newly-booted workstation to broadcast its
Ethernet address enquiring about its IP address.
 The RARP server sees this request, looks up the Ethernet address
in its configuration files, and sends back the corresponding IP
address.
 DHCP has largely replaced earlier protocols (called RARP and
BOOTP(Bootstrap protocol)) with more limited functionality.
 The IPv4 has no error-reporting or error-correcting mechanism. What happens
if something goes wrong?
 What happens if a router must discard a datagram because it cannot find a route
to the final destination, or because the time-to-live field has a zero value?
 What happens if the final destination host must discard the received fragments
of a datagram because it has not received all fragments within a predetermined
time limit?
 These are examples of situations where an error has occurred and the IP
protocol has no built-in mechanism to notify the original host.
 The Internet Control Message Protocol version 4 (ICMPv4) has been
designed to compensate for the above two deficiencies. It is a companion to the
IP protocol.
 ICMP itself is a network-layer protocol. However, its messages are not passed
directly to the data-link layer as would be expected. Instead, the messages are
first encapsulated inside IP datagrams before going to the lower layer.
 The IPv4 has no error-reporting or error-correcting mechanism. What happens
if something goes wrong?
 What happens if a router must discard a datagram because it cannot find a route
to the final destination, or because the time-to-live field has a zero value?
 What happens if the final destination host must discard the received fragments
of a datagram because it has not received all fragments within a predetermined
time limit?
 These are examples of situations where an error has occurred and the IP
protocol has no built-in mechanism to notify the original host.
 The Internet Control Message Protocol version 4 (ICMPv4) has been
designed to compensate for the above two deficiencies. It is a companion to the
IP protocol.
 ICMP itself is a network-layer protocol. However, its messages are not passed
directly to the data-link layer as would be expected. Instead, the messages are
first encapsulated inside IP datagrams before going to the lower layer.
 ICMP messages are divided into two broad categories: error-reporting
messages and query messages.
 The error-reporting messages report problems that a router or a host
(destination) may encounter when it processes an IP packet.
 The query messages, which occur in pairs, help a host or a network manager
get specific information from a router or another host. For example, nodes can
discover their neighbours. Also, hosts can discover and learn about routers on
their network and routers can help a node redirect its messages.
 An ICMP message has an 8-byte header and a variable-size data section.
Although the general format of the header is different for each message type,
the first 4 bytes are common to all.
 The data section in error messages carries information for finding the original
packet that had the error. In query messages, the data section carries extra
information based on the type of query.
 ICMP does not correct errors, it simply reports them. Error correction is left to
the higher-level protocols.
 No error message will be generated for a datagram having a multicast address
or special address.
General format of ICMP messages
Contents of data field for the error
messages
 Destination Unreachable
 The most widely used error message is the destination unreachable (type 3). This
message uses different codes (0 to 15) to define the type of error message and the
reason why a datagram has not reached its final destination.
 For example, code 0 tells source that a host is unreachable. This may happen, for
example, when we use the HTTP protocol to access a web page, but the server is
down.
 Source Quench
 Another error message is called the source quench (type 4) message, which
informs the sender that the network has encountered congestion and the datagram
has been dropped; the source needs to slow down sending more datagrams.
 Redirection Message
 The redirection message (type 5) is used when the source uses a wrong router to
send out its message. The router redirects the message to the appropriate router,
but informs the source that it needs to change its default router in the future.
 Parameter Problem
 A parameter problem message (type 12) can be sent when either there is a
problem in the header of a datagram (code 0) or some options are missing or
cannot be interpreted.
 Query Messages
 Query messages in ICMP can be used independently without relation to
 an IP datagram.
 Query messages are used to probe or test the liveliness of hosts or routers in the
Internet, find the one-way or the round-trip time for an IP datagram between two
devices, or even find out whether the clocks in two devices are synchronized.
 Naturally, query messages come in pairs: request and reply.
 The echo request (type 8) and the echo reply (type 0) pair of messages are used by
a host or a router to test the liveliness of another host or router.
 Example: Ping and traceroute
 The protocol that is used today for collecting information about group membership
is the Internet Group Management Protocol (IGMP).
 IGMP is a protocol defined at the network layer; it is one of the auxiliary
protocols, like ICMP, which is considered part of the IP.
 IGMP messages, like ICMP messages, are encapsulated in an IP datagram.
 There are only two types of messages in IGMP version 3, query and report
messages

Fig: IGMP operation

 Query Message
 The query message is sent by a router to all hosts in each interface to collect
information about their membership.3 versions:
 A general query message is sent about membership in any group. It is
encapsulated in a datagram with the destination address 224.0.0.1
 A group-specific query message is sent from a router to ask about the membership
related to a specific group. This is sent when a router does not receive a response
about a specific group and wants to be sure that there is no active member of that
group in the network. Although all hosts receive this message, those not interested
drop it.
 A source-and-group-specific query message is sent from a router to ask about the
membership related to a specific group when the message comes from a specific
source or sources.
 Report Message
 A report message is sent by a host as a response to a query message. The message
contains a list of records in which each record gives the identifier of the
corresponding group (multicast address) and the addresses of all sources that the
host is interested in receiving messages from (inclusion).
 In IGMPv3, if a host needs to join a group, it waits until it receives a query
message and then sends a report message.