ELEX 4340 : Data Communications

2013 Fall Session

Internet Protocol
is lecture describes the the most common network protocol, Internet Protocol (IP) version 4 (IPv4).
Aer this lecture you should be able to: differentiate between the Internet and IP; look up IP standards; interpret the values
of the most common IP header fields; compute an IP checksum; determine the netmask for an IP network; determine if
an IP address is in a particular network; determine if an IP address is public, private or link-local; decide which port a
frame would be forwarded on based on the contents of a routing table; determine the effect on an ARP cache of receiving
an 802.3-encapsulated IP frame; determine the IP source/destination addresses used on the public/private sides of a NAT
router; list the recursive DNS queries used to resolve a domain name.
methods were developed to work around the address
Introduction exhaustion problem and it remains to be seen if IPv6
will ever be widely used.
IP was developed in the late 70’s when different com-
Not surprisingly, documentation for IP protocols
puter manufacturers, academic institutions and re-
is widely available on the Internet, for example, from
search groups used incompatible data communica-
www.ietf.org.
tion networks and protocols. IP was designed as a
IP is a packet-switching protocol. Data is encapsu-
common protocol to link these networks together so
lated in IP frames which are transferred in store-and-
they could exchange files, e-mail, terminal sessions,
forward manner between routers from a source host
etc. It was thus an inter-network protocol or an “in-
to a destination host:
ternet protocol”.
As the usefulness of a universal networking proto-
col became clear, new system started using IP as their
native networking protocol. Widespread adoption of
IP has resulted in almost all networks using IP as their
network-layer protocol.
e availability of IP, a widely-supported and
freely-available protocol, facilitated the growth of a IP Frame Format
non-proprietary commercial data network using IP
that is commonly called “e Internet”. Services provided by the IP layer are limited to rout-
Exercise 1: What is the difference between IP and “The In- ing and fragmentation. IP has “... no mechanisms
ternet”? Does a network using IP have to be on the Internet? to augment data reliability, flow control, sequencing,
Does someone using the Internet have to use IP? ...”1 .
IP is defined in documents called Requests For e IP header consists of 32-bit words (20 bytes).
Comment (RFCs) published by the Internet Engi- e following diagram is taken from RFC7912 and
neering Task Force (IETF). IETF standards develop- shows the IP header:
ment is open to the public and adoption of proposals 0 1 2 3
depends on technical merit. 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| IHL |Type of Service| Total Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification |Flags| Fragment Offset |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time to Live | Protocol | Header Checksum |
IPv4 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
e current version of IP is known as IP version 4 | Destination Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
(IPv4) and is defined in RFC 791, published in 1981. | Options | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
IP Version 6 (IPv6) was originally designed to ad-
dress the problem of address space exhaustion but 1
John Postel, Ed., RFC 791.
2
introduced additional, unrelated changes. Simpler RFCs were published in text format.

lec16.tex 1
 Example Internet Datagram Header Host Addresses
Figure 4.
Each IP (IPv4) network interface has a 32-bit (4 byte)
address. Most hosts, and all routers, have more than
e most important fields are:
one interface and thus more than one IP address.
For example, a typical home router will have two
Version Protocol version number (4)
IP interfaces, one public and one private, as well as a
IHL IP Header Length in 32-bit words soware-based loopback interface:
Type of Service Priority. Not widely used.
Total Length Length of the IP frame in bytes.
Identification/Flags/Fragment Offset for fragmen-
tation. Rarely used.
Time to Live A value that is decremented each time a
frame is forwarded. Prevents frames traversing IP addresses are usually written as a “dotted quad”
routing loops indefinitely. of the decimal value of each byte separated by peri-
Protocol the type of protocol embedded in the IP ods. e bytes are written in big-endian order. For
frame. 1 for ICMP, 6 for TCP, 17 for UDP. As- example, 0xc0a80001 would be written 192.168.0.1.
signed by IANA3 . Most devices with IP protocol stacks have a virtual
network interface at address 127.0.0.1 (hostname lo-
Header Checksum a one’s-complement checksum
calhost) which is used for communication between
for the header (see below)
processes on the same device.
Source/Destination Address the 32-bit source and
destination IP addresses (see below). Network Addressses
Options Optional header components that are not
normally used (security, source routing, route IP addresses are assigned in a hierarchical manner.
recording and timestamps). e most significant bits of the address identify one of
a few hundred thousand (up to perhaps 106 ) IP net-
works in the world. e remaining bits identify a host
IPv4 Checksums within that network.
IPv4 checksums for IP, UDP, TCP, ... are the bitwise Originally networks were divided up into three
complement of the one’s-complement sum of the 16- classes: A, B and C. Class A networks could have up
to 224 host addresses. Class B addresses up to 216 and
bit values to be protected. e fields included in each
checksum are defined in each specification. Class C up to 28 .
A simple algorithm is to do 32-bit unsigned addi- is led to inefficient allocation of network ad-
tion of the 16-bit fields and then add the overflow dresses and today network address are “classless” and
into the MS 16 bits of the 32-bit sum to the LS 16 are composed of two parts: the value of the network
bits. e checksum is the bitwise complement of this prefix (e.g. 142.232.0.0) and the length of the network
value. e receiver checks for errors by repeating the portion of the address in bits preceded by a slash (e.g.
checksum calculation and verifying that the result is /16). e two values together are the (classless) net-
zero. work address. For example, the BCITNET2 network
has an address of 142.232.0.0/16.
Exercise 2: A protocol header contains four 16-bit fields with
A netmask is a 32-bit value with 1’s in the bits cor-
decimal values 65535, 1, 2, and 3 that are to included in an IPv4
responding to the network address.
checksum. What is the value of the header checksum?
Exercise 3: What is the netmask in binary for a /24 network?
What is it in decimal? How can the netmask be used to deter-
IPv4 Addresses mine if one IP address is on the same network as another? Is
the address 192.168.2.200 in the 192.168.2.0/25 network?
Network addresses are assigned by a non-profit
3
Internet Assigned Numbers Authority. organization called ICANN. e host whois.arin.net

2
can be used to query for ownership of North Ameri- Classes of Routers
can network addresses.
Many routers like the one above contain only a few
Exercise 4: Who “owns” the 204.191.0.0/16 network?
routes, oen just for the attached network segment
and a default route pointing to an “upstream” router.
However, routers that connect multiple networks
IP Routing
need to determine which port should be used to reach
IP networks operate in store-and-forward fashion. different networks. is can be done manually or us-
Routing is the process of getting a frame from source ing distributed algorithms that try to determine the
to destination. best route from each router to each network. e
most common of these algorithms is called OSPF
Instead of Ethernet bridges connected by a span-
(Open Shortest Path First). Most “enterprise” routers
ning tree, IP networks use routers connected in a
will configure their routes using OSPF.
mesh which can, and oen does, contain redundant
links and loops. Routers that connect different service providers are
Each IP frame includes a “time to live” field to pro- called “border” routers. eir routing decisions are
tect against frames circulating in the network indefi- more complex because they need to take into account
nitely as a result of misconfigured routers. “peering” agreements between service providers that
determine which frames can be forwarded to which
Each packet is routed independently. us each
service providers. e protocol typically used to
packet has to have the destination address.
set up routing between border routers is BGP (Bor-
Each device that forwards IP frames typically has
der Gateway Protocol). Border routers are typically
multiple ports and is called a “router” because it de-
found only at a one (or a few) data centers in each
cide on which port(s) to forward the frame. is deci-
city called IXP (Inter-Exchange Points) where ISP in-
sion is done by looking up the destination IP address
terconnect their networks.
in a “routing” table that defines the outgoing port for
a network.
Each routing table entry can have a cost or “met-
ICMP
ric” associated with it. e routing algorithm selects
the lowest cost route (port). Routing costs are local to
Internet Control Message Protocol (ICMP) is a sim-
each router. e metrics can be determined in many
ple protocol used to diagnose and report problems at
ways. For a simple host they may be based on the port
IP routers. Typical ICMP frames include an echo re-
data rate. Some routers exchange information with
quest (“ping”) that can be sent to another IP address
other routers to determine the best route to each net-
to check connectivity and delay as well as diagnos-
work. e metrics can also be modified dynamically
tic messages sent to the source address when router
by factors such as delay. Routes can also be manually
is unable to forward a frame towards its destination
configured.
(e.g. “Destination Unreachable”).
A routing table will usually have a default route
containing the address of a “gateway” router. Frames
for which there is no route are send with a destination
L2 address of the gateway. e gateway receives these ARP
frames forwards them based on its own routing table.
Here is the routing table for a simple home wireless e Address Resolution Protocol (ARP) allows hosts
router: to discover the LAN address of another host on the
Destination Gateway Subnet Mask Metric Interface same network segment. is is done by sending a
192.168.1.0 * 255.255.255.0 0 br0 (LAN)
204.191.0.0 * 255.255.0.0 0 vlan1 (WAN) broadcast ARP request with desired IP address. A de-
127.0.0.0 * 255.0.0.0 0 lo
default 204.191.1.1 0.0.0.0 0 vlan1 (WAN) vice that sees an ARP request that matches its own IP
Exercise 5: For the routing table above, what port (“In- address replies. Each host maintains an “ARP cache”
terface”) would be used by frames with the following desti- of these responses. ese entries are checked for con-
nation IP addresses: 127.0.0.255? 192.168.1.1? 192.168.2.1? sistency with incoming frames and are periodically
204.191.10.32? aged.

3
Exercise 6: What pairs of values are stored in an ARP cache? examine the contents of frames to try to guess the
What values from a received frame need to be examined to val- state of these connections. is requires looking at
idate an ARP cache entry? the details of the UDP and TCP layers to detect when
connections are set up and the corresponding port
numbers.
DHCP Exercise 8: A host with a (private) address 192.168.1.10 is be-
hind a NAT router with an (public) address of 172.12.192.15.
e Dynamic Host Configuration Protocol (DHCP) The host sends a frame to a host at address 74.125.225.113 re-
is used by a host to configure its IP network stack questing a web page. Show the source/destination address
including the IP address, DNS servers and gateway. pairs of the request and response frames on the private and
When a device boots up it broadcasts a DHCP re- public sides of the router.
quest. A DHCP server in the same network segment
then responds to the request with a DHCP response
frame containing the network configuration infor- Domain Name System
mation for that particular host.
DHCP is an IP protocol so the broadcast destina- e Domain Name System (DNS) is a distributed
tion is the IP broadcast address (255.255.255.255). database whose main purpose is to convert human-
Exercise 7: When a host boots up, what must it send out first, readable domain names into IP addresses. e
an ARP request or a DHCP request? database is arranged as a hierarchy that mirrors the
Small ad-hoc networks may not have DHCP hierarchical structure of domain names. For exam-
servers. In this case hosts may select a “link-local” ple, the DNS (or “name”) server for the .ca domain
address at random from the 169.254.0.0/16 network holds the address of the DNS server for the bcit.ca
and use ARP to confirm that the address is not already DNS server, not the addresses of the hosts in the
in use. bcit.ca domain. e DNS server for bcit.ca will
contain the IP address of the host learn.bcit.ca
and (possibly) the address of the DNS server for the
Private Addresses
domain learn.bcit.ca.
In many cases networks and their hosts do not need When a host needs to look up the IP address corre-
to be reachable from the public internet. Certain net- sponding to a domain name it sends a DNS query to
work addresses are reserved for these networks. For its configured DNS server which the performs a re-
example, the networks 10.0.0.0/8 and 192.168.0.0/16 cursive DNS lookup by travelling down the domain
are private and cannot be routed over the Internet. name hierarchy one level at a time. At each level it
looks up the address of the responsible DNS server
and queries it for either the IP address of the host or
NAT IP address of the DNS server for the next level down
in the domain name hierarchy.
However, hosts in private networks oen want to be Caching of results greatly reduces DNS overhead.
able to reach other hosts on the internet (they want e DNS servers for top-level domains (e.g. .com)
to “call out” although no-one should be able to “call- are run by companies that have been given contracts
in”). is is accomplished through a fairly complex to run these root DNS servers in exchange for collect-
network address translation (NAT) process at a router ing fees (about $10 per domain name per year) from
that has a public and a private interface. entities registering domain names.
A NAT router translates the destination address of Exercise 9: Can a host’s DNS server be configured using a host
frames coming in and the source address of frames name? Why or why not? Assuming a host has an empty DNS
going out of the private network. e requires the cache, what queries would it generate to look up the IP address
NAT router to have some way of determining which of the host mx.bcit.ca?
public-private IP address pairs which are “connected”
even though although IP is normally considered a
connectionless protocol. is requires that the router