the internet protocol or as I like to call it the vehicle of the internet.

You see
guys, anything you do when you send a request to the back end from the client or
the backend response back any protocol eventually regardless what's the protocol is
that data will eventually sit into something called an IP packet. The destination
is the IP address for the destination and the source is where it come from. At that
layer, we don't know anything about ports. We don't know anything about headers,
HTTP headers or encryption, nothing. The job is, hey, here's a bunch of data. The
data can be encrypted. Could be gRPC, could be UDP, could be TCP, could be a
Postgress response from a SQL, all will fit into an IP packet. So and and this is
this will be the the topic of this lecture. So this lecture is basically taken a
collection of lectures from my networking course and then combined them into a
single lecture for your for for ease of consumption effectively. I hope you enjoy
it. Let's get into it. The IP building blocks and I named it this way because I
think these are the basic you know building blocks that we need to understand in
order to understand the IP protocol you know trying to demystify this as much as
possible what happen when you actually route a packet what happen when I send the
packet now I'm mentioning the word packet here guys and I want you in your brains
to think about what a packet is is the layer three now when I say packet is layer
three that means it's a bunch of data with destination IP address with source IP
address That's it. With other headers, but we don't care now, right? But that's it.
Ports, I don't care. Port. Yeah, there there is ports inside it. There is the JSON,
the data, the HTTP, all this stuff inside this IP packet. But to the routers, it's
just an IP packet. And that's the beauty of this whole OSI thing, you know, if you
think about it. Let's jump into it. IP address, it's a layer three property. We
talked about this. It can be set automatically or statically statically. Right? And
this is the DHCP thing. Not going to talk about it. But the idea is the IP address
can be assigned. You know, this is where a network engineering course actual course
detailed will be valuable. You know, talking about okay, how is the DHCP work? How
is the assigning? This is a network level thing, you know, networking uh network
engineering kind of a thing, you know, just a little bit more detail. So, I won't
go into that level of detail because hey, I as long as I have an IP address, I'm
good. I'm not tr troubleshooting my network. You know there are the network
engineers who are you know wellversed and uh adept in that particular thing you
know troubleshooting and oh IP DHCP and how does it work it's a protocol and so
right maybe I will change my mind and add a lecture for it in the future who knows
but yeah the IP address can be assigned automatically or you can statically fix it
on your machine no And it has I we talked about this it has a network part and a
host portion. The IP address is a four bytes and it's going to be V4 and it's more
than that. IPv6 not going to talk about IPv6 in this course. Maybe in the future
I'm going to add more. No, let's just keep it lower a little bit, right? There's so
much content as is. We'll add more stuff in the future. But yeah, 32 bits, right?
And there's two portion the A C D. The A A B C D is this is the first by second by
third by fourth by and slash X and I want you to understand the slash X right the X
here is the network bits and the what remains are the host and here's an example
yeah if I say 12 192168.254.0/24 that means the first 24 bit which is 888 that's 24
these puppies are the network portion and This left bite alone, the fourth bite in
this case is the host. That means I can have up to 255 host, right? While I can
have up to whatever 2 to the^ 24 networks, you know, the first 24 bit, three bytes
are network host. The rest are eight for the host. Just talked about this. This
means we can have up to two to the power 24. Look at how many networks do you want?
Do we really need this much networks? Ask yourself again if you you're a network
administrator that's that's one part of the your job and this is not something we
usually do as a backend engineer we build applications we need to understand how
the packets are delivered but configuring the network is something really is better
left to the network engineer who this is their bread and butter as they say right
like how many network do I need oh do I need slash24 a little bit too much let me
let me reduce that I need more host than networks actually and you can play with
that this is a word by itself that's why I really mentioned that that this course
is not really for adept network engineer won't won't teach you all these low-level
stuff you know CCNA and passing all these exams no this is actually designed
designed for us software engineers who want to understand the network it's a bridge
no after that if you're really interested in networking you might take an actual
networking course and you might have a actually a better you know uh better luck
with it if you want if you think about it cuz now you get understand the high level
stuff and each of these network will have 255 host and this is also called a subnet
if you ever heard about this subnet because of a subnet subnet mask very critical
concept so if I do 1921 168 to 254.0/24 this is also called a subnet and the subnet
must have a subnet mask so if you the subnet mask is used if you're sending an IP
pack you know and you have an IP address and you want to know that is this IP
address that I'm about to send to belong to my subnet or not to answer that
particular question because that question will will be forked into two you know
logics it's like if it's in my subnet do this if it's not in my subnet do that
right if it's in my subnet you can use the MAC address to send it directly back to
the host to host communication. Just use the MAC address to send it directly
because it's literally in the same network as you, you know, while if it's not in
your subnet, all best off. You need to talk to someone who knows how to route this.
And usually this is usually called a router or a gateway. That's why you have a
gateway IP address. In every network you assign there's a gateway IP address.
That's when things are unclear. Hey, where do I know that? I don't know. send it to
the gateway. Subnet mask is used to determine whether an IP is in the same subnet
or not. Default gateway, we just talked about this, right? Default gateway. Most
networks consist of host and a default gateway. So you have a network and you have
a bunch of hosts, right? In that network up to whatever the host bits you are
allowed to have in that network. And there must be one of those host must be a
gateway. Why? Because those host if they want to talk to some outside of their
subnet, they need to talk to the gateway. The gateway is just another device that
happen to have two network interfaces. One network that is assigned to belong to
this network and another network that belongs to another network or maybe three or
four or five or six. These border routers have hundreds of networks. You know, they
can talk to many other networks. So, host A can actually talk to host B directly if
they are both in the same network, you know, same subnet effectively. and they use
the MAC address for that right uh otherwise if A doesn't know how to talk to B if
it's B is not in a subnet and it can find out by using the subnet mask we're going
to give an example guys don't worry now in a minute otherwise A sends it to someone
who might know the gateway the gateway might not know by the way right because the
gateway eventually might talk to another gateway that might know you know you get
the point right it's an elegant design I absolutely love it The gateway has an IP
address on each and each host should know its gateway, right? And it's also have
multiple IP addresses depending on how many networks it talks to. Hey, find an
example and I'm going to disappear here so you can see the whole picture. All
right, so host 192.168.13 wants to talk to 192.168.1.2. To talk, I I use the word
talk here. I really literally mean sending data. sending packets which to translate
it to application client front end back end speak we're sending an HTTP request for
example you know that's talking right assuming.1.2 is actually a server and 1.3 is
actually a client in this case or you want to send a curl request or you do an SSH
server that's what talks really mean at the end of the day SSH or not HTTP DNS all
of these fits into a nice tucked in IP packet which has a destination IP and the
source IP and that's the beauty of this routers don't care about the protocol some
routers of unfortunately do they look at the content they block certain protocols
but most don't you know but let's let's take a look 192168.13 want to talk to first
a question try to answer are you in my subnet it applies a subnet mass to itself
and the destination IP address. What subnet mask? Its own subnet mask, right?
Because that's the only thing it has. It doesn't have the subnet mask of the other
machine. It doesn't need it actually. It needs the subnet mask of you, which you
have, right? You can go to your network. You're going to have three things. Your IP
address, your subnet mask, and your gateway. Without these, you are you cannot do
anything. You're you're you're basically dead in the water. You cannot connect with
anyone, right? You need these three pieces. So, you take this guy do the 255 255
255.0 apply that right if you do the normal and operator you know this is ones all
of these are ones 255 the ones right and this is zero uh ones and anything one uh
if you end anything with a one becomes the same value so when you end these bits
right this
is simple bite operations anything that you end with a one becomes the same value
right so 192 becomes remains 192 168 with 255 becomes 19 because the at the end of
the day these are one one I wish I I I built the bit map for you guys but you get
an idea right 1 one one one and these are actual bits like one zero whatever right
so anything you end is going to become the same value right 255 and one becomes one
and there's the most important thing zero and anything is zero right if you end
anything with zero just nulls it out right so zero and three is zero. All right,
let's apply to the second IP address. 2 and Z 2 and 0 is zero. And this is the
output from this the second IP address. This is output from 192.168.10 192.611.1.0.
These are the same subnet. And that question leads to the first branch that we
talked about which no need to route. I don't need to route it. I don't need you
guys. Uh I I don't need this guy. I actually do because it's a switch in this case.
It's playing as a switch. We're going to talk about it in a minute. So, I'm sending
this data to my router, but the router is is just going up to layer 2 in this case.
It doesn't need the IP address. Why? Because it is in the same subnet, right? I
believe maybe the router will go to the layer and looks at the IP address, but it
is the same IP address, right? So, in this case, it will just, hey, look at the MAC
address. It say, all right, uh, this MAC address is actually on this port. Boom.
Let's send it right here. So the router will act as as a switch in this case. So
we'll look it really need just layer 2 in this particular case. And this is by the
way the second network. We're going to come to that. All right, let's spice things
up a little bit. 192.168.13 wants to talk to 192.168.2.2. This guy, this guy want
to talk to this guy. Well, it's a different network, right? How did I know? Well,
apply the mask. And all of a sudden you know that this is 192160.1 I I I being 13
IMI I right uh this is my network the guy I want to talk to is 2.0 different subnet
I don't know what to do this is different subnet I need to route it to someone who
does the packet is sent to the default gateway my default gateway is 192.168.100
now You need to send the packet to the router and guess what you need at this is
now loops back to the first scenario where you're sending host to host directly.
Now you're as if sending the packet itself destined to this guy but the MAC address
right is the router. And here's where every attack possible happens. This is called
R poisoning. If someone here pretend to be the router, then all the packets can go
through it. And that's how R poisoning happen. That's another topic for another
day, right? Because the MAC addresses is I need to know what is the MAC address of
my router because now I need to send the packet to my router, right? And my router
is in my sub the same subnet as I am, right? I send this to the router and the
router turns around and understand and that hey okay where is this guy 192 so the
router has actually another IP address on the other end 192.168.200 right so router
lives double lives you know it lives two lives you know that's uh that's what it
does you know so it's living two lives effectively it's a it's an it's an address
here and it's an address here so it's living it's it literally has two
representations so this can't talk to this and this can't talk to this and that's
how this is how Basically it is done. All right, let's summarize. So talked about
what an IP address is, talked about what is the difference between a network
portion and the host portion and you can know what is your network today if you
want and you can know how many host can possibly happen and you can configure your
router to assign more or less host right based on that. And uh we talked about the
subnet we about the subnet mask very very critical concept to understand um We're
going to talk about more why this is critical in the in the final section actually
where if your database is actually in a different subnet than your backend
application then IP packets that are in form of TCP connection request you know
from your backend application to the database is going through the router and if
this router is congested then you're going to see delays So this is a little bit of
a tease and uh spoiler alert you know to that section but that's one of the thing
that just makes sense. Do not put your database in a different subnet. You know
sometimes it's not that bad to be honest. It's it's it it's okay to put in a
different subnet but what happen if this router is so congested if it's if it's
talking to thousands of the networks right or or so many networks and so many host
it's routing packets then There might be chances where the router will buffer will
fill down and your beautiful SQL statement request which will transmit to multiple
segments will be posed in the router and will never reach the database until few
millisecond later and you'll see those delays and you know why I do have delays in
my backend application that's just tiny something tiny and this is immediately you
understand it because now they understand what is actually be happening. Now go
check your backend configuration. Do you have your database different than your uh
your application? Put in the subnet because it it cost you nothing. Right? In this
case, put a switch put an actual switch. This is where network configuration comes
into the picture actually. Right? Where you're going to put an actual network
switch and you talk a high performant network switch and you put the database and
the application talking to this switch. The the the application has no business
talking to the router right don't use the router to route application packets to
your as a switch you know that's just a cheap switch at this end right I routers is
not they're are not designed to be switches that's why those high performance
switches are cost a lot of money enterprise switches you know again I I'm not very
versed on this but if you really want to go to that level that's a network
engineering bread and butter you know that's where And that's where we I want to I
want to bridge the gap. That's what I'm talking about guys. Back in engineer the
moment you understand this you will ask the network engineer to do this
configuration for you because the network engineer have no idea what you want right
because they know everything but they don't know what you want right so if you are
a network engineer and you took the course thank you but you now understand the
requirements right but now we're bridging this gap. We're closing the wound as they
say. But yeah, and the default gateway, the concept of the default gateway is al
also has been explained in this lecture. How about we jump into it and move to the
next lecture or the first lecture of the IP packet RP thing. You know there's
there's so much so much to discuss here. Let's jump into it. Now that we have
discussed the building blocks of the internet protocol itself, um I'd like to go
and take a moment to take the lid off of this and dive into the IP packet itself.
This is the anatomy of the IP packet. Let's jump into it. All right, the IP packet.
The anatomy of the IP packet itself. You know, we're now we're going a little bit
deeper. We've always as backend engineers and front end engineers, we always look
at the IP packet as just a bunch of data with a target IP address and a source IP
address as at least I always visualize it this way but it's it's critical to
understand certain pieces not all really what I believe there are certain important
information about the IP packet itself and this is what the lect what this lecture
is about so what is the IP packet IP packet has headers and data sections two
sections the data and the header most of the time we really care about the data we
don't really care about the headers but If you want to debug certain problems or
understand certain situations, you need to dive into this thing, one more important
thing to understand is the size of the packet and headers come into the picture. If
you add 20 extra byte, that's the IP header. By the way, 20 byte extra to your
data, that is a 20 byt that you that's not really your data. It's it's the cost of
doing business. ly and guess what this can go up to 60 bytes if there are certain
options are enabled. So uh I believe those options are not always enabled but if
they are you can go up to 60 bytes for a certain packet. So it is really important
for these certain algorithms to kick in to save on sending like a single bite of
packet you know with 20 header 20 bytes header. It's just a waste of time you know
it's just a waste of resources to send a single bite and then attach a 20 byte uh
header to it. So that's what algorithm like Nigel algorithm and delayed
acknowledgement try to solve effectively you know try not to send your ls command
through SSH as a single packet it's just a waste you know but sometimes you can't
escape that you know that's what we have the latest section can go up to 65 536 you
know and that's because uh the length of the data itself is is 16 bit. So you can
only address up to 16 bit worth of content. That's equ equivalent to 65,000. And to
be honest, I never seen a an an IP packet that large at all because uh if you think
about it, right, and uh we're going to talk about this in later sections. Uh
there's something called the MTU, right? Which is the maximum transmission unit. So
maximum transmission unit in the internet is 1500. So what packet and avoid all the
ideas of fragmentations, you can't really shove more than 1500 worth of NIP packet
without fragmentation. So seeing that maybe in a cloud in Amazon where is like
custommade hardware with MTUs, I don't know a gigabyte gigabit MTUs that I don't
know if that's even possible, but that will
reach that. But to to me, you you will never reach that in single P packets is
almost the average is 1500 bytes maybe 9,000 certain situation but that's in jumbo
frames but that's pretty much it. So yeah uh I always like to add this IP packet to
a backend engineer it's a bunch of data destination IP address source IP address I
for the longest time I always look at the IP packet like this you know and
effectively like this the right hand side has the destination and this left hand
side is the source IP address it doesn't look like this on on paper, right? But I
personally like to do it this way because it it fits like a a matrusa doll, if you
will. You know, IP packets fit into the frame. The the segment fits into the data
and so on, right? I just like it to this way. But here is how the actual IP packet
looked like. Scary, isn't it? So, this is how it actually looks like. You know, the
IP packet itself. And these are the references you can is that this is the RFC of
the IP protocol you know the inter protocol and this is the Wikipedia uh that
explains you know have a summary of all that stuff uh what what are we looking at
here um this is you know horizontally from 0 to 31 is then is is four bytes you
know so this is eight bits eight bits eight bits eight bits you know this is how
it's organized so four bytes in the first row four bytes on the second row, four
byt on the third row, four byt on the fifth row and fourth byte on the final one.
So if you multiply by four by five rows that gives you 20 bytes that we talked
about. So this is the options and this is determined by the internet head length.
We're going to talk about it in a minute. Uh by default this is five which which
explains these five bytes you know five rows and if it goes more than that then
that will define the length of the options effectively and this goes up to 60. Now
we're going to talk about it. So we can add stuff to these options, you know, and
and this is good. Those guys, whoever defined the IP protocol, they defined it in a
way to make it extensible. Unfortunately, from what I read is some routers
effectively block the options for some reason, you know, because it's dangerous or
whatever. So this is sometimes getting blocked, you know, that's the sad thing
about the internet. Not everybody follows the rules. as a result uh you don't get
predictable. So otherwise I as a backend engineer I would have definitely used the
IP packet to sh to sneak in data my own data in the packet itself. Imagine that how
cool this is you know we always build on top of you know protocols on top of TCB on
top of HTTP2 we build protocols on top of protocols and we forgot how that this is
available for us you know as programmers we can write a packet and we can send
options, right? Unfortunately, do do you guarantee that these options are arrive
safely? I don't know. Apparently, not, you know, cuz the these options sometimes
are dropped. But it's pretty cool if you think about it. I don't know if these are
user set or not, but uh regardless, this is the data portion we talked about. This
goes up to 65 kilobytes, you know, 64 kilobytes to be specific, you know, and uh
let's go through this version. What's the version of this is either four or six. We
don't have other versions of the IP protocol, right? So, this is either four
specific bits. We have 0 1 2 3. We have four bits to describe that. A little bit of
an overkill if you think about it, right? Four bits. How how much is that? Is that
16 numbers, right? Because two eight exactly 15, right? That's a lot. So, they
envisioned like, hey, we we will go up to version 15 of the IP program. But sadly
these bits are never used, you know, cuz we only use four or six, you know. So we
never use the other bits. So it's a waste. But yeah, that's what we have today. Uh
internet header length, we talked about this. This defines how long is the options.
And by default, IHL is five, I believe, right? And you can add more. So okay, I I
need I don't know 20 bytes, right, of options. And that will in that will allow the
router to read the options. or not. If this is five, it will read 1 2 3 4 5. It
will read these five uh rows, if you will. Uh total length, right? This uh
describes the total length of the whole thing. You know, this includes the data and
the header. So, and this is 16 bit as we talked about. So, 8 + 8. So, you can go up
to two to the power uh 16 which gives you the 65,000 bytes. And that des describes
not just the data, it's just have the whole header which is could be 20, you know,
do the do the math 20 to up to 60 based on the options if you have options there.
But yeah, uh fragmentation, this is really a powerful concept. Sadly, this is very
hard to get right and from what I know, most implementations actually uh uh are
frowned upon on fragmentation. Quick is a good example. Uh quick every packet in
quick the protocol you know disables IP fragmentation because it causes so all
sorts of things you know because now if if the packet is so large first of all
let's talk about what fragmentation really is. We we talked about MTU right the the
maximum transmission unit. Yeah. And uh you don't really need this so we can talk
about it right here. So we talk about the MTU right the maximum transmission unit
which is the frame size and we talked about the IP packet by default the IP packet
IP packet should fit nicely into a single frame and if it doesn't fit that means if
the IP packet is large for some reason let's say the MTU is 1500 and the IP packet
is 2,000 then that is called uh you have two options here the IP packet won't fit
in the frame you have two options You can either tell the client whoever sent this
packet, hey MTU too too small. I can't fit this large packet that you sent in in
that MTU fail. It will send a message. How does it send a message? We talked about
the ICMP protocol. The internet control message protocol. Messages are sent through
this protocol. Paying trace routes things like that through the IP vehicle will say
hey I can't f this packet is too large. Right? That is only if You said that don't
fragment bit. But the other option is fragment this thing. The IP packet 2,000. All
right, let's put 1500 in one frame and the 500 goes to another frame. So you have
one IP packet that have been fragmented into two frames. So those frames will be
sent as two frames. So one packet, two frames. The two frames will arrive. Guess
what? Not not necessarily in order. So the host has to understand that this frame
belongs to something that is fragmented and try to assemble. So there is assemblage
that needs to require assembling the fragment is one of the most dangerous things
right security-wise and uh just because people can fake fragmentation you know and
then uh I won't go into details on this but plus it's it's it's cost that is on the
host side so you can fragment if you want Right? And this is how you do it. We're
going to talk about it. But uh if you do understand the consequences, one frame
might fail. You have to resend it. And how do you send just part of the fragment?
It's very complicated, right? That's why B you know what let's not let's not
fragment. Let's not hey if if you don't fit into a frame just fail. So that's the
responsibility of the client to send packet that they know This should fit in all
the MTUs that the network will pass through. Back to the slides. Actually, I can't
talk like this, huh? Yeah, because there's nothing here. So, yeah. Where the
identification? This is the ID of the fragment. So, if you have one packet that
fragments into four, so this is 1 2 3 four effectively, right? The identification
of the frag flags like hey uh should I fragment or should I not fragment? So, this
is a flag that literally tells the the the client whether the router or not to am I
supposed to break this big uh packet if the MTU is too small or not. So if there is
a DF I believe here a flag will tell you okay you can you can uh you you can
fragment it fragmented offset is the 0123 and this is the identification which is
the unique identifier of the uh fragment itself. No so the all of these are just
usually for for uh for photo fragmentation jumbo packets you can get into this as
well right if you have a large IP packets effectively time to live we're going to
talk about this as well right every IP packet has a bit actually eight bits you
know of a single bite that represent a counter and this is very interesting before
we talk about time to live we're going to talk about a problem cuz What do we do in
this course? We we always ask the question of why. Why does something exist? Why do
we need to fragment packets too large? Why do we have time to live? Because of the
idea of routing that we talked about in a while. The packet can go into different
routes, right? And they can end up into a situation where they will go into an
infinite loop. We go to this route, then this route, and this this router, and this
route, and then back to the same router, and they the packet can go infinitely and
you have no idea if you visit this because routers are not stateful you know they
don't save the state IP protocol is stateless you know they don't save the state of
that protocol like oh oh this packet was visited before unlike the layer layer 4
where we have states we have session we have all that stuff IP is just stateless no
IP packets just passing through so there is no state so how do I pro prevent
packets from roaming around the internet forever. Meet time to live TTL. You when
you send a packet, you say, "Okay, I estimate that this packet will live for 100
routes, right?" So you put a 100 here and you say go. This packet goes from you. It
reaches the host, you know, the gateway. Of course, if you're sending it to the
internet, it will go to your gateway, which is your router. the router will do
minus one
to the packet. So we'll the the IP packet will arrive at the physical layer will
be converted into a data link will be converted into a frame. The frames right will
be converted into IP packets you know one frame let's assume simplicity one frame
goes into single IP packet that's best best case scenario we have the IP packet and
the router takes that IP packet takes the time to live decrement by one and send it
again so it goes back to the RSI model and goes off to the internet and every one
of the routers and hosts that sees this packet decrements it that's the
responsibility that's the contract this way we kind of add the state right to the
packet you know if you if you program before you know the concept of stateless
versus stateful right stateless we have to send the information with the uh with
the request right the request in this case the IP packet right send it with it. So
the state always follows the data itself, you know, instead of saving it in the
host, right? So now if this time to live reach zero, whoever decremented it to zero
must uh stop, you know, must drop the packet and must send back an ICMP message.
ICMP shows again. That's why I explained it very critical. The ICMP protocol shows
up again says, "Yay, uh, packet timed out whatever you know I don't remember the
exact message and we'll say it will send it back to whomever uh was the the source
IP address and that is exactly how trace route works trace route works or route or
root same thing trace route or trace root you know I I believe the the British call
it routter yeah so routters you know the the routers right will decrement that
until it's reach to zero and then send a message to the source and says hey it's
done. So the trace route actually does it this way. It will set a very small time
to live and it will increment it and every time we pass a hop we reach the next hop
that router will tell us about its source IP address. So we know effectively we
trace the entire route. Obviously some routers disable ICMP altogether. Some
firewalls disable ICMP and if that is the case that's where you get the dot dot dot
dot and trace route you cannot basically trace it in that particular case. So
that's time to very very important concept how many hops can this packet survive
and this is usually 128 number or whatever you set it as a large number not too
large because eventually the the packet will live for a long time you know uh I
believe that whatever the default number is enough if you see your packet takes
more maybe longer path and they are dying maybe the client will increase that
number protocol you might say what protocol we know we are on the IP address no
this is the protocol of what is the content that is inside this data you know I was
find this when I first saw this like why that's kind of moot I have to define the
protocol and you have to know about my protocol I want to send just random data
doesn't have to be a protocol I I want to invent my own protocol. Are you going to
block me? Then I thought about this, right? It's like say, hey, just read the data
and figure out the protocol. That's why that's what that's the first thought that
came to my mind. Why do you need an extra eight bits waste, you know? Then I
thought about this. You know what? It's actually a good idea. This way the routers
don't have to parse the entire data. They can just read the 20 bytes header and
immediately figure out what is inside this and whether they should pull the data or
not. You know that's ingenious effectively. We always do this. You know this is
meta extra metadata to save performance and obviously probably decided to block or
want to do anything else you can just read this protocol. So a protocol could be
ICMP it come part of it whether this is TCP whether UDP whatever the content of the
IP the IP data itself that's the protocol here there's a list in in in Wikipedia I
believe I I can share it as well showing you every single protocol that protocol
support unspecified just I think there's like uh miscellaneous or something like
that you can put all that stuff here there's there's obviously a 8 bit so how many
do we have you can have up to 255 protocols but that's it source and destination IP
By far the most important pieces of metadata here, the header. Where are you going
and where are you coming from? Very important piece of information. Everybody can
fake source IP address. You know, you can try. That's why it's like, okay, oh, my
IP address has been spoofed. You know, you hear a lot of people, it's like uh it's
like, hey, oh, this is not Oh, this uh we've seen your IP address on our forums. Um
uh no. That was not me. My IP address was spoofed. I was like, "Yeah, like spoofing
is something easy to do, huh?" Spoofing is the idea of changing the source. Every
packet that you send, right, from your machine, you effectively change the source
IP address to be something else. You can do that, right? But guess what? Your ISP,
the packet, the IP will go through the routers and the first router it hits, the
major router. What is which what's what's the first major router? It's your ISP
because that's the your link to the internet and it will say say hey my source IP
address actually whatever that guy you know you can put any number you want you can
you can write simple code that do that does that rewrites every single IP packet
write the source IP to be something else but your RSP ISP will call you out it's
like wait a minute that's not your source IP address I know your source IP address
I assigned it to you so your ISP blocks it. He says no, you cannot do that, right?
Unless un Yeah, every single internet provider will have this block. You know, you
cannot spoof anymore. You know, it's not easy to spoof IP addresses, you know,
unless you build your own ISP, which is I don't think it's impossible. You can do
it. And then you run your own ISP. You pay money to link yourself to the internet.
Yeah, you can spoof all you want then. But even if you spoof, then how how would
you get responses back? Because That's what is used to get responses you know. So
yeah destination IP is where you going source is where you're coming from very
critical and these are as we talked about four bytes and because this is what this
is the IPv4 right explicit congestion notification we're going to talk about about
this more on the TCP section but this bit is effectively is is from an so from a
lower layer or an upper layer from an upper layer this bit is sit by the router and
this is what it means. Explicit congestion notification. Before we talked about
except congestion notification uh and again we talk about this in details in the
future but doesn't hurt to talk about it now. Uh congestion is when packets start
to drop. You know IP packets will be arrived at routers like floods. You know
everybody send data everybody I am as I speak I'm sending data this is not live
stream but you get the point and if you're playing this packets are coming through
routers you know at the end of the day routers to process these packets they need a
certain amount of memory called a buffer to put the packets in this memory fills up
if it fills up if you have too many packets or your router is slower like it does a
lot of stuff to parse more work means more time more time means Q will go longer
and the buffer will fill. If the buffer fills that means you cannot accept more
packets that means you have to drop incoming packets. Any packets that comes the
controller of the router will drop the packet. And when that happens that indicates
something called congestion. That means hey the network is congested or these
routers are are having a having a hard time processing packets. Stop. So there's a
whole solution to conjunction. control control the traffic in the internet and
that's called congestion control. Uh for the longest time routers always drop the
packets hey drop the packet I don't care that's it doesn't even send any message or
anything like that just say drop it and leave it alone you know it doesn't even
send an ICMP message I don't think so the client have to guess is like okay my
packet had timed out I don't see an acknowledgement I'm going to assume it's uh
it's dropped and I'm going to assume con That's what happens. It's a waste because
that timeout is so long and we're way we need better communication. Meet ex
explicit congestion notification. The router when their buffer fills up because
they are IP packets. They only deal with layer three packets. They will take this
packet and says I'm about to drop this and my bucket is full but wait a minute. I'm
going to actually I'm going to actually not drop it. Um my is about to fill. I know
it's going to fill. ECN, set the bit to one, right? Whatever. Set it to true. Boom.
Notification. I'm about to get filled. And then it will actually process. So the
receiver will see that bit. So, oh, oh, someone actually some of the routers
experience congestion. I better tell the uh I better tell the receiver. And so the
TCP layer takes controls. Whoa, whoa, we experience congestion. and then the client
will start communicating at the higher levels in the TCP transport layer and say
okay we experience congestion. So the beauty here is with this small change we
manage to notify the both the client and the server right the the server will reply
back to the client with the same bit so everybody will know eventually and and they
just managed to know that there's congestion without any packets getting dropped
beautiful design I absolutely Ely love how elegant such small two bits can do right
and to be honest I don't know why do we have two bits right we can go into more
detail if you want but this is the gist of it beautiful I absolutely love this
stuff you know we can learn so much as backend engineer from these elegant designs
you know cuz we waste so
much when we build applications we build all sort of you know we allocate arrays
like thousand thousands and thousands of byes. Jason bloated Jason. We duplicate
keys all around. We took duplicate responses from the database. We put it
everywhere. We sent information we don't need. So all of this stuff really hurts me
when I see a response from an API that h that we just got back up. You know, we we
send the same value over and over again. Uh these kind of things makes me know back
in the old days. They had a limit to work with and they appreciate this limit.
Today engineers we don't have a limit. RAM what is RAM? I don't care. I have 700
gabyte RAM. I don't care. Let me allocate everything I want. And unfortunately we
lost that you know source of scarcity. This is just me ranting. And that's pretty
much this is the most important thing that I I like to explain and when it comes to
um the header the IP of the header all right how about we summarize this IP packet
the IP packet is one of more elegant you know uh anatomy there is you know the
packet has headers it's 20 bytes can go up to 60 if you have options and IHL is
enabled data section can go to 65,000 bytes I never seen such such a packet that
large because there is no MTU that fits it First of all, you know, so you can argue
that, hey, 16 bit is actually too much. But you never know, maybe in Amazon clown
uh clown Amazon cloud or Microsoft Azure or Google, they build their own network
interface with a large MTU that can effectively be 65,000. Who knows? They don't
share this information with us. So if you have that such a large frame, you can s
send one IP large IP packet and then fits it in a single frame. Now I don't know
the limitations of that and what can what can go wrong with that. Probably people
tried it but definitely will decrease the latency right if you have your own
network that all of these devices are tightly high bandwidth network I'm not going
to the internet just between me it's on my own backend the database connect to the
to the backend application and all they are I don't know 100 gigabit Ethernet and
MTUs 65K MTUs and and I'm going to use that. Sure, you're not going to the
internet. So, this is tightly local area network. So, you're optimizing the heck
out of everything. So, I'd like to see this one day. So, if someone if there is an
article or something, I would love to read if someone actually taking advantage of
or if there is any limitation when it comes to MTU sizes. Uh we talked about
packets need to be get fragmented. if it doesn't fit a frame unless you set the bit
that says hey don't fragment my the flag that we talked about hey don't fragment
and if you don't fragment then if the packet is too large for them to use we fail
we drop a packet and we tell the client hey we couldn't fragment your stuff because
you told us don't fragment right and that's where ICMP uh actually this is where a
black hole connection can happen we're going to talk about this as well in the
future black hole TCP connection google that All right, that was the IP packet. How
I'm moving to the next lecture. All right, guys. Uh, ICMP is one of the most
critical protocols that lives in layer 3. And uh, we talked about it a lot, but
this is where we actually explain it. Uh, if you ever used ping, that's MP. If you
ever use trace route, that's ICMP. We're going to demystify this protocol and talk
about how critical this thing is. How about we jump into it? So, ICMP stand for the
internet control message protocol and lives in layer 3. That means what does that
mean? It means only there is a destination and source IPA. There is no concept of
ports at that layer. There's no ports. There are no ports. So it's just for
information messages between host. Beautiful. Now just very critical. That's why
when I now we have the same language, we talk the same language. When I say layer
three, you understand what that means. When I Layer 4 immediately ports. Think of
ports, you know, think of TCP, think of congestion control, think of that stuff.
We're going to become more clear as the course goes. Design forformational
messages. Host unreachable. Hey, you send a message to a host that doesn't exist.
ICMP port unreachable. Although port is a layer four concept, the ICMP is a layer
three concept that is sent back from the server. So if you try to reach uh a port
on a server that doesn't exist, it will send an ICMP message back if that's enabled
and will say, "Hey, port unreachable host unreachable. Fragmentation needed." We
spent five minutes talking about that, right? Fragmentation. Hey, you need to
fragment your packet because it's too large for them to use. Packet expiry infinite
loop and routers like, "Hey, this is the time to live thing that we talked about,
right? Time to live. We can keep in decrementing decrementing decrementing until it
reaches the hit and then hey packet expired it's zero it's dead you send an ICMP
message so all the time uses IP directly ping and trace route uses it we talked
about that doesn't it doesn't require listeners or port to be opened I love to add
these kind of concept you'll never find anything else this because a lot of people
take this for granted but I like to kind of emphasize these point there is no port
to listen to the ICMP messages. You know, you can send an ICMP message anytime you
want as long as the host itself enables ICMP. That means me IP packeted with IP
packets with the protocol set to ICMP. No ports, nothing like that. You can send
these echo messages all you want. You know, this is how the ICMP header looks like.
This is the basically I took this from the RFC 792. Can look at the ICMP message.
Very simple, you know. It is a four byte for octed as they say it right the one by
two byte three bytes. So there's a bite for the code obviously there you have you
can have up to 255 code right type of the message think is this is the type this is
the subtype if you will you know and there's like a list of everything here and all
the list is here effectively check some uh whether this message was corrupted or
not rest of the headers you know some firewalls block ICMP for security reasons you
know a lot of you know that's the sad thing about the internet you know you build
something cool you we can't have nice things in the internet you build nice things
and attackers find an exploit to use ICMP for bad thing you know uh some people
used it for to do flooding attacks you know to flood ICMP messages to certain
servers some use it some some some used it for back channel attacks to kind of
probe the server if it has to find certain ports that are enabled you know it's
just Uh, some firewalls actually block ICMP or some some some firewalls time out
ICMP messages like, okay, hey, you can't you're doing a lot of ICMP request right
now. So, I'm going to time you out for a for example. This is why ping might not
work in these cases. So, ever wondered that you're pinging a machine that you
absolutely know it's alive, but you your ping is not going through. It could be
that it's not going through because the host is not available. But most of the time
ping one of the packets right the routers that you're going your ping is going
through your IP pack because ping is just an IP packet that has ICMP. It's really
nothing nothing uh fancy there. And what it does is is like hey uh one of those
routers dropped the IP because IP packet because ICMP is blocked. So disabling ICMP
can also cause real damage with connection establish. ment this is called the TCP
black hole effectively. So you would establish the connection right but then you
start so TCP three-way handshake is we're going to talk about it but it's it's tiny
you know the data you're sending is so sin and synac and act right but then so so
that passes because your packet IP pack is so tiny but the moment you start sending
real data right right and you say don't fragment and then one of the MTUs and the
devices are so small and you need to fragment the router will send will try to send
you a message ICMP message saying hey uh your your uh your IP packet is so large
for my MTU please make it smaller but guess what ICMP is is blocked right if it's
blocked you will never reach you will never get the ICMP message so all of a sudden
you see the TCP connection open but your data is not going through what the heck is
going on it's like you open a black hole that's literally what it's called TC EB
Black Hole. Google it, you know. And uh we're going to do a ping demo a little bit
in in a minute here. Let me let me ping something here. I'm going to ping. Ping is
available on literally every operating system. So let's let me ping something.
Let's ping 192168.254.254. This is actually my router. So if you see this ping will
send an ICMP sequence message, you know, and it will specify a TTL. Hey, we know
this stuff now, right? TTL time to 64 tit time to live iterations and it's sending
64 bytes right and this is the the time it takes from for the ICMP to reach this
router and from the router back to me and 6 millisecond if you think about this a
little bit slow my router is right over there why is it taking me maybe through the
Wi-Fi because I'm connected to the Wi-Fi but look at this sometimes 11 milliseconds
sometimes 12 that is nuts, you know, but this is the ICMP sequence. It's beautiful
to understand this stuff, right? So, ICMP, let's let's ping Google.com. ping
google.com. So, what ping does is like first of all, uh, ping only works with IP
addresses. Google.com is not IP address. So, it does a DNS, finds the IP address,
right? So, ping does more work here. Give me the IP address and now we ping it. And
uh, notice that it it decided to do a larger TTL, you know, just because the Google
I guess is farther. So it will estimate h let me put a larger uh TTL and this is
like look at this Google
is almost as close to my router. It's like 12 minute 9 millisecond and my router
is 6 millisecond. I really need to check like why is my router is so slow and I
need maybe to upgrade my router you know but this is this is a really interesting
sound. Okay, back to the slides. All right ping this is how thing works, right? Uh
this is the destination server, right? Let's explain what this beautiful diagram
that I spent so much time trying to draw because I'm not a very good animator,
right? As you might have noticed already. So 192168.100 is the first router 300 is
the second router. So this is an a network. This is a network and these are their
puppy devices for that network. One 68 the 500 these are the network and these are
the devices 1000 this is another network so we're connected we're connecting many
networks together so as we talked about this router belongs to two networks right
this guy and this guy this router belong to two networks this router belong to two
network this router to belong to one network right and this is just one of the
devices so if I send a packet what do we do is like I send a TTL00 ICMP echo
request that's what it means right hey I want to go to 192.16810.3 so this guy
192.168.1.3 we do all the shebang that we talked about you know do the subnet mask
are you in my subnet no you're not let me send it right and with the me the packet
will reach there and we're going to decrement all the TTLs right so from 100 we
reach 96 so 1 2 3 4 right makes sense right and I'm not sure if the host actually
decrement that or not we can we can can uh study that and make sure that okay that
is it 95 or 96 I I I I really don't know but I know the routers decrement the TTLS
so we reach that so that's that's how ping worked so we got the echo the server if
it supports ICMP it will respond back with an ICMP echo reply again reset the TTL
uh the source the destination is 192.168.13 and the source is 10.3 uh do all the
subnet mask shebang and then boom, send it over and uh we get it. That's how ping
works. Let's go a ping that is unreachable. I'm sending to 1916.103 which is right
there and 1926.1.13 right? But look at the TTL I just set it to three specifically
just to time it out for for testing reasons here. So it reaches here it becomes
two. The packet reaches here the router determines it becomes comes one right
reaches here the router decrees it becomes zero this is wait a minute it's not
reachable I have to drop it so the router before it drops it it drops it and then
sends a an ICMP destination unreachable ICMP message because just an IP packet it's
just an IP packet that's a beauty everything is just an IP packet to the layer
three routers here we're sending all this beautiful stuff man 192168.13. Uh target
is where I want you to send it back to Yeah, look at this. We're sending We're
sending to whoever the source was. But who's the source here? Now the source
becomes this router 192.16.500. So now look at this. So now we got the the machine
got back uh another packet but it knows who sent it. This is the whole
implementation of tri route because the because the TTL dies right here and because
the router sends back an ICMP destination unreachable or whatever. Uh what happens
here is effectively the we know who sent this right we know where the packet dies
and that's beautiful meet trace route or root Can you identify the entire path your
IP packet takes? That's the question. Trace route, right? Answer. Clever use of
TTL. Right? And now, now you probably understand. We can explain it a lot.
Increment TTL slowly and you will get the router IP address for each hop. So start
with a one. You're going to get immediate route because that will decrement it
reach zero and will immediately respond back with an ICMP message. Right? Doesn't
always work as the path chang. changes, right? And ICMP might be blocked, right?
That's the problem here because if ICMP is blocked, you're done. You cannot do
anything. But the other thing is your packet might take one route, but the second
TTL that you send might take another route. So you might get the wrong result. So
trace route is not really 100% correct. And here's an animation I did for the trace
route. So what do you do is we send a TTL You saw this animation. I'm going to do
it again because I want you to appreciate my beautiful animation. Look at this.
TTL1. We send it one echo. Send it to that destination. And then immediately we get
response from who? 1 says destination unreachable man. Why? Because we set it as
one. Immediately documented and we're done. So now we know that my packet passed
through this guy. All right. Let me two. Now it survives the first router minus
one. It doesn't survive the second because minus one and then minus one become
zero, right? Because you send two and then it dies right here. And now we get the
second router. So we have the first that's this is how trace route works. We know
the first hop is this. The second hop is this. All right. What's the third hop?
Let's put three. Then boom boom boom. Right? We get this four. we get it here. And
then finally five, we're going to get an echo reply from the actual one. That
means, hey, we actually found the destination, right? And that's pretty much it,
you know. How about we do a demo? Good. Clear. Uh, trace RT. I I believe it's in
Windows called trace RT. In in Mac and Linux called trace route. So, trace
route.google.com. Let's do something else. I have another network here. If I trace
route my router, that's kind of pointless because there's only one hub, but let's
do it. Exactly. So, my gateway is immediately that, right? So, that's that's that's
kind of pointless. But let's uh trace out uh Yeah, let's trace out another machine.
Do I have another machine? I believe I do. All right, let's try this. Uh I'm going
to trace route my other Mac book right here at 254.10, I believe. Right. And
immediately, look at That's beauty. So trace route to this, right? We immediately
go to that, right? There is no other hop despite us actually going through the
router because guess what? We have to go through the router to reach my packet. But
my router here acted like a switch, right? If it acts like a switch, it goes all up
to what? Layer two. So it never actually reaches layer three. So there is no TTL.
The TTL doesn't get affected if you're sending something to the same or very
critical to understand here, right? Very very very important. Uh let's try out
something I guess in in another network. Can you hear me? All right. Google.com.
Sure. Definitely the first hub now is a gateway because why uh 14250 72.142 is
definitely not in my subnet. Why? Because my subnet is 255 255 255 is not me. So
immediately we got to this probably I'm going to lock all this stuff because all of
this is my ISP and I don't want to show any of this stuff, right? Uh but it shows
probably everything here, right? It shows you all the path that it took all until
it reaches Google, right? So I'm going to block part of this here uh for security
reasons, but um so I'm going to block part of this stuff, but uh you can see that
eventually we reached the Google network here, right? All right. All right, how
about we summarize? So what is ICMP? It's an IP level protocol that is used to send
information back and forth. Very critical protocol. Fortunately, some routers, some
firewalls block it. And if it blocked that means you cannot ping, you cannot send
critical information messages. You can get into weird situations. Uh ping and trace
route uses it. Uh don't fragment fragmentation needed all these messages. Right. Uh
It will it used to tell you that whether your host is reachable or not you know
port is reachable or not you know and um that's basically it very critical
infrastructure fundamental first principle protocol that really need just to
understand it so that you can explain things better when when it happens you know
and in the future who knows maybe we can extend this ICMP messages cuz we have so
much tools in our you know as they shed. Uh, but we never use this thing. We always
build on top of other stuff, you know. I wonder if we can use the ICMP for our own
purposes. All right, on to the next lecture.