Anatomy of an IP packet

Anatomy of an IP packet
10.1.5 IP packets consist of the data from upper layers plus an IP header. This page will discuss the information contained in the IP header:


• Version – Specifies the format of the IP packet header. The 4-bit version field contains the number 4 if it is an IPv4 packet and 6 if it is an IPv6 packet. However, this field is not used to distinguish between IPv4 and IPv6 packets. The protocol type field present in the Layer 2 envelope is used for that.

• IP header length (HLEN) – Indicates the datagram header length in 32-bit words. This is the total length of all header information and includes the two variable-length header fields.
• Type of service (ToS) – 8 bits that specify the level of importance that has been assigned by a particular upper-layer protocol.
• Total length – 16 bits that specify the length of the entire packet in bytes. This includes the data and header. To get the length of the data payload subtract the HLEN from the total length.
• Identification – 16 bits that identify the current datagram. This is the sequence number.
• Flags – A 3-bit field in which the two low-order bits control fragmentation. One bit specifies if the packet can be fragmented and the other indicates if the packet is the last fragment in a series of fragmented packets.
• Fragment offset – 13 bits that are used to help piece together datagram fragments. This field allows the previous field to end on a 16-bit boundary.
• Time to Live (TTL) – A field that specifies the number of hops a packet may travel. This number is decreased by one as the packet travels through a router. When the counter reaches zero the packet is discarded. This prevents packets from looping endlessly.
• Protocol – 8 bits that indicate which upper-layer protocol such as TCP or UDP receives incoming packets after the IP processes have been completed.
• Header checksum – 16 bits that help ensure IP header integrity.
• Source address – 32 bits that specify the IP address of the node from which the packet was sent.
• Destination address – 32 bits that specify the IP address of the node to which the data is sent.
• Options – Allows IP to support various options such as security. The length of this field varies.
• Padding – Extra zeros are added to this field to ensure that the IP header is always a multiple of 32 bits.
• Data – Contains upper-layer information and has a variable length of up to 64 bits.

While the IP source and destination addresses are important, the other header fields have made IP very flexible. The header fields list the source and destination address information of the packet and often indicate the length of the message data. The information for routing the message is also contained in IP headers, which can get long and complex

This page concludes this lesson. The next lesson will focus on IP routing protocols. The first page provides a routing overview.

Connectionless and connection-oriented delivery

Connectionless and connection-oriented delivery
10.1.4 This page will introduce two types of delivery systems, which are connectionless and connection-oriented.


These two services provide the actual end-to-end delivery of data in an internetwork.

Most network services use a connectionless delivery system. Different packets may take different paths to get through the network. The packets are reassembled after they arrive at the destination. In a connectionless system, the destination is not contacted before a packet is sent. A good comparison for a connectionless system is a postal system. The recipient is not contacted to see if they will accept the letter before it is sent. Also, the sender does not know if the letter arrived at the destination.

In connection-oriented systems, a connection is established between the sender and the recipient before any data is transferred. An example of a connection-oriented network is the telephone system. The caller places the call, a connection is established, and then communication occurs.

Connectionless network processes are often referred to as packet-switched processes. As the packets pass from source to destination, packets can switch to different paths, and possibly arrive out of order. Devices make the path determination for each packet based on a variety of criteria. Some of the criteria, such as available bandwidth, may differ from packet to packet.

Connection-oriented network processes are often referred to as circuit-switched processes. A connection with the recipient is first established, and then data transfer begins. All packets travel sequentially across the same physical or virtual circuit.

The Internet is a gigantic, connectionless network in which the majority of packet deliveries are handled by IP. TCP adds Layer 4, connection-oriented reliability services to IP.

The next page will discuss the IP header.

Packet propagation and switching within a router

Packet propagation and switching within a router
10.1.3 This page will explain the process that occurs as a packet moves through a network.


As a packet travels through an internetwork to its final destination, the Layer 2 frame headers and trailers are removed and replaced at every Layer 3 device. This is because Layer 2 data units, or frames, are for local addressing. Layer 3 data units, or packets, are for end-to-end addressing.

Layer 2 Ethernet frames are designed to operate within a broadcast domain with the MAC address that is burned into the physical device. Other Layer 2 frame types include PPP serial links and Frame Relay connections, which use different Layer 2 addressing schemes. Regardless of the type of Layer 2 addressing used, frames are designed to operate within a Layer 2 broadcast domain. When the data is sent to a Layer 3 device the Layer 2 information changes.

As a frame is received at a router interface, the destination MAC address is extracted. The address is checked to see if the frame is directly addressed to the router interface, or if it is a broadcast. In either situation, the frame is accepted. Otherwise, the frame is discarded since it is destined for another device on the collision domain.

The CRC information is extracted from the frame trailer of an accepted frame. The CRC is calculated to verify that the frame data is without error.

If the check fails, the frame is discarded. If the check is valid, the frame header and trailer are removed and the packet is passed up to Layer 3. The packet is then checked to see if it is actually destined for the router, or if it is to be routed to another device in the internetwork. If the destination IP address matches one of the router ports, the Layer 3 header is removed and the data is passed up to the Layer 4. If the packet is to be routed, the destination IP address will be compared to the routing table. If a match is found or there is a default route, the packet will be sent to the interface specified in the matched routing table statement. When the packet is switched to the outgoing interface, a new CRC value is added as a frame trailer, and the proper frame header is added to the packet. The frame is then transmitted to the next broadcast domain on its trip to the final destination.

The next page will describe two types of delivery services.

Routed Protocol / IP as a routed protocol

Routed Protocol
Routable and routed protocols
10.1.1 This page will define routed and routable protocols.


A protocol is a set of rules that determines how computers communicate with each other across networks. Computers exchange data messages to communicate with each other. To accept and act on these messages, computers must have sets of rules that determine how a message is interpreted. Examples include messages used to establish a connection to a remote machine, e-mail messages, and files transferred over a network.

A protocol describes the following:

• The required format of a message
• The way that computers must exchange messages for specific activities

A routed protocol allows the router to forward data between nodes on different networks. A routable protocol must provide the ability to assign a network number and a host number to each device. Some protocols, such as IPX, require only a network number. These protocols use the MAC address of the host for the host number. Other protocols, such as IP, require an address with a network portion and a host portion. These protocols also require a network mask to differentiate the two numbers. The network address is obtained by ANDing the address with the network mask.

The reason that a network mask is used is to allow groups of sequential IP addresses to be treated as a single unit. If this grouping were not allowed, each host would have to be mapped individually for routing. This would be impossible, because according to the Internet Software Consortium there are approximately 233,101,500 hosts on the Internet.

The next page will discuss IP.

IP as a routed protocol
10.1.2 This page describes the features and functions of IP.


IP is the most widely used implementation of a hierarchical network-addressing scheme. IP is a connectionless, unreliable, best-effort delivery protocol. The term connectionless means that no dedicated circuit connection is established prior to transmission. IP determines the most efficient route for data based on the routing protocol. The terms unreliable and best-effort do not imply that the system is unreliable and does not work well. They indicate that IP does not verify that data sent on the network reaches its destination. If required, verification is handled by upper layer protocols.

As information flows down the layers of the OSI model, the data is processed at each layer. At the network layer, the data is encapsulated into packets. These packets are also known as datagrams. IP determines the contents of the IP packet header, which includes address information. However, it is not concerned with the actual data. IP accepts whatever data is passed down to it from the upper layers.

The next page examines how a packet travels through a network

Module 10: Routing Fundamentals and Subnets / Overview

Overview
Internet Protocol (IP) is the main routed protocol of the Internet. IP addresses are used to route packets from a source to a destination through the best available path. The propagation of packets, encapsulation changes, and connection-oriented and connectionless protocols are also critical to ensure that data is properly transmitted to its destination. This module will provide an overview for each.


The difference between routing and routed protocols is a common source of confusion. The two words sound similar but are quite different. Routers use routing protocols to build tables that are used to determine the best path to a host on the Internet.

Not all organizations can fit into the three class system of A, B, and C addresses. Flexibility exists within the class system through subnets. Subnets allow network administrators to determine the size of the network they will work with. After they decide how to segment their networks, they can use subnet masks to determine the location of each device on a network.

This module covers some of the objectives for the CCNA 640-801, INTRO 640-821, and ICND 640-811 exams.

Students who complete this module should be able to perform the following tasks:

• Describe routed protocols
• List the steps of data encapsulation in an internetwork as data is routed to Layer 3 devices
• Describe connectionless and connection-oriented delivery
• Name the IP packet fields
• Describe how data is routed
• Compare and contrast different types of routing protocols
• List and describe several metrics used by routing protocols
• List several uses for subnetting
• Determine the subnet mask for a given situation
• Use a subnet mask to determine the subnet ID

Summary of Module 9

Summary
This page summarizes the topics discussed in this module.


The U.S. Department of Defense (DoD) TCP/IP reference model has four layers: the application layer, transport layer, Internet layer, and the network access layer. The application layer handles high-level protocols, issues of representation, encoding, and dialog control. The transport layer provides transport services from the source host to the destination host. The purpose of the Internet layer is to select the best path through the network for packet transmissions. The network access layer is concerned with the physical link to the network media.

Although some layers of the TCP/IP reference model correspond to the seven layers of the OSI model, there are differences. The TCP/IP model combines the presentation and session layer into its application layer. The TCP/IP model combines the OSI data link and physical layers into its network access layer.

Routers use the IP address to move data packets between networks. IP addresses are thirty-two bits long according to the current version IPv4 and are divided into four octets of eight bits each. They operate at the network layer, Layer 3, of the OSI model, which is the Internet layer of the TCP/IP model.

The IP address of a host is a logical address and can be changed. The Media Access Control (MAC) address of the workstation is a 48-bit physical address. This address is usually burned into the network interface card (NIC) and cannot change unless the NIC is replaced. TCP/IP communications within a LAN segment require both a destination IP address and a destination MAC address for delivery. While IP address are unique and routable throughout the Internet, when a packet arrives at the destination network there needs to be a way to automatically map the IP address to a MAC address. The TCP/IP suite has a protocol, called Address Resolution Protocol (ARP), which can automatically obtain MAC addresses for local transmission. A variation on ARP called Proxy ARP will provide the MAC address of an intermediate device for transmission to another network segment.

There are five classes of IP addresses, A through E. Only the first three classes are used commercially. Depending on the class, the network and host part of the address will use a different number of bits. The Class D address is used for multicast groups. Class E addresses are reserved for research use only.

An IP address that has binary zeros in all host bit positions is used to identify the network itself. An address in which all of the host bits are set to one is the broadcast address and is used for broadcasting packets to all the devices on a network.

Public IP addresses are unique. No two machines that connect to a public network can have the same IP address because public IP addresses are global and standardized. Private networks that are not connected to the Internet may use any host addresses, as long as each host within the private network is unique. Three blocks of IP addresses are reserved for private, internal use. These three blocks consist of one Class A, a range of Class B addresses, and a range of Class C addresses. Addresses that fall within these ranges are discarded by routers and not routed on the Internet backbone.

Subnetting is another means of dividing and identifying separate networks throughout the LAN. Subnetting a network means to use the subnet mask to divide the network and break a large network up into smaller, more efficient and manageable segments, or subnets. Subnet addresses include the network portion, plus a subnet field and a host field. The subnet field and the host field are created from the original host portion for the entire network.

A more extendible and scalable version of IP, IP Version 6 (IPv6), has been defined and developed. IPv6 uses 128 bits rather than the 32 bits currently used in IPv4. IPv6 uses hexadecimal numbers to represent the 128 bits. IPv6 is being implemented in select networks and may eventually replace IPv4 as the dominant Internet protocol.

IP addresses are assigned to hosts in the following ways:

• Statically – manually, by a network administrator

• Dynamically – automatically, using reverse address resolution protocol, bootstrap protocol (BOOTP), or Dynamic Host Configuration Protocol (DHCP)

Address Resolution Protocol (ARP)

Address Resolution Protocol (ARP)
9.3.7 This page provides an explanation of how ARP works.


With TCP/IP networking, a data packet must contain both a destination MAC address and a destination IP address. If the packet is missing either one, the data will not pass from Layer 3 to the upper layers. In this way, MAC addresses and IP addresses act as checks and balances for each other. After devices determine the IP addresses of the destination devices, they can add the destination MAC addresses to the data packets.

Some devices will keep tables that contain MAC addresses and IP addresses of other devices that are connected to the same LAN. These are called Address Resolution Protocol (ARP) tables. ARP tables are stored in RAM memory, where the cached information is maintained automatically on each of the devices. It is very unusual for a user to have to make an ARP table entry manually. Each device on a network maintains its own ARP table. When a network device wants to send data across the network, it uses information provided by the ARP table.

When a source determines the IP address for a destination, it then consults the ARP table in order to locate the MAC address for the destination. If the source locates an entry in its table, destination IP address to destination MAC address, it will associate the IP address to the MAC address and then uses it to encapsulate the data. The data packet is then sent out over the networking media to be picked up by the destination device.

There are two ways that devices can gather MAC addresses that they need to add to the encapsulated data. One way is to monitor the traffic that occurs on the local network segment. All stations on an Ethernet network will analyze all traffic to determine if the data is for them. Part of this process is to record the source IP and MAC address of the datagram to an ARP table. So as data is transmitted on the network, the address pairs populate the ARP table. Another way to get an address pair for data transmission is to broadcast an ARP request.

The computer that requires an IP and MAC address pair broadcasts an ARP request. All the other devices on the local area network analyze this request. If one of the local devices matches the IP address of the request, it sends back an ARP reply that contains its IP-MAC pair. If the IP address is for the local area network and the computer does not exist or is turned off, there is no response to the ARP request. In this situation, the source device reports an error. If the request is for a different IP network, there is another process that can be used.

Routers do not forward broadcast packets. If the feature is turned on, a router performs a proxy ARP. Proxy ARP is a variation of the ARP protocol. In this variation, a router sends an ARP response with the MAC address of the interface on which the request was received, to the requesting host. The router responds with the MAC addresses for those requests in which the IP address is not in the range of addresses of the local subnet.

Another method to send data to the address of a device that is on another network segment is to set up a default gateway. The default gateway is a host option where the IP address of the router interface is stored in the network configuration of the host. The source host compares the destination IP address and its own IP address to determine if the two IP addresses are located on the same segment. If the receiving host is not on the same segment, the source host sends the data using the actual IP address of the destination and the MAC address of the router. The MAC address for the router was learned from the ARP table by using the IP address of that router.

If the default gateway on the host or the proxy ARP feature on the router is not configured, no traffic can leave the local area network. One or the other is required to have a connection outside of the local area network.

This page concludes this lesson. The next page will summarize the main points from the module.