UNIT 3
IP header format
Unlike the post office, a router or computer cannot determine the size of a package without additional
information. A person can look at a letter or box and determine how big it is, but a router cannot. Therefore,
additional information is required at the IP layer, in addition to the source and destination IP addresses. Figure
3-12 is a logical representation of the information that is used at the IP layer to enable the delivery of el ectronic
data. This information is called a header, and is analogous to the addressing information on an envelope. A
header contains the information required to route data on the Internet, and has the same format regardless of
the type of data being sent. This is the same for an envelope where the address format is the same regardless
of the type of letter being sent.
Figure 3-12 - IP Header Format
The fields in the IP header and their descriptions are
Version - A 4-bit field that identifies the IP version being used. The current version is 4, and this version is
referred to as IPv4.
Length - A 4-bit field containing the length of the IP header in 32-bit increments. The minimum length of an
IP header is 20 bytes, or five 32-bit increments. The maximum length of an IP header is 24 bytes, or six 32-
bit increments. Therefore, the header length field should contain either 5 or 6.
� Type of Service (ToS) - The 8-bit ToS uses 3 bits for IP Precedence, 4 bits for ToS with the last bit not
being used. The 4-bit ToS field, although defined, has never been used.
IP Precedence - A 3-bit field used to identify the level of service a packet receives in the network.
Differentiated Services Code Point (DSCP) - A 6-bit field used to identify the level of service a packet
receives in the network. DSCP is a 3-bit expansion of IP precedence with the elimination of the ToS bits.
Total Length - Specifies the length of the IP packet that includes the IP header and the user data. The
length field is 2 bytes, so the maximum size of an IP packet is 216 – 1 or 65,535 bytes.
Identifier, Flags, and Fragment Offset - As an IP packet moves through the Internet, it might need to
cross a route that cannot handle the size of the packet. The packet will be divided, or fragmented, into
smaller packets and reassembled later. These fields are used to fragment and reassemble packets.
Time to Live (TTL) - It is possible for an IP packet to roam aimlessly around the Internet. If there is a
routing problem or a routing loop, then you don't want packets to be forwarded forever. A routing loop is
when a packet is continually routed through the same routers over and over. The TTL field is initially set to
a number and decremented by every router that is passed through. When TTL reaches 0 the packet is
discarded.
Protocol - In the layered protocol model, the layer that determines which application the data is from or
which application the data is for is indicated using the Protocol field. This field does not identify the
application, but identifies a protocol that sits above the IP layer that is used for application identification.
Header Checksum - A value calculated based on the contents of the IP header. Used to determine if any
errors have been introduced during transmission.
Source IP Address - 32-bit IP address of the sender.
Destination IP Address - 32-bit IP address of the intended recipient.
Options and Padding - A field that varies in length from 0 to a multiple of 32-bits. If the option values are
not a multiple of 32-bits, 0s are added or padded to ensure this field contains a multiple of 32 bits.
The IP Precedence field can be used to prioritize IP traffic. (See Table 3-9.) This is the same as the postal
system having different classes of mail such as priority, overnight, and 2-day delivery. Routers can choose to
use this field to give preferential treatment to certain types of IP traffic.
�RIP Protocol
RIP stands for Routing Information Protocol. RIP is an intra-domain routing protocol used within an
autonomous system. Here, intra-domain means routing the packets in a defined domain, for example, web
browsing within an institutional area. To understand the RIP protocol, our main focus is to know the structure
of the packet, how many fields it contains, and how these fields determine the routing table.
RIP uses the number of hops, or hop count, to determine the best possible route to a host or network. The
term hop count is also referred to as the metric. In RIP, a hop count of 16 means infinity, or that the destination
cannot be reached. This limits the longest path in the network that can be managed by RIP to 15 gateways
How does the RIP work?
If there are 8 routers in a network where Router 1 wants to send the data to Router 3. If the network is
configured with RIP, it will choose the route which has the least number of hops. There are three routes in the
above network, i.e., Route 1, Route 2, and Route 3. The Route 2 contains the least number of hops, i.e., 2 where
Route 1 contains 3 hops, and Route 3 contains 4 hops, so RIP will choose Route 2.
A RIP router broadcasts routing information to its directly connected networks every 30 seconds. It receives
updates from neighboring RIP routers every 30 seconds and uses the information contained in these upd ates
to maintain the routing table. If an update has not been received from a neighboring RIP router in 180 seconds,
a RIP router assumes that the neighboring RIP router is down, sets all routes through that router to a metric of
16 (infinity), and stops using those routes when routing IP packets. If an update has still not been received
from the neighboring RIP router after another 120 seconds, the RIP router deletes from the routing table all of
the routes through that neighboring RIP router.
�What is IGMP? | Internet Group Management Protocol
The Internet Group Management Protocol (IGMP) enables a group of networked devices to share the
same IP address and receive the same messages.
What is the Internet Group Management Protocol (IGMP)?
The Internet Group Management Protocol (IGMP) is a protocol that allows several devices to share one IP
address so they can all receive the same data. IGMP is a network layer protocol used to set up multicasting on
networks that use the Internet Protocol version 4 (IPv4). Specifically, IGMP allows devices to join a multicasting
group.
What is multicasting?
Multicasting is when a group of devices all receive the same messages or packets. Multicasting works by
sharing an IP address between multiple devices. Any network traffic directed at that IP address will reach all
devices that share the IP address, instead of just one device. This is much like when a group of employees all
receive company emails directed at a certain email alias.
�How does IGMP work?
Computers and other devices connected to a network use IGMP when they want to join a multicast group. A
router that supports IGMP listens to IGMP transmissions from devices in order to figure out which devices
belong to which multicast groups.
IGMP uses IP addresses that are set aside for multicasting. Multicast IP addresses are in the range between
224.0.0.0 and 239.255.255.255. (In contrast, anycast networks can use any regular IP address.) Each multicast
group shares one of these IP addresses. When a router receives a series of packets directed at the shared IP
address, it will duplicate those packets, sending copies to all members of the multicast group.IGMP multicast
groups can change at any time. A device can send an IGMP "join group" or "leave group" message at any
point.IGMP works directly on top of the Internet Protocol (IP). Each IGMP packet has both an IGMP header and
an IP header. Just like ICMP, IGMP does not use a transport layer protocol such as TCP or UDP.
ICMP
CMP, or Internet Control Message Protocol, is a network protocol that is used for error reporting and control
messages in IP networks. It allows devices on a network to communicate error messages and operational
information about network conditions. ICMP messages are typically generated by network devices, such as
routers, to indicate error conditions or to provide other information about network status.
IGMP, or Internet Group Management Protocol, is a network-layer protocol that is used by IP hosts to report
their multicast group memberships to any neighboring multicast routers. IP routers use it to learn which hosts
belong to a multicast group. IGMP is an integral part of IP multicast, which allows for the efficient delivery of
one-to-many communications.
ICMP and IGMP play important roles in maintaining IP network health and proper functioning. ICMP is used to
report errors and provide other information about network conditions, while IGMP is used to manage the
membership of hosts in multicast groups. Together, they help ensure that data is delivered reliably and
efficiently across networks.
Understanding the Role of ICMP in Networking
ICMP plays a vital role in maintaining the health and proper functioning of IP networks. It is used for error
reporting and control messages, allowing devices on a network to communicate information about network
conditions. Some of the main functions of ICMP include:
1. Error Reporting: ICMP messages are used to indicate error conditions in the network. For example,
if a device receives a packet with a destination address that is not reachable, it will send an ICMP
“Destination Unreachable” message back to the sender.
� 2. Network Reachability: ICMP messages can be used to determine the reachability of a host on a
network. The “ping” command, which sends an ICMP “Echo Request” message to a host and waits
for an “Echo Reply” message, is commonly used to test network connectivity.
3. Network Congestion: ICMP messages can be used to indicate network congestion. For example, an
ICMP “Source Quench” message can be sent to a host to slow down its transmission rate when the
network is congested.
4. Network Redirection: ICMP messages can be used to redirect traffic to a more optimal path. For
example, an ICMP “Redirect” message can be sent to a host to inform it that a better next-hop for
a particular destination is available.
5. Timestamping: ICMP messages can be used to provide timing information. An ICMP “Timestamp”
message can be sent to a host to request the current timestamp, which can be used to synchronize
clocks on different devices.
ICMP plays a crucial role in monitoring and maintaining network conditions, allowing devices to communicate
important information and ensuring that data is delivered reliably and efficiently across networks.
ICMPv4 and ICMPv6: Internet Control Message Protocol
Introduction
The IP protocol alone provides no direct way to do the following:
For an end system to learn the fate of IP packets that fail to make it to their destinations.
For obtaining diagnostic information (e.g., which routers are used along a path or a method to
estimate the round-trip time).
ICMP does not provide reliability for IP; it indicates certain classes of failures and configuration
information. The most common cause of packet drops (buffer overrun at a router) does not elicit any ICMP
information. Other protocols, such as TCP, handle such situations.
Because of the ability of ICMP to affect the operation of important system functions and obtain
configuration information, hackers have used ICMP messages in a large number of attacks. As a result of
concerns about such attacks, network administrators often arrange to block ICMP messages with
firewalls, especially at border routers. If ICMP is blocked, however, a number of common diagnostic
utilities (e.g., ping, traceroute) do not work properly.
The term ICMP refers to ICMP in general, and the terms ICMPv4 and ICMPv6 to refer specifically to the
versions of ICMP used with IPv4 and IPv6, respectively. ICMPv6 plays a far more important role in the
operation of IPv6 than ICMPv4 does for IPv4.
In IPv6, ICMPv6 is used for several purposes beyond simple error reporting and signaling. It is used for:
� Neighbor Discovery (ND), which plays the same role as ARP does for IPv4 (Chapter 4).
Router Discovery function used for configuring hosts (Chapter 6) and multicast address
management (Chapter 9).
Manageing hand-offs in Mobile IPv6.
Encapsulation in IPv4 and IPv6
In IPv4, a Protocol field value of 1 indicates that the datagram caries ICMPv4.
In IPv6, the ICMPv6 message may begin after zero or more extension headers. The last extension
header before the ICMPv6 header includes a Next Header field with value 58.
In ICMPv4:
42 different values are reserved for the Type field [ICMPTYPES], which identify the particular
message. Only about 8 of these are in regular use.
Many types of ICMP messages also use different values of the Code field to further specify the
meaning of the message.
The Checksum field covers the entire ICMPv4 message; in ICMPv6 it also covers a pseudo-
header derived from portions of the IPv6 header. The algorithm used for computing the checksum
is the same as that used for the IP header checksum.
�BGP Message Types: Open, Keepalive, Update,
Notification
There are four BGP message types used for communication, namely, OPEN, KEEPALIVE, UPDATE,
and NOTIFICATION messages. Each message type is utilized differently by BGP. Listed below are
the different BGP message types.
1. Open Message
The BGP OPEN message is used to set up and establish BGP neighbor adjacency. An OPEN message
includes information on the BGP router, and these must be negotiated and accepted by both BGP routers
before they can exchange routing information. The BGP router information comprises the following:
BGP Version Number – the BGP version which the router is using. BGP version 4 is the latest version. If the
two BGP routers have a version mismatch, then no BGP session will be made.
AS Number – the AS number must match the originating BGP router’s AS number. This specifies if the BGP
routers will run iBGP or eBGP as well.
Hold Time – it ensures that the BGP neighbor is ‘alive.’ By default, Cisco routers have 180 seconds hold time
value. If the routers’ hold time values are different, the lowest hold time value will be used. The minimum hold
time value is 3 seconds and to disable KEEPALIVE messages, the hold time value is set to 0.
BGP Identifier (RID) – the BGP router ID (RID) identifies the BGP router in the advertised prefixes. It is a 32-
bit unique number and it can be used to prevent loops for the routers that are advertised within the
autonomous system (AS). The RID value must not be zero in order to form a neighbor adjacency. It can be set
manually using the ‘bgp router-id’ command. If the RID is n0t manually defined, it can dynamically use the
highest loopback IP address, and if no loopback interface is configured, it will use the highest IP address on a
physical interface.
Optional Parameters – these parameters establish the session capabilities of the BGP router. New features
can be added to BGP even without having to create a new version by using this field .
2.Keepalive Message
KEEPALIVE messages ensure that BGP neighbors are still alive. These messages are sent every one-third of
the negotiated hold time value of the two BGP routers. By default, Cisco devices have a hold time of 180
seconds. One-third of 180 is 60, so the default KEEPALIVE message interval is 60 seconds.
If a BGP neighbor misses the three KEEPALIVE intervals, 180 seconds by default (60 x 3 = 180), the routes
from that neighbor will be flushed from the other BGP router. If the hold time value is zero, no KEEPALIVE
messages will be sent between the BGP peers.
�3.Update Message
UPDATE messages are used for advertising and exchanging routing information between BGP
neighbors. The advertised prefix or the Network Layer Reachability Information (NLRI) information is
included in the UPDATE message. The UPDATE message is also used in withdrawing advertised
BGP routes, and it includes just the prefix only in the message. UPDATE messages also act as
keepalives to lessen unnecessary traffic.
4.Notification Message
The last of the BGP message types, NOTIFICATION messages will be sent if errors are detected in
the BGP session. When a NOTIFICATION message is sent, the BGP neighbor adjacency will be
terminated, and the BGP connection will be closed. The TCP session and the BGP table will be
cleared of all entries from the BGP neighbor. Route withdrawals are done by sending UPDATE
messages which will be sent to the other BGP peer/s.
Open Shortest Path First (OSPF) Protocol
OSPF stands for Open Shortest Path First and it is an intradomain protocol. This protocol is used for
exchanging information between the dynamic routers. OSPF protocol is based on the link state routing
algorithm. OSPF is used within the autonomous system and it divides the autonomous system into different
areas.
Introduction
OSPF stands for Open Shortest Path First and it is an Interior Gateway Protocol which is mainly used
for exchanging the routing information between the dynamic routers.
It is generally used within the autonomous system of the Internet and used in large TCP/IP networks.
In the corporate networks, OSPF replaced the old Routing Information Protocol.
OSPF is one of the intradomain protocols. Intradomain protocol means that this protocol is used within
the network or an area.
OSPF protocol is the protocol that works based on the link state routing algorithm in which each router
has the information about each domain and uses this information to determine the shortest path.
� Types of Links in OSPF
Point-to-point link
When there is a direct connection between two routers without any host or router in between then it is
known as a point-to-point link.
Transient link
In transient links, different routers are connected in a network. There are two ways through which a
transient link can be implemented:
Unrealistic topology: Unrealistic topology is formed when all the routers in the network are connected.
Realistic topology: Realistic topology is formed when some designated routers are present in a network. A
designated router is referred to as a router through which all the routers in a network are connected. It is
mandatory for all the packets that are transmitted by the routers to pass through this designated router.
Stub Link
A Stub link is a type of network in which all routers are connected with a single router only. Through this
single router only, data enters and leaves the network when needed using this single router.
Virtual Link
The administrator creates a virtual path between the routers when the link between these routers is
destroyed. And this virtual link is a longer one also.
What is Packet Forwarding?
The process of packet forwarding simply implies the forwarding of incoming packets to their intended
destination.
Internet is made up of generally two terms- Interconnection and Network. So, it is a connection to a large
collection of networks. A packet that is to be forwarded may be associated with the same network as the
source host or may belong to a destination host in a different network. Thus, it depends on the destination
how much a packet may need to travel before arriving at its destination.
The router is responsible for the process of packet forwarding. It accepts the packet from the origin host or
another router in the packet’s path and places it on the route leading to the target host.
The routing table is maintained by the router which is used for deciding the packet forwarding.
� Packet Forwarding Techniques:
Following are the packet forwarding techniques based on the destination host:
Next-Hop Method: By only maintaining the details of the next hop or next router in the packet’s path, the
next-hop approach reduces the size of the routing table. The routing table maintained using this method does
not have the information regarding the whole route that the packet must take.
Network-Specific Method: In this method, the entries are not made for all of the destination hosts in the
router’s network. Rather, the entry is made of the destination networks that are connected to the router.
Host-Specific Method: In this method, the routing table has the entries for all of the destination hosts in the
destination network. With the increase in the size of the routing table, the efficiency of the routing table
decreases. It finds its application in the process of verification of route and security purposes.
Default Method: Let’s assume- A host in network N1 is connected to two routers, one of which (router R1)
is connected to network N2 and the other router R2 to the rest of the internet. As a result, the routing table
only has one default entry for the router R2.
